Skip to content
Projects
Groups
Snippets
Help
Loading...
Help
Support
Keyboard shortcuts
?
Submit feedback
Contribute to GitLab
Sign in / Register
Toggle navigation
G
gitlab-ce
Project overview
Project overview
Details
Activity
Releases
Repository
Repository
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Issues
0
Issues
0
List
Boards
Labels
Milestones
Merge Requests
1
Merge Requests
1
Analytics
Analytics
Repository
Value Stream
Wiki
Wiki
Snippets
Snippets
Members
Members
Collapse sidebar
Close sidebar
Activity
Graph
Create a new issue
Commits
Issue Boards
Open sidebar
nexedi
gitlab-ce
Commits
4dea7944
Commit
4dea7944
authored
Nov 07, 2017
by
Joe Marty
Browse files
Options
Browse Files
Download
Email Patches
Plain Diff
Updates tests to reflect sign_out route change
- Also remove sign_out DELETE route from read-only whitelist routes
parent
dfeb60da
Changes
3
Hide whitespace changes
Inline
Side-by-side
Showing
3 changed files
with
5 additions
and
14 deletions
+5
-14
lib/gitlab/middleware/read_only.rb
lib/gitlab/middleware/read_only.rb
+1
-5
spec/lib/gitlab/middleware/read_only_spec.rb
spec/lib/gitlab/middleware/read_only_spec.rb
+0
-7
spec/routing/routing_spec.rb
spec/routing/routing_spec.rb
+4
-2
No files found.
lib/gitlab/middleware/read_only.rb
View file @
4dea7944
...
...
@@ -66,11 +66,7 @@ module Gitlab
end
def
whitelisted_routes
logout_route
||
grack_route
||
@whitelisted
.
any?
{
|
path
|
request
.
path
.
include?
(
path
)
}
||
lfs_route
||
sidekiq_route
end
def
logout_route
route_hash
[
:controller
]
==
'sessions'
&&
route_hash
[
:action
]
==
'destroy'
grack_route
||
@whitelisted
.
any?
{
|
path
|
request
.
path
.
include?
(
path
)
}
||
lfs_route
||
sidekiq_route
end
def
sidekiq_route
...
...
spec/lib/gitlab/middleware/read_only_spec.rb
View file @
4dea7944
...
...
@@ -91,13 +91,6 @@ describe Gitlab::Middleware::ReadOnly do
end
context
'whitelisted requests'
do
it
'expects DELETE request to logout to be allowed'
do
response
=
request
.
delete
(
'/users/sign_out'
)
expect
(
response
).
not_to
be_a_redirect
expect
(
subject
).
not_to
disallow_request
end
it
'expects a POST internal request to be allowed'
do
response
=
request
.
post
(
"/api/
#{
API
::
API
.
version
}
/internal"
)
...
...
spec/routing/routing_spec.rb
View file @
4dea7944
...
...
@@ -257,8 +257,10 @@ describe "Authentication", "routing" do
expect
(
post
(
"/users/sign_in"
)).
to
route_to
(
'sessions#create'
)
end
it
"DELETE /users/sign_out"
do
expect
(
delete
(
"/users/sign_out"
)).
to
route_to
(
'sessions#destroy'
)
# sign_out with GET instead of DELETE facilitates ad-hoc single-sign-out processes
# (https://gitlab.com/gitlab-org/gitlab-ce/issues/39708)
it
"GET /users/sign_out"
do
expect
(
get
(
"/users/sign_out"
)).
to
route_to
(
'sessions#destroy'
)
end
it
"POST /users/password"
do
...
...
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment
