Merge branch 'sh-strip-github-pat-whitespace' into 'master'

Strip whitespace around GitHub personal access tokens Closes #46588 See merge request gitlab-org/gitlab-ce!22432

Merge branch 'sh-strip-github-pat-whitespace' into 'master'
Strip whitespace around GitHub personal access tokens Closes #46588 See merge request gitlab-org/gitlab-ce!22432
8aed9055 · Rémy Coutable · 4ef9bb6a · 3d82f20d · 8aed9055 · 8aed9055
Commit 8aed9055 authored Oct 18, 2018 by Rémy Coutable
3 changed files
--- a/app/controllers/import/github_controller.rb
+++ b/app/controllers/import/github_controller.rb
@@ -20,7 +20,7 @@ class Import::GithubController < Import::BaseController
  end

  def personal_access_token
-    session[access_token_key] = params[:personal_access_token]
+    session[access_token_key] = params[:personal_access_token]&.strip
    redirect_to status_import_url
  end


--- a/changelogs/unreleased/sh-strip-github-pat-whitespace.yml
+++ b/changelogs/unreleased/sh-strip-github-pat-whitespace.yml
+---
+title: Strip whitespace around GitHub personal access tokens
+merge_request: 22432
+author:
+type: fixed
--- a/spec/support/controllers/githubish_import_controller_shared_examples.rb
+++ b/spec/support/controllers/githubish_import_controller_shared_examples.rb
@@ -22,6 +22,18 @@ shared_examples 'a GitHub-ish import controller: POST personal_access_token' do
    expect(session[:"#{provider}_access_token"]).to eq(token)
    expect(controller).to redirect_to(status_import_url)
  end
+
+  it "strips access token with spaces" do
+    token = 'asdfasdf9876'
+
+    allow_any_instance_of(Gitlab::LegacyGithubImport::Client)
+      .to receive(:user).and_return(true)
+
+    post :personal_access_token, personal_access_token: "  #{token} "
+
+    expect(session[:"#{provider}_access_token"]).to eq(token)
+    expect(controller).to redirect_to(status_import_url)
+  end
 end

 shared_examples 'a GitHub-ish import controller: GET new' do