Skip to content
Projects
Groups
Snippets
Help
Loading...
Help
Support
Keyboard shortcuts
?
Submit feedback
Contribute to GitLab
Sign in / Register
Toggle navigation
G
gitlab-ce
Project overview
Project overview
Details
Activity
Releases
Repository
Repository
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Issues
0
Issues
0
List
Boards
Labels
Milestones
Merge Requests
1
Merge Requests
1
Analytics
Analytics
Repository
Value Stream
Wiki
Wiki
Snippets
Snippets
Members
Members
Collapse sidebar
Close sidebar
Activity
Graph
Create a new issue
Commits
Issue Boards
Open sidebar
nexedi
gitlab-ce
Commits
d1281c73
Commit
d1281c73
authored
Mar 30, 2021
by
Etienne Baqué
Browse files
Options
Browse Files
Download
Email Patches
Plain Diff
Removed key param in validate_actor
parent
e8906a60
Changes
4
Hide whitespace changes
Inline
Side-by-side
Showing
4 changed files
with
10 additions
and
18 deletions
+10
-18
ee/changelogs/unreleased/ebaque-remove-key-id-check.yml
ee/changelogs/unreleased/ebaque-remove-key-id-check.yml
+5
-0
ee/lib/ee/api/internal/base.rb
ee/lib/ee/api/internal/base.rb
+1
-1
lib/api/internal/base.rb
lib/api/internal/base.rb
+4
-6
spec/support/shared_examples/lib/api/internal_base_shared_examples.rb
.../shared_examples/lib/api/internal_base_shared_examples.rb
+0
-11
No files found.
ee/changelogs/unreleased/ebaque-remove-key-id-check.yml
0 → 100644
View file @
d1281c73
---
title
:
Remove key parameter check when validating actor in personal access token API
merge_request
:
57675
author
:
type
:
fixed
ee/lib/ee/api/internal/base.rb
View file @
d1281c73
...
@@ -31,7 +31,7 @@ module EE
...
@@ -31,7 +31,7 @@ module EE
actor
.
update_last_used_at!
actor
.
update_last_used_at!
user
=
actor
.
user
user
=
actor
.
user
error_message
=
validate_actor
_key
(
actor
,
params
[
:key_id
]
)
error_message
=
validate_actor
(
actor
)
return
{
success:
false
,
message:
error_message
}
if
error_message
return
{
success:
false
,
message:
error_message
}
if
error_message
...
...
lib/api/internal/base.rb
View file @
d1281c73
...
@@ -109,9 +109,7 @@ module API
...
@@ -109,9 +109,7 @@ module API
end
end
end
end
def
validate_actor_key
(
actor
,
key_id
)
def
validate_actor
(
actor
)
return
'Could not find a user without a key'
unless
key_id
return
'Could not find the given key'
unless
actor
.
key
return
'Could not find the given key'
unless
actor
.
key
'Could not find a user for the given key'
unless
actor
.
user
'Could not find a user for the given key'
unless
actor
.
user
...
@@ -201,7 +199,7 @@ module API
...
@@ -201,7 +199,7 @@ module API
actor
.
update_last_used_at!
actor
.
update_last_used_at!
user
=
actor
.
user
user
=
actor
.
user
error_message
=
validate_actor
_key
(
actor
,
params
[
:key_id
]
)
error_message
=
validate_actor
(
actor
)
if
params
[
:user_id
]
&&
user
.
nil?
if
params
[
:user_id
]
&&
user
.
nil?
break
{
success:
false
,
message:
'Could not find the given user'
}
break
{
success:
false
,
message:
'Could not find the given user'
}
...
@@ -230,7 +228,7 @@ module API
...
@@ -230,7 +228,7 @@ module API
actor
.
update_last_used_at!
actor
.
update_last_used_at!
user
=
actor
.
user
user
=
actor
.
user
error_message
=
validate_actor
_key
(
actor
,
params
[
:key_id
]
)
error_message
=
validate_actor
(
actor
)
break
{
success:
false
,
message:
'Deploy keys cannot be used to create personal access tokens'
}
if
actor
.
key
.
is_a?
(
DeployKey
)
break
{
success:
false
,
message:
'Deploy keys cannot be used to create personal access tokens'
}
if
actor
.
key
.
is_a?
(
DeployKey
)
...
@@ -303,7 +301,7 @@ module API
...
@@ -303,7 +301,7 @@ module API
actor
.
update_last_used_at!
actor
.
update_last_used_at!
user
=
actor
.
user
user
=
actor
.
user
error_message
=
validate_actor
_key
(
actor
,
params
[
:key_id
]
)
error_message
=
validate_actor
(
actor
)
if
error_message
if
error_message
{
success:
false
,
message:
error_message
}
{
success:
false
,
message:
error_message
}
...
...
spec/support/shared_examples/lib/api/internal_base_shared_examples.rb
View file @
d1281c73
# frozen_string_literal: true
# frozen_string_literal: true
RSpec
.
shared_examples
'actor key validations'
do
RSpec
.
shared_examples
'actor key validations'
do
context
'key id is not provided'
do
let
(
:key_id
)
{
nil
}
it
'returns an error message'
do
subject
expect
(
json_response
[
'success'
]).
to
be_falsey
expect
(
json_response
[
'message'
]).
to
eq
(
'Could not find a user without a key'
)
end
end
context
'key does not exist'
do
context
'key does not exist'
do
let
(
:key_id
)
{
non_existing_record_id
}
let
(
:key_id
)
{
non_existing_record_id
}
...
...
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment