diff options
author | Jan Provaznik <jprovaznik@gitlab.com> | 2019-06-06 09:14:15 +0300 |
---|---|---|
committer | Jan Provaznik <jprovaznik@gitlab.com> | 2019-06-06 09:14:15 +0300 |
commit | 055c160be1cbde3e05aa000e1ff0109725a7bfa8 (patch) | |
tree | 9c115a609e04397ade10c2b546b83877ee3376a1 /spec/controllers | |
parent | 549d64c6fcda33db7531361e661935b2ffdfb43c (diff) | |
parent | c7d9d462ec5b6012cd795d3e3034dbcca531de42 (diff) |
Merge branch 'ce-jej/fix-git-http-with-sso-enforcement' into 'master'
Avoid setting Gitlab::Session on sessionless requests and Git HTTP
See merge request gitlab-org/gitlab-ce!29146
Diffstat (limited to 'spec/controllers')
-rw-r--r-- | spec/controllers/application_controller_spec.rb | 34 |
1 files changed, 34 insertions, 0 deletions
diff --git a/spec/controllers/application_controller_spec.rb b/spec/controllers/application_controller_spec.rb index 5ecd1b6b7c8..40669ec5451 100644 --- a/spec/controllers/application_controller_spec.rb +++ b/spec/controllers/application_controller_spec.rb @@ -691,4 +691,38 @@ describe ApplicationController do end end end + + context 'Gitlab::Session' do + controller(described_class) do + prepend_before_action do + authenticate_sessionless_user!(:rss) + end + + def index + if Gitlab::Session.current + head :created + else + head :not_found + end + end + end + + it 'is set on web requests' do + sign_in(user) + + get :index + + expect(response).to have_gitlab_http_status(:created) + end + + context 'with sessionless user' do + it 'is not set' do + personal_access_token = create(:personal_access_token, user: user) + + get :index, format: :atom, params: { private_token: personal_access_token.token } + + expect(response).to have_gitlab_http_status(:not_found) + end + end + end end |