Welcome to mirror list, hosted at ThFree Co, Russian Federation.

gitlab.com/gitlab-org/gitlab-foss.git - Unnamed repository; edit this file 'description' to name the repository.
summaryrefslogtreecommitdiff
path: root/app/controllers/graphql_controller.rb
diff options
context:
space:
mode:
Diffstat (limited to 'app/controllers/graphql_controller.rb')
-rw-r--r--app/controllers/graphql_controller.rb8
1 files changed, 8 insertions, 0 deletions
diff --git a/app/controllers/graphql_controller.rb b/app/controllers/graphql_controller.rb
index 29bc48f93e9..1941920325f 100644
--- a/app/controllers/graphql_controller.rb
+++ b/app/controllers/graphql_controller.rb
@@ -255,6 +255,12 @@ class GraphqlController < ApplicationController
end
def authorize_access_api!
+ if current_user.nil? &&
+ request_authenticator.authentication_token_present? &&
+ Feature.enabled?(:invalid_graphql_auth_401)
+ render_error('Invalid token', status: :unauthorized)
+ end
+
return if can?(current_user, :access_api)
render_error('API not accessible for user', status: :forbidden)
@@ -301,6 +307,8 @@ class GraphqlController < ApplicationController
end
def introspection_query_can_use_cache?
+ return false if Gitlab.dev_or_test_env?
+
CACHED_INTROSPECTION_QUERY_STRING == graphql_query_object.query_string.squish
end
generated by cgit v1.2.3 (git 2.25.1) at 2024-06-20 02:30:26 +0300