Welcome to mirror list, hosted at ThFree Co, Russian Federation.

gitlab.com/gitlab-org/gitlab-foss.git - Unnamed repository; edit this file 'description' to name the repository.
summaryrefslogtreecommitdiff
path: root/spec/services/access_token_validation_service_spec.rb
AgeCommit message (Collapse)Author
2020-07-20Add latest changes from gitlab-org/gitlab@13-2-stable-eeGitLab Bot
2019-04-12Add frozen_string_literal to spec/servicesThong Kuah
Probably useful as we often move these files to "new" files.
2017-07-27Remove superfluous lib: true, type: redis, service: true, models: true, ↵Rémy Coutable
services: true, no_db: true, api: true Signed-off-by: Rémy Coutable <remy@rymai.me>
2017-06-30`AccessTokenValidationService` accepts `String` or `API::Scope` scopes.Timothy Andrew
- There's no need to use `API::Scope` for scopes that don't have `if` conditions, such as in `lib/gitlab/auth.rb`.
2017-06-29Extract a `Gitlab::Scope` class.Timothy Andrew
- To represent an authorization scope, such as `api` or `read_user` - This is a better abstraction than the hash we were previously using.
2017-06-28Implement review comments from @DouweM for !12300.Timothy Andrew
- Use a struct for scopes, so we can call `scope.if` instead of `scope[:if]` - Refactor the "remove scopes whose :if condition returns false" logic to use a `select` rather than a `reject`.
2017-06-28Implement review comments from @dbalexandre for !12300.Timothy Andrew
2017-06-28Fix remaining spec failures for !12300.Timothy Andrew
1. Get the spec for `lib/gitlab/auth.rb` passing. - Make the `request` argument to `AccessTokenValidationService` optional - `auth.rb` doesn't need to pass in a request. - Pass in scopes in the format `[{ name: 'api' }]` rather than `['api']`, which is what `AccessTokenValidationService` now expects. 2. Get the spec for `API::V3::Users` passing 2. Get the spec for `AccessTokenValidationService` passing
2017-06-28Allow API scope declarations to be applied conditionally.Timothy Andrew
- Scope declarations of the form: allow_access_with_scope :read_user, if: -> (request) { request.get? } will only apply for `GET` requests - Add a negative test to a `POST` endpoint in the `users` API to test this. Also test for this case in the `AccessTokenValidationService` unit tests.
2016-12-16Convert AccessTokenValidationService into a class.Timothy Andrew
- Previously, AccessTokenValidationService was a module, and all its public methods accepted a token. It makes sense to convert it to a class which accepts a token during initialization. - Also rename the `sufficient_scope?` method to `include_any_scope?` - Based on feedback from @rymai
2016-12-16Implement minor changes from @dbalexandre's review.Timothy Andrew
- Mainly whitespace changes. - Require the migration adding the `scope` column to the `personal_access_tokens` table to have downtime, since API calls will fail if the new code is in place, but the migration hasn't run. - Minor refactoring - load `@scopes` in a `before_action`, since we're doing it in three different places.
2016-12-16 Calls to the API are checked for scope.Timothy Andrew
- Move the `Oauth2::AccessTokenValidationService` class to `AccessTokenValidationService`, since it is now being used for personal access token validation as well. - Each API endpoint declares the scopes it accepts (if any). Currently, the top level API module declares the `api` scope, and the `Users` API module declares the `read_user` scope (for GET requests). - Move the `find_user_by_private_token` from the API `Helpers` module to the `APIGuard` module, to avoid littering `Helpers` with more auth-related methods to support `find_user_by_private_token`
    generated by cgit v1.2.3 (git 2.25.1) at 2024-07-16 22:48:51 +0300