diff options
author | Ercan Ucan <ercan.ucan@siemens.com> | 2021-02-15 03:28:29 +0300 |
---|---|---|
committer | Jaime Martinez <jmartinez@gitlab.com> | 2021-02-15 03:28:29 +0300 |
commit | b41995a13969b2926ad265bcc769f473e48166cb (patch) | |
tree | 2d70d9c1c201a6e9a4bf73cbe06b9b9d792cd825 /test/acceptance/auth_test.go | |
parent | 2eefcef73409cf7510d7ecacce76b299a8340a4c (diff) |
fix(auth): make authentication scope for Pages configurable
This MR makes required authentication permission scope for
Pages configurable.
By default, Pages will use `api` scope to authenticate with
Pages Application registered on GitLab.
With this MR, the scope is configurable and can be set to `read_api`
by providing the `auth-scope` variable in the arguments or in
the `gitlab-pages.conf`
/label ~security
Changelog: added
Diffstat (limited to 'test/acceptance/auth_test.go')
-rw-r--r-- | test/acceptance/auth_test.go | 3 |
1 files changed, 2 insertions, 1 deletions
diff --git a/test/acceptance/auth_test.go b/test/acceptance/auth_test.go index fa2d768d..1e2ec481 100644 --- a/test/acceptance/auth_test.go +++ b/test/acceptance/auth_test.go @@ -54,7 +54,8 @@ func TestWhenAuthIsEnabledPrivateWillRedirectToAuthorize(t *testing.T) { require.Equal(t, "/oauth/authorize", url.Path) require.Equal(t, "clientID", url.Query().Get("client_id")) require.Equal(t, "https://projects.gitlab-example.com/auth", url.Query().Get("redirect_uri")) - require.NotEqual(t, "", url.Query().Get("state")) + require.NotEmpty(t, url.Query().Get("scope")) + require.NotEmpty(t, url.Query().Get("state")) } func TestWhenAuthDeniedWillCauseUnauthorized(t *testing.T) { |