diff options
author | Francisco Lopez <fjlopez@gitlab.com> | 2017-11-10 19:17:55 +0100 |
---|---|---|
committer | Francisco Lopez <fjlopez@gitlab.com> | 2017-11-17 10:02:11 +0100 |
commit | 29521a313acc03eac0f81058a559fb4ca176f9e7 (patch) | |
tree | 6f382a2add4505bbe5864e5827aa01bc2e86d634 | |
parent | f1896575237cb92dce5a413bb6b6cc6474cbb19d (diff) | |
download | gitlab-ce-29521a313acc03eac0f81058a559fb4ca176f9e7.tar.gz |
Change the rss url guard clause
-rw-r--r-- | lib/gitlab/auth/user_auth_finders.rb | 2 | ||||
-rw-r--r-- | spec/requests/rack_attack_global_spec.rb | 8 |
2 files changed, 4 insertions, 6 deletions
diff --git a/lib/gitlab/auth/user_auth_finders.rb b/lib/gitlab/auth/user_auth_finders.rb index 0b4ea3aaf5f..b2fb24a4590 100644 --- a/lib/gitlab/auth/user_auth_finders.rb +++ b/lib/gitlab/auth/user_auth_finders.rb @@ -10,7 +10,7 @@ module Gitlab end def find_user_from_rss_token - return unless current_request.format.atom? + return unless current_request.path.ends_with?('.atom') token = current_request.params[:rss_token].presence return unless token diff --git a/spec/requests/rack_attack_global_spec.rb b/spec/requests/rack_attack_global_spec.rb index 9cda4bcf966..0fec14d0cce 100644 --- a/spec/requests/rack_attack_global_spec.rb +++ b/spec/requests/rack_attack_global_spec.rb @@ -241,12 +241,10 @@ describe 'Rack Attack global throttles' do let(:throttle_setting_prefix) { 'throttle_authenticated_web' } context 'with the token in the query string' do - context 'with the atom format in the Accept header' do - let(:get_args) { [rss_url(user), nil, { 'HTTP_ACCEPT' => 'application/atom+xml' }] } - let(:other_user_get_args) { [rss_url(other_user), nil, { 'HTTP_ACCEPT' => 'application/atom+xml' }] } + let(:get_args) { [rss_url(user), nil] } + let(:other_user_get_args) { [rss_url(other_user), nil] } - it_behaves_like 'rate-limited token-authenticated requests' - end + it_behaves_like 'rate-limited token-authenticated requests' end end |