diff options
author | Joe Marty <jmarty@iexposure.com> | 2017-11-07 11:42:25 -0600 |
---|---|---|
committer | Joe Marty <jmarty@iexposure.com> | 2017-11-07 11:42:25 -0600 |
commit | 4dea7944c46287707b6b65ca10e0af0b69a57a21 (patch) | |
tree | ba3e4b227d6996b71919e980e9f327cc5cae1642 | |
parent | dfeb60daa607dd96be689cfd3b2f929138efacdf (diff) | |
download | gitlab-ce-4dea7944c46287707b6b65ca10e0af0b69a57a21.tar.gz |
Updates tests to reflect sign_out route change
- Also remove sign_out DELETE route from read-only whitelist routes
-rw-r--r-- | lib/gitlab/middleware/read_only.rb | 6 | ||||
-rw-r--r-- | spec/lib/gitlab/middleware/read_only_spec.rb | 7 | ||||
-rw-r--r-- | spec/routing/routing_spec.rb | 6 |
3 files changed, 5 insertions, 14 deletions
diff --git a/lib/gitlab/middleware/read_only.rb b/lib/gitlab/middleware/read_only.rb index 8853dfa3d2d..5e4932e4e57 100644 --- a/lib/gitlab/middleware/read_only.rb +++ b/lib/gitlab/middleware/read_only.rb @@ -66,11 +66,7 @@ module Gitlab end def whitelisted_routes - logout_route || grack_route || @whitelisted.any? { |path| request.path.include?(path) } || lfs_route || sidekiq_route - end - - def logout_route - route_hash[:controller] == 'sessions' && route_hash[:action] == 'destroy' + grack_route || @whitelisted.any? { |path| request.path.include?(path) } || lfs_route || sidekiq_route end def sidekiq_route diff --git a/spec/lib/gitlab/middleware/read_only_spec.rb b/spec/lib/gitlab/middleware/read_only_spec.rb index 86be06ff595..b14735943a5 100644 --- a/spec/lib/gitlab/middleware/read_only_spec.rb +++ b/spec/lib/gitlab/middleware/read_only_spec.rb @@ -91,13 +91,6 @@ describe Gitlab::Middleware::ReadOnly do end context 'whitelisted requests' do - it 'expects DELETE request to logout to be allowed' do - response = request.delete('/users/sign_out') - - expect(response).not_to be_a_redirect - expect(subject).not_to disallow_request - end - it 'expects a POST internal request to be allowed' do response = request.post("/api/#{API::API.version}/internal") diff --git a/spec/routing/routing_spec.rb b/spec/routing/routing_spec.rb index 609481603af..17cea6f238b 100644 --- a/spec/routing/routing_spec.rb +++ b/spec/routing/routing_spec.rb @@ -257,8 +257,10 @@ describe "Authentication", "routing" do expect(post("/users/sign_in")).to route_to('sessions#create') end - it "DELETE /users/sign_out" do - expect(delete("/users/sign_out")).to route_to('sessions#destroy') + # sign_out with GET instead of DELETE facilitates ad-hoc single-sign-out processes + # (https://gitlab.com/gitlab-org/gitlab-ce/issues/39708) + it "GET /users/sign_out" do + expect(get("/users/sign_out")).to route_to('sessions#destroy') end it "POST /users/password" do |