summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorJoe Marty <jmarty@iexposure.com>2017-11-07 11:42:25 -0600
committerJoe Marty <jmarty@iexposure.com>2017-11-07 11:42:25 -0600
commit4dea7944c46287707b6b65ca10e0af0b69a57a21 (patch)
treeba3e4b227d6996b71919e980e9f327cc5cae1642
parentdfeb60daa607dd96be689cfd3b2f929138efacdf (diff)
downloadgitlab-ce-4dea7944c46287707b6b65ca10e0af0b69a57a21.tar.gz
Updates tests to reflect sign_out route change
- Also remove sign_out DELETE route from read-only whitelist routes
-rw-r--r--lib/gitlab/middleware/read_only.rb6
-rw-r--r--spec/lib/gitlab/middleware/read_only_spec.rb7
-rw-r--r--spec/routing/routing_spec.rb6
3 files changed, 5 insertions, 14 deletions
diff --git a/lib/gitlab/middleware/read_only.rb b/lib/gitlab/middleware/read_only.rb
index 8853dfa3d2d..5e4932e4e57 100644
--- a/lib/gitlab/middleware/read_only.rb
+++ b/lib/gitlab/middleware/read_only.rb
@@ -66,11 +66,7 @@ module Gitlab
end
def whitelisted_routes
- logout_route || grack_route || @whitelisted.any? { |path| request.path.include?(path) } || lfs_route || sidekiq_route
- end
-
- def logout_route
- route_hash[:controller] == 'sessions' && route_hash[:action] == 'destroy'
+ grack_route || @whitelisted.any? { |path| request.path.include?(path) } || lfs_route || sidekiq_route
end
def sidekiq_route
diff --git a/spec/lib/gitlab/middleware/read_only_spec.rb b/spec/lib/gitlab/middleware/read_only_spec.rb
index 86be06ff595..b14735943a5 100644
--- a/spec/lib/gitlab/middleware/read_only_spec.rb
+++ b/spec/lib/gitlab/middleware/read_only_spec.rb
@@ -91,13 +91,6 @@ describe Gitlab::Middleware::ReadOnly do
end
context 'whitelisted requests' do
- it 'expects DELETE request to logout to be allowed' do
- response = request.delete('/users/sign_out')
-
- expect(response).not_to be_a_redirect
- expect(subject).not_to disallow_request
- end
-
it 'expects a POST internal request to be allowed' do
response = request.post("/api/#{API::API.version}/internal")
diff --git a/spec/routing/routing_spec.rb b/spec/routing/routing_spec.rb
index 609481603af..17cea6f238b 100644
--- a/spec/routing/routing_spec.rb
+++ b/spec/routing/routing_spec.rb
@@ -257,8 +257,10 @@ describe "Authentication", "routing" do
expect(post("/users/sign_in")).to route_to('sessions#create')
end
- it "DELETE /users/sign_out" do
- expect(delete("/users/sign_out")).to route_to('sessions#destroy')
+ # sign_out with GET instead of DELETE facilitates ad-hoc single-sign-out processes
+ # (https://gitlab.com/gitlab-org/gitlab-ce/issues/39708)
+ it "GET /users/sign_out" do
+ expect(get("/users/sign_out")).to route_to('sessions#destroy')
end
it "POST /users/password" do