Export assigned issues in iCalendar feed

5 files changed, 36 insertions, 26 deletions

diff --git a/lib/gitlab/auth/request_authenticator.rb b/lib/gitlab/auth/request_authenticator.rb
index a0b5cd868c3..66de52506ce 100644
--- a/lib/gitlab/auth/request_authenticator.rb
+++ b/lib/gitlab/auth/request_authenticator.rb
@@ -16,7 +16,7 @@ module Gitlab
       end
 
       def find_sessionless_user
-        find_user_from_access_token || find_user_from_rss_token
+        find_user_from_access_token || find_user_from_feed_token
       rescue Gitlab::Auth::AuthenticationError
         nil
       end
diff --git a/lib/gitlab/auth/user_auth_finders.rb b/lib/gitlab/auth/user_auth_finders.rb
index 4dc23f977da..c7993665421 100644
--- a/lib/gitlab/auth/user_auth_finders.rb
+++ b/lib/gitlab/auth/user_auth_finders.rb
@@ -25,13 +25,15 @@ module Gitlab
         current_request.env['warden']&.authenticate if verified_request?
       end
 
-      def find_user_from_rss_token
-        return unless current_request.path.ends_with?('.atom') || current_request.format.atom?
+      def find_user_from_feed_token
+        return unless rss_request? || ics_request?
 
-        token = current_request.params[:rss_token].presence
+        # NOTE: feed_token was renamed from rss_token but both needs to be supported because
+        #       users might have already added the feed to their RSS reader before the rename
+        token = current_request.params[:feed_token].presence || current_request.params[:rss_token].presence
         return unless token
 
-        User.find_by_rss_token(token) || raise(UnauthorizedError)
+        User.find_by_feed_token(token) || raise(UnauthorizedError)
       end
 
       def find_user_from_access_token
@@ -104,6 +106,14 @@ module Gitlab
       def current_request
         @current_request ||= ensure_action_dispatch_request(request)
       end
+
+      def rss_request?
+        current_request.path.ends_with?('.atom') || current_request.format.atom?
+      end
+
+      def ics_request?
+        current_request.path.ends_with?('.ics') || current_request.format.ics?
+      end
     end
   end
 end
diff --git a/lib/support/nginx/gitlab b/lib/support/nginx/gitlab
index 0e27a28ea6e..72eb8adcce2 100644
--- a/lib/support/nginx/gitlab
+++ b/lib/support/nginx/gitlab
@@ -31,27 +31,27 @@ map $http_upgrade $connection_upgrade_gitlab {
 log_format gitlab_access $remote_addr - $remote_user [$time_local] "$request_method $gitlab_filtered_request_uri $server_protocol" $status $body_bytes_sent "$gitlab_filtered_http_referer" "$http_user_agent";
 
 ## Remove private_token from the request URI
-# In:  /foo?private_token=unfiltered&authenticity_token=unfiltered&rss_token=unfiltered&...
-# Out: /foo?private_token=[FILTERED]&authenticity_token=unfiltered&rss_token=unfiltered&...
+# In:  /foo?private_token=unfiltered&authenticity_token=unfiltered&feed_token=unfiltered&...
+# Out: /foo?private_token=[FILTERED]&authenticity_token=unfiltered&feed_token=unfiltered&...
 map $request_uri $gitlab_temp_request_uri_1 {
   default $request_uri;
   ~(?i)^(?<start>.*)(?<temp>[\?&]private[\-_]token)=[^&]*(?<rest>.*)$ "$start$temp=[FILTERED]$rest";
 }
 
 ## Remove authenticity_token from the request URI
-# In:  /foo?private_token=[FILTERED]&authenticity_token=unfiltered&rss_token=unfiltered&...
-# Out: /foo?private_token=[FILTERED]&authenticity_token=[FILTERED]&rss_token=unfiltered&...
+# In:  /foo?private_token=[FILTERED]&authenticity_token=unfiltered&feed_token=unfiltered&...
+# Out: /foo?private_token=[FILTERED]&authenticity_token=[FILTERED]&feed_token=unfiltered&...
 map $gitlab_temp_request_uri_1 $gitlab_temp_request_uri_2 {
   default $gitlab_temp_request_uri_1;
   ~(?i)^(?<start>.*)(?<temp>[\?&]authenticity[\-_]token)=[^&]*(?<rest>.*)$ "$start$temp=[FILTERED]$rest";
 }
 
-## Remove rss_token from the request URI
-# In:  /foo?private_token=[FILTERED]&authenticity_token=[FILTERED]&rss_token=unfiltered&...
-# Out: /foo?private_token=[FILTERED]&authenticity_token=[FILTERED]&rss_token=[FILTERED]&...
+## Remove feed_token from the request URI
+# In:  /foo?private_token=[FILTERED]&authenticity_token=[FILTERED]&feed_token=unfiltered&...
+# Out: /foo?private_token=[FILTERED]&authenticity_token=[FILTERED]&feed_token=[FILTERED]&...
 map $gitlab_temp_request_uri_2 $gitlab_filtered_request_uri {
   default $gitlab_temp_request_uri_2;
-  ~(?i)^(?<start>.*)(?<temp>[\?&]rss[\-_]token)=[^&]*(?<rest>.*)$ "$start$temp=[FILTERED]$rest";
+  ~(?i)^(?<start>.*)(?<temp>[\?&]feed[\-_]token)=[^&]*(?<rest>.*)$ "$start$temp=[FILTERED]$rest";
 }
 
 ## A version of the referer without the query string
diff --git a/lib/support/nginx/gitlab-ssl b/lib/support/nginx/gitlab-ssl
index 8218d68f9ba..2e3799d5e1b 100644
--- a/lib/support/nginx/gitlab-ssl
+++ b/lib/support/nginx/gitlab-ssl
@@ -36,27 +36,27 @@ map $http_upgrade $connection_upgrade_gitlab_ssl {
 log_format gitlab_ssl_access $remote_addr - $remote_user [$time_local] "$request_method $gitlab_ssl_filtered_request_uri $server_protocol" $status $body_bytes_sent "$gitlab_ssl_filtered_http_referer" "$http_user_agent";
 
 ## Remove private_token from the request URI
-# In:  /foo?private_token=unfiltered&authenticity_token=unfiltered&rss_token=unfiltered&...
-# Out: /foo?private_token=[FILTERED]&authenticity_token=unfiltered&rss_token=unfiltered&...
+# In:  /foo?private_token=unfiltered&authenticity_token=unfiltered&feed_token=unfiltered&...
+# Out: /foo?private_token=[FILTERED]&authenticity_token=unfiltered&feed_token=unfiltered&...
 map $request_uri $gitlab_ssl_temp_request_uri_1 {
   default $request_uri;
   ~(?i)^(?<start>.*)(?<temp>[\?&]private[\-_]token)=[^&]*(?<rest>.*)$ "$start$temp=[FILTERED]$rest";
 }
 
 ## Remove authenticity_token from the request URI
-# In:  /foo?private_token=[FILTERED]&authenticity_token=unfiltered&rss_token=unfiltered&...
-# Out: /foo?private_token=[FILTERED]&authenticity_token=[FILTERED]&rss_token=unfiltered&...
+# In:  /foo?private_token=[FILTERED]&authenticity_token=unfiltered&feed_token=unfiltered&...
+# Out: /foo?private_token=[FILTERED]&authenticity_token=[FILTERED]&feed_token=unfiltered&...
 map $gitlab_ssl_temp_request_uri_1 $gitlab_ssl_temp_request_uri_2 {
   default $gitlab_ssl_temp_request_uri_1;
   ~(?i)^(?<start>.*)(?<temp>[\?&]authenticity[\-_]token)=[^&]*(?<rest>.*)$ "$start$temp=[FILTERED]$rest";
 }
 
-## Remove rss_token from the request URI
-# In:  /foo?private_token=[FILTERED]&authenticity_token=[FILTERED]&rss_token=unfiltered&...
-# Out: /foo?private_token=[FILTERED]&authenticity_token=[FILTERED]&rss_token=[FILTERED]&...
+## Remove feed_token from the request URI
+# In:  /foo?private_token=[FILTERED]&authenticity_token=[FILTERED]&feed_token=unfiltered&...
+# Out: /foo?private_token=[FILTERED]&authenticity_token=[FILTERED]&feed_token=[FILTERED]&...
 map $gitlab_ssl_temp_request_uri_2 $gitlab_ssl_filtered_request_uri {
   default $gitlab_ssl_temp_request_uri_2;
-  ~(?i)^(?<start>.*)(?<temp>[\?&]rss[\-_]token)=[^&]*(?<rest>.*)$ "$start$temp=[FILTERED]$rest";
+  ~(?i)^(?<start>.*)(?<temp>[\?&]feed[\-_]token)=[^&]*(?<rest>.*)$ "$start$temp=[FILTERED]$rest";
 }
 
 ## A version of the referer without the query string
diff --git a/lib/tasks/tokens.rake b/lib/tasks/tokens.rake
index 693597afdf8..81829668de8 100644
--- a/lib/tasks/tokens.rake
+++ b/lib/tasks/tokens.rake
@@ -6,9 +6,9 @@ namespace :tokens do
     reset_all_users_token(:reset_incoming_email_token!)
   end
 
-  desc "Reset all GitLab RSS tokens"
-  task reset_all_rss: :environment do
-    reset_all_users_token(:reset_rss_token!)
+  desc "Reset all GitLab feed tokens"
+  task reset_all_feed: :environment do
+    reset_all_users_token(:reset_feed_token!)
   end
 
   def reset_all_users_token(reset_token_method)
@@ -31,8 +31,8 @@ class TmpUser < ActiveRecord::Base
     save!(validate: false)
   end
 
-  def reset_rss_token!
-    write_new_token(:rss_token)
+  def reset_feed_token!
+    write_new_token(:feed_token)
     save!(validate: false)
   end
 end