diff options
author | James Edwards-Jones <jedwardsjones@gitlab.com> | 2019-07-20 14:30:26 +0100 |
---|---|---|
committer | James Edwards-Jones <jedwardsjones@gitlab.com> | 2019-08-22 16:44:09 +0100 |
commit | e00b07b978a9fb4f368f69aab99cfd105ab5b6b3 (patch) | |
tree | 53dedcdf2ae4bf1783c387aa1f34d29a01cebd79 /spec/requests/jwt_controller_spec.rb | |
parent | 9f6ff5dca286b99a960e923efa5a24030de462ec (diff) | |
download | gitlab-ce-e00b07b978a9fb4f368f69aab99cfd105ab5b6b3.tar.gz |
JwtController avoids activating session checksce-jej/fix-sso-enforced-docker-registry-auth
This used without a session and issues a sessionless token, so we
should avoid causing access checks based on the session.
Diffstat (limited to 'spec/requests/jwt_controller_spec.rb')
-rw-r--r-- | spec/requests/jwt_controller_spec.rb | 8 |
1 files changed, 8 insertions, 0 deletions
diff --git a/spec/requests/jwt_controller_spec.rb b/spec/requests/jwt_controller_spec.rb index bba473f1c20..8b2c698fee1 100644 --- a/spec/requests/jwt_controller_spec.rb +++ b/spec/requests/jwt_controller_spec.rb @@ -108,6 +108,14 @@ describe JwtController do end end end + + it 'does not cause session based checks to be activated' do + expect(Gitlab::Session).not_to receive(:with_session) + + get '/jwt/auth', params: parameters, headers: headers + + expect(response).to have_gitlab_http_status(200) + end end context 'using invalid login' do |