diff options
| author | Stan Hu <stan@gitlab.com> | 2018-01-06 06:18:13 +0000 |
|---|---|---|
| committer | Stan Hu <stanhu@gmail.com> | 2018-01-16 17:04:38 -0800 |
| commit | 0424801ec8854167d17c76b68e6ae8c5b5a6a52a (patch) | |
| tree | 460bdd4d717df4dc8b08106d0f48a00cbf0ec4f1 /spec/requests | |
| parent | 3228ac06a019c9126b965ff32e354d10011a4f76 (diff) | |
| download | gitlab-ce-0424801ec8854167d17c76b68e6ae8c5b5a6a52a.tar.gz | |
Merge branch 'security-10-3-do-not-expose-passwords-or-tokens-in-service-integrations-api' into 'security-10-3'
Filter out sensitive fields from the project services API
See merge request gitlab/gitlabhq!2281
(cherry picked from commit 476f2576444632f2a9a61b4cead9c1077f2c81d7)
2bcbbda0 Filter out sensitive fields from the project services API
Diffstat (limited to 'spec/requests')
| -rw-r--r-- | spec/requests/api/services_spec.rb | 4 |
1 files changed, 2 insertions, 2 deletions
diff --git a/spec/requests/api/services_spec.rb b/spec/requests/api/services_spec.rb index 26d56c04862..236f8d7faf5 100644 --- a/spec/requests/api/services_spec.rb +++ b/spec/requests/api/services_spec.rb @@ -83,14 +83,14 @@ describe API::Services do get api("/projects/#{project.id}/services/#{dashed_service}", admin) expect(response).to have_gitlab_http_status(200) - expect(json_response['properties'].keys.map(&:to_sym)).to match_array(service_attrs_list.map) + expect(json_response['properties'].keys).to match_array(service_instance.api_field_names) end it "returns properties of service #{service} other than passwords when authenticated as project owner" do get api("/projects/#{project.id}/services/#{dashed_service}", user) expect(response).to have_gitlab_http_status(200) - expect(json_response['properties'].keys.map(&:to_sym)).to match_array(service_attrs_list_without_passwords) + expect(json_response['properties'].keys).to match_array(service_instance.api_field_names) end it "returns error when authenticated but not a project owner" do |