summaryrefslogtreecommitdiff
path: root/spec/controllers/graphql_controller_spec.rb
Commit message (Collapse)AuthorAgeFilesLines
* Add API access check to GraphqlFelipe Artur2019-03-271-0/+45
| | | | Check if user can access API on GraphqlController
* Allow GraphQL requests without CSRF tokenBob Van Landuyt2019-03-061-112/+0
| | | | | | | | | | | | With this we allow authentication using a session or using personal access token. Authentication using a session, and CSRF token makes it easy to play with GraphQL from the Graphiql endpoint we expose. But we cannot enforce CSRF validity, otherwise authentication for regular API clients would fail when they use personal access tokens to authenticate.
* Update specs to rails5 formatblackst0ne-convert-specs-rails5-styleblackst0ne2018-12-191-1/+1
| | | | | | | | | | Updates specs to use new rails5 format. The old format: `get :show, { some: params }, { some: headers }` The new format: `get :show, params: { some: params }, headers: { some: headers }`
* Merge branch 'security-fix-pat-web-access' into 'master'Cindy Pallares2018-11-281-2/+45
| | | | | [master] Resolve "Personal access token with only `read_user` scope can be used to authenticate any web request" See merge request gitlab/gitlabhq!2583
* Handle exceptions outside the GraphQL schemaBob Van Landuyt2018-06-051-2/+13
| | | | | This allows us to report JSON parse exceptions to clients and ignore them in sentry.
* Add a minimal GraphQL APINick Thomas2018-06-051-0/+58
View Lorry Controller Status