| Commit message (Collapse) | Author | Age | Files | Lines |
|
|
|
| |
Check if user can access API on GraphqlController
|
|
|
|
|
|
|
|
|
|
|
|
| |
With this we allow authentication using a session or using personal
access token.
Authentication using a session, and CSRF token makes it easy to play
with GraphQL from the Graphiql endpoint we expose.
But we cannot enforce CSRF validity, otherwise authentication for
regular API clients would fail when they use personal access tokens to
authenticate.
|
|
|
|
|
|
|
|
|
|
| |
Updates specs to use new rails5 format.
The old format:
`get :show, { some: params }, { some: headers }`
The new format:
`get :show, params: { some: params }, headers: { some: headers }`
|
|
|
|
|
| |
[master] Resolve "Personal access token with only `read_user` scope can be used to authenticate any web request"
See merge request gitlab/gitlabhq!2583
|
|
|
|
|
| |
This allows us to report JSON parse exceptions to clients and ignore
them in sentry.
|
|
|