-
- Downloads
Calls to the API are checked for scope.
- Move the `Oauth2::AccessTokenValidationService` class to `AccessTokenValidationService`, since it is now being used for personal access token validation as well. - Each API endpoint declares the scopes it accepts (if any). Currently, the top level API module declares the `api` scope, and the `Users` API module declares the `read_user` scope (for GET requests). - Move the `find_user_by_private_token` from the API `Helpers` module to the `APIGuard` module, to avoid littering `Helpers` with more auth-related methods to support `find_user_by_private_token`
Showing
- app/services/access_token_validation_service.rb 34 additions, 0 deletionsapp/services/access_token_validation_service.rb
- config/initializers/doorkeeper.rb 2 additions, 2 deletionsconfig/initializers/doorkeeper.rb
- config/locales/doorkeeper.en.yml 1 addition, 0 deletionsconfig/locales/doorkeeper.en.yml
- lib/api/api.rb 2 additions, 0 deletionslib/api/api.rb
- lib/api/api_guard.rb 45 additions, 17 deletionslib/api/api_guard.rb
- lib/api/helpers.rb 3 additions, 12 deletionslib/api/helpers.rb
- lib/api/users.rb 4 additions, 1 deletionlib/api/users.rb
- lib/gitlab/auth.rb 4 additions, 0 deletionslib/gitlab/auth.rb
- spec/requests/api/doorkeeper_access_spec.rb 1 addition, 1 deletionspec/requests/api/doorkeeper_access_spec.rb
- spec/requests/api/helpers_spec.rb 26 additions, 17 deletionsspec/requests/api/helpers_spec.rb
- spec/services/access_token_validation_service_spec.rb 42 additions, 0 deletionsspec/services/access_token_validation_service_spec.rb
Loading
Please register or sign in to comment