From d915e7d5cad99b8971e65d30accc8bc7a05fecbc Mon Sep 17 00:00:00 2001
From: Timothy Andrew <mail@timothyandrew.net>
Date: Wed, 11 May 2016 10:16:23 +0530
Subject: [PATCH] Reuse the private token param and header for personal access
tokens.
- https://gitlab.com/gitlab-org/gitlab-ce/merge_requests/3749#note_11626427
- Personal access tokens are still a separate entity as far as the
codebase is concerned - they just happen to use the same entry point
as private tokens.
- Update tests and documentation to reflect this change
---
app/controllers/application_controller.rb | 2 +-
doc/api/README.md | 4 ++--
lib/api/helpers.rb | 4 ++--
spec/controllers/application_controller_spec.rb | 6 +++---
4 files changed, 8 insertions(+), 8 deletions(-)
diff --git a/app/controllers/application_controller.rb b/app/controllers/application_controller.rb
index 72ba1a85cff..b26afb42e74 100644
--- a/app/controllers/application_controller.rb
+++ b/app/controllers/application_controller.rb
@@ -80,7 +80,7 @@ class ApplicationController < ActionController::Base
end
def authenticate_user_from_personal_access_token!
- token_string = params[:personal_access_token].presence || request.headers['PERSONAL_ACCESS_TOKEN'].presence
+ token_string = params[:private_token].presence || request.headers['PRIVATE-TOKEN'].presence
personal_access_token = PersonalAccessToken.active.find_by_token(token_string)
user = personal_access_token && personal_access_token.user
diff --git a/doc/api/README.md b/doc/api/README.md
index 0e9dc7acfed..276816b2807 100644
--- a/doc/api/README.md
+++ b/doc/api/README.md
@@ -77,8 +77,8 @@ You can create as many personal access tokens as you like from your GitLab
profile (`/profile/personal_access_tokens`); perhaps one for each application
that needs access to the GitLab API.
-Once you have your token, pass it to the API using either the `personal_access_token`
-parameter or the `PERSONAL-ACCESS-TOKEN` header.
+Once you have your token, pass it to the API using either the `private_token`
+parameter or the `PRIVATE-TOKEN` header.
## Basic Usage
diff --git a/lib/api/helpers.rb b/lib/api/helpers.rb
index de9a1b0eb94..68642e2d8a7 100644
--- a/lib/api/helpers.rb
+++ b/lib/api/helpers.rb
@@ -4,8 +4,8 @@ module API
PRIVATE_TOKEN_PARAM = :private_token
SUDO_HEADER ="HTTP_SUDO"
SUDO_PARAM = :sudo
- PERSONAL_ACCESS_TOKEN_PARAM = :personal_access_token
- PERSONAL_ACCESS_TOKEN_HEADER = "HTTP_PERSONAL_ACCESS_TOKEN"
+ PERSONAL_ACCESS_TOKEN_PARAM = PRIVATE_TOKEN_PARAM
+ PERSONAL_ACCESS_TOKEN_HEADER = PRIVATE_TOKEN_HEADER
def parse_boolean(value)
[ true, 1, '1', 't', 'T', 'true', 'TRUE', 'on', 'ON' ].include?(value)
diff --git a/spec/controllers/application_controller_spec.rb b/spec/controllers/application_controller_spec.rb
index e8bdbf1afb7..d7835dc6e2b 100644
--- a/spec/controllers/application_controller_spec.rb
+++ b/spec/controllers/application_controller_spec.rb
@@ -72,20 +72,20 @@ describe ApplicationController do
let(:personal_access_token) { create(:personal_access_token, user: user) }
it "logs the user in when the 'personal_access_token' param is populated with the personal access token" do
- get :index, personal_access_token: personal_access_token.token
+ get :index, private_token: personal_access_token.token
expect(response.status).to eq(200)
expect(response.body).to eq('authenticated')
end
it "logs the user in when the 'PERSONAL_ACCESS_TOKEN' header is populated with the personal access token" do
- @request.headers["PERSONAL_ACCESS_TOKEN"] = personal_access_token.token
+ @request.headers["PRIVATE-TOKEN"] = personal_access_token.token
get :index
expect(response.status).to eq(200)
expect(response.body).to eq('authenticated')
end
it "doesn't log the user in otherwise" do
- get :index, personal_access_token: "token"
+ get :index, private_token: "token"
expect(response.status).to_not eq(200)
expect(response.body).to_not eq('authenticated')
end
--
GitLab