Fix opensearch for anonymous users

2ea35022 · Dmitry Gruzd · 92a06b97 · 2ea35022 · 2ea35022 · 2ea35022
Commit 2ea35022 authored Feb 03, 2021 by Dmitry Gruzd
3 changed files
--- a/app/controllers/search_controller.rb
+++ b/app/controllers/search_controller.rb
@@ -9,7 +9,7 @@ class SearchController < ApplicationController

  around_action :allow_gitaly_ref_name_caching

-  before_action :block_anonymous_global_searches
+  before_action :block_anonymous_global_searches, except: :opensearch
  skip_before_action :authenticate_user!
  requires_cross_project_access if: -> do
    search_term_present = params[:search].present? || params[:term].present?

--- a/changelogs/unreleased/fix-opensearch.yml
+++ b/changelogs/unreleased/fix-opensearch.yml
+---
+title: Fix opensearch for anonymous users
+merge_request: 53056
+author:
+type: fixed
--- a/spec/controllers/search_controller_spec.rb
+++ b/spec/controllers/search_controller_spec.rb
@@ -5,6 +5,7 @@ require 'spec_helper'
 RSpec.describe SearchController do
  include ExternalAuthorizationServiceHelpers

+  context 'authorized user' do
    let(:user) { create(:user) }

    before do
@@ -258,20 +259,6 @@ RSpec.describe SearchController do
      it_behaves_like 'with external authorization service enabled', :autocomplete, { term: 'hello' }
    end

-  describe 'GET #opensearch' do
-    render_views
-
-    it 'renders xml' do
-      get :opensearch, format: :xml
-
-      doc = Nokogiri::XML.parse(response.body)
-
-      expect(response).to have_gitlab_http_status(:ok)
-      expect(doc.css('OpenSearchDescription ShortName').text).to eq('GitLab')
-      expect(doc.css('OpenSearchDescription *').map(&:name)).to eq(%w[ShortName Description InputEncoding Image Url SearchForm])
-    end
-  end
-
    describe '#append_info_to_payload' do
      it 'appends search metadata for logging' do
        last_payload = nil
@@ -293,4 +280,21 @@ RSpec.describe SearchController do
        expect(last_payload[:metadata]['meta.search.filters.state']).to eq('true')
      end
    end
+  end
+
+  context 'unauthorized user' do
+    describe 'GET #opensearch' do
+      render_views
+
+      it 'renders xml' do
+        get :opensearch, format: :xml
+
+        doc = Nokogiri::XML.parse(response.body)
+
+        expect(response).to have_gitlab_http_status(:ok)
+        expect(doc.css('OpenSearchDescription ShortName').text).to eq('GitLab')
+        expect(doc.css('OpenSearchDescription *').map(&:name)).to eq(%w[ShortName Description InputEncoding Image Url SearchForm])
+      end
+    end
+  end
 end