Commit cddc83bd authored by Heinrich Lee Yu's avatar Heinrich Lee Yu

Fix GraphQL token auth with relative_url_root

For GraphQL requests, we call `authenticate_sessionless_user!(:api)` so
that we allow token authentication.

This fixes the check for the API URL because it was broken when the
GitLab instance is installed under a relative path.

When checking the path, we should account for the `relative_url_root`
setting.
parent 83ccc18d
---
title: Fix GraphQL token authentication when installed under a relative URL
merge_request: 42706
author:
type: fixed
......@@ -290,7 +290,7 @@ module Gitlab
end
def api_request?
current_request.path.starts_with?('/api/')
current_request.path.starts_with?(Gitlab::Utils.append_path(Gitlab.config.gitlab.relative_url_root, '/api/'))
end
def archive_request?
......
......@@ -419,10 +419,30 @@ RSpec.describe Gitlab::Auth::AuthFinders do
expect(find_user_from_web_access_token(:ics)).to eq(user)
end
it 'returns the user for API requests' do
set_header('SCRIPT_NAME', '/api/endpoint')
context 'for API requests' do
it 'returns the user' do
set_header('SCRIPT_NAME', '/api/endpoint')
expect(find_user_from_web_access_token(:api)).to eq(user)
end
it 'returns nil if URL does not start with /api/' do
set_header('SCRIPT_NAME', '/relative_root/api/endpoint')
expect(find_user_from_web_access_token(:api)).to be_nil
end
expect(find_user_from_web_access_token(:api)).to eq(user)
context 'when relative_url_root is set' do
before do
stub_config_setting(relative_url_root: '/relative_root')
end
it 'returns the user' do
set_header('SCRIPT_NAME', '/relative_root/api/endpoint')
expect(find_user_from_web_access_token(:api)).to eq(user)
end
end
end
end
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment