diff options
| author | Stan Hu <stanhu@gmail.com> | 2018-10-17 13:02:40 -0700 |
|---|---|---|
| committer | Stan Hu <stanhu@gmail.com> | 2018-10-17 13:16:31 -0700 |
| commit | 3d82f20d1bae1ba4f67a87d66828d65c7cef651d (patch) | |
| tree | 62ef2be7ad7460883a2176aa3bb4001aff68026c | |
| parent | c09de611ea9d8cbff7a1696ee63262ef65972daa (diff) | |
| download | gitlab-ce-3d82f20d1bae1ba4f67a87d66828d65c7cef651d.tar.gz | |
Strip whitespace around GitHub personal access tokens
Some browsers insert a trailing whitespace after pasting the
token into the field. This should help reduce confusion.
Closes https://gitlab.com/gitlab-org/gitlab-ce/issues/46588
3 files changed, 18 insertions, 1 deletions
diff --git a/app/controllers/import/github_controller.rb b/app/controllers/import/github_controller.rb index 1dfa814cdd5..e3eec5a020d 100644 --- a/app/controllers/import/github_controller.rb +++ b/app/controllers/import/github_controller.rb @@ -20,7 +20,7 @@ class Import::GithubController < Import::BaseController end def personal_access_token - session[access_token_key] = params[:personal_access_token] + session[access_token_key] = params[:personal_access_token]&.strip redirect_to status_import_url end diff --git a/changelogs/unreleased/sh-strip-github-pat-whitespace.yml b/changelogs/unreleased/sh-strip-github-pat-whitespace.yml new file mode 100644 index 00000000000..ea26f57e8f0 --- /dev/null +++ b/changelogs/unreleased/sh-strip-github-pat-whitespace.yml @@ -0,0 +1,5 @@ +--- +title: Strip whitespace around GitHub personal access tokens +merge_request: 22432 +author: +type: fixed diff --git a/spec/support/controllers/githubish_import_controller_shared_examples.rb b/spec/support/controllers/githubish_import_controller_shared_examples.rb index 1c1b68c12a2..140490f2dc2 100644 --- a/spec/support/controllers/githubish_import_controller_shared_examples.rb +++ b/spec/support/controllers/githubish_import_controller_shared_examples.rb @@ -22,6 +22,18 @@ shared_examples 'a GitHub-ish import controller: POST personal_access_token' do expect(session[:"#{provider}_access_token"]).to eq(token) expect(controller).to redirect_to(status_import_url) end + + it "strips access token with spaces" do + token = 'asdfasdf9876' + + allow_any_instance_of(Gitlab::LegacyGithubImport::Client) + .to receive(:user).and_return(true) + + post :personal_access_token, personal_access_token: " #{token} " + + expect(session[:"#{provider}_access_token"]).to eq(token) + expect(controller).to redirect_to(status_import_url) + end end shared_examples 'a GitHub-ish import controller: GET new' do |