Merge branch 'security-fix-pat-web-access' into 'master'

[master] Resolve "Personal access token with only `read_user` scope can be used to authenticate any web request" See merge request gitlab/gitlabhq!2583
author: Cindy Pallares <cindy@gitlab.com> 2018-11-28 19:06:02 +0000
committer: Cindy Pallares <cindy@gitlab.com> 2018-11-28 19:13:59 -0500
commit: fe5f75930e781ef854b458fafa307ebb90a8ed2e (patch)
tree: 7160814e28d056568685e8fe84456755ce02fecd /spec/controllers/dashboard
parent: e122e14ac6a25c7813ca888a97bd4a3298e78d9d (diff)
download: gitlab-ce-fe5f75930e781ef854b458fafa307ebb90a8ed2e.tar.gz
1 files changed, 5 insertions, 0 deletions
diff --git a/spec/controllers/dashboard/projects_controller_spec.rb b/spec/controllers/dashboard/projects_controller_spec.rb
new file mode 100644
index 00000000000..2975205e09c
--- /dev/null
+++ b/spec/controllers/dashboard/projects_controller_spec.rb
@@ -0,0 +1,5 @@
+require 'spec_helper'
+
+describe Dashboard::ProjectsController do
+  it_behaves_like 'authenticates sessionless user', :index, :atom
+end
author	Cindy Pallares <cindy@gitlab.com>	2018-11-28 19:06:02 +0000
committer	Cindy Pallares <cindy@gitlab.com>	2018-11-28 19:13:59 -0500
commit	fe5f75930e781ef854b458fafa307ebb90a8ed2e (patch)
tree	7160814e28d056568685e8fe84456755ce02fecd /spec/controllers/dashboard
parent	e122e14ac6a25c7813ca888a97bd4a3298e78d9d (diff)
download	gitlab-ce-fe5f75930e781ef854b458fafa307ebb90a8ed2e.tar.gz