suzanne.soy/travis-api
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

have auth not freak out on GH error

Browse Source
This commit is contained in:
Konstantin Haase 2015-03-12 17:54:36 +01:00
parent bf6384e50e
commit 1b3bbca5a5
2 changed files with 12 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
lib/travis/api/app/endpoint/authorization.rb
View File

@ -274,6 +274,9 @@ class Travis::Api::App
user = manager.fetch user = manager.fetch
halt 403, 'not a Travis user' if user.nil? halt 403, 'not a Travis user' if user.nil?
user user
rescue GH::Error
# not a valid token actually, but we don't want to expose that info
halt 403, 'not a Travis user'
end end
def get_token(endpoint, values) def get_token(endpoint, values)

9
spec/unit/endpoint/authorization_spec.rb
View File

@ -138,9 +138,18 @@ describe Travis::Api::App::Endpoint::Authorization do
end end
it "errors if no token is given" do it "errors if no token is given" do
User.stubs(:find_by_github_id).with(111).returns(user)
post("/auth/github").should_not be_ok post("/auth/github").should_not be_ok
last_response.status.should == 422 last_response.status.should == 422
body.should_not include("access_token") body.should_not include("access_token")
end end
it "errors if github throws an error" do
GH.stubs(:with).raises(GH::Error)
post("/auth/github", github_token: 'foo bar').should_not be_ok
last_response.status.should == 403
body.should_not include("access_token")
body.should include("not a Travis user")
end
end end
end end