Avoid using `authenticate bearer` for the API (!1652) · Merge requests · gitter / webapp

Tomas Vik (OOO back on 2024-05-09) requested to merge 2346-fix-api-for-nli into develop Nov 14, 2019

Background

See https://gitlab.com/gitlab-org/gitter/webapp/issues/2346#why-does-it-work-in-production

Testing strategy

Happy path:

access a chat room as an anonymous user and scroll up. See the infinite scrolling request for more messages succeed.

Sad path (testing regression)

The most important thing to test is not allowing unauthorized access to private rooms. Even though no middleware has been removed, the order slightly changed for the web application.

Try to access private room using the website (with authorized and unauthorized user)
Try to access private room using API (with authorized and unauthorized user)

curl 'http://localhost:5000/api/v1/rooms/:roomId/chatMessages?access_token=:accessToken'

Note: easiest way to access the token is typing tropueContext.accessToken into the browser console

Edited Nov 16, 2019 by Eric Eastwood

Avoid using `authenticate bearer` for the API

Background

Testing strategy

Happy path:

Sad path (testing regression)

Merge request reports