DEPRECATION: Remove support for api creds in query params (#9106)

* DEPRECATION: Remove support for api creds in query params This commit removes support for api credentials in query params except for a few whitelisted routes like rss/json feeds and the handle_mail route. Several tests were written to valid these changes, but the bulk of the spec changes are just switching them over to use header based auth so that they will pass without changing what they were actually testing. Original commit that notified admins this change was coming was created over 3 months ago: 2db20031879dbafd1a90cbb1a43bca55d51c1b08 * fix tests * Also allow iCalendar feeds Co-authored-by: Rafael dos Santos Silva <xfalcox@gmail.com>
2025-05-30 07:11:34 +08:00 · 2020-04-06 16:55:44 -06:00
parent 58bec3b200
commit d04ba4b3b2
10 changed files with 170 additions and 143 deletions
--- a/spec/requests/embed_controller_spec.rb
+++ b/spec/requests/embed_controller_spec.rb
@ -49,7 +49,8 @@ describe EmbedController do

        it "returns information about the topic" do
          get '/embed/info.json',
-            params: { embed_url: topic_embed.embed_url, api_key: api_key.key, api_username: "system" }
+            params: { embed_url: topic_embed.embed_url },
+            headers: { HTTP_API_KEY: api_key.key, HTTP_API_USERNAME: "system" }

          json = JSON.parse(response.body)
          expect(json['topic_id']).to eq(topic_embed.topic.id)
@ -61,7 +62,8 @@ describe EmbedController do
      context "without invalid embed url" do
        it "returns error response" do
          get '/embed/info.json',
-            params: { embed_url: "http://nope.com", api_key: api_key.key, api_username: "system" }
+            params: { embed_url: "http://nope.com" },
+            headers: { HTTP_API_KEY: api_key.key, HTTP_API_USERNAME: "system" }

          json = JSON.parse(response.body)
          expect(json["error_type"]).to eq("not_found")