From f970aef91de1e14c453043d45b707d6d651fc5fe Mon Sep 17 00:00:00 2001 From: mpage Date: Thu, 20 Oct 2011 15:25:33 -0700 Subject: [PATCH] Stick the staging task id in request headers for services requests This is more in keeping with current practices of sticking auth tokens into header fields. Test plan: - Updated unit test passes. Change-Id: I7e190f3db9f85b13b8fba59ee81d3fd233c0fbfb --- cloud_controller/app/controllers/services_controller.rb | 3 ++- cloud_controller/spec/controllers/services_controller_spec.rb | 2 +- 2 files changed, 3 insertions(+), 2 deletions(-) diff --git a/cloud_controller/app/controllers/services_controller.rb b/cloud_controller/app/controllers/services_controller.rb index 560a19014..e1f38a9a5 100644 --- a/cloud_controller/app/controllers/services_controller.rb +++ b/cloud_controller/app/controllers/services_controller.rb @@ -248,7 +248,8 @@ def unbind def require_user_or_staging_task_id unless user - staging_task = StagingTask.find_task(params[:staging_task_id]) + staging_task_id = request.headers['X_VCAP_STAGING_TASK_ID'] + staging_task = StagingTask.find_task(staging_task_id) @current_user = staging_task.user if staging_task end raise CloudError.new(CloudError::FORBIDDEN) unless user diff --git a/cloud_controller/spec/controllers/services_controller_spec.rb b/cloud_controller/spec/controllers/services_controller_spec.rb index 300b5ee81..b72310a9c 100644 --- a/cloud_controller/spec/controllers/services_controller_spec.rb +++ b/cloud_controller/spec/controllers/services_controller_spec.rb @@ -407,7 +407,7 @@ def unbind_instance(service_id, handle_id, binding_options) end it 'should set the user for the request to the user associated with the supplied staging task' do - @controller.stubs(:params).returns({:staging_task_id => 1}) + request.env['X_VCAP_STAGING_TASK_ID'] = 1 mock_task = mock() mock_task.expects(:user).returns(@user) StagingTask.expects(:find_task).with(1).returns(mock_task)