diff --git a/config/feature_flags/ops/graphql_minimal_auth_methods.yml b/config/feature_flags/ops/graphql_minimal_auth_methods.yml
deleted file mode 100644
index aaac24332c7a1d90ef885a974f81c8f4ede59c68..0000000000000000000000000000000000000000
--- a/config/feature_flags/ops/graphql_minimal_auth_methods.yml
+++ /dev/null
@@ -1,9 +0,0 @@
----
-name: graphql_minimal_auth_methods
-feature_issue_url: https://gitlab.com/gitlab-org/gitlab/-/issues/438462
-introduced_by_url: https://gitlab.com/gitlab-org/gitlab/-/merge_requests/150407
-rollout_issue_url: https://gitlab.com/gitlab-org/gitlab/-/issues/444929
-milestone: '17.0'
-group: group::authentication
-type: ops
-default_enabled: true
\ No newline at end of file
diff --git a/doc/api/graphql/index.md b/doc/api/graphql/index.md
index e3d223b0a560db4b3d2fea81b63d9c6621ffaed8..10771344ff52d5c1e293a549d502060cd9e99441 100644
--- a/doc/api/graphql/index.md
+++ b/doc/api/graphql/index.md
@@ -66,9 +66,6 @@ If the authentication information is not valid, GitLab returns an error message
#### Token authentication
-> - Authentication method restrictions [introduced](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/150407) in GitLab 17.0 [with a flag](../../administration/feature_flags.md) named `graphql_minimal_auth_methods` and backported to GitLab 17.0.3 and GitLab 16.11.5. Disabled by default in 17.0.
-> - Flag enabled by default in 17.0.3 and 16.11.5, therefore restrictions are enforced in these versions and later.
-
Use any of the following tokens to authenticate with the GraphQL API:
- [OAuth 2.0 tokens](../../api/oauth2.md)
diff --git a/ee/spec/controllers/ee/graphql_controller_spec.rb b/ee/spec/controllers/ee/graphql_controller_spec.rb
index 3be8a7e4483c912dadb09919f952c51dcc181194..c984dbc32522efeed5ecee357bc84eb8318d274d 100644
--- a/ee/spec/controllers/ee/graphql_controller_spec.rb
+++ b/ee/spec/controllers/ee/graphql_controller_spec.rb
@@ -15,16 +15,6 @@
it 'succeeds' do
expect(response).to be_successful
end
-
- context 'when graphql_minimal_auth_methods is disabled' do
- before do
- stub_feature_flags(graphql_minimal_auth_methods: false)
- end
-
- it 'fails' do
- expect(response).not_to be_successful
- end
- end
end
context 'when user uses a read_user scope API token' do
diff --git a/lib/gitlab/auth/request_authenticator.rb b/lib/gitlab/auth/request_authenticator.rb
index e20820a5118ff3b531fd82ca3b06e2ebed5c0512..df45264dda4a93c4195d338a56caa2be8251c0a8 100644
--- a/lib/gitlab/auth/request_authenticator.rb
+++ b/lib/gitlab/auth/request_authenticator.rb
@@ -68,12 +68,8 @@ def valid_access_token?(scopes: [])
#
# Overridden in EE
def find_user_for_graphql_api_request
- if Feature.enabled? :graphql_minimal_auth_methods # rubocop:disable Gitlab/FeatureFlagWithoutActor -- reverting MR
- find_user_from_web_access_token(:api, scopes: graphql_authorization_scopes) ||
- find_user_from_personal_access_token_for_api_or_git
- else
- find_user_from_any_authentication_method(:api)
- end
+ find_user_from_web_access_token(:api, scopes: graphql_authorization_scopes) ||
+ find_user_from_personal_access_token_for_api_or_git
end
# Overridden in EE
diff --git a/spec/requests/api/graphql_spec.rb b/spec/requests/api/graphql_spec.rb
index 267d40cf509e45be1476a4cd0a6eef564ef8c10d..425db1c296f8b7e74c719f62b08902a0902a45ff 100644
--- a/spec/requests/api/graphql_spec.rb
+++ b/spec/requests/api/graphql_spec.rb
@@ -439,18 +439,6 @@
expect(graphql_data['currentUser']).to be_nil
end
-
- context 'when graphql_minimal_auth_methods FF is disabled' do
- before do
- stub_feature_flags(graphql_minimal_auth_methods: false)
- end
-
- it 'authenticates users with an LFS token' do
- post '/api/graphql.git', params: { query: query }, headers: headers
-
- expect(graphql_data['currentUser']['username']).to eq(user.username)
- end
- end
end
describe 'with job token' do
@@ -468,18 +456,6 @@
expect_graphql_errors_to_include(/Invalid token/)
end
-
- context 'when graphql_minimal_auth_methods FF is disabled' do
- before do
- stub_feature_flags(graphql_minimal_auth_methods: false)
- end
-
- it 'authenticates as the user' do
- post '/api/graphql', params: { query: query, job_token: job_token }
-
- expect(graphql_data['currentUser']['username']).to eq(user.username)
- end
- end
end
describe 'with static object token' do
@@ -498,25 +474,6 @@
expect_graphql_errors_to_include(/Invalid token/)
end
-
- # context is included to demonstrate that the FF code is not changing this behavior
- context 'when graphql_minimal_auth_methods FF is disabled' do
- before do
- stub_feature_flags(graphql_minimal_auth_methods: false)
- end
-
- it 'does not authenticate user from header' do
- post '/api/graphql', params: { query: query }, headers: headers
-
- expect(graphql_data['currentUser']).to be_nil
- end
-
- it 'does not authenticate user from parameter' do
- post "/api/graphql?token=#{user.static_object_token}", params: { query: query }
-
- expect_graphql_errors_to_include(/Invalid token/)
- end
- end
end
describe 'with dependency proxy token' do
@@ -537,25 +494,6 @@
expect_graphql_errors_to_include(/Invalid token/)
end
-
- # context is included to demonstrate that the FF code is not changing this behavior
- context 'when graphql_minimal_auth_methods FF is disabled' do
- before do
- stub_feature_flags(graphql_minimal_auth_methods: false)
- end
-
- it 'does not authenticate user from dependency proxy token in headers' do
- post '/api/graphql', params: { query: query }, headers: headers
-
- expect_graphql_errors_to_include(/Invalid token/)
- end
-
- it 'does not authenticate user from dependency proxy token in parameter' do
- post "/api/graphql?access_token=#{token}", params: { query: query }
-
- expect_graphql_errors_to_include(/Invalid token/)
- end
- end
end
end