kotovalexarian-likes-gitlab
/
gitlab-org--gitlab-foss
1
0
Fork 0
Code Releases Activity

List public ssh keys by id or username without authentication

This commit is contained in:
Ronald Claveau 2018-06-28 08:13:21 +02:00
parent 227cc997fb
commit 7d55c1353d
4 changed files with 23 additions and 30 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
changelogs/unreleased/features-unauth-access-ssh-keys.yml Normal file
View File

@ -0,0 +1,5 @@
---
title: Enable unauthenticated access to public SSH keys via the API
merge_request: 20118
author: Ronald Claveau
type: changed

2
doc/api/users.md
View File

@ -556,7 +556,7 @@ Parameters:
## List SSH keys for user ## List SSH keys for user
Get a list of a specified user's SSH keys. Available only for admin Get a list of a specified user's SSH keys.
``` ```
GET /users/:id/keys GET /users/:id/keys

6
lib/api/users.rb
View File

@ -254,7 +254,7 @@ module API
end end
# rubocop: enable CodeReuse/ActiveRecord # rubocop: enable CodeReuse/ActiveRecord
desc 'Get the SSH keys of a specified user. Available only for admins.' do desc 'Get the SSH keys of a specified user.' do
success Entities::SSHKey success Entities::SSHKey
end end
params do params do
@ -263,10 +263,8 @@ module API
end end
# rubocop: disable CodeReuse/ActiveRecord # rubocop: disable CodeReuse/ActiveRecord
get ':id/keys' do get ':id/keys' do
authenticated_as_admin!
user = User.find_by(id: params[:id]) user = User.find_by(id: params[:id])
not_found!('User') unless user not_found!('User') unless user && can?(current_user, :read_user, user)
present paginate(user.keys), with: Entities::SSHKey present paginate(user.keys), with: Entities::SSHKey
end end

40
spec/requests/api/users_spec.rb
View File

@ -785,35 +785,25 @@ describe API::Users do
end end
describe 'GET /user/:id/keys' do describe 'GET /user/:id/keys' do
before do it 'returns 404 for non-existing user' do
admin user_id = not_existing_user_id
get api("/users/#{user_id}/keys")
expect(response).to have_gitlab_http_status(404)
expect(json_response['message']).to eq('404 User Not Found')
end end
context 'when unauthenticated' do it 'returns array of ssh keys' do
it 'returns authentication error' do user.keys << key
get api("/users/#{user.id}/keys") user.save
expect(response).to have_gitlab_http_status(401)
end
end
context 'when authenticated' do get api("/users/#{user.id}/keys")
it 'returns 404 for non-existing user' do
get api('/users/999999/keys', admin)
expect(response).to have_gitlab_http_status(404)
expect(json_response['message']).to eq('404 User Not Found')
end
it 'returns array of ssh keys' do expect(response).to have_gitlab_http_status(200)
user.keys << key expect(response).to include_pagination_headers
user.save expect(json_response).to be_an Array
expect(json_response.first['title']).to eq(key.title)
get api("/users/#{user.id}/keys", admin)
expect(response).to have_gitlab_http_status(200)
expect(response).to include_pagination_headers
expect(json_response).to be_an Array
expect(json_response.first['title']).to eq(key.title)
end
end end
end end