Merge branch 'features/unauth-access-ssh-keys' into 'master'

List public ssh keys by id or username without authentication See merge request gitlab-org/gitlab-ce!20118
2018-10-05 08:41:04 +00:00 · 2018-10-05 08:41:04 +00:00 · 9fcd903b60
commit 9fcd903b60
parent 81641e592a 7d55c1353d
4 changed files with 23 additions and 30 deletions
--- a/changelogs/unreleased/features-unauth-access-ssh-keys.yml
+++ b/changelogs/unreleased/features-unauth-access-ssh-keys.yml
@ -0,0 +1,5 @@
+---
+title: Enable unauthenticated access to public SSH keys via the API
+merge_request: 20118
+author: Ronald Claveau
+type: changed
--- a/doc/api/users.md
+++ b/doc/api/users.md
@ -558,7 +558,7 @@ Parameters:

 ## List SSH keys for user

-Get a list of a specified user's SSH keys. Available only for admin
+Get a list of a specified user's SSH keys.

 ```
 GET /users/:id/keys
--- a/lib/api/users.rb
+++ b/lib/api/users.rb
@ -256,7 +256,7 @@ module API
      end
      # rubocop: enable CodeReuse/ActiveRecord

-      desc 'Get the SSH keys of a specified user. Available only for admins.' do
+      desc 'Get the SSH keys of a specified user.' do
        success Entities::SSHKey
      end
      params do
@ -265,10 +265,8 @@ module API
      end
      # rubocop: disable CodeReuse/ActiveRecord
      get ':id/keys' do
-        authenticated_as_admin!
-
        user = User.find_by(id: params[:id])
-        not_found!('User') unless user
+        not_found!('User') unless user && can?(current_user, :read_user, user)

        present paginate(user.keys), with: Entities::SSHKey
      end
--- a/spec/requests/api/users_spec.rb
+++ b/spec/requests/api/users_spec.rb
@ -785,35 +785,25 @@ describe API::Users do
  end

  describe 'GET /user/:id/keys' do
-    before do
-      admin
+    it 'returns 404 for non-existing user' do
+      user_id = not_existing_user_id
+
+      get api("/users/#{user_id}/keys")
+
+      expect(response).to have_gitlab_http_status(404)
+      expect(json_response['message']).to eq('404 User Not Found')
    end

-    context 'when unauthenticated' do
-      it 'returns authentication error' do
-        get api("/users/#{user.id}/keys")
-        expect(response).to have_gitlab_http_status(401)
-      end
-    end
+    it 'returns array of ssh keys' do
+      user.keys << key
+      user.save

-    context 'when authenticated' do
-      it 'returns 404 for non-existing user' do
-        get api('/users/999999/keys', admin)
-        expect(response).to have_gitlab_http_status(404)
-        expect(json_response['message']).to eq('404 User Not Found')
-      end
+      get api("/users/#{user.id}/keys")

-      it 'returns array of ssh keys' do
-        user.keys << key
-        user.save
-
-        get api("/users/#{user.id}/keys", admin)
-
-        expect(response).to have_gitlab_http_status(200)
-        expect(response).to include_pagination_headers
-        expect(json_response).to be_an Array
-        expect(json_response.first['title']).to eq(key.title)
-      end
+      expect(response).to have_gitlab_http_status(200)
+      expect(response).to include_pagination_headers
+      expect(json_response).to be_an Array
+      expect(json_response.first['title']).to eq(key.title)
    end
  end