Make runner's veryfication working again

In APIv1 we were using UpdateJob to verify if the runner exists. It was
the only method that was using Runner's token and used in special way
had no side effects (like scheduling a new job or unregisterring a
Runner).

In APIv4 we've change UpdateJob to use job's token as authentication
credentials, and that way we've removed the only endpoint that could
be used to verify if the Runner with a certain token exists in target
GitLab installation.

This commit adds `POST /api/v4/runners/verify` endpoint whose only
responsibility is to respond if Runner with posted credentials exists or
not.
This commit is contained in:
Tomasz Maczukin 2017-03-15 00:27:10 +01:00 committed by Kamil Trzcinski
parent 691402fb2b
commit bbf4d27a5c
No known key found for this signature in database
GPG key ID: 4505F5C7E12C6A5A
2 changed files with 39 additions and 0 deletions

View file

@ -47,6 +47,17 @@ module API
authenticate_runner!
Ci::Runner.find_by_token(params[:token]).destroy
end
desc 'Validates authentication credentials' do
http_codes [[200, 'Credentials are valid'], [403, 'Forbidden']]
end
params do
requires :token, type: String, desc: %q(Runner's authentication token)
end
post '/verify' do
authenticate_runner!
status 200
end
end
resource :jobs do

View file

@ -152,6 +152,34 @@ describe API::Runner do
end
end
end
describe 'POST /api/v4/runners/verify' do
let(:runner) { create(:ci_runner) }
context 'when no token is provided' do
it 'returns 400 error' do
post api('/runners/verify')
expect(response).to have_http_status :bad_request
end
end
context 'when invalid token is provided' do
it 'returns 403 error' do
post api('/runners/verify'), token: 'invalid-token'
expect(response).to have_http_status 403
end
end
context 'when valid token is provided' do
it 'deletes Runner' do
post api('/runners/verify'), token: runner.token
expect(response).to have_http_status 200
end
end
end
end
describe '/api/v4/jobs' do