Make runner's veryfication working again

In APIv1 we were using UpdateJob to verify if the runner exists. It was the only method that was using Runner's token and used in special way had no side effects (like scheduling a new job or unregisterring a Runner). In APIv4 we've change UpdateJob to use job's token as authentication credentials, and that way we've removed the only endpoint that could be used to verify if the Runner with a certain token exists in target GitLab installation. This commit adds `POST /api/v4/runners/verify` endpoint whose only responsibility is to respond if Runner with posted credentials exists or not.
2017-03-15 00:27:10 +01:00 · 2017-03-15 00:27:10 +01:00 · bbf4d27a5c
parent 691402fb2b
commit bbf4d27a5c
2 changed files with 39 additions and 0 deletions
--- a/lib/api/runner.rb
+++ b/lib/api/runner.rb
@ -47,6 +47,17 @@ module API
        authenticate_runner!
        Ci::Runner.find_by_token(params[:token]).destroy
      end
+
+      desc 'Validates authentication credentials' do
+        http_codes [[200, 'Credentials are valid'], [403, 'Forbidden']]
+      end
+      params do
+        requires :token, type: String, desc: %q(Runner's authentication token)
+      end
+      post '/verify' do
+        authenticate_runner!
+        status 200
+      end
    end

    resource :jobs do
--- a/spec/requests/api/runner_spec.rb
+++ b/spec/requests/api/runner_spec.rb
@ -152,6 +152,34 @@ describe API::Runner do
        end
      end
    end
+
+    describe 'POST /api/v4/runners/verify' do
+      let(:runner) { create(:ci_runner) }
+
+      context 'when no token is provided' do
+        it 'returns 400 error' do
+          post api('/runners/verify')
+
+          expect(response).to have_http_status :bad_request
+        end
+      end
+
+      context 'when invalid token is provided' do
+        it 'returns 403 error' do
+          post api('/runners/verify'), token: 'invalid-token'
+
+          expect(response).to have_http_status 403
+        end
+      end
+
+      context 'when valid token is provided' do
+        it 'deletes Runner' do
+          post api('/runners/verify'), token: runner.token
+
+          expect(response).to have_http_status 200
+        end
+      end
+    end
  end

  describe '/api/v4/jobs' do