kotovalexarian-likes-gitlab/gitlab-org--gitlab-foss
1
0
Fork 0
Code Releases Activity

Restoring user v3 endpoint

Browse source
This commit is contained in:
Francisco Javier López 2018-06-13 08:25:01 +00:00 committed by Douwe Maan
parent 504f362033
commit df45623b34
4 changed files with 74 additions and 58 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

5
changelogs/unreleased/fj-restore-users-v3-endpoint.yml Normal file
View file

@ -0,0 +1,5 @@
---
title: Restore API v3 user endpoint
merge_request:
author:
type: changed

26
lib/api/users.rb
View file

@ -531,18 +531,22 @@ module API
authenticate!
end
desc 'Get the currently authenticated user' do
success Entities::UserPublic
end
get do
entity =
if current_user.admin?
Entities::UserWithAdmin
else
Entities::UserPublic
end
# Enabling /user endpoint for the v3 version to allow oauth
# authentication through this endpoint.
version %w(v3 v4), using: :path do
desc 'Get the currently authenticated user' do
success Entities::UserPublic
end
get do
entity =
if current_user.admin?
Entities::UserWithAdmin
else
Entities::UserPublic
end
present current_user, with: entity
present current_user, with: entity
end
end
desc "Get the currently authenticated user's SSH keys" do

91
spec/requests/api/users_spec.rb
View file

@ -1123,58 +1123,63 @@ describe API::Users do
describe "GET /user" do
let(:personal_access_token) { create(:personal_access_token, user: user).token }
context 'with regular user' do
context 'with personal access token' do
it 'returns 403 without private token when sudo is defined' do
get api("/user?private_token=#{personal_access_token}&sudo=123")
shared_examples 'get user info' do |version|
context 'with regular user' do
context 'with personal access token' do
it 'returns 403 without private token when sudo is defined' do
get api("/user?private_token=#{personal_access_token}&sudo=123", version: version)
expect(response).to have_gitlab_http_status(403)
end
end
it 'returns current user without private token when sudo not defined' do
get api("/user", user)
expect(response).to have_gitlab_http_status(200)
expect(response).to match_response_schema('public_api/v4/user/public')
expect(json_response['id']).to eq(user.id)
end
context "scopes" do
let(:path) { "/user" }
let(:api_call) { method(:api) }
include_examples 'allows the "read_user" scope'
end
end
context 'with admin' do
let(:admin_personal_access_token) { create(:personal_access_token, user: admin).token }
context 'with personal access token' do
it 'returns 403 without private token when sudo defined' do
get api("/user?private_token=#{admin_personal_access_token}&sudo=#{user.id}")
expect(response).to have_gitlab_http_status(403)
expect(response).to have_gitlab_http_status(403)
end
end
it 'returns initial current user without private token but with is_admin when sudo not defined' do
get api("/user?private_token=#{admin_personal_access_token}")
it 'returns current user without private token when sudo not defined' do
get api("/user", user, version: version)
expect(response).to have_gitlab_http_status(200)
expect(response).to match_response_schema('public_api/v4/user/admin')
expect(json_response['id']).to eq(admin.id)
expect(response).to match_response_schema('public_api/v4/user/public')
expect(json_response['id']).to eq(user.id)
end
context "scopes" do
let(:path) { "/user" }
let(:api_call) { method(:api) }
include_examples 'allows the "read_user" scope', version
end
end
context 'with admin' do
let(:admin_personal_access_token) { create(:personal_access_token, user: admin).token }
context 'with personal access token' do
it 'returns 403 without private token when sudo defined' do
get api("/user?private_token=#{admin_personal_access_token}&sudo=#{user.id}", version: version)
expect(response).to have_gitlab_http_status(403)
end
it 'returns initial current user without private token but with is_admin when sudo not defined' do
get api("/user?private_token=#{admin_personal_access_token}", version: version)
expect(response).to have_gitlab_http_status(200)
expect(response).to match_response_schema('public_api/v4/user/admin')
expect(json_response['id']).to eq(admin.id)
end
end
end
context 'with unauthenticated user' do
it "returns 401 error if user is unauthenticated" do
get api("/user", version: version)
expect(response).to have_gitlab_http_status(401)
end
end
end
context 'with unauthenticated user' do
it "returns 401 error if user is unauthenticated" do
get api("/user")
expect(response).to have_gitlab_http_status(401)
end
end
it_behaves_like 'get user info', 'v3'
it_behaves_like 'get user info', 'v4'
end
describe "GET /user/keys" do

10
spec/support/api/scopes/read_user_shared_examples.rb
View file

@ -1,10 +1,12 @@
shared_examples_for 'allows the "read_user" scope' do
shared_examples_for 'allows the "read_user" scope' do |api_version|
let(:version) { api_version || 'v4' }
context 'for personal access tokens' do
context 'when the requesting token has the "api" scope' do
let(:token) { create(:personal_access_token, scopes: ['api'], user: user) }
it 'returns a "200" response' do
get api_call.call(path, user, personal_access_token: token)
get api_call.call(path, user, personal_access_token: token, version: version)
expect(response).to have_gitlab_http_status(200)
end
@ -14,7 +16,7 @@ shared_examples_for 'allows the "read_user" scope' do
let(:token) { create(:personal_access_token, scopes: ['read_user'], user: user) }
it 'returns a "200" response' do
get api_call.call(path, user, personal_access_token: token)
get api_call.call(path, user, personal_access_token: token, version: version)
expect(response).to have_gitlab_http_status(200)
end
@ -28,7 +30,7 @@ shared_examples_for 'allows the "read_user" scope' do
end
it 'returns a "403" response' do
get api_call.call(path, user, personal_access_token: token)
get api_call.call(path, user, personal_access_token: token, version: version)
expect(response).to have_gitlab_http_status(403)
end