Commit 9ac2a517 authored by Rémy Coutable's avatar Rémy Coutable

Merge branch '34049-public-commits-should-not-require-authentication' into 'master'

Commits API: Listing commits for public repo doesn't require authentication

Closes #34049

See merge request !13287
parents 4b790c49 b982f6f9
---
title: Added tests for commits API unauthenticated user and public/private project
merge_request: 13287
author: Jacopo Beschi @jacopo-beschi
...@@ -16,11 +16,13 @@ describe API::Commits do ...@@ -16,11 +16,13 @@ describe API::Commits do
end end
describe 'GET /projects/:id/repository/commits' do describe 'GET /projects/:id/repository/commits' do
context 'authorized user' do let(:route) { "/projects/#{project_id}/repository/commits" }
shared_examples_for 'project commits' do
it "returns project commits" do it "returns project commits" do
commit = project.repository.commit commit = project.repository.commit
get api("/projects/#{project_id}/repository/commits", user) get api(route, current_user)
expect(response).to have_http_status(200) expect(response).to have_http_status(200)
expect(response).to match_response_schema('public_api/v4/commits') expect(response).to match_response_schema('public_api/v4/commits')
...@@ -32,7 +34,7 @@ describe API::Commits do ...@@ -32,7 +34,7 @@ describe API::Commits do
it 'include correct pagination headers' do it 'include correct pagination headers' do
commit_count = project.repository.count_commits(ref: 'master').to_s commit_count = project.repository.count_commits(ref: 'master').to_s
get api("/projects/#{project_id}/repository/commits", user) get api(route, current_user)
expect(response).to include_pagination_headers expect(response).to include_pagination_headers
expect(response.headers['X-Total']).to eq(commit_count) expect(response.headers['X-Total']).to eq(commit_count)
...@@ -40,14 +42,24 @@ describe API::Commits do ...@@ -40,14 +42,24 @@ describe API::Commits do
end end
end end
context "unauthorized user" do context 'when unauthenticated', 'and project is public' do
it "does not return project commits" do let(:project) { create(:project, :public, :repository) }
get api("/projects/#{project_id}/repository/commits")
it_behaves_like 'project commits'
end
expect(response).to have_http_status(404) context 'when unauthenticated', 'and project is private' do
it_behaves_like '404 response' do
let(:request) { get api(route) }
let(:message) { '404 Project Not Found' }
end end
end end
context 'when authenticated', 'as a master' do
let(:current_user) { user }
it_behaves_like 'project commits'
context "since optional parameter" do context "since optional parameter" do
it "returns project commits since provided parameter" do it "returns project commits since provided parameter" do
commits = project.repository.commits("master") commits = project.repository.commits("master")
...@@ -178,6 +190,7 @@ describe API::Commits do ...@@ -178,6 +190,7 @@ describe API::Commits do
end end
end end
end end
end
describe "POST /projects/:id/repository/commits" do describe "POST /projects/:id/repository/commits" do
let!(:url) { "/projects/#{project_id}/repository/commits" } let!(:url) { "/projects/#{project_id}/repository/commits" }
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment