Commit 5652da8b authored by Rémy Coutable's avatar Rémy Coutable

Allow unauthenticated access to Repositories Files API GET endpoints

Signed-off-by: default avatarRémy Coutable <remy@rymai.me>
parent d84cfeaf
--- ---
title: Allow public access to some Project API endpoints title: Allow unauthenticated access to some Project API GET endpoints
merge_request: 7843 merge_request: 7843
author: author:
---
title: Allow unauthenticated access to Repositories Files API GET endpoints
merge_request:
author:
--- ---
title: Allow Repositories API GET endpoints to be requested anonymously title: Allow unauthenticated access to Repositories API GET endpoints
merge_request: 8148 merge_request: 8148
author: author:
...@@ -6,7 +6,9 @@ ...@@ -6,7 +6,9 @@
## Get file from repository ## Get file from repository
Allows you to receive information about file in repository like name, size, content. Note that file content is Base64 encoded. Allows you to receive information about file in repository like name, size,
content. Note that file content is Base64 encoded. This endpoint can be accessed
without authentication if the repository is publicly accessible.
``` ```
GET /projects/:id/repository/files GET /projects/:id/repository/files
......
module API module API
# Projects API # Projects API
class Files < Grape::API class Files < Grape::API
before { authenticate! }
helpers do helpers do
def commit_params(attrs) def commit_params(attrs)
{ {
......
...@@ -24,19 +24,34 @@ describe API::Files, api: true do ...@@ -24,19 +24,34 @@ describe API::Files, api: true do
before { project.team << [user, :developer] } before { project.team << [user, :developer] }
describe "GET /projects/:id/repository/files" do describe "GET /projects/:id/repository/files" do
it "returns file info" do shared_examples_for 'repository files' do
params = { it "returns file info" do
file_path: file_path, params = {
ref: 'master', file_path: file_path,
} ref: 'master',
}
get api("/projects/#{project.id}/repository/files", user), params get api("/projects/#{project.id}/repository/files", current_user), params
expect(response).to have_http_status(200) expect(response).to have_http_status(200)
expect(json_response['file_path']).to eq(file_path) expect(json_response['file_path']).to eq(file_path)
expect(json_response['file_name']).to eq('popen.rb') expect(json_response['file_name']).to eq('popen.rb')
expect(json_response['last_commit_id']).to eq('570e7b2abdd848b95f2f578043fc23bd6f6fd24d') expect(json_response['last_commit_id']).to eq('570e7b2abdd848b95f2f578043fc23bd6f6fd24d')
expect(Base64.decode64(json_response['content']).lines.first).to eq("require 'fileutils'\n") expect(Base64.decode64(json_response['content']).lines.first).to eq("require 'fileutils'\n")
end
end
context 'when unauthenticated' do
it_behaves_like 'repository files' do
let(:project) { create(:project, :public) }
let(:current_user) { nil }
end
end
context 'when authenticated' do
it_behaves_like 'repository files' do
let(:current_user) { user }
end
end end
it "returns a 400 bad request if no params given" do it "returns a 400 bad request if no params given" do
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment