Commit 9fcd903b authored by Douwe Maan's avatar Douwe Maan

Merge branch 'features/unauth-access-ssh-keys' into 'master'

List public ssh keys by id or username without authentication

See merge request gitlab-org/gitlab-ce!20118
parents 81641e59 7d55c135
---
title: Enable unauthenticated access to public SSH keys via the API
merge_request: 20118
author: Ronald Claveau
type: changed
...@@ -558,7 +558,7 @@ Parameters: ...@@ -558,7 +558,7 @@ Parameters:
## List SSH keys for user ## List SSH keys for user
Get a list of a specified user's SSH keys. Available only for admin Get a list of a specified user's SSH keys.
``` ```
GET /users/:id/keys GET /users/:id/keys
......
...@@ -256,7 +256,7 @@ module API ...@@ -256,7 +256,7 @@ module API
end end
# rubocop: enable CodeReuse/ActiveRecord # rubocop: enable CodeReuse/ActiveRecord
desc 'Get the SSH keys of a specified user. Available only for admins.' do desc 'Get the SSH keys of a specified user.' do
success Entities::SSHKey success Entities::SSHKey
end end
params do params do
...@@ -265,10 +265,8 @@ module API ...@@ -265,10 +265,8 @@ module API
end end
# rubocop: disable CodeReuse/ActiveRecord # rubocop: disable CodeReuse/ActiveRecord
get ':id/keys' do get ':id/keys' do
authenticated_as_admin!
user = User.find_by(id: params[:id]) user = User.find_by(id: params[:id])
not_found!('User') unless user not_found!('User') unless user && can?(current_user, :read_user, user)
present paginate(user.keys), with: Entities::SSHKey present paginate(user.keys), with: Entities::SSHKey
end end
......
...@@ -785,35 +785,25 @@ describe API::Users do ...@@ -785,35 +785,25 @@ describe API::Users do
end end
describe 'GET /user/:id/keys' do describe 'GET /user/:id/keys' do
before do it 'returns 404 for non-existing user' do
admin user_id = not_existing_user_id
end
context 'when unauthenticated' do get api("/users/#{user_id}/keys")
it 'returns authentication error' do
get api("/users/#{user.id}/keys")
expect(response).to have_gitlab_http_status(401)
end
end
context 'when authenticated' do expect(response).to have_gitlab_http_status(404)
it 'returns 404 for non-existing user' do expect(json_response['message']).to eq('404 User Not Found')
get api('/users/999999/keys', admin) end
expect(response).to have_gitlab_http_status(404)
expect(json_response['message']).to eq('404 User Not Found')
end
it 'returns array of ssh keys' do it 'returns array of ssh keys' do
user.keys << key user.keys << key
user.save user.save
get api("/users/#{user.id}/keys", admin) get api("/users/#{user.id}/keys")
expect(response).to have_gitlab_http_status(200) expect(response).to have_gitlab_http_status(200)
expect(response).to include_pagination_headers expect(response).to include_pagination_headers
expect(json_response).to be_an Array expect(json_response).to be_an Array
expect(json_response.first['title']).to eq(key.title) expect(json_response.first['title']).to eq(key.title)
end
end end
end end
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment