Commit df45623b authored by Francisco Javier López's avatar Francisco Javier López Committed by Douwe Maan

Restoring user v3 endpoint

parent 504f3620
---
title: Restore API v3 user endpoint
merge_request:
author:
type: changed
...@@ -531,18 +531,22 @@ module API ...@@ -531,18 +531,22 @@ module API
authenticate! authenticate!
end end
desc 'Get the currently authenticated user' do # Enabling /user endpoint for the v3 version to allow oauth
success Entities::UserPublic # authentication through this endpoint.
end version %w(v3 v4), using: :path do
get do desc 'Get the currently authenticated user' do
entity = success Entities::UserPublic
if current_user.admin? end
Entities::UserWithAdmin get do
else entity =
Entities::UserPublic if current_user.admin?
end Entities::UserWithAdmin
else
Entities::UserPublic
end
present current_user, with: entity present current_user, with: entity
end
end end
desc "Get the currently authenticated user's SSH keys" do desc "Get the currently authenticated user's SSH keys" do
......
...@@ -1123,58 +1123,63 @@ describe API::Users do ...@@ -1123,58 +1123,63 @@ describe API::Users do
describe "GET /user" do describe "GET /user" do
let(:personal_access_token) { create(:personal_access_token, user: user).token } let(:personal_access_token) { create(:personal_access_token, user: user).token }
context 'with regular user' do shared_examples 'get user info' do |version|
context 'with personal access token' do context 'with regular user' do
it 'returns 403 without private token when sudo is defined' do context 'with personal access token' do
get api("/user?private_token=#{personal_access_token}&sudo=123") it 'returns 403 without private token when sudo is defined' do
get api("/user?private_token=#{personal_access_token}&sudo=123", version: version)
expect(response).to have_gitlab_http_status(403) expect(response).to have_gitlab_http_status(403)
end
end end
end
it 'returns current user without private token when sudo not defined' do it 'returns current user without private token when sudo not defined' do
get api("/user", user) get api("/user", user, version: version)
expect(response).to have_gitlab_http_status(200) expect(response).to have_gitlab_http_status(200)
expect(response).to match_response_schema('public_api/v4/user/public') expect(response).to match_response_schema('public_api/v4/user/public')
expect(json_response['id']).to eq(user.id) expect(json_response['id']).to eq(user.id)
end end
context "scopes" do context "scopes" do
let(:path) { "/user" } let(:path) { "/user" }
let(:api_call) { method(:api) } let(:api_call) { method(:api) }
include_examples 'allows the "read_user" scope' include_examples 'allows the "read_user" scope', version
end
end end
end
context 'with admin' do context 'with admin' do
let(:admin_personal_access_token) { create(:personal_access_token, user: admin).token } let(:admin_personal_access_token) { create(:personal_access_token, user: admin).token }
context 'with personal access token' do context 'with personal access token' do
it 'returns 403 without private token when sudo defined' do it 'returns 403 without private token when sudo defined' do
get api("/user?private_token=#{admin_personal_access_token}&sudo=#{user.id}") get api("/user?private_token=#{admin_personal_access_token}&sudo=#{user.id}", version: version)
expect(response).to have_gitlab_http_status(403) expect(response).to have_gitlab_http_status(403)
end end
it 'returns initial current user without private token but with is_admin when sudo not defined' do it 'returns initial current user without private token but with is_admin when sudo not defined' do
get api("/user?private_token=#{admin_personal_access_token}") get api("/user?private_token=#{admin_personal_access_token}", version: version)
expect(response).to have_gitlab_http_status(200) expect(response).to have_gitlab_http_status(200)
expect(response).to match_response_schema('public_api/v4/user/admin') expect(response).to match_response_schema('public_api/v4/user/admin')
expect(json_response['id']).to eq(admin.id) expect(json_response['id']).to eq(admin.id)
end
end end
end end
end
context 'with unauthenticated user' do context 'with unauthenticated user' do
it "returns 401 error if user is unauthenticated" do it "returns 401 error if user is unauthenticated" do
get api("/user") get api("/user", version: version)
expect(response).to have_gitlab_http_status(401) expect(response).to have_gitlab_http_status(401)
end
end end
end end
it_behaves_like 'get user info', 'v3'
it_behaves_like 'get user info', 'v4'
end end
describe "GET /user/keys" do describe "GET /user/keys" do
......
shared_examples_for 'allows the "read_user" scope' do shared_examples_for 'allows the "read_user" scope' do |api_version|
let(:version) { api_version || 'v4' }
context 'for personal access tokens' do context 'for personal access tokens' do
context 'when the requesting token has the "api" scope' do context 'when the requesting token has the "api" scope' do
let(:token) { create(:personal_access_token, scopes: ['api'], user: user) } let(:token) { create(:personal_access_token, scopes: ['api'], user: user) }
it 'returns a "200" response' do it 'returns a "200" response' do
get api_call.call(path, user, personal_access_token: token) get api_call.call(path, user, personal_access_token: token, version: version)
expect(response).to have_gitlab_http_status(200) expect(response).to have_gitlab_http_status(200)
end end
...@@ -14,7 +16,7 @@ shared_examples_for 'allows the "read_user" scope' do ...@@ -14,7 +16,7 @@ shared_examples_for 'allows the "read_user" scope' do
let(:token) { create(:personal_access_token, scopes: ['read_user'], user: user) } let(:token) { create(:personal_access_token, scopes: ['read_user'], user: user) }
it 'returns a "200" response' do it 'returns a "200" response' do
get api_call.call(path, user, personal_access_token: token) get api_call.call(path, user, personal_access_token: token, version: version)
expect(response).to have_gitlab_http_status(200) expect(response).to have_gitlab_http_status(200)
end end
...@@ -28,7 +30,7 @@ shared_examples_for 'allows the "read_user" scope' do ...@@ -28,7 +30,7 @@ shared_examples_for 'allows the "read_user" scope' do
end end
it 'returns a "403" response' do it 'returns a "403" response' do
get api_call.call(path, user, personal_access_token: token) get api_call.call(path, user, personal_access_token: token, version: version)
expect(response).to have_gitlab_http_status(403) expect(response).to have_gitlab_http_status(403)
end end
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment