Get a specific GPG key for a given user

Ability to access the public key for a user without authentication

Get a specific GPG key for a given user
Ability to access the public key for a user without authentication
1c46199b · Michelle Gill · 82f7405e · 1c46199b · 1c46199b · 1c46199b
Commit 1c46199b authored Sep 29, 2020 by Michelle Gill
4 changed files
--- a/changelogs/unreleased/mgill-user-gpg.yml
+++ b/changelogs/unreleased/mgill-user-gpg.yml
+---
+title: API support for a specific GPG Key for given user
+merge_request: 43693
+author:
+type: added
--- a/doc/api/users.md
+++ b/doc/api/users.md
@@ -980,7 +980,7 @@ Example response:

 ## Get a specific GPG key for a given user

-Get a specific GPG key for a given user. Available only for admins.
+Get a specific GPG key for a given user. This endpoint can be accessed without authentication.

 ```plaintext
 GET /users/:id/gpg_keys/:key_id

--- a/lib/api/users.rb
+++ b/lib/api/users.rb
@@ -367,6 +367,26 @@ module API
      end
      # rubocop: enable CodeReuse/ActiveRecord

+      desc 'Get a specific GPG key for a given user.' do
+        detail 'This feature was added in GitLab 13.5'
+        success Entities::GpgKey
+      end
+      params do
+        requires :id, type: Integer, desc: 'The ID of the user'
+        requires :key_id, type: Integer, desc: 'The ID of the GPG key'
+      end
+      # rubocop: disable CodeReuse/ActiveRecord
+      get ':id/gpg_keys/:key_id' do
+        user = User.find_by(id: params[:id])
+        not_found!('User') unless user
+
+        key = user.gpg_keys.find_by(id: params[:key_id])
+        not_found!('GPG Key') unless key
+
+        present key, with: Entities::GpgKey
+      end
+      # rubocop: enable CodeReuse/ActiveRecord
+
      desc 'Delete an existing GPG key from a specified user. Available only for admins.' do
        detail 'This feature was added in GitLab 10.0'
      end

--- a/spec/requests/api/users_spec.rb
+++ b/spec/requests/api/users_spec.rb
@@ -1496,6 +1496,31 @@ RSpec.describe API::Users, :do_not_mock_admin_mode do
    end
  end

+  describe 'GET /user/:id/gpg_keys/:key_id' do
+    it 'returns 404 for non-existing user' do
+      get api('/users/0/gpg_keys/1')
+
+      expect(response).to have_gitlab_http_status(:not_found)
+      expect(json_response['message']).to eq('404 User Not Found')
+    end
+
+    it 'returns 404 for non-existing key' do
+      get api("/users/#{user.id}/gpg_keys/0")
+
+      expect(response).to have_gitlab_http_status(:not_found)
+      expect(json_response['message']).to eq('404 GPG Key Not Found')
+    end
+
+    it 'returns a single GPG key' do
+      user.gpg_keys << gpg_key
+
+      get api("/users/#{user.id}/gpg_keys/#{gpg_key.id}")
+
+      expect(response).to have_gitlab_http_status(:ok)
+      expect(json_response['key']).to eq(gpg_key.key)
+    end
+  end
+
  describe 'DELETE /user/:id/gpg_keys/:key_id' do
    context 'when unauthenticated' do
      it 'returns authentication error' do