Merge branch 'unauthaccess-to-public-keys' into 'master'

Allow SSH keys API endpoint to be requested for a given username Closes #17569 See merge request gitlab-org/gitlab!22899

Merge branch 'unauthaccess-to-public-keys' into 'master'
Allow SSH keys API endpoint to be requested for a given username Closes #17569 See merge request gitlab-org/gitlab!22899
3099de5d · James Lopez · fd74d775 · 299ee71a · 3099de5d · 3099de5d
Commit 3099de5d authored Jan 20, 2020 by James Lopez
4 changed files
--- a/changelogs/unreleased/unauthaccess-to-public-keys.yml
+++ b/changelogs/unreleased/unauthaccess-to-public-keys.yml
+---
+title: Allow SSH keys API endpoint to be requested for a given username
+merge_request: 22899
+author: Rajendra Kadam
+type: changed
--- a/doc/api/users.md
+++ b/doc/api/users.md
@@ -677,12 +677,12 @@ Parameters:
 Get a list of a specified user's SSH keys.

 ```
-GET /users/:id/keys
+GET /users/:id_or_username/keys
 ```

-Parameters:
-
- `id` (required) - id of specified user
+| Attribute        | Type   | Required | Description |
+| ---------------- | ------ | -------- | ----------- |
+| `id_or_username` | string | yes      | The id or username of the user to get the SSH keys for. |

 ## Single SSH key


--- a/lib/api/users.rb
+++ b/lib/api/users.rb
@@ -252,17 +252,15 @@ module API
        success Entities::SSHKey
      end
      params do
-        requires :id, type: Integer, desc: 'The ID of the user'
+        requires :user_id, type: String, desc: 'The ID or username of the user'
        use :pagination
      end
-      # rubocop: disable CodeReuse/ActiveRecord
-      get ':id/keys' do
-        user = User.find_by(id: params[:id])
+      get ':user_id/keys', requirements: API::USER_REQUIREMENTS do
+        user = find_user(params[:user_id])
        not_found!('User') unless user && can?(current_user, :read_user, user)

        present paginate(user.keys), with: Entities::SSHKey
      end
-      # rubocop: enable CodeReuse/ActiveRecord

      desc 'Delete an existing SSH key from a specified user. Available only for admins.' do
        success Entities::SSHKey

--- a/spec/requests/api/users_spec.rb
+++ b/spec/requests/api/users_spec.rb
@@ -913,6 +913,27 @@ describe API::Users do
    end
  end

+  describe 'GET /user/:user_id/keys' do
+    it 'returns 404 for non-existing user' do
+      get api("/users/#{not_existing_user_id}/keys")
+
+      expect(response).to have_gitlab_http_status(404)
+      expect(json_response['message']).to eq('404 User Not Found')
+    end
+
+    it 'returns array of ssh keys' do
+      user.keys << key
+      user.save
+
+      get api("/users/#{user.username}/keys")
+
+      expect(response).to have_gitlab_http_status(200)
+      expect(response).to include_pagination_headers
+      expect(json_response).to be_an Array
+      expect(json_response.first['title']).to eq(key.title)
+    end
+  end
+
  describe 'DELETE /user/:id/keys/:key_id' do
    before do
      admin