Grapify the users API

Signed-off-by: Rémy Coutable <remy@rymai.me>

Grapify the users API
Signed-off-by: Rémy Coutable <remy@rymai.me>
9b3f82d9 · Robert Schilling · Rémy Coutable · 3a65bed4 · 9b3f82d9 · 9b3f82d9
Commit 9b3f82d9 authored Oct 27, 2016 by Robert Schilling Committed by Rémy Coutable Nov 21, 2016
Expand all Hide whitespace changes
Inline Side-by-side

Showing with 322 additions and 308 deletions

doc/api/users.md doc/api/users.md +22 -22

lib/api/users.rb lib/api/users.rb +251 -259

spec/requests/api/users_spec.rb spec/requests/api/users_spec.rb +49 -27

No files found.
--- a/doc/api/users.md
+++ b/doc/api/users.md
@@ -371,24 +371,24 @@ Parameters:
 Get a list of a specified user's SSH keys. Available only for admin

 ```
-GET /users/:uid/keys
+GET /users/:id/keys
 ```

 Parameters:

- `uid` (required) - id of specified user
+- `id` (required) - id of specified user

 ## Single SSH key

 Get a single key.

 ```
-GET /user/keys/:id
+GET /user/keys/:key_id
 ```

 Parameters:

- `id` (required) - The ID of an SSH key
+- `key_id` (required) - The ID of an SSH key

 ```json
 {
@@ -460,25 +460,25 @@ This is an idempotent function and calling it on a key that is already deleted
 or not available results in `200 OK`.

 ```
-DELETE /user/keys/:id
+DELETE /user/keys/:key_id
 ```

 Parameters:

- `id` (required) - SSH key ID
+- `key_id` (required) - SSH key ID

 ## Delete SSH key for given user

 Deletes key owned by a specified user. Available only for admin.

 ```
-DELETE /users/:uid/keys/:id
+DELETE /users/:id/keys/:key_id
 ```

 Parameters:

- `uid` (required) - id of specified user
- `id` (required)  - SSH key ID
+- `id` (required) - id of specified user
+- `key_id` (required)  - SSH key ID

 Will return `200 OK` on success, or `404 Not found` if either user or key cannot be found.

@@ -512,24 +512,24 @@ Parameters:
 Get a list of a specified user's emails. Available only for admin

 ```
-GET /users/:uid/emails
+GET /users/:id/emails
 ```

 Parameters:

- `uid` (required) - id of specified user
+- `id` (required) - id of specified user

 ## Single email

 Get a single email.

 ```
-GET /user/emails/:id
+GET /user/emails/:email_id
 ```

 Parameters:

- `id` (required) - email ID
+- `email_id` (required) - email ID

 ```json
 {
@@ -592,25 +592,25 @@ This is an idempotent function and calling it on a email that is already deleted
 or not available results in `200 OK`.

 ```
-DELETE /user/emails/:id
+DELETE /user/emails/:email_id
 ```

 Parameters:

- `id` (required) - email ID
+- `email_id` (required) - email ID

 ## Delete email for given user

 Deletes email owned by a specified user. Available only for admin.

 ```
-DELETE /users/:uid/emails/:id
+DELETE /users/:id/emails/:email_id
 ```

 Parameters:

- `uid` (required) - id of specified user
- `id` (required)  - email ID
+- `id` (required) - id of specified user
+- `email_id` (required)  - email ID

 Will return `200 OK` on success, or `404 Not found` if either user or email cannot be found.

@@ -619,12 +619,12 @@ Will return `200 OK` on success, or `404 Not found` if either user or email cann
 Blocks the specified user.  Available only for admin.

 ```
-PUT /users/:uid/block
+PUT /users/:id/block
 ```

 Parameters:

- `uid` (required) - id of specified user
+- `id` (required) - id of specified user

 Will return `200 OK` on success, `404 User Not Found` is user cannot be found or
 `403 Forbidden` when trying to block an already blocked user by LDAP synchronization.
@@ -634,12 +634,12 @@ Will return `200 OK` on success, `404 User Not Found` is user cannot be found or
 Unblocks the specified user.  Available only for admin.

 ```
-PUT /users/:uid/unblock
+PUT /users/:id/unblock
 ```

 Parameters:

- `uid` (required) - id of specified user
+- `id` (required) - id of specified user

 Will return `200 OK` on success, `404 User Not Found` is user cannot be found or
 `403 Forbidden` when trying to unblock a user blocked by LDAP synchronization.

--- a/lib/api/users.rb
+++ b/lib/api/users.rb
--- a/spec/requests/api/users_spec.rb
+++ b/spec/requests/api/users_spec.rb
@@ -120,7 +120,7 @@ describe API::API, api: true  do
    it "returns a 404 error if user id not found" do
      get api("/users/9999", user)
      expect(response).to have_http_status(404)
-      expect(json_response['message']).to eq('404 Not found')
+      expect(json_response['message']).to eq('404 User Not Found')
    end

    it "returns a 404 for invalid ID" do
@@ -371,7 +371,7 @@ describe API::API, api: true  do
    it "returns 404 for non-existing user" do
      put api("/users/999999", admin), { bio: 'update should fail' }
      expect(response).to have_http_status(404)
-      expect(json_response['message']).to eq('404 Not found')
+      expect(json_response['message']).to eq('404 User Not Found')
    end

    it "returns a 404 if invalid ID" do
@@ -399,6 +399,18 @@ describe API::API, api: true  do
        to eq([Gitlab::Regex.namespace_regex_message])
    end

+    it 'returns 400 if provider is missing for identity update' do
+      put api("/users/#{omniauth_user.id}", admin), extern_uid: '654321'
+
+      expect(response).to have_http_status(400)
+    end
+
+    it 'returns 400 if external UID is missing for identity update' do
+      put api("/users/#{omniauth_user.id}", admin), provider: 'ldap'
+
+      expect(response).to have_http_status(400)
+    end
+
    context "with existing user" do
      before do
        post api("/users", admin), { email: 'test@example.com', password: 'password', username: 'test', name: 'test' }
@@ -426,14 +438,16 @@ describe API::API, api: true  do

    it "does not create invalid ssh key" do
      post api("/users/#{user.id}/keys", admin), { title: "invalid key" }
+
      expect(response).to have_http_status(400)
-      expect(json_response['message']).to eq('400 (Bad request) "key" not given')
+      expect(json_response['error']).to eq('key is missing')
    end

    it 'does not create key without title' do
      post api("/users/#{user.id}/keys", admin), key: 'some key'
+
      expect(response).to have_http_status(400)
-      expect(json_response['message']).to eq('400 (Bad request) "title" not given')
+      expect(json_response['error']).to eq('title is missing')
    end

    it "creates ssh key" do
@@ -449,7 +463,7 @@ describe API::API, api: true  do
    end
  end

-  describe 'GET /user/:uid/keys' do
+  describe 'GET /user/:id/keys' do
    before { admin }

    context 'when unauthenticated' do
@@ -477,7 +491,7 @@ describe API::API, api: true  do
    end
  end

-  describe 'DELETE /user/:uid/keys/:id' do
+  describe 'DELETE /user/:id/keys/:key_id' do
    before { admin }

    context 'when unauthenticated' do
@@ -518,8 +532,9 @@ describe API::API, api: true  do

    it "does not create invalid email" do
      post api("/users/#{user.id}/emails", admin), {}
+
      expect(response).to have_http_status(400)
-      expect(json_response['message']).to eq('400 (Bad request) "email" not given')
+      expect(json_response['error']).to eq('email is missing')
    end

    it "creates email" do
@@ -536,7 +551,7 @@ describe API::API, api: true  do
    end
  end

-  describe 'GET /user/:uid/emails' do
+  describe 'GET /user/:id/emails' do
    before { admin }

    context 'when unauthenticated' do
@@ -570,7 +585,7 @@ describe API::API, api: true  do
    end
  end

-  describe 'DELETE /user/:uid/emails/:id' do
+  describe 'DELETE /user/:id/emails/:email_id' do
    before { admin }

    context 'when unauthenticated' do
@@ -685,7 +700,7 @@ describe API::API, api: true  do
    end
  end

-  describe "GET /user/keys/:id" do
+  describe "GET /user/keys/:key_id" do
    it "returns single key" do
      user.keys << key
      user.save
@@ -698,7 +713,7 @@ describe API::API, api: true  do
      get api("/user/keys/42", user)

      expect(response).to have_http_status(404)
-      expect(json_response['message']).to eq('404 Not found')
+      expect(json_response['message']).to eq('404 Key Not Found')
    end

    it "returns 404 error if admin accesses user's ssh key" do
@@ -707,7 +722,7 @@ describe API::API, api: true  do
      admin
      get api("/user/keys/#{key.id}", admin)
      expect(response).to have_http_status(404)
-      expect(json_response['message']).to eq('404 Not found')
+      expect(json_response['message']).to eq('404 Key Not Found')
    end

    it "returns 404 for invalid ID" do
@@ -733,14 +748,16 @@ describe API::API, api: true  do

    it "does not create ssh key without key" do
      post api("/user/keys", user), title: 'title'
+
      expect(response).to have_http_status(400)
-      expect(json_response['message']).to eq('400 (Bad request) "key" not given')
+      expect(json_response['error']).to eq('key is missing')
    end

    it 'does not create ssh key without title' do
      post api('/user/keys', user), key: 'some key'
+
      expect(response).to have_http_status(400)
-      expect(json_response['message']).to eq('400 (Bad request) "title" not given')
+      expect(json_response['error']).to eq('title is missing')
    end

    it "does not create ssh key without title" do
@@ -749,7 +766,7 @@ describe API::API, api: true  do
    end
  end

-  describe "DELETE /user/keys/:id" do
+  describe "DELETE /user/keys/:key_id" do
    it "deletes existed key" do
      user.keys << key
      user.save
@@ -759,9 +776,11 @@ describe API::API, api: true  do
      expect(response).to have_http_status(200)
    end

-    it "returns success if key ID not found" do
+    it "returns 404 if key ID not found" do
      delete api("/user/keys/42", user)
-      expect(response).to have_http_status(200)
+
+      expect(response).to have_http_status(404)
+      expect(json_response['message']).to eq('404 Key Not Found')
    end

    it "returns 401 error if unauthorized" do
@@ -798,7 +817,7 @@ describe API::API, api: true  do
    end
  end

-  describe "GET /user/emails/:id" do
+  describe "GET /user/emails/:email_id" do
    it "returns single email" do
      user.emails << email
      user.save
@@ -810,7 +829,7 @@ describe API::API, api: true  do
    it "returns 404 Not Found within invalid ID" do
      get api("/user/emails/42", user)
      expect(response).to have_http_status(404)
-      expect(json_response['message']).to eq('404 Not found')
+      expect(json_response['message']).to eq('404 Email Not Found')
    end

    it "returns 404 error if admin accesses user's email" do
@@ -819,7 +838,7 @@ describe API::API, api: true  do
      admin
      get api("/user/emails/#{email.id}", admin)
      expect(response).to have_http_status(404)
-      expect(json_response['message']).to eq('404 Not found')
+      expect(json_response['message']).to eq('404 Email Not Found')
    end

    it "returns 404 for invalid ID" do
@@ -845,12 +864,13 @@ describe API::API, api: true  do

    it "does not create email with invalid email" do
      post api("/user/emails", user), {}
+
      expect(response).to have_http_status(400)
-      expect(json_response['message']).to eq('400 (Bad request) "email" not given')
+      expect(json_response['error']).to eq('email is missing')
    end
  end

-  describe "DELETE /user/emails/:id" do
+  describe "DELETE /user/emails/:email_id" do
    it "deletes existed email" do
      user.emails << email
      user.save
@@ -860,9 +880,11 @@ describe API::API, api: true  do
      expect(response).to have_http_status(200)
    end

-    it "returns success if email ID not found" do
+    it "returns 404 if email ID not found" do
      delete api("/user/emails/42", user)
-      expect(response).to have_http_status(200)
+
+      expect(response).to have_http_status(404)
+      expect(json_response['message']).to eq('404 Email Not Found')
    end

    it "returns 401 error if unauthorized" do
@@ -872,10 +894,10 @@ describe API::API, api: true  do
      expect(response).to have_http_status(401)
    end

-    it "returns a 404 for invalid ID" do
-      delete api("/users/emails/ASDF", admin)
+    it "returns 400 for invalid ID" do
+      delete api("/user/emails/ASDF", admin)

-      expect(response).to have_http_status(404)
+      expect(response).to have_http_status(400)
    end
  end