Commit 9fcd903b authored by Douwe Maan's avatar Douwe Maan

Merge branch 'features/unauth-access-ssh-keys' into 'master'

List public ssh keys by id or username without authentication

See merge request gitlab-org/gitlab-ce!20118
parents 81641e59 7d55c135
---
title: Enable unauthenticated access to public SSH keys via the API
merge_request: 20118
author: Ronald Claveau
type: changed
......@@ -558,7 +558,7 @@ Parameters:
## List SSH keys for user
Get a list of a specified user's SSH keys. Available only for admin
Get a list of a specified user's SSH keys.
```
GET /users/:id/keys
......
......@@ -256,7 +256,7 @@ module API
end
# rubocop: enable CodeReuse/ActiveRecord
desc 'Get the SSH keys of a specified user. Available only for admins.' do
desc 'Get the SSH keys of a specified user.' do
success Entities::SSHKey
end
params do
......@@ -265,10 +265,8 @@ module API
end
# rubocop: disable CodeReuse/ActiveRecord
get ':id/keys' do
authenticated_as_admin!
user = User.find_by(id: params[:id])
not_found!('User') unless user
not_found!('User') unless user && can?(current_user, :read_user, user)
present paginate(user.keys), with: Entities::SSHKey
end
......
......@@ -785,20 +785,11 @@ describe API::Users do
end
describe 'GET /user/:id/keys' do
before do
admin
end
it 'returns 404 for non-existing user' do
user_id = not_existing_user_id
context 'when unauthenticated' do
it 'returns authentication error' do
get api("/users/#{user.id}/keys")
expect(response).to have_gitlab_http_status(401)
end
end
get api("/users/#{user_id}/keys")
context 'when authenticated' do
it 'returns 404 for non-existing user' do
get api('/users/999999/keys', admin)
expect(response).to have_gitlab_http_status(404)
expect(json_response['message']).to eq('404 User Not Found')
end
......@@ -807,7 +798,7 @@ describe API::Users do
user.keys << key
user.save
get api("/users/#{user.id}/keys", admin)
get api("/users/#{user.id}/keys")
expect(response).to have_gitlab_http_status(200)
expect(response).to include_pagination_headers
......@@ -815,7 +806,6 @@ describe API::Users do
expect(json_response.first['title']).to eq(key.title)
end
end
end
describe 'DELETE /user/:id/keys/:key_id' do
before do
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment