Merge branch 'fj-restore-users-v3-endpoint' into 'master'

Restoring user v3 endpoint Closes #47565 See merge request gitlab-org/gitlab-ce!19661

Merge branch 'fj-restore-users-v3-endpoint' into 'master'
Restoring user v3 endpoint Closes #47565 See merge request gitlab-org/gitlab-ce!19661
decfe70b · Douwe Maan · 504f3620 · df45623b · decfe70b · decfe70b
Commit decfe70b authored Jun 13, 2018 by Douwe Maan
4 changed files
--- a/changelogs/unreleased/fj-restore-users-v3-endpoint.yml
+++ b/changelogs/unreleased/fj-restore-users-v3-endpoint.yml
+---
+title: Restore API v3 user endpoint
+merge_request:
+author:
+type: changed
--- a/lib/api/users.rb
+++ b/lib/api/users.rb
@@ -531,6 +531,9 @@ module API
        authenticate!
      end
+      # Enabling /user endpoint for the v3 version to allow oauth
+      # authentication through this endpoint.
+      version %w(v3 v4), using: :path do
        desc 'Get the currently authenticated user' do
          success Entities::UserPublic
        end
@@ -544,6 +547,7 @@ module API
          present current_user, with: entity
        end
+      end
      desc "Get the currently authenticated user's SSH keys" do
        success Entities::SSHKey

--- a/spec/requests/api/users_spec.rb
+++ b/spec/requests/api/users_spec.rb
@@ -1123,17 +1123,18 @@ describe API::Users do
  describe "GET /user" do
    let(:personal_access_token) { create(:personal_access_token, user: user).token }
+    shared_examples 'get user info' do |version|
      context 'with regular user' do
        context 'with personal access token' do
          it 'returns 403 without private token when sudo is defined' do
-          get api("/user?private_token=#{personal_access_token}&sudo=123")
+            get api("/user?private_token=#{personal_access_token}&sudo=123", version: version)
            expect(response).to have_gitlab_http_status(403)
          end
        end
        it 'returns current user without private token when sudo not defined' do
-        get api("/user", user)
+          get api("/user", user, version: version)
          expect(response).to have_gitlab_http_status(200)
          expect(response).to match_response_schema('public_api/v4/user/public')
@@ -1144,7 +1145,7 @@ describe API::Users do
          let(:path) { "/user" }
          let(:api_call) { method(:api) }
-        include_examples 'allows the "read_user" scope'
+          include_examples 'allows the "read_user" scope', version
        end
      end
@@ -1153,13 +1154,13 @@ describe API::Users do
        context 'with personal access token' do
          it 'returns 403 without private token when sudo defined' do
-          get api("/user?private_token=#{admin_personal_access_token}&sudo=#{user.id}")
+            get api("/user?private_token=#{admin_personal_access_token}&sudo=#{user.id}", version: version)
            expect(response).to have_gitlab_http_status(403)
          end
          it 'returns initial current user without private token but with is_admin when sudo not defined' do
-          get api("/user?private_token=#{admin_personal_access_token}")
+            get api("/user?private_token=#{admin_personal_access_token}", version: version)
            expect(response).to have_gitlab_http_status(200)
            expect(response).to match_response_schema('public_api/v4/user/admin')
@@ -1170,13 +1171,17 @@ describe API::Users do
      context 'with unauthenticated user' do
        it "returns 401 error if user is unauthenticated" do
-        get api("/user")
+          get api("/user", version: version)
          expect(response).to have_gitlab_http_status(401)
        end
      end
    end
+    it_behaves_like 'get user info', 'v3'
+    it_behaves_like 'get user info', 'v4'
+  end
  describe "GET /user/keys" do
    context "when unauthenticated" do
      it "returns authentication error" do

--- a/spec/support/api/scopes/read_user_shared_examples.rb
+++ b/spec/support/api/scopes/read_user_shared_examples.rb
-shared_examples_for 'allows the "read_user" scope' do
+shared_examples_for 'allows the "read_user" scope' do |api_version|
+  let(:version) { api_version || 'v4' }
  context 'for personal access tokens' do
    context 'when the requesting token has the "api" scope' do
      let(:token) { create(:personal_access_token, scopes: ['api'], user: user) }
      it 'returns a "200" response' do
-        get api_call.call(path, user, personal_access_token: token)
+        get api_call.call(path, user, personal_access_token: token, version: version)
        expect(response).to have_gitlab_http_status(200)
      end
@@ -14,7 +16,7 @@ shared_examples_for 'allows the "read_user" scope' do
      let(:token) { create(:personal_access_token, scopes: ['read_user'], user: user) }
      it 'returns a "200" response' do
-        get api_call.call(path, user, personal_access_token: token)
+        get api_call.call(path, user, personal_access_token: token, version: version)
        expect(response).to have_gitlab_http_status(200)
      end
@@ -28,7 +30,7 @@ shared_examples_for 'allows the "read_user" scope' do
      end
      it 'returns a "403" response' do
-        get api_call.call(path, user, personal_access_token: token)
+        get api_call.call(path, user, personal_access_token: token, version: version)
        expect(response).to have_gitlab_http_status(403)
      end