Commit 1b97a2ee authored by Sebastian Ziebell's avatar Sebastian Ziebell

API: fixes return codes, documentation updated with status codes, tests added

The users API updated with return codes, e.g. if required parameters are missing
a `400 Bad Request` error is returned instead of `404`. Fixes return codes of functions,
e.g. deletion of a ssh key is an idempotent function now.
The API documentation is updated to reflect the current status of the API. Descriptions
are more detailed and complete, infos to return values are added to all functions.
parent da040fc1
...@@ -88,36 +88,47 @@ Return values: ...@@ -88,36 +88,47 @@ Return values:
## User creation ## User creation
Create user. Available only for admin
Creates a new user. Note only administrators can create new users.
``` ```
POST /users POST /users
``` ```
Parameters: Parameters:
+ `email` (required) - Email + `email` (required) - Email
+ `password` (required) - Password + `password` (required) - Password
+ `username` (required) - Username + `username` (required) - Username
+ `name` (required) - Name + `name` (required) - Name
+ `skype` - Skype ID + `skype` (optional) - Skype ID
+ `linkedin` - Linkedin + `linkedin` (optional) - Linkedin
+ `twitter` - Twitter account + `twitter` (optional) - Twitter account
+ `projects_limit` - Number of projects user can create + `projects_limit` (optional) - Number of projects user can create
+ `extern_uid` - External UID + `extern_uid` (optional) - External UID
+ `provider` - External provider name + `provider` (optional) - External provider name
+ `bio` - User's bio + `bio` (optional) - User's bio
Return values:
+ `201 Created` on success and returns the new user
+ `400 Bad Request` if one of the required attributes is missing from the request
+ `401 Unauthorized` if the user is not authorized
+ `403 Forbidden` if the user is not allowed to create a new user (must be admin)
+ `404 Not Found` if something else fails
+ `409 Conflict` if a user with the same email address or username already exists
Will return created user with status `201 Created` on success, or `404 Not
found` on fail.
## User modification ## User modification
Modify user. Available only for admin
Modifies an existing user. Only administrators can change attributes of a user.
``` ```
PUT /users/:id PUT /users/:id
``` ```
Parameters: Parameters:
+ `email` - Email + `email` - Email
+ `username` - Username + `username` - Username
+ `name` - Name + `name` - Name
...@@ -130,23 +141,42 @@ Parameters: ...@@ -130,23 +141,42 @@ Parameters:
+ `provider` - External provider name + `provider` - External provider name
+ `bio` - User's bio + `bio` - User's bio
Return values:
+ `200 Ok` on success and returns the new user
+ `401 Unauthorized` if the user is not authorized
+ `403 Forbidden` if the user is not allowed to create a new user (must be admin)
+ `404 Not Found` if something else fails
Note, at the moment this method does only return a 404 error, even in cases where a 409 (Conflict) would
be more appropriate, e.g. when renaming the email address to some exsisting one.
Will return created user with status `200 OK` on success, or `404 Not
found` on fail.
## User deletion ## User deletion
Delete user. Available only for admin
Deletes a user. Available only for administrators. This is an idempotent function, calling this function
for a non-existent user id still returns a status code `200 Ok`. The JSON response differs if the user
was actually deleted or not. In the former the user is returned and in the latter not.
``` ```
DELETE /users/:id DELETE /users/:id
``` ```
Will return deleted user with status `200 OK` on success, or `404 Not Parameters:
found` on fail.
+ `id` (required) - The ID of the user
Return values:
+ `200 Ok` on success and returns the deleted user
+ `401 Unauthorized` if the user is not authorized
+ `403 Forbidden` if the user is not allowed to create a new user (must be admin)
+ `404 Not Found` if user with ID not found or something else fails
## Current user ## Current user
Get currently authenticated user. Gets currently authenticated user.
``` ```
GET /user GET /user
...@@ -169,6 +199,13 @@ GET /user ...@@ -169,6 +199,13 @@ GET /user
} }
``` ```
Return values:
+ `200 Ok` on success and returns the current user
+ `401 Unauthorized` if the user is not authorized
+ `404 Not Found` if something else fails
## List SSH keys ## List SSH keys
Get a list of currently authenticated user's SSH keys. Get a list of currently authenticated user's SSH keys.
...@@ -196,6 +233,17 @@ GET /user/keys ...@@ -196,6 +233,17 @@ GET /user/keys
] ]
``` ```
Parameters:
+ **none**
Return values:
+ `200 Ok` on success and a list of ssh keys
+ `401 Unauthorized` if the user is not authenticated
+ `404 Not Found` if something else fails
## Single SSH key ## Single SSH key
Get a single key. Get a single key.
...@@ -217,9 +265,17 @@ Parameters: ...@@ -217,9 +265,17 @@ Parameters:
soW6NUlfDzpvZK2H5E7eQaSeP3SAwGmQKUFHCddNaP0L+hM7zhFNzjFvpaMgJw0=" soW6NUlfDzpvZK2H5E7eQaSeP3SAwGmQKUFHCddNaP0L+hM7zhFNzjFvpaMgJw0="
} }
``` ```
Return values:
+ `200 Ok` on success and the ssh key with ID
+ `401 Unauthorized` if it is not allowed to access the user
+ `404 Not Found` if the ssh key with ID not found
## Add SSH key ## Add SSH key
Create new key owned by currently authenticated user Creates a new key owned by the currently authenticated user.
``` ```
POST /user/keys POST /user/keys
...@@ -230,12 +286,18 @@ Parameters: ...@@ -230,12 +286,18 @@ Parameters:
+ `title` (required) - new SSH Key's title + `title` (required) - new SSH Key's title
+ `key` (required) - new SSH key + `key` (required) - new SSH key
Will return created key with status `201 Created` on success, or `404 Not Return values:
found` on fail.
+ `201 Created` on success and the added key
+ `400 Bad Request` if one of the required attributes is not given
+ `401 Unauthorized` if user is not authorized to add ssh key
+ `404 Not Found` if something else fails
## Delete SSH key ## Delete SSH key
Delete key owned by currently authenticated user Deletes key owned by currently authenticated user. This is an idempotent function and calling it on a key that is already
deleted or not available results in `200 Ok`.
``` ```
DELETE /user/keys/:id DELETE /user/keys/:id
...@@ -245,4 +307,8 @@ Parameters: ...@@ -245,4 +307,8 @@ Parameters:
+ `id` (required) - SSH key ID + `id` (required) - SSH key ID
Will return `200 OK` on success, or `404 Not Found` on fail. Return values:
+ `200 Ok` on success
+ `401 Unauthorized` if user is not allowed to delete they key
+ `404 Not Found` if something else fails
...@@ -41,6 +41,12 @@ module Gitlab ...@@ -41,6 +41,12 @@ module Gitlab
# POST /users # POST /users
post do post do
authenticated_as_admin! authenticated_as_admin!
bad_request!(:email) if !params.has_key? :email
bad_request!(:password) if !params.has_key? :password
bad_request!(:name) if !params.has_key? :name
bad_request!(:username) if !params.has_key? :username
attrs = attributes_for_keys [:email, :name, :password, :skype, :linkedin, :twitter, :projects_limit, :username, :extern_uid, :provider, :bio] attrs = attributes_for_keys [:email, :name, :password, :skype, :linkedin, :twitter, :projects_limit, :username, :extern_uid, :provider, :bio]
user = User.new attrs, as: :admin user = User.new attrs, as: :admin
if user.save if user.save
...@@ -67,10 +73,12 @@ module Gitlab ...@@ -67,10 +73,12 @@ module Gitlab
# PUT /users/:id # PUT /users/:id
put ":id" do put ":id" do
authenticated_as_admin! authenticated_as_admin!
attrs = attributes_for_keys [:email, :name, :password, :skype, :linkedin, :twitter, :projects_limit, :username, :extern_uid, :provider, :bio] attrs = attributes_for_keys [:email, :name, :password, :skype, :linkedin, :twitter, :projects_limit, :username, :extern_uid, :provider, :bio]
user = User.find_by_id(params[:id]) user = User.find(params[:id])
not_found!("User not found") unless user
if user && user.update_attributes(attrs) if user.update_attributes(attrs)
present user, with: Entities::User present user, with: Entities::User
else else
not_found! not_found!
...@@ -127,6 +135,9 @@ module Gitlab ...@@ -127,6 +135,9 @@ module Gitlab
# Example Request: # Example Request:
# POST /user/keys # POST /user/keys
post "keys" do post "keys" do
bad_request!(:title) unless params[:title].present?
bad_request!(:key) unless params[:key].present?
attrs = attributes_for_keys [:title, :key] attrs = attributes_for_keys [:title, :key]
key = current_user.keys.new attrs key = current_user.keys.new attrs
if key.save if key.save
...@@ -136,15 +147,18 @@ module Gitlab ...@@ -136,15 +147,18 @@ module Gitlab
end end
end end
# Delete existed ssh key of currently authenticated user # Delete existing ssh key of currently authenticated user
# #
# Parameters: # Parameters:
# id (required) - SSH Key ID # id (required) - SSH Key ID
# Example Request: # Example Request:
# DELETE /user/keys/:id # DELETE /user/keys/:id
delete "keys/:id" do delete "keys/:id" do
begin
key = current_user.keys.find params[:id] key = current_user.keys.find params[:id]
key.delete key.delete
rescue
end
end end
end end
end end
......
...@@ -31,15 +31,20 @@ describe Gitlab::API do ...@@ -31,15 +31,20 @@ describe Gitlab::API do
response.status.should == 200 response.status.should == 200
json_response['email'].should == user.email json_response['email'].should == user.email
end end
end
describe "POST /users" do it "should return a 401 if unauthenticated" do
before{ admin } get api("/users/9998")
response.status.should == 401
end
it "should not create invalid user" do it "should return a 404 error if user id not found" do
post api("/users", admin), { email: "invalid email" } get api("/users/9999", user)
response.status.should == 404 response.status.should == 404
end end
end
describe "POST /users" do
before{ admin }
it "should create user" do it "should create user" do
expect { expect {
...@@ -47,10 +52,48 @@ describe Gitlab::API do ...@@ -47,10 +52,48 @@ describe Gitlab::API do
}.to change { User.count }.by(1) }.to change { User.count }.by(1)
end end
it "should return 201 Created on success" do
post api("/users", admin), attributes_for(:user, projects_limit: 3)
response.status.should == 201
end
it "should not create user with invalid email" do
post api("/users", admin), { email: "invalid email", password: 'password' }
response.status.should == 400
end
it "should return 400 error if password not given" do
post api("/users", admin), { email: 'test@example.com' }
response.status.should == 400
end
it "should return 400 error if email not given" do
post api("/users", admin), { password: 'pass1234' }
response.status.should == 400
end
it "shouldn't available for non admin users" do it "shouldn't available for non admin users" do
post api("/users", user), attributes_for(:user) post api("/users", user), attributes_for(:user)
response.status.should == 403 response.status.should == 403
end end
context "with existing user" do
before { post api("/users", admin), { email: 'test@example.com', password: 'password', username: 'test' } }
it "should not create user with same email" do
expect {
post api("/users", admin), { email: 'test@example.com', password: 'password' }
}.to change { User.count }.by(0)
end
it "should return 409 conflict error if user with email exists" do
post api("/users", admin), { email: 'test@example.com', password: 'password' }
end
it "should return 409 conflict error if same username exists" do
post api("/users", admin), { email: 'foo@example.com', password: 'pass', username: 'test' }
end
end
end end
describe "GET /users/sign_up" do describe "GET /users/sign_up" do
...@@ -86,7 +129,7 @@ describe Gitlab::API do ...@@ -86,7 +129,7 @@ describe Gitlab::API do
describe "PUT /users/:id" do describe "PUT /users/:id" do
before { admin } before { admin }
it "should update user" do it "should update user with new bio" do
put api("/users/#{user.id}", admin), {bio: 'new test bio'} put api("/users/#{user.id}", admin), {bio: 'new test bio'}
response.status.should == 200 response.status.should == 200
json_response['bio'].should == 'new test bio' json_response['bio'].should == 'new test bio'
...@@ -108,6 +151,25 @@ describe Gitlab::API do ...@@ -108,6 +151,25 @@ describe Gitlab::API do
put api("/users/999999", admin), {bio: 'update should fail'} put api("/users/999999", admin), {bio: 'update should fail'}
response.status.should == 404 response.status.should == 404
end end
context "with existing user" do
before {
post api("/users", admin), { email: 'test@example.com', password: 'password', username: 'test', name: 'test' }
post api("/users", admin), { email: 'foo@bar.com', password: 'password', username: 'john', name: 'john' }
@user_id = User.all.last.id
}
# it "should return 409 conflict error if email address exists" do
# put api("/users/#{@user_id}", admin), { email: 'test@example.com' }
# response.status.should == 409
# end
#
# it "should return 409 conflict error if username taken" do
# @user_id = User.all.last.id
# put api("/users/#{@user_id}", admin), { username: 'test' }
# response.status.should == 409
# end
end
end end
describe "DELETE /users/:id" do describe "DELETE /users/:id" do
...@@ -120,6 +182,11 @@ describe Gitlab::API do ...@@ -120,6 +182,11 @@ describe Gitlab::API do
json_response['email'].should == user.email json_response['email'].should == user.email
end end
it "should not delete for unauthenticated user" do
delete api("/users/#{user.id}")
response.status.should == 401
end
it "shouldn't available for non admin users" do it "shouldn't available for non admin users" do
delete api("/users/#{user.id}", user) delete api("/users/#{user.id}", user)
response.status.should == 403 response.status.should == 403
...@@ -137,6 +204,11 @@ describe Gitlab::API do ...@@ -137,6 +204,11 @@ describe Gitlab::API do
response.status.should == 200 response.status.should == 200
json_response['email'].should == user.email json_response['email'].should == user.email
end end
it "should return 401 error if user is unauthenticated" do
get api("/user")
response.status.should == 401
end
end end
describe "GET /user/keys" do describe "GET /user/keys" do
...@@ -172,19 +244,38 @@ describe Gitlab::API do ...@@ -172,19 +244,38 @@ describe Gitlab::API do
get api("/user/keys/42", user) get api("/user/keys/42", user)
response.status.should == 404 response.status.should == 404
end end
end
describe "POST /user/keys" do it "should return 404 error if admin accesses user's ssh key" do
it "should not create invalid ssh key" do user.keys << key
post api("/user/keys", user), { title: "invalid key" } user.save
admin
get api("/user/keys/#{key.id}", admin)
response.status.should == 404 response.status.should == 404
end end
end
describe "POST /user/keys" do
it "should create ssh key" do it "should create ssh key" do
key_attrs = attributes_for :key key_attrs = attributes_for :key
expect { expect {
post api("/user/keys", user), key_attrs post api("/user/keys", user), key_attrs
}.to change{ user.keys.count }.by(1) }.to change{ user.keys.count }.by(1)
response.status.should == 201
end
it "should return a 401 error if unauthorized" do
post api("/user/keys"), title: 'some title', key: 'some key'
response.status.should == 401
end
it "should not create ssh key without key" do
post api("/user/keys", user), title: 'title'
response.status.should == 400
end
it "should not create ssh key without title" do
post api("/user/keys", user), key: "somekey"
response.status.should == 400
end end
end end
...@@ -195,11 +286,19 @@ describe Gitlab::API do ...@@ -195,11 +286,19 @@ describe Gitlab::API do
expect { expect {
delete api("/user/keys/#{key.id}", user) delete api("/user/keys/#{key.id}", user)
}.to change{user.keys.count}.by(-1) }.to change{user.keys.count}.by(-1)
response.status.should == 200
end end
it "should return 404 Not Found within invalid ID" do it "should return sucess if key ID not found" do
delete api("/user/keys/42", user) delete api("/user/keys/42", user)
response.status.should == 404 response.status.should == 200
end
it "should return 401 error if unauthorized" do
user.keys << key
user.save
delete api("/user/keys/#{key.id}")
response.status.should == 401
end end
end end
end end
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment