Commit 0be55733 authored by Rémy Coutable's avatar Rémy Coutable

Merge branch 'grapify-users-api' into 'master'

Grapify the users API

Certain endpoints return different entities based on which user issues the request. Right now, I am not aware how to specify multiple entities as part of the description block of the endpoint. @rymai Do you know something about that.

## What are the relevant issue numbers?

Related to #22928

See merge request !7147
parents 5018bdcd 4cb3c0b4
...@@ -369,24 +369,24 @@ Parameters: ...@@ -369,24 +369,24 @@ Parameters:
Get a list of a specified user's SSH keys. Available only for admin Get a list of a specified user's SSH keys. Available only for admin
``` ```
GET /users/:uid/keys GET /users/:id/keys
``` ```
Parameters: Parameters:
- `uid` (required) - id of specified user - `id` (required) - id of specified user
## Single SSH key ## Single SSH key
Get a single key. Get a single key.
``` ```
GET /user/keys/:id GET /user/keys/:key_id
``` ```
Parameters: Parameters:
- `id` (required) - The ID of an SSH key - `key_id` (required) - The ID of an SSH key
```json ```json
{ {
...@@ -458,25 +458,25 @@ This is an idempotent function and calling it on a key that is already deleted ...@@ -458,25 +458,25 @@ This is an idempotent function and calling it on a key that is already deleted
or not available results in `200 OK`. or not available results in `200 OK`.
``` ```
DELETE /user/keys/:id DELETE /user/keys/:key_id
``` ```
Parameters: Parameters:
- `id` (required) - SSH key ID - `key_id` (required) - SSH key ID
## Delete SSH key for given user ## Delete SSH key for given user
Deletes key owned by a specified user. Available only for admin. Deletes key owned by a specified user. Available only for admin.
``` ```
DELETE /users/:uid/keys/:id DELETE /users/:id/keys/:key_id
``` ```
Parameters: Parameters:
- `uid` (required) - id of specified user - `id` (required) - id of specified user
- `id` (required) - SSH key ID - `key_id` (required) - SSH key ID
Will return `200 OK` on success, or `404 Not found` if either user or key cannot be found. Will return `200 OK` on success, or `404 Not found` if either user or key cannot be found.
...@@ -510,24 +510,24 @@ Parameters: ...@@ -510,24 +510,24 @@ Parameters:
Get a list of a specified user's emails. Available only for admin Get a list of a specified user's emails. Available only for admin
``` ```
GET /users/:uid/emails GET /users/:id/emails
``` ```
Parameters: Parameters:
- `uid` (required) - id of specified user - `id` (required) - id of specified user
## Single email ## Single email
Get a single email. Get a single email.
``` ```
GET /user/emails/:id GET /user/emails/:email_id
``` ```
Parameters: Parameters:
- `id` (required) - email ID - `email_id` (required) - email ID
```json ```json
{ {
...@@ -590,25 +590,25 @@ This is an idempotent function and calling it on a email that is already deleted ...@@ -590,25 +590,25 @@ This is an idempotent function and calling it on a email that is already deleted
or not available results in `200 OK`. or not available results in `200 OK`.
``` ```
DELETE /user/emails/:id DELETE /user/emails/:email_id
``` ```
Parameters: Parameters:
- `id` (required) - email ID - `email_id` (required) - email ID
## Delete email for given user ## Delete email for given user
Deletes email owned by a specified user. Available only for admin. Deletes email owned by a specified user. Available only for admin.
``` ```
DELETE /users/:uid/emails/:id DELETE /users/:id/emails/:email_id
``` ```
Parameters: Parameters:
- `uid` (required) - id of specified user - `id` (required) - id of specified user
- `id` (required) - email ID - `email_id` (required) - email ID
Will return `200 OK` on success, or `404 Not found` if either user or email cannot be found. Will return `200 OK` on success, or `404 Not found` if either user or email cannot be found.
...@@ -617,12 +617,12 @@ Will return `200 OK` on success, or `404 Not found` if either user or email cann ...@@ -617,12 +617,12 @@ Will return `200 OK` on success, or `404 Not found` if either user or email cann
Blocks the specified user. Available only for admin. Blocks the specified user. Available only for admin.
``` ```
PUT /users/:uid/block PUT /users/:id/block
``` ```
Parameters: Parameters:
- `uid` (required) - id of specified user - `id` (required) - id of specified user
Will return `200 OK` on success, `404 User Not Found` is user cannot be found or Will return `200 OK` on success, `404 User Not Found` is user cannot be found or
`403 Forbidden` when trying to block an already blocked user by LDAP synchronization. `403 Forbidden` when trying to block an already blocked user by LDAP synchronization.
...@@ -632,12 +632,12 @@ Will return `200 OK` on success, `404 User Not Found` is user cannot be found or ...@@ -632,12 +632,12 @@ Will return `200 OK` on success, `404 User Not Found` is user cannot be found or
Unblocks the specified user. Available only for admin. Unblocks the specified user. Available only for admin.
``` ```
PUT /users/:uid/unblock PUT /users/:id/unblock
``` ```
Parameters: Parameters:
- `uid` (required) - id of specified user - `id` (required) - id of specified user
Will return `200 OK` on success, `404 User Not Found` is user cannot be found or Will return `200 OK` on success, `404 User Not Found` is user cannot be found or
`403 Forbidden` when trying to unblock a user blocked by LDAP synchronization. `403 Forbidden` when trying to unblock a user blocked by LDAP synchronization.
......
This diff is collapsed.
...@@ -108,7 +108,7 @@ describe API::API, api: true do ...@@ -108,7 +108,7 @@ describe API::API, api: true do
it "returns a 404 error if user id not found" do it "returns a 404 error if user id not found" do
get api("/users/9999", user) get api("/users/9999", user)
expect(response).to have_http_status(404) expect(response).to have_http_status(404)
expect(json_response['message']).to eq('404 Not found') expect(json_response['message']).to eq('404 User Not Found')
end end
it "returns a 404 for invalid ID" do it "returns a 404 for invalid ID" do
...@@ -359,7 +359,7 @@ describe API::API, api: true do ...@@ -359,7 +359,7 @@ describe API::API, api: true do
it "returns 404 for non-existing user" do it "returns 404 for non-existing user" do
put api("/users/999999", admin), { bio: 'update should fail' } put api("/users/999999", admin), { bio: 'update should fail' }
expect(response).to have_http_status(404) expect(response).to have_http_status(404)
expect(json_response['message']).to eq('404 Not found') expect(json_response['message']).to eq('404 User Not Found')
end end
it "returns a 404 if invalid ID" do it "returns a 404 if invalid ID" do
...@@ -387,6 +387,18 @@ describe API::API, api: true do ...@@ -387,6 +387,18 @@ describe API::API, api: true do
to eq([Gitlab::Regex.namespace_regex_message]) to eq([Gitlab::Regex.namespace_regex_message])
end end
it 'returns 400 if provider is missing for identity update' do
put api("/users/#{omniauth_user.id}", admin), extern_uid: '654321'
expect(response).to have_http_status(400)
end
it 'returns 400 if external UID is missing for identity update' do
put api("/users/#{omniauth_user.id}", admin), provider: 'ldap'
expect(response).to have_http_status(400)
end
context "with existing user" do context "with existing user" do
before do before do
post api("/users", admin), { email: 'test@example.com', password: 'password', username: 'test', name: 'test' } post api("/users", admin), { email: 'test@example.com', password: 'password', username: 'test', name: 'test' }
...@@ -414,14 +426,16 @@ describe API::API, api: true do ...@@ -414,14 +426,16 @@ describe API::API, api: true do
it "does not create invalid ssh key" do it "does not create invalid ssh key" do
post api("/users/#{user.id}/keys", admin), { title: "invalid key" } post api("/users/#{user.id}/keys", admin), { title: "invalid key" }
expect(response).to have_http_status(400) expect(response).to have_http_status(400)
expect(json_response['message']).to eq('400 (Bad request) "key" not given') expect(json_response['error']).to eq('key is missing')
end end
it 'does not create key without title' do it 'does not create key without title' do
post api("/users/#{user.id}/keys", admin), key: 'some key' post api("/users/#{user.id}/keys", admin), key: 'some key'
expect(response).to have_http_status(400) expect(response).to have_http_status(400)
expect(json_response['message']).to eq('400 (Bad request) "title" not given') expect(json_response['error']).to eq('title is missing')
end end
it "creates ssh key" do it "creates ssh key" do
...@@ -437,7 +451,7 @@ describe API::API, api: true do ...@@ -437,7 +451,7 @@ describe API::API, api: true do
end end
end end
describe 'GET /user/:uid/keys' do describe 'GET /user/:id/keys' do
before { admin } before { admin }
context 'when unauthenticated' do context 'when unauthenticated' do
...@@ -465,7 +479,7 @@ describe API::API, api: true do ...@@ -465,7 +479,7 @@ describe API::API, api: true do
end end
end end
describe 'DELETE /user/:uid/keys/:id' do describe 'DELETE /user/:id/keys/:key_id' do
before { admin } before { admin }
context 'when unauthenticated' do context 'when unauthenticated' do
...@@ -506,8 +520,9 @@ describe API::API, api: true do ...@@ -506,8 +520,9 @@ describe API::API, api: true do
it "does not create invalid email" do it "does not create invalid email" do
post api("/users/#{user.id}/emails", admin), {} post api("/users/#{user.id}/emails", admin), {}
expect(response).to have_http_status(400) expect(response).to have_http_status(400)
expect(json_response['message']).to eq('400 (Bad request) "email" not given') expect(json_response['error']).to eq('email is missing')
end end
it "creates email" do it "creates email" do
...@@ -524,7 +539,7 @@ describe API::API, api: true do ...@@ -524,7 +539,7 @@ describe API::API, api: true do
end end
end end
describe 'GET /user/:uid/emails' do describe 'GET /user/:id/emails' do
before { admin } before { admin }
context 'when unauthenticated' do context 'when unauthenticated' do
...@@ -558,7 +573,7 @@ describe API::API, api: true do ...@@ -558,7 +573,7 @@ describe API::API, api: true do
end end
end end
describe 'DELETE /user/:uid/emails/:id' do describe 'DELETE /user/:id/emails/:email_id' do
before { admin } before { admin }
context 'when unauthenticated' do context 'when unauthenticated' do
...@@ -673,7 +688,7 @@ describe API::API, api: true do ...@@ -673,7 +688,7 @@ describe API::API, api: true do
end end
end end
describe "GET /user/keys/:id" do describe "GET /user/keys/:key_id" do
it "returns single key" do it "returns single key" do
user.keys << key user.keys << key
user.save user.save
...@@ -686,7 +701,7 @@ describe API::API, api: true do ...@@ -686,7 +701,7 @@ describe API::API, api: true do
get api("/user/keys/42", user) get api("/user/keys/42", user)
expect(response).to have_http_status(404) expect(response).to have_http_status(404)
expect(json_response['message']).to eq('404 Not found') expect(json_response['message']).to eq('404 Key Not Found')
end end
it "returns 404 error if admin accesses user's ssh key" do it "returns 404 error if admin accesses user's ssh key" do
...@@ -695,7 +710,7 @@ describe API::API, api: true do ...@@ -695,7 +710,7 @@ describe API::API, api: true do
admin admin
get api("/user/keys/#{key.id}", admin) get api("/user/keys/#{key.id}", admin)
expect(response).to have_http_status(404) expect(response).to have_http_status(404)
expect(json_response['message']).to eq('404 Not found') expect(json_response['message']).to eq('404 Key Not Found')
end end
it "returns 404 for invalid ID" do it "returns 404 for invalid ID" do
...@@ -721,14 +736,16 @@ describe API::API, api: true do ...@@ -721,14 +736,16 @@ describe API::API, api: true do
it "does not create ssh key without key" do it "does not create ssh key without key" do
post api("/user/keys", user), title: 'title' post api("/user/keys", user), title: 'title'
expect(response).to have_http_status(400) expect(response).to have_http_status(400)
expect(json_response['message']).to eq('400 (Bad request) "key" not given') expect(json_response['error']).to eq('key is missing')
end end
it 'does not create ssh key without title' do it 'does not create ssh key without title' do
post api('/user/keys', user), key: 'some key' post api('/user/keys', user), key: 'some key'
expect(response).to have_http_status(400) expect(response).to have_http_status(400)
expect(json_response['message']).to eq('400 (Bad request) "title" not given') expect(json_response['error']).to eq('title is missing')
end end
it "does not create ssh key without title" do it "does not create ssh key without title" do
...@@ -737,7 +754,7 @@ describe API::API, api: true do ...@@ -737,7 +754,7 @@ describe API::API, api: true do
end end
end end
describe "DELETE /user/keys/:id" do describe "DELETE /user/keys/:key_id" do
it "deletes existed key" do it "deletes existed key" do
user.keys << key user.keys << key
user.save user.save
...@@ -747,9 +764,11 @@ describe API::API, api: true do ...@@ -747,9 +764,11 @@ describe API::API, api: true do
expect(response).to have_http_status(200) expect(response).to have_http_status(200)
end end
it "returns success if key ID not found" do it "returns 404 if key ID not found" do
delete api("/user/keys/42", user) delete api("/user/keys/42", user)
expect(response).to have_http_status(200)
expect(response).to have_http_status(404)
expect(json_response['message']).to eq('404 Key Not Found')
end end
it "returns 401 error if unauthorized" do it "returns 401 error if unauthorized" do
...@@ -786,7 +805,7 @@ describe API::API, api: true do ...@@ -786,7 +805,7 @@ describe API::API, api: true do
end end
end end
describe "GET /user/emails/:id" do describe "GET /user/emails/:email_id" do
it "returns single email" do it "returns single email" do
user.emails << email user.emails << email
user.save user.save
...@@ -798,7 +817,7 @@ describe API::API, api: true do ...@@ -798,7 +817,7 @@ describe API::API, api: true do
it "returns 404 Not Found within invalid ID" do it "returns 404 Not Found within invalid ID" do
get api("/user/emails/42", user) get api("/user/emails/42", user)
expect(response).to have_http_status(404) expect(response).to have_http_status(404)
expect(json_response['message']).to eq('404 Not found') expect(json_response['message']).to eq('404 Email Not Found')
end end
it "returns 404 error if admin accesses user's email" do it "returns 404 error if admin accesses user's email" do
...@@ -807,7 +826,7 @@ describe API::API, api: true do ...@@ -807,7 +826,7 @@ describe API::API, api: true do
admin admin
get api("/user/emails/#{email.id}", admin) get api("/user/emails/#{email.id}", admin)
expect(response).to have_http_status(404) expect(response).to have_http_status(404)
expect(json_response['message']).to eq('404 Not found') expect(json_response['message']).to eq('404 Email Not Found')
end end
it "returns 404 for invalid ID" do it "returns 404 for invalid ID" do
...@@ -833,12 +852,13 @@ describe API::API, api: true do ...@@ -833,12 +852,13 @@ describe API::API, api: true do
it "does not create email with invalid email" do it "does not create email with invalid email" do
post api("/user/emails", user), {} post api("/user/emails", user), {}
expect(response).to have_http_status(400) expect(response).to have_http_status(400)
expect(json_response['message']).to eq('400 (Bad request) "email" not given') expect(json_response['error']).to eq('email is missing')
end end
end end
describe "DELETE /user/emails/:id" do describe "DELETE /user/emails/:email_id" do
it "deletes existed email" do it "deletes existed email" do
user.emails << email user.emails << email
user.save user.save
...@@ -848,9 +868,11 @@ describe API::API, api: true do ...@@ -848,9 +868,11 @@ describe API::API, api: true do
expect(response).to have_http_status(200) expect(response).to have_http_status(200)
end end
it "returns success if email ID not found" do it "returns 404 if email ID not found" do
delete api("/user/emails/42", user) delete api("/user/emails/42", user)
expect(response).to have_http_status(200)
expect(response).to have_http_status(404)
expect(json_response['message']).to eq('404 Email Not Found')
end end
it "returns 401 error if unauthorized" do it "returns 401 error if unauthorized" do
...@@ -860,10 +882,10 @@ describe API::API, api: true do ...@@ -860,10 +882,10 @@ describe API::API, api: true do
expect(response).to have_http_status(401) expect(response).to have_http_status(401)
end end
it "returns a 404 for invalid ID" do it "returns 400 for invalid ID" do
delete api("/users/emails/ASDF", admin) delete api("/user/emails/ASDF", admin)
expect(response).to have_http_status(404) expect(response).to have_http_status(400)
end end
end end
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment