Commit 0be55733 authored by Rémy Coutable's avatar Rémy Coutable

Merge branch 'grapify-users-api' into 'master'

Grapify the users API

Certain endpoints return different entities based on which user issues the request. Right now, I am not aware how to specify multiple entities as part of the description block of the endpoint. @rymai Do you know something about that.

## What are the relevant issue numbers?

Related to #22928

See merge request !7147
parents 5018bdcd 4cb3c0b4
......@@ -369,24 +369,24 @@ Parameters:
Get a list of a specified user's SSH keys. Available only for admin
```
GET /users/:uid/keys
GET /users/:id/keys
```
Parameters:
- `uid` (required) - id of specified user
- `id` (required) - id of specified user
## Single SSH key
Get a single key.
```
GET /user/keys/:id
GET /user/keys/:key_id
```
Parameters:
- `id` (required) - The ID of an SSH key
- `key_id` (required) - The ID of an SSH key
```json
{
......@@ -458,25 +458,25 @@ This is an idempotent function and calling it on a key that is already deleted
or not available results in `200 OK`.
```
DELETE /user/keys/:id
DELETE /user/keys/:key_id
```
Parameters:
- `id` (required) - SSH key ID
- `key_id` (required) - SSH key ID
## Delete SSH key for given user
Deletes key owned by a specified user. Available only for admin.
```
DELETE /users/:uid/keys/:id
DELETE /users/:id/keys/:key_id
```
Parameters:
- `uid` (required) - id of specified user
- `id` (required) - SSH key ID
- `id` (required) - id of specified user
- `key_id` (required) - SSH key ID
Will return `200 OK` on success, or `404 Not found` if either user or key cannot be found.
......@@ -510,24 +510,24 @@ Parameters:
Get a list of a specified user's emails. Available only for admin
```
GET /users/:uid/emails
GET /users/:id/emails
```
Parameters:
- `uid` (required) - id of specified user
- `id` (required) - id of specified user
## Single email
Get a single email.
```
GET /user/emails/:id
GET /user/emails/:email_id
```
Parameters:
- `id` (required) - email ID
- `email_id` (required) - email ID
```json
{
......@@ -590,25 +590,25 @@ This is an idempotent function and calling it on a email that is already deleted
or not available results in `200 OK`.
```
DELETE /user/emails/:id
DELETE /user/emails/:email_id
```
Parameters:
- `id` (required) - email ID
- `email_id` (required) - email ID
## Delete email for given user
Deletes email owned by a specified user. Available only for admin.
```
DELETE /users/:uid/emails/:id
DELETE /users/:id/emails/:email_id
```
Parameters:
- `uid` (required) - id of specified user
- `id` (required) - email ID
- `id` (required) - id of specified user
- `email_id` (required) - email ID
Will return `200 OK` on success, or `404 Not found` if either user or email cannot be found.
......@@ -617,12 +617,12 @@ Will return `200 OK` on success, or `404 Not found` if either user or email cann
Blocks the specified user. Available only for admin.
```
PUT /users/:uid/block
PUT /users/:id/block
```
Parameters:
- `uid` (required) - id of specified user
- `id` (required) - id of specified user
Will return `200 OK` on success, `404 User Not Found` is user cannot be found or
`403 Forbidden` when trying to block an already blocked user by LDAP synchronization.
......@@ -632,12 +632,12 @@ Will return `200 OK` on success, `404 User Not Found` is user cannot be found or
Unblocks the specified user. Available only for admin.
```
PUT /users/:uid/unblock
PUT /users/:id/unblock
```
Parameters:
- `uid` (required) - id of specified user
- `id` (required) - id of specified user
Will return `200 OK` on success, `404 User Not Found` is user cannot be found or
`403 Forbidden` when trying to unblock a user blocked by LDAP synchronization.
......
This diff is collapsed.
......@@ -108,7 +108,7 @@ describe API::API, api: true do
it "returns a 404 error if user id not found" do
get api("/users/9999", user)
expect(response).to have_http_status(404)
expect(json_response['message']).to eq('404 Not found')
expect(json_response['message']).to eq('404 User Not Found')
end
it "returns a 404 for invalid ID" do
......@@ -359,7 +359,7 @@ describe API::API, api: true do
it "returns 404 for non-existing user" do
put api("/users/999999", admin), { bio: 'update should fail' }
expect(response).to have_http_status(404)
expect(json_response['message']).to eq('404 Not found')
expect(json_response['message']).to eq('404 User Not Found')
end
it "returns a 404 if invalid ID" do
......@@ -387,6 +387,18 @@ describe API::API, api: true do
to eq([Gitlab::Regex.namespace_regex_message])
end
it 'returns 400 if provider is missing for identity update' do
put api("/users/#{omniauth_user.id}", admin), extern_uid: '654321'
expect(response).to have_http_status(400)
end
it 'returns 400 if external UID is missing for identity update' do
put api("/users/#{omniauth_user.id}", admin), provider: 'ldap'
expect(response).to have_http_status(400)
end
context "with existing user" do
before do
post api("/users", admin), { email: 'test@example.com', password: 'password', username: 'test', name: 'test' }
......@@ -414,14 +426,16 @@ describe API::API, api: true do
it "does not create invalid ssh key" do
post api("/users/#{user.id}/keys", admin), { title: "invalid key" }
expect(response).to have_http_status(400)
expect(json_response['message']).to eq('400 (Bad request) "key" not given')
expect(json_response['error']).to eq('key is missing')
end
it 'does not create key without title' do
post api("/users/#{user.id}/keys", admin), key: 'some key'
expect(response).to have_http_status(400)
expect(json_response['message']).to eq('400 (Bad request) "title" not given')
expect(json_response['error']).to eq('title is missing')
end
it "creates ssh key" do
......@@ -437,7 +451,7 @@ describe API::API, api: true do
end
end
describe 'GET /user/:uid/keys' do
describe 'GET /user/:id/keys' do
before { admin }
context 'when unauthenticated' do
......@@ -465,7 +479,7 @@ describe API::API, api: true do
end
end
describe 'DELETE /user/:uid/keys/:id' do
describe 'DELETE /user/:id/keys/:key_id' do
before { admin }
context 'when unauthenticated' do
......@@ -506,8 +520,9 @@ describe API::API, api: true do
it "does not create invalid email" do
post api("/users/#{user.id}/emails", admin), {}
expect(response).to have_http_status(400)
expect(json_response['message']).to eq('400 (Bad request) "email" not given')
expect(json_response['error']).to eq('email is missing')
end
it "creates email" do
......@@ -524,7 +539,7 @@ describe API::API, api: true do
end
end
describe 'GET /user/:uid/emails' do
describe 'GET /user/:id/emails' do
before { admin }
context 'when unauthenticated' do
......@@ -558,7 +573,7 @@ describe API::API, api: true do
end
end
describe 'DELETE /user/:uid/emails/:id' do
describe 'DELETE /user/:id/emails/:email_id' do
before { admin }
context 'when unauthenticated' do
......@@ -673,7 +688,7 @@ describe API::API, api: true do
end
end
describe "GET /user/keys/:id" do
describe "GET /user/keys/:key_id" do
it "returns single key" do
user.keys << key
user.save
......@@ -686,7 +701,7 @@ describe API::API, api: true do
get api("/user/keys/42", user)
expect(response).to have_http_status(404)
expect(json_response['message']).to eq('404 Not found')
expect(json_response['message']).to eq('404 Key Not Found')
end
it "returns 404 error if admin accesses user's ssh key" do
......@@ -695,7 +710,7 @@ describe API::API, api: true do
admin
get api("/user/keys/#{key.id}", admin)
expect(response).to have_http_status(404)
expect(json_response['message']).to eq('404 Not found')
expect(json_response['message']).to eq('404 Key Not Found')
end
it "returns 404 for invalid ID" do
......@@ -721,14 +736,16 @@ describe API::API, api: true do
it "does not create ssh key without key" do
post api("/user/keys", user), title: 'title'
expect(response).to have_http_status(400)
expect(json_response['message']).to eq('400 (Bad request) "key" not given')
expect(json_response['error']).to eq('key is missing')
end
it 'does not create ssh key without title' do
post api('/user/keys', user), key: 'some key'
expect(response).to have_http_status(400)
expect(json_response['message']).to eq('400 (Bad request) "title" not given')
expect(json_response['error']).to eq('title is missing')
end
it "does not create ssh key without title" do
......@@ -737,7 +754,7 @@ describe API::API, api: true do
end
end
describe "DELETE /user/keys/:id" do
describe "DELETE /user/keys/:key_id" do
it "deletes existed key" do
user.keys << key
user.save
......@@ -747,9 +764,11 @@ describe API::API, api: true do
expect(response).to have_http_status(200)
end
it "returns success if key ID not found" do
it "returns 404 if key ID not found" do
delete api("/user/keys/42", user)
expect(response).to have_http_status(200)
expect(response).to have_http_status(404)
expect(json_response['message']).to eq('404 Key Not Found')
end
it "returns 401 error if unauthorized" do
......@@ -786,7 +805,7 @@ describe API::API, api: true do
end
end
describe "GET /user/emails/:id" do
describe "GET /user/emails/:email_id" do
it "returns single email" do
user.emails << email
user.save
......@@ -798,7 +817,7 @@ describe API::API, api: true do
it "returns 404 Not Found within invalid ID" do
get api("/user/emails/42", user)
expect(response).to have_http_status(404)
expect(json_response['message']).to eq('404 Not found')
expect(json_response['message']).to eq('404 Email Not Found')
end
it "returns 404 error if admin accesses user's email" do
......@@ -807,7 +826,7 @@ describe API::API, api: true do
admin
get api("/user/emails/#{email.id}", admin)
expect(response).to have_http_status(404)
expect(json_response['message']).to eq('404 Not found')
expect(json_response['message']).to eq('404 Email Not Found')
end
it "returns 404 for invalid ID" do
......@@ -833,12 +852,13 @@ describe API::API, api: true do
it "does not create email with invalid email" do
post api("/user/emails", user), {}
expect(response).to have_http_status(400)
expect(json_response['message']).to eq('400 (Bad request) "email" not given')
expect(json_response['error']).to eq('email is missing')
end
end
describe "DELETE /user/emails/:id" do
describe "DELETE /user/emails/:email_id" do
it "deletes existed email" do
user.emails << email
user.save
......@@ -848,9 +868,11 @@ describe API::API, api: true do
expect(response).to have_http_status(200)
end
it "returns success if email ID not found" do
it "returns 404 if email ID not found" do
delete api("/user/emails/42", user)
expect(response).to have_http_status(200)
expect(response).to have_http_status(404)
expect(json_response['message']).to eq('404 Email Not Found')
end
it "returns 401 error if unauthorized" do
......@@ -860,10 +882,10 @@ describe API::API, api: true do
expect(response).to have_http_status(401)
end
it "returns a 404 for invalid ID" do
delete api("/users/emails/ASDF", admin)
it "returns 400 for invalid ID" do
delete api("/user/emails/ASDF", admin)
expect(response).to have_http_status(404)
expect(response).to have_http_status(400)
end
end
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment