Allow unauthenticated access to Repositories Files API GET endpoints

Signed-off-by: Rémy Coutable <remy@rymai.me>

Allow unauthenticated access to Repositories Files API GET endpoints
Signed-off-by: Rémy Coutable <remy@rymai.me>
5652da8b · Rémy Coutable · d84cfeaf · 5652da8b · 5652da8b · 5652da8b
Commit 5652da8b authored Dec 16, 2016 by Rémy Coutable
6 changed files
--- a/changelogs/unreleased/4269-public-api.yml
+++ b/changelogs/unreleased/4269-public-api.yml
 ---
-title: Allow public access to some Project API endpoints
+title: Allow unauthenticated access to some Project API GET endpoints
 merge_request: 7843
 author:
--- a/changelogs/unreleased/4269-public-files-api.yml
+++ b/changelogs/unreleased/4269-public-files-api.yml
+---
+title: Allow unauthenticated access to Repositories Files API GET endpoints
+merge_request:
+author:
--- a/changelogs/unreleased/4269-public-repositories-api.yml
+++ b/changelogs/unreleased/4269-public-repositories-api.yml
 ---
-title: Allow Repositories API GET endpoints to be requested anonymously
+title: Allow unauthenticated access to Repositories API GET endpoints
 merge_request: 8148
 author:
--- a/doc/api/repository_files.md
+++ b/doc/api/repository_files.md
@@ -6,7 +6,9 @@

 ## Get file from repository

-Allows you to receive information about file in repository like name, size, content. Note that file content is Base64 encoded.
+Allows you to receive information about file in repository like name, size,
+content. Note that file content is Base64 encoded. This endpoint can be accessed
+without authentication if the repository is publicly accessible.

 ```
 GET /projects/:id/repository/files

--- a/lib/api/files.rb
+++ b/lib/api/files.rb
 module API
  # Projects API
  class Files < Grape::API
-    before { authenticate! }
-
    helpers do
      def commit_params(attrs)
        {

--- a/spec/requests/api/files_spec.rb
+++ b/spec/requests/api/files_spec.rb
@@ -24,13 +24,14 @@ describe API::Files, api: true  do
  before { project.team << [user, :developer] }

  describe "GET /projects/:id/repository/files" do
+    shared_examples_for 'repository files' do
      it "returns file info" do
        params = {
          file_path: file_path,
          ref: 'master',
        }

-      get api("/projects/#{project.id}/repository/files", user), params
+        get api("/projects/#{project.id}/repository/files", current_user), params

        expect(response).to have_http_status(200)
        expect(json_response['file_path']).to eq(file_path)
@@ -38,6 +39,20 @@ describe API::Files, api: true  do
        expect(json_response['last_commit_id']).to eq('570e7b2abdd848b95f2f578043fc23bd6f6fd24d')
        expect(Base64.decode64(json_response['content']).lines.first).to eq("require 'fileutils'\n")
      end
+    end
+
+    context 'when unauthenticated' do
+      it_behaves_like 'repository files' do
+        let(:project) { create(:project, :public) }
+        let(:current_user) { nil }
+      end
+    end
+
+    context 'when authenticated' do
+      it_behaves_like 'repository files' do
+        let(:current_user) { user }
+      end
+    end

    it "returns a 400 bad request if no params given" do
      get api("/projects/#{project.id}/repository/files", user)