Commit decfe70b authored by Douwe Maan's avatar Douwe Maan

Merge branch 'fj-restore-users-v3-endpoint' into 'master'

Restoring user v3 endpoint

Closes #47565

See merge request gitlab-org/gitlab-ce!19661
parents 504f3620 df45623b
---
title: Restore API v3 user endpoint
merge_request:
author:
type: changed
...@@ -531,6 +531,9 @@ module API ...@@ -531,6 +531,9 @@ module API
authenticate! authenticate!
end end
# Enabling /user endpoint for the v3 version to allow oauth
# authentication through this endpoint.
version %w(v3 v4), using: :path do
desc 'Get the currently authenticated user' do desc 'Get the currently authenticated user' do
success Entities::UserPublic success Entities::UserPublic
end end
...@@ -544,6 +547,7 @@ module API ...@@ -544,6 +547,7 @@ module API
present current_user, with: entity present current_user, with: entity
end end
end
desc "Get the currently authenticated user's SSH keys" do desc "Get the currently authenticated user's SSH keys" do
success Entities::SSHKey success Entities::SSHKey
......
...@@ -1123,17 +1123,18 @@ describe API::Users do ...@@ -1123,17 +1123,18 @@ describe API::Users do
describe "GET /user" do describe "GET /user" do
let(:personal_access_token) { create(:personal_access_token, user: user).token } let(:personal_access_token) { create(:personal_access_token, user: user).token }
shared_examples 'get user info' do |version|
context 'with regular user' do context 'with regular user' do
context 'with personal access token' do context 'with personal access token' do
it 'returns 403 without private token when sudo is defined' do it 'returns 403 without private token when sudo is defined' do
get api("/user?private_token=#{personal_access_token}&sudo=123") get api("/user?private_token=#{personal_access_token}&sudo=123", version: version)
expect(response).to have_gitlab_http_status(403) expect(response).to have_gitlab_http_status(403)
end end
end end
it 'returns current user without private token when sudo not defined' do it 'returns current user without private token when sudo not defined' do
get api("/user", user) get api("/user", user, version: version)
expect(response).to have_gitlab_http_status(200) expect(response).to have_gitlab_http_status(200)
expect(response).to match_response_schema('public_api/v4/user/public') expect(response).to match_response_schema('public_api/v4/user/public')
...@@ -1144,7 +1145,7 @@ describe API::Users do ...@@ -1144,7 +1145,7 @@ describe API::Users do
let(:path) { "/user" } let(:path) { "/user" }
let(:api_call) { method(:api) } let(:api_call) { method(:api) }
include_examples 'allows the "read_user" scope' include_examples 'allows the "read_user" scope', version
end end
end end
...@@ -1153,13 +1154,13 @@ describe API::Users do ...@@ -1153,13 +1154,13 @@ describe API::Users do
context 'with personal access token' do context 'with personal access token' do
it 'returns 403 without private token when sudo defined' do it 'returns 403 without private token when sudo defined' do
get api("/user?private_token=#{admin_personal_access_token}&sudo=#{user.id}") get api("/user?private_token=#{admin_personal_access_token}&sudo=#{user.id}", version: version)
expect(response).to have_gitlab_http_status(403) expect(response).to have_gitlab_http_status(403)
end end
it 'returns initial current user without private token but with is_admin when sudo not defined' do it 'returns initial current user without private token but with is_admin when sudo not defined' do
get api("/user?private_token=#{admin_personal_access_token}") get api("/user?private_token=#{admin_personal_access_token}", version: version)
expect(response).to have_gitlab_http_status(200) expect(response).to have_gitlab_http_status(200)
expect(response).to match_response_schema('public_api/v4/user/admin') expect(response).to match_response_schema('public_api/v4/user/admin')
...@@ -1170,13 +1171,17 @@ describe API::Users do ...@@ -1170,13 +1171,17 @@ describe API::Users do
context 'with unauthenticated user' do context 'with unauthenticated user' do
it "returns 401 error if user is unauthenticated" do it "returns 401 error if user is unauthenticated" do
get api("/user") get api("/user", version: version)
expect(response).to have_gitlab_http_status(401) expect(response).to have_gitlab_http_status(401)
end end
end end
end end
it_behaves_like 'get user info', 'v3'
it_behaves_like 'get user info', 'v4'
end
describe "GET /user/keys" do describe "GET /user/keys" do
context "when unauthenticated" do context "when unauthenticated" do
it "returns authentication error" do it "returns authentication error" do
......
shared_examples_for 'allows the "read_user" scope' do shared_examples_for 'allows the "read_user" scope' do |api_version|
let(:version) { api_version || 'v4' }
context 'for personal access tokens' do context 'for personal access tokens' do
context 'when the requesting token has the "api" scope' do context 'when the requesting token has the "api" scope' do
let(:token) { create(:personal_access_token, scopes: ['api'], user: user) } let(:token) { create(:personal_access_token, scopes: ['api'], user: user) }
it 'returns a "200" response' do it 'returns a "200" response' do
get api_call.call(path, user, personal_access_token: token) get api_call.call(path, user, personal_access_token: token, version: version)
expect(response).to have_gitlab_http_status(200) expect(response).to have_gitlab_http_status(200)
end end
...@@ -14,7 +16,7 @@ shared_examples_for 'allows the "read_user" scope' do ...@@ -14,7 +16,7 @@ shared_examples_for 'allows the "read_user" scope' do
let(:token) { create(:personal_access_token, scopes: ['read_user'], user: user) } let(:token) { create(:personal_access_token, scopes: ['read_user'], user: user) }
it 'returns a "200" response' do it 'returns a "200" response' do
get api_call.call(path, user, personal_access_token: token) get api_call.call(path, user, personal_access_token: token, version: version)
expect(response).to have_gitlab_http_status(200) expect(response).to have_gitlab_http_status(200)
end end
...@@ -28,7 +30,7 @@ shared_examples_for 'allows the "read_user" scope' do ...@@ -28,7 +30,7 @@ shared_examples_for 'allows the "read_user" scope' do
end end
it 'returns a "403" response' do it 'returns a "403" response' do
get api_call.call(path, user, personal_access_token: token) get api_call.call(path, user, personal_access_token: token, version: version)
expect(response).to have_gitlab_http_status(403) expect(response).to have_gitlab_http_status(403)
end end
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment