Merge branch 'ebaque-remove-key-id-check' into 'master'

Remove key param check when validating actor See merge request gitlab-org/gitlab!57675

Merge branch 'ebaque-remove-key-id-check' into 'master'
Remove key param check when validating actor See merge request gitlab-org/gitlab!57675
103efe46 · Dmytro Zaporozhets (DZ) · c0753f25 · d1281c73 · 103efe46 · 103efe46
Commit 103efe46 authored Mar 31, 2021 by Dmytro Zaporozhets (DZ)
4 changed files
--- a/ee/changelogs/unreleased/ebaque-remove-key-id-check.yml
+++ b/ee/changelogs/unreleased/ebaque-remove-key-id-check.yml
+---
+title: Remove key parameter check when validating actor in personal access token API
+merge_request: 57675
+author:
+type: fixed
--- a/ee/lib/ee/api/internal/base.rb
+++ b/ee/lib/ee/api/internal/base.rb
@@ -31,7 +31,7 @@ module EE
              actor.update_last_used_at!
              user = actor.user

-              error_message = validate_actor_key(actor, params[:key_id])
+              error_message = validate_actor(actor)

              return { success: false, message: error_message } if error_message


--- a/lib/api/internal/base.rb
+++ b/lib/api/internal/base.rb
@@ -109,9 +109,7 @@ module API
          end
        end

-        def validate_actor_key(actor, key_id)
-          return 'Could not find a user without a key' unless key_id
-
+        def validate_actor(actor)
          return 'Could not find the given key' unless actor.key

          'Could not find a user for the given key' unless actor.user
@@ -206,7 +204,7 @@ module API
          actor.update_last_used_at!
          user = actor.user

-          error_message = validate_actor_key(actor, params[:key_id])
+          error_message = validate_actor(actor)

          if params[:user_id] && user.nil?
            break { success: false, message: 'Could not find the given user' }
@@ -235,7 +233,7 @@ module API
          actor.update_last_used_at!
          user = actor.user

-          error_message = validate_actor_key(actor, params[:key_id])
+          error_message = validate_actor(actor)

          break { success: false, message: 'Deploy keys cannot be used to create personal access tokens' } if actor.key.is_a?(DeployKey)

@@ -308,7 +306,7 @@ module API
          actor.update_last_used_at!
          user = actor.user

-          error_message = validate_actor_key(actor, params[:key_id])
+          error_message = validate_actor(actor)

          if error_message
            { success: false, message: error_message }

--- a/spec/support/shared_examples/lib/api/internal_base_shared_examples.rb
+++ b/spec/support/shared_examples/lib/api/internal_base_shared_examples.rb
 # frozen_string_literal: true

 RSpec.shared_examples 'actor key validations' do
-  context 'key id is not provided' do
-    let(:key_id) { nil }
-
-    it 'returns an error message' do
-      subject
-
-      expect(json_response['success']).to be_falsey
-      expect(json_response['message']).to eq('Could not find a user without a key')
-    end
-  end
-
  context 'key does not exist' do
    let(:key_id) { non_existing_record_id }