Skip to content
Projects
Groups
Snippets
Help
Loading...
Help
Support
Keyboard shortcuts
?
Submit feedback
Contribute to GitLab
Sign in / Register
Toggle navigation
G
gitlab-ce
Project overview
Project overview
Details
Activity
Releases
Repository
Repository
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Issues
0
Issues
0
List
Boards
Labels
Milestones
Merge Requests
1
Merge Requests
1
Analytics
Analytics
Repository
Value Stream
Wiki
Wiki
Snippets
Snippets
Members
Members
Collapse sidebar
Close sidebar
Activity
Graph
Create a new issue
Commits
Issue Boards
Open sidebar
nexedi
gitlab-ce
Commits
5652da8b
Commit
5652da8b
authored
Dec 16, 2016
by
Rémy Coutable
Browse files
Options
Browse Files
Download
Email Patches
Plain Diff
Allow unauthenticated access to Repositories Files API GET endpoints
Signed-off-by:
Rémy Coutable
<
remy@rymai.me
>
parent
d84cfeaf
Changes
6
Show whitespace changes
Inline
Side-by-side
Showing
6 changed files
with
35 additions
and
16 deletions
+35
-16
changelogs/unreleased/4269-public-api.yml
changelogs/unreleased/4269-public-api.yml
+1
-1
changelogs/unreleased/4269-public-files-api.yml
changelogs/unreleased/4269-public-files-api.yml
+4
-0
changelogs/unreleased/4269-public-repositories-api.yml
changelogs/unreleased/4269-public-repositories-api.yml
+1
-1
doc/api/repository_files.md
doc/api/repository_files.md
+3
-1
lib/api/files.rb
lib/api/files.rb
+0
-2
spec/requests/api/files_spec.rb
spec/requests/api/files_spec.rb
+26
-11
No files found.
changelogs/unreleased/4269-public-api.yml
View file @
5652da8b
---
---
title
:
Allow
public access to some Project API
endpoints
title
:
Allow
unauthenticated access to some Project API GET
endpoints
merge_request
:
7843
merge_request
:
7843
author
:
author
:
changelogs/unreleased/4269-public-files-api.yml
0 → 100644
View file @
5652da8b
---
title
:
Allow unauthenticated access to Repositories Files API GET endpoints
merge_request
:
author
:
changelogs/unreleased/4269-public-repositories-api.yml
View file @
5652da8b
---
---
title
:
Allow
Repositories API GET endpoints to be requested anonymously
title
:
Allow
unauthenticated access to Repositories API GET endpoints
merge_request
:
8148
merge_request
:
8148
author
:
author
:
doc/api/repository_files.md
View file @
5652da8b
...
@@ -6,7 +6,9 @@
...
@@ -6,7 +6,9 @@
## Get file from repository
## Get file from repository
Allows you to receive information about file in repository like name, size, content. Note that file content is Base64 encoded.
Allows you to receive information about file in repository like name, size,
content. Note that file content is Base64 encoded. This endpoint can be accessed
without authentication if the repository is publicly accessible.
```
```
GET /projects/:id/repository/files
GET /projects/:id/repository/files
...
...
lib/api/files.rb
View file @
5652da8b
module
API
module
API
# Projects API
# Projects API
class
Files
<
Grape
::
API
class
Files
<
Grape
::
API
before
{
authenticate!
}
helpers
do
helpers
do
def
commit_params
(
attrs
)
def
commit_params
(
attrs
)
{
{
...
...
spec/requests/api/files_spec.rb
View file @
5652da8b
...
@@ -24,13 +24,14 @@ describe API::Files, api: true do
...
@@ -24,13 +24,14 @@ describe API::Files, api: true do
before
{
project
.
team
<<
[
user
,
:developer
]
}
before
{
project
.
team
<<
[
user
,
:developer
]
}
describe
"GET /projects/:id/repository/files"
do
describe
"GET /projects/:id/repository/files"
do
shared_examples_for
'repository files'
do
it
"returns file info"
do
it
"returns file info"
do
params
=
{
params
=
{
file_path:
file_path
,
file_path:
file_path
,
ref:
'master'
,
ref:
'master'
,
}
}
get
api
(
"/projects/
#{
project
.
id
}
/repository/files"
,
user
),
params
get
api
(
"/projects/
#{
project
.
id
}
/repository/files"
,
current_
user
),
params
expect
(
response
).
to
have_http_status
(
200
)
expect
(
response
).
to
have_http_status
(
200
)
expect
(
json_response
[
'file_path'
]).
to
eq
(
file_path
)
expect
(
json_response
[
'file_path'
]).
to
eq
(
file_path
)
...
@@ -38,6 +39,20 @@ describe API::Files, api: true do
...
@@ -38,6 +39,20 @@ describe API::Files, api: true do
expect
(
json_response
[
'last_commit_id'
]).
to
eq
(
'570e7b2abdd848b95f2f578043fc23bd6f6fd24d'
)
expect
(
json_response
[
'last_commit_id'
]).
to
eq
(
'570e7b2abdd848b95f2f578043fc23bd6f6fd24d'
)
expect
(
Base64
.
decode64
(
json_response
[
'content'
]).
lines
.
first
).
to
eq
(
"require 'fileutils'
\n
"
)
expect
(
Base64
.
decode64
(
json_response
[
'content'
]).
lines
.
first
).
to
eq
(
"require 'fileutils'
\n
"
)
end
end
end
context
'when unauthenticated'
do
it_behaves_like
'repository files'
do
let
(
:project
)
{
create
(
:project
,
:public
)
}
let
(
:current_user
)
{
nil
}
end
end
context
'when authenticated'
do
it_behaves_like
'repository files'
do
let
(
:current_user
)
{
user
}
end
end
it
"returns a 400 bad request if no params given"
do
it
"returns a 400 bad request if no params given"
do
get
api
(
"/projects/
#{
project
.
id
}
/repository/files"
,
user
)
get
api
(
"/projects/
#{
project
.
id
}
/repository/files"
,
user
)
...
...
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment