Commit 875bbb8e authored by Shinya Maeda's avatar Shinya Maeda

Merge branch '235490-generic-packages/authentication' into 'master'

Implement authentication for the new Generic Packages API

See merge request gitlab-org/gitlab!40045
parents 95576d1a e1f25526
---
name: generic_packages
introduced_by_url: https://gitlab.com/gitlab-org/gitlab/-/merge_requests/40045
rollout_issue_url: https://gitlab.com/gitlab-org/gitlab/-/issues/239133
group: group::release management
type: development
default_enabled: false
...@@ -197,6 +197,7 @@ module API ...@@ -197,6 +197,7 @@ module API
mount ::API::ConanPackages mount ::API::ConanPackages
mount ::API::MavenPackages mount ::API::MavenPackages
mount ::API::NpmPackages mount ::API::NpmPackages
mount ::API::GenericPackages
mount ::API::GoProxy mount ::API::GoProxy
mount ::API::Pages mount ::API::Pages
mount ::API::PagesDomains mount ::API::PagesDomains
......
# frozen_string_literal: true
module API
class GenericPackages < Grape::API::Instance
before do
require_packages_enabled!
authenticate!
require_generic_packages_available!
end
params do
requires :id, type: String, desc: 'The ID of a project'
end
resource :projects, requirements: API::NAMESPACE_OR_PROJECT_REQUIREMENTS do
route_setting :authentication, job_token_allowed: true
namespace ':id/packages/generic' do
get 'ping' do
:pong
end
end
end
helpers do
include ::API::Helpers::PackagesHelpers
def require_generic_packages_available!
not_found! unless Feature.enabled?(:generic_packages, user_project)
end
end
end
end
# frozen_string_literal: true # frozen_string_literal: true
require 'spec_helper' require 'spec_helper'
RSpec.describe API::ConanPackages do RSpec.describe API::ConanPackages do
......
# frozen_string_literal: true
require 'spec_helper'
RSpec.describe API::GenericPackages do
let_it_be(:personal_access_token) { create(:personal_access_token) }
let_it_be(:project) { create(:project) }
describe 'GET /api/v4/projects/:id/packages/generic/ping' do
let(:user) { personal_access_token.user }
let(:auth_token) { personal_access_token.token }
before do
project.add_developer(user)
end
context 'packages feature is disabled' do
it 'responds with 404 Not Found' do
stub_packages_setting(enabled: false)
ping(personal_access_token: auth_token)
expect(response).to have_gitlab_http_status(:not_found)
end
end
context 'generic_packages feature flag is disabled' do
it 'responds with 404 Not Found' do
stub_feature_flags(generic_packages: false)
ping(personal_access_token: auth_token)
expect(response).to have_gitlab_http_status(:not_found)
end
end
context 'generic_packages feature flag is enabled' do
before do
stub_feature_flags(generic_packages: true)
end
context 'authenticating using personal access token' do
it 'responds with 200 OK when valid personal access token is provided' do
ping(personal_access_token: auth_token)
expect(response).to have_gitlab_http_status(:ok)
end
it 'responds with 401 Unauthorized when invalid personal access token provided' do
ping(personal_access_token: 'invalid-token')
expect(response).to have_gitlab_http_status(:unauthorized)
end
end
context 'authenticating using job token' do
it 'responds with 200 OK when valid job token is provided' do
job_token = create(:ci_build, user: user).token
ping(job_token: job_token)
expect(response).to have_gitlab_http_status(:ok)
end
it 'responds with 401 Unauthorized when invalid job token provided' do
ping(job_token: 'invalid-token')
expect(response).to have_gitlab_http_status(:unauthorized)
end
end
end
def ping(personal_access_token: nil, job_token: nil)
headers = {
Gitlab::Auth::AuthFinders::PRIVATE_TOKEN_HEADER => personal_access_token.presence,
Gitlab::Auth::AuthFinders::JOB_TOKEN_HEADER => job_token.presence
}.compact
get api('/projects/%d/packages/generic/ping' % project.id), headers: headers
end
end
end
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment