Commit b4f9f6b7 authored by Drew Blessing's avatar Drew Blessing Committed by Imre Farkas

Allow user SSH public key endpoint to be publicly accessible again

A regression caused the User SSH public key endpoint to require
authentication when instance public visibility was restricted.
This endpoint should be available without authentication, matching
the behavior of the /api/v4/users/:id/keys endpoint.
parent 409a76e1
...@@ -17,7 +17,7 @@ class UsersController < ApplicationController ...@@ -17,7 +17,7 @@ class UsersController < ApplicationController
skip_before_action :authenticate_user! skip_before_action :authenticate_user!
prepend_before_action(only: [:show]) { authenticate_sessionless_user!(:rss) } prepend_before_action(only: [:show]) { authenticate_sessionless_user!(:rss) }
before_action :user, except: [:exists, :suggests] before_action :user, except: [:exists, :suggests, :ssh_keys]
before_action :authorize_read_user_profile!, before_action :authorize_read_user_profile!,
only: [:calendar, :calendar_activities, :groups, :projects, :contributed, :starred, :snippets] only: [:calendar, :calendar_activities, :groups, :projects, :contributed, :starred, :snippets]
...@@ -41,7 +41,12 @@ class UsersController < ApplicationController ...@@ -41,7 +41,12 @@ class UsersController < ApplicationController
# Get all keys of a user(params[:username]) in a text format # Get all keys of a user(params[:username]) in a text format
# Helpful for sysadmins to put in respective servers # Helpful for sysadmins to put in respective servers
#
# Uses `UserFinder` rather than `find_routable!` because this endpoint should
# be publicly available regardless of instance visibility settings.
def ssh_keys def ssh_keys
user = UserFinder.new(params[:username]).find_by_username
render plain: user.all_ssh_keys.join("\n") render plain: user.all_ssh_keys.join("\n")
end end
......
---
title: Allow user SSH public key endpoint to be publicly accessible again
merge_request: 52227
author:
type: fixed
...@@ -268,6 +268,14 @@ RSpec.describe UsersController do ...@@ -268,6 +268,14 @@ RSpec.describe UsersController do
end end
it_behaves_like 'renders all public keys' it_behaves_like 'renders all public keys'
context 'when public visibility is restricted' do
before do
stub_application_setting(restricted_visibility_levels: [Gitlab::VisibilityLevel::PUBLIC])
end
it_behaves_like 'renders all public keys'
end
end end
end end
end end
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment