Commit c28ffa1d authored by Rémy Coutable's avatar Rémy Coutable

Merge branch 'PNSalocin/gitlab-ce-24035-api-create-application' into 'master'

Add application create API

Closes #24035

See merge request gitlab-org/gitlab-ce!16643
parents 09da89e6 45b62dfd
---
title: Add application create API
merge_request: 8160
author: Nicolas Merelli @PNSalocin
# Applications API
> [Introduced][ce-8160] in GitLab 10.5
[ce-8160]: https://gitlab.com/gitlab-org/gitlab-ce/merge_requests/8160
## Create a application
Create a application by posting a JSON payload.
User must be admin to do that.
Returns `200` if the request succeeds.
```
POST /applications
```
| Attribute | Type | Required | Description |
| --------- | ---- | -------- | ----------- |
| `name` | string | yes | The name of the application |
| `redirect_uri` | string | yes | The redirect URI of the application |
| `scopes` | string | yes | The scopes of the application |
```bash
curl --request POST --header "PRIVATE-TOKEN: 9koXpg98eAheJpvBs5tK" --data "name=MyApplication&redirect_uri=http://redirect.uri&scopes=" https://gitlab.example.com/api/v3/applications
```
Example response:
```json
{
"application_id": "5832fc6e14300a0d962240a8144466eef4ee93ef0d218477e55f11cf12fc3737",
"secret": "ee1dd64b6adc89cf7e2c23099301ccc2c61b441064e9324d963c46902a85ec34",
"callback_url": "http://redirect.uri"
}
```
...@@ -106,6 +106,7 @@ module API ...@@ -106,6 +106,7 @@ module API
# Keep in alphabetical order # Keep in alphabetical order
mount ::API::AccessRequests mount ::API::AccessRequests
mount ::API::Applications
mount ::API::AwardEmoji mount ::API::AwardEmoji
mount ::API::Boards mount ::API::Boards
mount ::API::Branches mount ::API::Branches
......
module API
# External applications API
class Applications < Grape::API
before { authenticated_as_admin! }
resource :applications do
desc 'Create a new application' do
detail 'This feature was introduced in GitLab 10.5'
success Entities::ApplicationWithSecret
end
params do
requires :name, type: String, desc: 'Application name'
requires :redirect_uri, type: String, desc: 'Application redirect URI'
requires :scopes, type: String, desc: 'Application scopes'
end
post do
application = Doorkeeper::Application.new(declared_params)
if application.save
present application, with: Entities::ApplicationWithSecret
else
render_validation_error! application
end
end
end
end
end
...@@ -1157,5 +1157,15 @@ module API ...@@ -1157,5 +1157,15 @@ module API
pages_domain pages_domain
end end
end end
class Application < Grape::Entity
expose :uid, as: :application_id
expose :redirect_uri, as: :callback_url
end
# Use with care, this exposes the secret
class ApplicationWithSecret < Application
expose :secret
end
end end
end end
require 'spec_helper'
describe API::Applications, :api do
include ApiHelpers
let(:admin_user) { create(:user, admin: true) }
let(:user) { create(:user, admin: false) }
describe 'POST /applications' do
context 'authenticated and authorized user' do
it 'creates and returns an OAuth application' do
expect do
post api('/applications', admin_user), name: 'application_name', redirect_uri: 'http://application.url', scopes: ''
end.to change { Doorkeeper::Application.count }.by 1
application = Doorkeeper::Application.find_by(name: 'application_name', redirect_uri: 'http://application.url')
expect(response).to have_http_status 201
expect(json_response).to be_a Hash
expect(json_response['application_id']).to eq application.uid
expect(json_response['secret']).to eq application.secret
expect(json_response['callback_url']).to eq application.redirect_uri
end
it 'does not allow creating an application with the wrong redirect_uri format' do
expect do
post api('/applications', admin_user), name: 'application_name', redirect_uri: 'wrong_url_format', scopes: ''
end.not_to change { Doorkeeper::Application.count }
expect(response).to have_http_status 400
expect(json_response).to be_a Hash
expect(json_response['message']['redirect_uri'][0]).to eq('must be an absolute URI.')
end
it 'does not allow creating an application without a name' do
expect do
post api('/applications', admin_user), redirect_uri: 'http://application.url', scopes: ''
end.not_to change { Doorkeeper::Application.count }
expect(response).to have_http_status 400
expect(json_response).to be_a Hash
expect(json_response['error']).to eq('name is missing')
end
it 'does not allow creating an application without a redirect_uri' do
expect do
post api('/applications', admin_user), name: 'application_name', scopes: ''
end.not_to change { Doorkeeper::Application.count }
expect(response).to have_http_status 400
expect(json_response).to be_a Hash
expect(json_response['error']).to eq('redirect_uri is missing')
end
it 'does not allow creating an application without scopes' do
expect do
post api('/applications', admin_user), name: 'application_name', redirect_uri: 'http://application.url'
end.not_to change { Doorkeeper::Application.count }
expect(response).to have_http_status 400
expect(json_response).to be_a Hash
expect(json_response['error']).to eq('scopes is missing')
end
end
context 'authorized user without authorization' do
it 'does not create application' do
expect do
post api('/applications', user), name: 'application_name', redirect_uri: 'http://application.url', scopes: ''
end.not_to change { Doorkeeper::Application.count }
expect(response).to have_http_status 403
end
end
context 'non-authenticated user' do
it 'does not create application' do
expect do
post api('/applications'), name: 'application_name', redirect_uri: 'http://application.url'
end.not_to change { Doorkeeper::Application.count }
expect(response).to have_http_status 401
end
end
end
end
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment