Implement authentication for the new Generic Packages API

This builds the foundation for the new Generic Packages API endpoionts. Authentication with personal access token and job token is supported. It's using mock `GET ping` endpoint that will be replaced with a real one in a following MR. This new API is behind `generic_packages` feature flag. Related to https://gitlab.com/gitlab-org/gitlab/-/issues/235490.

Implement authentication for the new Generic Packages API
This builds the foundation for the new Generic Packages API endpoionts. Authentication with personal access token and job token is supported. It's using mock `GET ping` endpoint that will be replaced with a real one in a following MR. This new API is behind `generic_packages` feature flag. Related to https://gitlab.com/gitlab-org/gitlab/-/issues/235490.
e1f25526 · Krasimir Angelov · f8e5b6c2 · e1f25526 · e1f25526 · e1f25526
Commit e1f25526 authored Aug 21, 2020 by Krasimir Angelov
5 changed files
--- a/config/feature_flags/development/generic_packages.yml
+++ b/config/feature_flags/development/generic_packages.yml
+---
+name: generic_packages
+introduced_by_url: https://gitlab.com/gitlab-org/gitlab/-/merge_requests/40045
+rollout_issue_url: https://gitlab.com/gitlab-org/gitlab/-/issues/239133
+group: group::release management
+type: development
+default_enabled: false
--- a/lib/api/api.rb
+++ b/lib/api/api.rb
@@ -197,6 +197,7 @@ module API
      mount ::API::ConanPackages
      mount ::API::MavenPackages
      mount ::API::NpmPackages
+      mount ::API::GenericPackages
      mount ::API::GoProxy
      mount ::API::Pages
      mount ::API::PagesDomains

--- a/lib/api/generic_packages.rb
+++ b/lib/api/generic_packages.rb
+# frozen_string_literal: true
+
+module API
+  class GenericPackages < Grape::API::Instance
+    before do
+      require_packages_enabled!
+      authenticate!
+
+      require_generic_packages_available!
+    end
+
+    params do
+      requires :id, type: String, desc: 'The ID of a project'
+    end
+
+    resource :projects, requirements: API::NAMESPACE_OR_PROJECT_REQUIREMENTS do
+      route_setting :authentication, job_token_allowed: true
+
+      namespace ':id/packages/generic' do
+        get 'ping' do
+          :pong
+        end
+      end
+    end
+
+    helpers do
+      include ::API::Helpers::PackagesHelpers
+
+      def require_generic_packages_available!
+        not_found! unless Feature.enabled?(:generic_packages, user_project)
+      end
+    end
+  end
+end
--- a/spec/requests/api/conan_packages_spec.rb
+++ b/spec/requests/api/conan_packages_spec.rb
 # frozen_string_literal: true
+
 require 'spec_helper'

 RSpec.describe API::ConanPackages do

--- a/spec/requests/api/generic_packages_spec.rb
+++ b/spec/requests/api/generic_packages_spec.rb
+# frozen_string_literal: true
+
+require 'spec_helper'
+
+RSpec.describe API::GenericPackages do
+  let_it_be(:personal_access_token) { create(:personal_access_token) }
+  let_it_be(:project) { create(:project) }
+
+  describe 'GET /api/v4/projects/:id/packages/generic/ping' do
+    let(:user) { personal_access_token.user }
+    let(:auth_token) { personal_access_token.token }
+
+    before do
+      project.add_developer(user)
+    end
+
+    context 'packages feature is disabled' do
+      it 'responds with 404 Not Found' do
+        stub_packages_setting(enabled: false)
+
+        ping(personal_access_token: auth_token)
+
+        expect(response).to have_gitlab_http_status(:not_found)
+      end
+    end
+
+    context 'generic_packages feature flag is disabled' do
+      it 'responds with 404 Not Found' do
+        stub_feature_flags(generic_packages: false)
+
+        ping(personal_access_token: auth_token)
+
+        expect(response).to have_gitlab_http_status(:not_found)
+      end
+    end
+
+    context 'generic_packages feature flag is enabled' do
+      before do
+        stub_feature_flags(generic_packages: true)
+      end
+
+      context 'authenticating using personal access token' do
+        it 'responds with 200 OK when valid personal access token is provided' do
+          ping(personal_access_token: auth_token)
+
+          expect(response).to have_gitlab_http_status(:ok)
+        end
+
+        it 'responds with 401 Unauthorized when invalid personal access token provided' do
+          ping(personal_access_token: 'invalid-token')
+
+          expect(response).to have_gitlab_http_status(:unauthorized)
+        end
+      end
+
+      context 'authenticating using job token' do
+        it 'responds with 200 OK when valid job token is provided' do
+          job_token = create(:ci_build, user: user).token
+
+          ping(job_token: job_token)
+
+          expect(response).to have_gitlab_http_status(:ok)
+        end
+
+        it 'responds with 401 Unauthorized when invalid job token provided' do
+          ping(job_token: 'invalid-token')
+
+          expect(response).to have_gitlab_http_status(:unauthorized)
+        end
+      end
+    end
+
+    def ping(personal_access_token: nil, job_token: nil)
+      headers = {
+        Gitlab::Auth::AuthFinders::PRIVATE_TOKEN_HEADER => personal_access_token.presence,
+        Gitlab::Auth::AuthFinders::JOB_TOKEN_HEADER => job_token.presence
+      }.compact
+
+      get api('/projects/%d/packages/generic/ping' % project.id), headers: headers
+    end
+  end
+end