Commit 5652da8b authored by Rémy Coutable's avatar Rémy Coutable

Allow unauthenticated access to Repositories Files API GET endpoints

Signed-off-by: default avatarRémy Coutable <remy@rymai.me>
parent d84cfeaf
---
title: Allow public access to some Project API endpoints
title: Allow unauthenticated access to some Project API GET endpoints
merge_request: 7843
author:
---
title: Allow unauthenticated access to Repositories Files API GET endpoints
merge_request:
author:
---
title: Allow Repositories API GET endpoints to be requested anonymously
title: Allow unauthenticated access to Repositories API GET endpoints
merge_request: 8148
author:
......@@ -6,7 +6,9 @@
## Get file from repository
Allows you to receive information about file in repository like name, size, content. Note that file content is Base64 encoded.
Allows you to receive information about file in repository like name, size,
content. Note that file content is Base64 encoded. This endpoint can be accessed
without authentication if the repository is publicly accessible.
```
GET /projects/:id/repository/files
......
module API
# Projects API
class Files < Grape::API
before { authenticate! }
helpers do
def commit_params(attrs)
{
......
......@@ -24,13 +24,14 @@ describe API::Files, api: true do
before { project.team << [user, :developer] }
describe "GET /projects/:id/repository/files" do
shared_examples_for 'repository files' do
it "returns file info" do
params = {
file_path: file_path,
ref: 'master',
}
get api("/projects/#{project.id}/repository/files", user), params
get api("/projects/#{project.id}/repository/files", current_user), params
expect(response).to have_http_status(200)
expect(json_response['file_path']).to eq(file_path)
......@@ -38,6 +39,20 @@ describe API::Files, api: true do
expect(json_response['last_commit_id']).to eq('570e7b2abdd848b95f2f578043fc23bd6f6fd24d')
expect(Base64.decode64(json_response['content']).lines.first).to eq("require 'fileutils'\n")
end
end
context 'when unauthenticated' do
it_behaves_like 'repository files' do
let(:project) { create(:project, :public) }
let(:current_user) { nil }
end
end
context 'when authenticated' do
it_behaves_like 'repository files' do
let(:current_user) { user }
end
end
it "returns a 400 bad request if no params given" do
get api("/projects/#{project.id}/repository/files", user)
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment