Make runner's veryfication working again

In APIv1 we were using UpdateJob to verify if the runner exists. It was the only method that was using Runner's token and used in special way had no side effects (like scheduling a new job or unregisterring a Runner). In APIv4 we've change UpdateJob to use job's token as authentication credentials, and that way we've removed the only endpoint that could be used to verify if the Runner with a certain token exists in target GitLab installation. This commit adds `POST /api/v4/runners/verify` endpoint whose only responsibility is to respond if Runner with posted credentials exists or not.

Make runner's veryfication working again
In APIv1 we were using UpdateJob to verify if the runner exists. It was the only method that was using Runner's token and used in special way had no side effects (like scheduling a new job or unregisterring a Runner). In APIv4 we've change UpdateJob to use job's token as authentication credentials, and that way we've removed the only endpoint that could be used to verify if the Runner with a certain token exists in target GitLab installation. This commit adds `POST /api/v4/runners/verify` endpoint whose only responsibility is to respond if Runner with posted credentials exists or not.
bbf4d27a · Tomasz Maczukin · Kamil Trzcinski · 691402fb · bbf4d27a · bbf4d27a
Commit bbf4d27a authored Mar 15, 2017 by Tomasz Maczukin Committed by Kamil Trzcinski Mar 20, 2017
Hide whitespace changes
Inline Side-by-side

Showing with 39 additions and 0 deletions

lib/api/runner.rb lib/api/runner.rb +11 -0

spec/requests/api/runner_spec.rb spec/requests/api/runner_spec.rb +28 -0

No files found.
--- a/lib/api/runner.rb
+++ b/lib/api/runner.rb
@@ -47,6 +47,17 @@ module API
        authenticate_runner!
        Ci::Runner.find_by_token(params[:token]).destroy
      end
+      desc 'Validates authentication credentials' do
+        http_codes [[200, 'Credentials are valid'], [403, 'Forbidden']]
+      end
+      params do
+        requires :token, type: String, desc: %q(Runner's authentication token)
+      end
+      post '/verify' do
+        authenticate_runner!
+        status 200
+      end
    end
    resource :jobs do

--- a/spec/requests/api/runner_spec.rb
+++ b/spec/requests/api/runner_spec.rb
@@ -152,6 +152,34 @@ describe API::Runner do
        end
      end
    end
+    describe 'POST /api/v4/runners/verify' do
+      let(:runner) { create(:ci_runner) }
+      context 'when no token is provided' do
+        it 'returns 400 error' do
+          post api('/runners/verify')
+          expect(response).to have_http_status :bad_request
+        end
+      end
+      context 'when invalid token is provided' do
+        it 'returns 403 error' do
+          post api('/runners/verify'), token: 'invalid-token'
+          expect(response).to have_http_status 403
+        end
+      end
+      context 'when valid token is provided' do
+        it 'deletes Runner' do
+          post api('/runners/verify'), token: runner.token
+          expect(response).to have_http_status 200
+        end
+      end
+    end
  end
  describe '/api/v4/jobs' do