Merge branch '259840-composer-v2-metadata-url' into 'master'

Support composer v2 metadata-url See merge request gitlab-org/gitlab!54906

Merge branch '259840-composer-v2-metadata-url' into 'master'
Support composer v2 metadata-url See merge request gitlab-org/gitlab!54906
9b1e1410 · Bob Van Landuyt · 5f68d59e · 2838355d · 9b1e1410 · 9b1e1410
Commit 9b1e1410 authored Mar 10, 2021 by Bob Van Landuyt
6 changed files
--- a/app/presenters/packages/composer/packages_presenter.rb
+++ b/app/presenters/packages/composer/packages_presenter.rb
@@ -11,8 +11,19 @@ module Packages
      end

      def root
-        path = expose_path(api_v4_group___packages_composer_package_name_path({ id: @group.id, package_name: '%package%$%hash%', format: '.json' }, true))
-        { 'packages' => [], 'provider-includes' => { 'p/%hash%.json' => { 'sha256' => provider_sha } }, 'providers-url' => path }
+        v1_path = expose_path(api_v4_group___packages_composer_package_name_path({ id: @group.id, package_name: '%package%$%hash%', format: '.json' }, true))
+        v2_path = expose_path(api_v4_group___packages_composer_p2_package_name_path({ id: @group.id, package_name: '%package%', format: '.json' }, true))
+
+        {
+          'packages' => [],
+          'provider-includes' => {
+            'p/%hash%.json' => {
+              'sha256' => provider_sha
+            }
+          },
+          'providers-url' => v1_path,
+          'metadata-url' => v2_path
+        }
      end

      def provider

--- a/changelogs/unreleased/259840-composer-v2-metadata-url.yml
+++ b/changelogs/unreleased/259840-composer-v2-metadata-url.yml
+---
+title: Support composer v2 metadata-url
+merge_request: 54906
+author:
+type: added
--- a/lib/api/composer_packages.rb
+++ b/lib/api/composer_packages.rb
@@ -93,6 +93,20 @@ module API

      route_setting :authentication, job_token_allowed: true, basic_auth_personal_access_token: true

+      get ':id/-/packages/composer/p2/*package_name', requirements: COMPOSER_ENDPOINT_REQUIREMENTS, file_path: true do
+        not_found! if packages.empty?
+
+        presenter.package_versions
+      end
+
+      desc 'Composer packages endpoint at group level for package versions metadata'
+
+      params do
+        requires :package_name, type: String, file_path: true, desc: 'The Composer package name'
+      end
+
+      route_setting :authentication, job_token_allowed: true, basic_auth_personal_access_token: true
+
      get ':id/-/packages/composer/*package_name', requirements: COMPOSER_ENDPOINT_REQUIREMENTS, file_path: true do
        not_found! if packages.empty?
        not_found! if params[:sha].blank?

--- a/spec/fixtures/api/schemas/public_api/v4/packages/composer/index.json
+++ b/spec/fixtures/api/schemas/public_api/v4/packages/composer/index.json
 {
  "type": "object",
-  "required": ["packages", "provider-includes", "providers-url"],
+  "required": ["packages", "provider-includes", "providers-url", "metadata-url"],
  "properties": {
    "packages": {
      "type": "array",
@@ -9,6 +9,9 @@
    "providers-url": {
      "type": "string"
    },
+    "metadata-url": {
+      "type": "string"
+    },
    "provider-includes": {
      "type": "object",
      "required": ["p/%hash%.json"],

--- a/spec/presenters/packages/composer/packages_presenter_spec.rb
+++ b/spec/presenters/packages/composer/packages_presenter_spec.rb
@@ -67,7 +67,8 @@ RSpec.describe ::Packages::Composer::PackagesPresenter do
      {
        'packages' => [],
        'provider-includes' => { 'p/%hash%.json' => { 'sha256' => /^\h+$/ } },
-        'providers-url' => "prefix/api/v4/group/#{group.id}/-/packages/composer/%package%$%hash%.json"
+        'providers-url' => "prefix/api/v4/group/#{group.id}/-/packages/composer/%package%$%hash%.json",
+        'metadata-url' => "prefix/api/v4/group/#{group.id}/-/packages/composer/p2/%package%.json"
      }
    end


--- a/spec/requests/api/composer_packages_spec.rb
+++ b/spec/requests/api/composer_packages_spec.rb
@@ -222,6 +222,52 @@ RSpec.describe API::ComposerPackages do
    it_behaves_like 'rejects Composer access with unknown group id'
  end

+  describe 'GET /api/v4/group/:id/-/packages/composer/p2/*package_name.json' do
+    let(:package_name) { 'foobar' }
+    let(:url) { "/group/#{group.id}/-/packages/composer/p2/#{package_name}.json" }
+
+    subject { get api(url), headers: headers }
+
+    context 'with no packages' do
+      include_context 'Composer user type', :developer, true do
+        it_behaves_like 'returning response status', :not_found
+      end
+    end
+
+    context 'with valid project' do
+      let!(:package) { create(:composer_package, :with_metadatum, name: package_name, project: project) }
+
+      where(:project_visibility_level, :user_role, :member, :user_token, :shared_examples_name, :expected_status) do
+        'PUBLIC'  | :developer  | true  | true  | 'Composer package api request' | :success
+        'PUBLIC'  | :developer  | true  | false | 'process Composer api request' | :unauthorized
+        'PUBLIC'  | :developer  | false | true  | 'Composer package api request' | :success
+        'PUBLIC'  | :developer  | false | false | 'process Composer api request' | :unauthorized
+        'PUBLIC'  | :guest      | true  | true  | 'Composer package api request' | :success
+        'PUBLIC'  | :guest      | true  | false | 'process Composer api request' | :unauthorized
+        'PUBLIC'  | :guest      | false | true  | 'Composer package api request' | :success
+        'PUBLIC'  | :guest      | false | false | 'process Composer api request' | :unauthorized
+        'PUBLIC'  | :anonymous  | false | true  | 'Composer package api request' | :success
+        'PRIVATE' | :developer  | true  | true  | 'Composer package api request' | :success
+        'PRIVATE' | :developer  | true  | false | 'process Composer api request' | :unauthorized
+        'PRIVATE' | :developer  | false | true  | 'process Composer api request' | :not_found
+        'PRIVATE' | :developer  | false | false | 'process Composer api request' | :unauthorized
+        'PRIVATE' | :guest      | true  | true  | 'process Composer api request' | :not_found
+        'PRIVATE' | :guest      | true  | false | 'process Composer api request' | :unauthorized
+        'PRIVATE' | :guest      | false | true  | 'process Composer api request' | :not_found
+        'PRIVATE' | :guest      | false | false | 'process Composer api request' | :unauthorized
+        'PRIVATE' | :anonymous  | false | true  | 'process Composer api request' | :not_found
+      end
+
+      with_them do
+        include_context 'Composer api group access', params[:project_visibility_level], params[:user_role], params[:user_token] do
+          it_behaves_like params[:shared_examples_name], params[:user_role], params[:expected_status], params[:member]
+        end
+      end
+    end
+
+    it_behaves_like 'rejects Composer access with unknown group id'
+  end
+
  describe 'POST /api/v4/projects/:id/packages/composer' do
    let(:url) { "/projects/#{project.id}/packages/composer" }
    let(:params) { {} }