Commit a3a3c2ff authored by Dmitriy Zaporozhets's avatar Dmitriy Zaporozhets Committed by Kamil Trzciński

Add CI Job token support to Maven packages API

parent 586fc584
---
title: Add CI Job token support to Maven packages API
merge_request: 7249
author:
type: changed
......@@ -65,6 +65,7 @@ module API
requires :path, type: String, desc: 'Package path'
requires :file_name, type: String, desc: 'Package file name'
end
route_setting :authentication, job_token_allowed: true
get ':id/packages/maven/*path/:file_name', requirements: MAVEN_ENDPOINT_REQUIREMENTS do
authorize_download_package!
......@@ -93,6 +94,7 @@ module API
requires :path, type: String, desc: 'Package path'
requires :file_name, type: String, desc: 'Package file name'
end
route_setting :authentication, job_token_allowed: true
put ':id/packages/maven/*path/:file_name/authorize', requirements: MAVEN_ENDPOINT_REQUIREMENTS do
authorize_create_package!
......@@ -118,6 +120,7 @@ module API
optional 'file.sha1', type: String, desc: %q(sha1 checksum of the file (generated by Workhorse))
optional 'file.sha256', type: String, desc: %q(sha256 checksum of the file (generated by Workhorse))
end
route_setting :authentication, job_token_allowed: true
put ':id/packages/maven/*path/:file_name', requirements: MAVEN_ENDPOINT_REQUIREMENTS do
authorize_create_package!
require_gitlab_workhorse!
......
......@@ -8,6 +8,7 @@ describe API::MavenPackages do
let(:jwt_token) { JWT.encode({ 'iss' => 'gitlab-workhorse' }, Gitlab::Workhorse.secret, 'HS256') }
let(:headers) { { 'GitLab-Workhorse' => '1.0', Gitlab::Workhorse::INTERNAL_API_REQUEST_HEADER => jwt_token } }
let(:headers_with_token) { headers.merge('Private-Token' => personal_access_token.token) }
let(:job) { create(:ci_build, user: user) }
before do
project.add_developer(user)
......@@ -61,6 +62,13 @@ describe API::MavenPackages do
expect(response).to have_gitlab_http_status(404)
end
it 'allows download with job token' do
download_file(package_file_xml.file_name, job_token: job.token)
expect(response).to have_gitlab_http_status(200)
expect(response.content_type.to_s).to eq('application/octet-stream')
end
end
it 'rejects request if feature is not in the license' do
......@@ -114,6 +122,12 @@ describe API::MavenPackages do
expect(response).to have_gitlab_http_status(500)
end
it 'authorizes upload with job token' do
authorize_upload(job_token: job.token)
expect(response).to have_gitlab_http_status(200)
end
def authorize_upload(params = {}, request_headers = headers)
put api("/projects/#{project.id}/packages/maven/com/example/my-app/1.0-SNAPSHOT/maven-metadata.xml/authorize"), params, request_headers
end
......@@ -169,6 +183,12 @@ describe API::MavenPackages do
expect(response).to have_gitlab_http_status(200)
expect(package_file.file_name).to eq(file_upload.original_filename)
end
it 'allows upload with job token' do
upload_file(params.merge(job_token: job.token))
expect(response).to have_gitlab_http_status(200)
end
end
def upload_file(params = {}, request_headers = headers)
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment