Merge branch 'api-expose-gpg' into 'master'

Allow access to Users Public GPG Keys Closes #21584 See merge request gitlab-org/gitlab!43332

Merge branch 'api-expose-gpg' into 'master'
Allow access to Users Public GPG Keys Closes #21584 See merge request gitlab-org/gitlab!43332
db0a9d62 · Kerri Miller · 7642b01d · b60fe2bd · db0a9d62 · db0a9d62
Commit db0a9d62 authored Sep 29, 2020 by Kerri Miller
4 changed files
--- a/changelogs/unreleased/api-expose-gpg.yml
+++ b/changelogs/unreleased/api-expose-gpg.yml
+---
+title: Allow a users public GPG Keys to be API accessible
+merge_request: 43332
+author:
+type: added
--- a/doc/api/users.md
+++ b/doc/api/users.md
@@ -950,7 +950,7 @@ Returns `204 No Content` on success, or `404 Not found` if the key cannot be fou

 ## List all GPG keys for given user

-Get a list of a specified user's GPG keys. Available only for admins.
+Get a list of a specified user's GPG keys. This endpoint can be accessed without authentication.

 ```plaintext
 GET /users/:id/gpg_keys

--- a/lib/api/users.rb
+++ b/lib/api/users.rb
@@ -348,7 +348,7 @@ module API
      end
      # rubocop: enable CodeReuse/ActiveRecord

-      desc 'Get the GPG keys of a specified user. Available only for admins.' do
+      desc 'Get the GPG keys of a specified user.' do
        detail 'This feature was added in GitLab 10.0'
        success Entities::GpgKey
      end
@@ -358,8 +358,6 @@ module API
      end
      # rubocop: disable CodeReuse/ActiveRecord
      get ':id/gpg_keys' do
-        authenticated_as_admin!
-
        user = User.find_by(id: params[:id])
        not_found!('User') unless user


--- a/spec/requests/api/users_spec.rb
+++ b/spec/requests/api/users_spec.rb
@@ -1460,39 +1460,22 @@ RSpec.describe API::Users, :do_not_mock_admin_mode do
  end

  describe 'GET /user/:id/gpg_keys' do
-    context 'when unauthenticated' do
-      it 'returns authentication error' do
-        get api("/users/#{user.id}/gpg_keys")
+    it 'returns 404 for non-existing user' do
+      get api('/users/0/gpg_keys')

-        expect(response).to have_gitlab_http_status(:unauthorized)
-      end
+      expect(response).to have_gitlab_http_status(:not_found)
+      expect(json_response['message']).to eq('404 User Not Found')
    end

-    context 'when authenticated' do
-      it 'returns 404 for non-existing user' do
-        get api('/users/0/gpg_keys', admin)
-
-        expect(response).to have_gitlab_http_status(:not_found)
-        expect(json_response['message']).to eq('404 User Not Found')
-      end
-
-      it 'returns 404 error if key not foud' do
-        delete api("/users/#{user.id}/gpg_keys/#{non_existing_record_id}", admin)
-
-        expect(response).to have_gitlab_http_status(:not_found)
-        expect(json_response['message']).to eq('404 GPG Key Not Found')
-      end
-
-      it 'returns array of GPG keys' do
-        user.gpg_keys << gpg_key
+    it 'returns array of GPG keys' do
+      user.gpg_keys << gpg_key

-        get api("/users/#{user.id}/gpg_keys", admin)
+      get api("/users/#{user.id}/gpg_keys")

-        expect(response).to have_gitlab_http_status(:ok)
-        expect(response).to include_pagination_headers
-        expect(json_response).to be_an Array
-        expect(json_response.first['key']).to eq(gpg_key.key)
-      end
+      expect(response).to have_gitlab_http_status(:ok)
+      expect(response).to include_pagination_headers
+      expect(json_response).to be_an Array
+      expect(json_response.first['key']).to eq(gpg_key.key)
    end
  end