Commit db0a9d62 authored by Kerri Miller's avatar Kerri Miller

Merge branch 'api-expose-gpg' into 'master'

Allow access to Users Public GPG Keys

Closes #21584

See merge request gitlab-org/gitlab!43332
parents 7642b01d b60fe2bd
---
title: Allow a users public GPG Keys to be API accessible
merge_request: 43332
author:
type: added
......@@ -950,7 +950,7 @@ Returns `204 No Content` on success, or `404 Not found` if the key cannot be fou
## List all GPG keys for given user
Get a list of a specified user's GPG keys. Available only for admins.
Get a list of a specified user's GPG keys. This endpoint can be accessed without authentication.
```plaintext
GET /users/:id/gpg_keys
......
......@@ -348,7 +348,7 @@ module API
end
# rubocop: enable CodeReuse/ActiveRecord
desc 'Get the GPG keys of a specified user. Available only for admins.' do
desc 'Get the GPG keys of a specified user.' do
detail 'This feature was added in GitLab 10.0'
success Entities::GpgKey
end
......@@ -358,8 +358,6 @@ module API
end
# rubocop: disable CodeReuse/ActiveRecord
get ':id/gpg_keys' do
authenticated_as_admin!
user = User.find_by(id: params[:id])
not_found!('User') unless user
......
......@@ -1460,33 +1460,17 @@ RSpec.describe API::Users, :do_not_mock_admin_mode do
end
describe 'GET /user/:id/gpg_keys' do
context 'when unauthenticated' do
it 'returns authentication error' do
get api("/users/#{user.id}/gpg_keys")
expect(response).to have_gitlab_http_status(:unauthorized)
end
end
context 'when authenticated' do
it 'returns 404 for non-existing user' do
get api('/users/0/gpg_keys', admin)
get api('/users/0/gpg_keys')
expect(response).to have_gitlab_http_status(:not_found)
expect(json_response['message']).to eq('404 User Not Found')
end
it 'returns 404 error if key not foud' do
delete api("/users/#{user.id}/gpg_keys/#{non_existing_record_id}", admin)
expect(response).to have_gitlab_http_status(:not_found)
expect(json_response['message']).to eq('404 GPG Key Not Found')
end
it 'returns array of GPG keys' do
user.gpg_keys << gpg_key
get api("/users/#{user.id}/gpg_keys", admin)
get api("/users/#{user.id}/gpg_keys")
expect(response).to have_gitlab_http_status(:ok)
expect(response).to include_pagination_headers
......@@ -1494,7 +1478,6 @@ RSpec.describe API::Users, :do_not_mock_admin_mode do
expect(json_response.first['key']).to eq(gpg_key.key)
end
end
end
describe 'DELETE /user/:id/gpg_keys/:key_id' do
context 'when unauthenticated' do
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment