Grapify the users API

4cb3c0b4 · Robert Schilling · 36fa5d66 · 4cb3c0b4 · 4cb3c0b4 · 4cb3c0b4
Commit 4cb3c0b4 authored Oct 27, 2016 by Robert Schilling
Expand all Hide whitespace changes
Inline Side-by-side

Showing with 321 additions and 307 deletions

doc/api/users.md doc/api/users.md +22 -22

lib/api/users.rb lib/api/users.rb +250 -258

spec/requests/api/users_spec.rb spec/requests/api/users_spec.rb +49 -27

No files found.
--- a/doc/api/users.md
+++ b/doc/api/users.md
@@ -369,24 +369,24 @@ Parameters:
 Get a list of a specified user's SSH keys. Available only for admin

 ```
-GET /users/:uid/keys
+GET /users/:id/keys
 ```

 Parameters:

- `uid` (required) - id of specified user
+- `id` (required) - id of specified user

 ## Single SSH key

 Get a single key.

 ```
-GET /user/keys/:id
+GET /user/keys/:key_id
 ```

 Parameters:

- `id` (required) - The ID of an SSH key
+- `key_id` (required) - The ID of an SSH key

 ```json
 {
@@ -458,25 +458,25 @@ This is an idempotent function and calling it on a key that is already deleted
 or not available results in `200 OK`.

 ```
-DELETE /user/keys/:id
+DELETE /user/keys/:key_id
 ```

 Parameters:

- `id` (required) - SSH key ID
+- `key_id` (required) - SSH key ID

 ## Delete SSH key for given user

 Deletes key owned by a specified user. Available only for admin.

 ```
-DELETE /users/:uid/keys/:id
+DELETE /users/:id/keys/:key_id
 ```

 Parameters:

- `uid` (required) - id of specified user
- `id` (required)  - SSH key ID
+- `id` (required) - id of specified user
+- `key_id` (required)  - SSH key ID

 Will return `200 OK` on success, or `404 Not found` if either user or key cannot be found.

@@ -510,24 +510,24 @@ Parameters:
 Get a list of a specified user's emails. Available only for admin

 ```
-GET /users/:uid/emails
+GET /users/:id/emails
 ```

 Parameters:

- `uid` (required) - id of specified user
+- `id` (required) - id of specified user

 ## Single email

 Get a single email.

 ```
-GET /user/emails/:id
+GET /user/emails/:email_id
 ```

 Parameters:

- `id` (required) - email ID
+- `email_id` (required) - email ID

 ```json
 {
@@ -590,25 +590,25 @@ This is an idempotent function and calling it on a email that is already deleted
 or not available results in `200 OK`.

 ```
-DELETE /user/emails/:id
+DELETE /user/emails/:email_id
 ```

 Parameters:

- `id` (required) - email ID
+- `email_id` (required) - email ID

 ## Delete email for given user

 Deletes email owned by a specified user. Available only for admin.

 ```
-DELETE /users/:uid/emails/:id
+DELETE /users/:id/emails/:email_id
 ```

 Parameters:

- `uid` (required) - id of specified user
- `id` (required)  - email ID
+- `id` (required) - id of specified user
+- `email_id` (required)  - email ID

 Will return `200 OK` on success, or `404 Not found` if either user or email cannot be found.

@@ -617,12 +617,12 @@ Will return `200 OK` on success, or `404 Not found` if either user or email cann
 Blocks the specified user.  Available only for admin.

 ```
-PUT /users/:uid/block
+PUT /users/:id/block
 ```

 Parameters:

- `uid` (required) - id of specified user
+- `id` (required) - id of specified user

 Will return `200 OK` on success, `404 User Not Found` is user cannot be found or
 `403 Forbidden` when trying to block an already blocked user by LDAP synchronization.
@@ -632,12 +632,12 @@ Will return `200 OK` on success, `404 User Not Found` is user cannot be found or
 Unblocks the specified user.  Available only for admin.

 ```
-PUT /users/:uid/unblock
+PUT /users/:id/unblock
 ```

 Parameters:

- `uid` (required) - id of specified user
+- `id` (required) - id of specified user

 Will return `200 OK` on success, `404 User Not Found` is user cannot be found or
 `403 Forbidden` when trying to unblock a user blocked by LDAP synchronization.

--- a/lib/api/users.rb
+++ b/lib/api/users.rb
--- a/spec/requests/api/users_spec.rb
+++ b/spec/requests/api/users_spec.rb
@@ -108,7 +108,7 @@ describe API::API, api: true  do
    it "returns a 404 error if user id not found" do
      get api("/users/9999", user)
      expect(response).to have_http_status(404)
-      expect(json_response['message']).to eq('404 Not found')
+      expect(json_response['message']).to eq('404 User Not Found')
    end

    it "returns a 404 for invalid ID" do
@@ -359,7 +359,7 @@ describe API::API, api: true  do
    it "returns 404 for non-existing user" do
      put api("/users/999999", admin), { bio: 'update should fail' }
      expect(response).to have_http_status(404)
-      expect(json_response['message']).to eq('404 Not found')
+      expect(json_response['message']).to eq('404 User Not Found')
    end

    it "returns a 404 if invalid ID" do
@@ -387,6 +387,18 @@ describe API::API, api: true  do
        to eq([Gitlab::Regex.namespace_regex_message])
    end

+    it 'returns 400 if provider is missing for identity update' do
+      put api("/users/#{omniauth_user.id}", admin), extern_uid: '654321'
+
+      expect(response).to have_http_status(400)
+    end
+
+    it 'returns 400 if external UID is missing for identity update' do
+      put api("/users/#{omniauth_user.id}", admin), provider: 'ldap'
+
+      expect(response).to have_http_status(400)
+    end
+
    context "with existing user" do
      before do
        post api("/users", admin), { email: 'test@example.com', password: 'password', username: 'test', name: 'test' }
@@ -414,14 +426,16 @@ describe API::API, api: true  do

    it "does not create invalid ssh key" do
      post api("/users/#{user.id}/keys", admin), { title: "invalid key" }
+
      expect(response).to have_http_status(400)
-      expect(json_response['message']).to eq('400 (Bad request) "key" not given')
+      expect(json_response['error']).to eq('key is missing')
    end

    it 'does not create key without title' do
      post api("/users/#{user.id}/keys", admin), key: 'some key'
+
      expect(response).to have_http_status(400)
-      expect(json_response['message']).to eq('400 (Bad request) "title" not given')
+      expect(json_response['error']).to eq('title is missing')
    end

    it "creates ssh key" do
@@ -437,7 +451,7 @@ describe API::API, api: true  do
    end
  end

-  describe 'GET /user/:uid/keys' do
+  describe 'GET /user/:id/keys' do
    before { admin }

    context 'when unauthenticated' do
@@ -465,7 +479,7 @@ describe API::API, api: true  do
    end
  end

-  describe 'DELETE /user/:uid/keys/:id' do
+  describe 'DELETE /user/:id/keys/:key_id' do
    before { admin }

    context 'when unauthenticated' do
@@ -506,8 +520,9 @@ describe API::API, api: true  do

    it "does not create invalid email" do
      post api("/users/#{user.id}/emails", admin), {}
+
      expect(response).to have_http_status(400)
-      expect(json_response['message']).to eq('400 (Bad request) "email" not given')
+      expect(json_response['error']).to eq('email is missing')
    end

    it "creates email" do
@@ -524,7 +539,7 @@ describe API::API, api: true  do
    end
  end

-  describe 'GET /user/:uid/emails' do
+  describe 'GET /user/:id/emails' do
    before { admin }

    context 'when unauthenticated' do
@@ -558,7 +573,7 @@ describe API::API, api: true  do
    end
  end

-  describe 'DELETE /user/:uid/emails/:id' do
+  describe 'DELETE /user/:id/emails/:email_id' do
    before { admin }

    context 'when unauthenticated' do
@@ -673,7 +688,7 @@ describe API::API, api: true  do
    end
  end

-  describe "GET /user/keys/:id" do
+  describe "GET /user/keys/:key_id" do
    it "returns single key" do
      user.keys << key
      user.save
@@ -686,7 +701,7 @@ describe API::API, api: true  do
      get api("/user/keys/42", user)

      expect(response).to have_http_status(404)
-      expect(json_response['message']).to eq('404 Not found')
+      expect(json_response['message']).to eq('404 Key Not Found')
    end

    it "returns 404 error if admin accesses user's ssh key" do
@@ -695,7 +710,7 @@ describe API::API, api: true  do
      admin
      get api("/user/keys/#{key.id}", admin)
      expect(response).to have_http_status(404)
-      expect(json_response['message']).to eq('404 Not found')
+      expect(json_response['message']).to eq('404 Key Not Found')
    end

    it "returns 404 for invalid ID" do
@@ -721,14 +736,16 @@ describe API::API, api: true  do

    it "does not create ssh key without key" do
      post api("/user/keys", user), title: 'title'
+
      expect(response).to have_http_status(400)
-      expect(json_response['message']).to eq('400 (Bad request) "key" not given')
+      expect(json_response['error']).to eq('key is missing')
    end

    it 'does not create ssh key without title' do
      post api('/user/keys', user), key: 'some key'
+
      expect(response).to have_http_status(400)
-      expect(json_response['message']).to eq('400 (Bad request) "title" not given')
+      expect(json_response['error']).to eq('title is missing')
    end

    it "does not create ssh key without title" do
@@ -737,7 +754,7 @@ describe API::API, api: true  do
    end
  end

-  describe "DELETE /user/keys/:id" do
+  describe "DELETE /user/keys/:key_id" do
    it "deletes existed key" do
      user.keys << key
      user.save
@@ -747,9 +764,11 @@ describe API::API, api: true  do
      expect(response).to have_http_status(200)
    end

-    it "returns success if key ID not found" do
+    it "returns 404 if key ID not found" do
      delete api("/user/keys/42", user)
-      expect(response).to have_http_status(200)
+
+      expect(response).to have_http_status(404)
+      expect(json_response['message']).to eq('404 Key Not Found')
    end

    it "returns 401 error if unauthorized" do
@@ -786,7 +805,7 @@ describe API::API, api: true  do
    end
  end

-  describe "GET /user/emails/:id" do
+  describe "GET /user/emails/:email_id" do
    it "returns single email" do
      user.emails << email
      user.save
@@ -798,7 +817,7 @@ describe API::API, api: true  do
    it "returns 404 Not Found within invalid ID" do
      get api("/user/emails/42", user)
      expect(response).to have_http_status(404)
-      expect(json_response['message']).to eq('404 Not found')
+      expect(json_response['message']).to eq('404 Email Not Found')
    end

    it "returns 404 error if admin accesses user's email" do
@@ -807,7 +826,7 @@ describe API::API, api: true  do
      admin
      get api("/user/emails/#{email.id}", admin)
      expect(response).to have_http_status(404)
-      expect(json_response['message']).to eq('404 Not found')
+      expect(json_response['message']).to eq('404 Email Not Found')
    end

    it "returns 404 for invalid ID" do
@@ -833,12 +852,13 @@ describe API::API, api: true  do

    it "does not create email with invalid email" do
      post api("/user/emails", user), {}
+
      expect(response).to have_http_status(400)
-      expect(json_response['message']).to eq('400 (Bad request) "email" not given')
+      expect(json_response['error']).to eq('email is missing')
    end
  end

-  describe "DELETE /user/emails/:id" do
+  describe "DELETE /user/emails/:email_id" do
    it "deletes existed email" do
      user.emails << email
      user.save
@@ -848,9 +868,11 @@ describe API::API, api: true  do
      expect(response).to have_http_status(200)
    end

-    it "returns success if email ID not found" do
+    it "returns 404 if email ID not found" do
      delete api("/user/emails/42", user)
-      expect(response).to have_http_status(200)
+
+      expect(response).to have_http_status(404)
+      expect(json_response['message']).to eq('404 Email Not Found')
    end

    it "returns 401 error if unauthorized" do
@@ -860,10 +882,10 @@ describe API::API, api: true  do
      expect(response).to have_http_status(401)
    end

-    it "returns a 404 for invalid ID" do
-      delete api("/users/emails/ASDF", admin)
+    it "returns 400 for invalid ID" do
+      delete api("/user/emails/ASDF", admin)

-      expect(response).to have_http_status(404)
+      expect(response).to have_http_status(400)
    end
  end