diff options
-rw-r--r-- | changelogs/unreleased/features-unauth-access-ssh-keys.yml | 5 | ||||
-rw-r--r-- | doc/api/users.md | 2 | ||||
-rw-r--r-- | lib/api/users.rb | 6 | ||||
-rw-r--r-- | spec/requests/api/users_spec.rb | 38 |
4 files changed, 22 insertions, 29 deletions
diff --git a/changelogs/unreleased/features-unauth-access-ssh-keys.yml b/changelogs/unreleased/features-unauth-access-ssh-keys.yml new file mode 100644 index 00000000000..bae2bcfaabd --- /dev/null +++ b/changelogs/unreleased/features-unauth-access-ssh-keys.yml @@ -0,0 +1,5 @@ +--- +title: Enable unauthenticated access to public SSH keys via the API +merge_request: 20118 +author: Ronald Claveau +type: changed diff --git a/doc/api/users.md b/doc/api/users.md index 3b41e0f7ec6..07f03f9c827 100644 --- a/doc/api/users.md +++ b/doc/api/users.md @@ -558,7 +558,7 @@ Parameters: ## List SSH keys for user -Get a list of a specified user's SSH keys. Available only for admin +Get a list of a specified user's SSH keys. ``` GET /users/:id/keys diff --git a/lib/api/users.rb b/lib/api/users.rb index 11a7f4ef64d..501c5cf1df3 100644 --- a/lib/api/users.rb +++ b/lib/api/users.rb @@ -256,7 +256,7 @@ module API end # rubocop: enable CodeReuse/ActiveRecord - desc 'Get the SSH keys of a specified user. Available only for admins.' do + desc 'Get the SSH keys of a specified user.' do success Entities::SSHKey end params do @@ -265,10 +265,8 @@ module API end # rubocop: disable CodeReuse/ActiveRecord get ':id/keys' do - authenticated_as_admin! - user = User.find_by(id: params[:id]) - not_found!('User') unless user + not_found!('User') unless user && can?(current_user, :read_user, user) present paginate(user.keys), with: Entities::SSHKey end diff --git a/spec/requests/api/users_spec.rb b/spec/requests/api/users_spec.rb index b7d62df0663..09c1d016081 100644 --- a/spec/requests/api/users_spec.rb +++ b/spec/requests/api/users_spec.rb @@ -785,35 +785,25 @@ describe API::Users do end describe 'GET /user/:id/keys' do - before do - admin - end + it 'returns 404 for non-existing user' do + user_id = not_existing_user_id - context 'when unauthenticated' do - it 'returns authentication error' do - get api("/users/#{user.id}/keys") - expect(response).to have_gitlab_http_status(401) - end - end + get api("/users/#{user_id}/keys") - context 'when authenticated' do - it 'returns 404 for non-existing user' do - get api('/users/999999/keys', admin) - expect(response).to have_gitlab_http_status(404) - expect(json_response['message']).to eq('404 User Not Found') - end + expect(response).to have_gitlab_http_status(404) + expect(json_response['message']).to eq('404 User Not Found') + end - it 'returns array of ssh keys' do - user.keys << key - user.save + it 'returns array of ssh keys' do + user.keys << key + user.save - get api("/users/#{user.id}/keys", admin) + get api("/users/#{user.id}/keys") - expect(response).to have_gitlab_http_status(200) - expect(response).to include_pagination_headers - expect(json_response).to be_an Array - expect(json_response.first['title']).to eq(key.title) - end + expect(response).to have_gitlab_http_status(200) + expect(response).to include_pagination_headers + expect(json_response).to be_an Array + expect(json_response.first['title']).to eq(key.title) end end |