deac/gitlabhq
1
0
Fork 0
Code Issues Pull requests Releases Wiki Activity

Merge pull request #2835 from Asquera/fixes/api

Browse source 
Fix API return codes
This commit is contained in:
Dmitriy Zaporozhets 2013-03-07 08:33:34 -08:00
commit a7055be1fd
31 changed files with 1138 additions and 291 deletions
Download patch file Download diff file Expand all files Collapse all files

10
spec/requests/api/groups_spec.rb
View file

@ -88,6 +88,16 @@ describe Gitlab::API do
post api("/groups", admin), {:name => "Duplicate Test", :path => group2.path}
response.status.should == 404
end
it "should return 400 bad request error if name not given" do
post api("/groups", admin), { :path => group2.path }
response.status.should == 400
end
it "should return 400 bad request error if path not given" do
post api("/groups", admin), { :name => 'test' }
response.status.should == 400
end
end
end

16
spec/requests/api/issues_spec.rb
View file

@ -41,6 +41,11 @@ describe Gitlab::API do
response.status.should == 200
json_response['title'].should == issue.title
end
it "should return 404 if issue id not found" do
get api("/projects/#{project.id}/issues/54321", user)
response.status.should == 404
end
end
describe "POST /projects/:id/issues" do
@ -52,6 +57,11 @@ describe Gitlab::API do
json_response['description'].should be_nil
json_response['labels'].should == ['label', 'label2']
end
it "should return a 400 bad request if title not given" do
post api("/projects/#{project.id}/issues", user), labels: 'label, label2'
response.status.should == 400
end
end
describe "PUT /projects/:id/issues/:issue_id to update only title" do
@ -62,6 +72,12 @@ describe Gitlab::API do
json_response['title'].should == 'updated title'
end
it "should return 404 error if issue id not found" do
put api("/projects/#{project.id}/issues/44444", user),
title: 'updated title'
response.status.should == 404
end
end
describe "PUT /projects/:id/issues/:issue_id to update state and label" do

52
spec/requests/api/merge_requests_spec.rb
View file

@ -32,6 +32,11 @@ describe Gitlab::API do
response.status.should == 200
json_response['title'].should == merge_request.title
end
it "should return a 404 error if merge_request_id not found" do
get api("/projects/#{project.id}/merge_request/999", user)
response.status.should == 404
end
end
describe "POST /projects/:id/merge_requests" do
@ -41,6 +46,30 @@ describe Gitlab::API do
response.status.should == 201
json_response['title'].should == 'Test merge_request'
end
it "should return 422 when source_branch equals target_branch" do
post api("/projects/#{project.id}/merge_requests", user),
title: "Test merge_request", source_branch: "master", target_branch: "master", author: user
response.status.should == 422
end
it "should return 400 when source_branch is missing" do
post api("/projects/#{project.id}/merge_requests", user),
title: "Test merge_request", target_branch: "master", author: user
response.status.should == 400
end
it "should return 400 when target_branch is missing" do
post api("/projects/#{project.id}/merge_requests", user),
title: "Test merge_request", source_branch: "stable", author: user
response.status.should == 400
end
it "should return 400 when title is missing" do
post api("/projects/#{project.id}/merge_requests", user),
target_branch: 'master', source_branch: 'stable'
response.status.should == 400
end
end
describe "PUT /projects/:id/merge_request/:merge_request_id to close MR" do
@ -59,13 +88,24 @@ describe Gitlab::API do
end
end
describe "PUT /projects/:id/merge_request/:merge_request_id" do
it "should return merge_request" do
put api("/projects/#{project.id}/merge_request/#{merge_request.id}", user), title: "New title"
response.status.should == 200
json_response['title'].should == 'New title'
end
it "should return 422 when source_branch and target_branch are renamed the same" do
put api("/projects/#{project.id}/merge_request/#{merge_request.id}", user),
source_branch: "master", target_branch: "master"
response.status.should == 422
end
it "should return merge_request with renamed target_branch" do
put api("/projects/#{project.id}/merge_request/#{merge_request.id}", user), target_branch: "test"
response.status.should == 200
json_response['target_branch'].should == 'test'
end
end
describe "POST /projects/:id/merge_request/:merge_request_id/comments" do
@ -74,6 +114,16 @@ describe Gitlab::API do
response.status.should == 201
json_response['note'].should == 'My comment'
end
it "should return 400 if note is missing" do
post api("/projects/#{project.id}/merge_request/#{merge_request.id}/comments", user)
response.status.should == 400
end
it "should return 404 if note is attached to non existent merge request" do
post api("/projects/#{project.id}/merge_request/111/comments", user), note: "My comment"
response.status.should == 404
end
end
end

37
spec/requests/api/milestones_spec.rb
View file

@ -16,6 +16,11 @@ describe Gitlab::API do
json_response.should be_an Array
json_response.first['title'].should == milestone.title
end
it "should return a 401 error if user not authenticated" do
get api("/projects/#{project.id}/milestones")
response.status.should == 401
end
end
describe "GET /projects/:id/milestones/:milestone_id" do
@ -24,16 +29,38 @@ describe Gitlab::API do
response.status.should == 200
json_response['title'].should == milestone.title
end
it "should return 401 error if user not authenticated" do
get api("/projects/#{project.id}/milestones/#{milestone.id}")
response.status.should == 401
end
it "should return a 404 error if milestone id not found" do
get api("/projects/#{project.id}/milestones/1234", user)
response.status.should == 404
end
end
describe "POST /projects/:id/milestones" do
it "should create a new project milestone" do
post api("/projects/#{project.id}/milestones", user),
title: 'new milestone'
post api("/projects/#{project.id}/milestones", user), title: 'new milestone'
response.status.should == 201
json_response['title'].should == 'new milestone'
json_response['description'].should be_nil
end
it "should create a new project milestone with description and due date" do
post api("/projects/#{project.id}/milestones", user),
title: 'new milestone', description: 'release', due_date: '2013-03-02'
response.status.should == 201
json_response['description'].should == 'release'
json_response['due_date'].should == '2013-03-02'
end
it "should return a 400 error if title is missing" do
post api("/projects/#{project.id}/milestones", user)
response.status.should == 400
end
end
describe "PUT /projects/:id/milestones/:milestone_id" do
@ -43,6 +70,12 @@ describe Gitlab::API do
response.status.should == 200
json_response['title'].should == 'updated title'
end
it "should return a 404 error if milestone id not found" do
put api("/projects/#{project.id}/milestones/1234", user),
title: 'updated title'
response.status.should == 404
end
end
describe "PUT /projects/:id/milestones/:milestone_id to close milestone" do

60
spec/requests/api/notes_spec.rb
View file

@ -38,6 +38,11 @@ describe Gitlab::API do
response.status.should == 200
json_response['body'].should == wall_note.note
end
it "should return a 404 error if note not found" do
get api("/projects/#{project.id}/notes/123", user)
response.status.should == 404
end
end
describe "POST /projects/:id/notes" do
@ -46,6 +51,16 @@ describe Gitlab::API do
response.status.should == 201
json_response['body'].should == 'hi!'
end
it "should return 401 unauthorized error" do
post api("/projects/#{project.id}/notes")
response.status.should == 401
end
it "should return a 400 bad request if body is missing" do
post api("/projects/#{project.id}/notes", user)
response.status.should == 400
end
end
describe "GET /projects/:id/noteable/:noteable_id/notes" do
@ -56,6 +71,11 @@ describe Gitlab::API do
json_response.should be_an Array
json_response.first['body'].should == issue_note.note
end
it "should return a 404 error when issue id not found" do
get api("/projects/#{project.id}/issues/123/notes", user)
response.status.should == 404
end
end
context "when noteable is a Snippet" do
@ -65,6 +85,11 @@ describe Gitlab::API do
json_response.should be_an Array
json_response.first['body'].should == snippet_note.note
end
it "should return a 404 error when snippet id not found" do
get api("/projects/#{project.id}/snippets/42/notes", user)
response.status.should == 404
end
end
context "when noteable is a Merge Request" do
@ -74,6 +99,11 @@ describe Gitlab::API do
json_response.should be_an Array
json_response.first['body'].should == merge_request_note.note
end
it "should return a 404 error if merge request id not found" do
get api("/projects/#{project.id}/merge_requests/4444/notes", user)
response.status.should == 404
end
end
end
@ -84,6 +114,11 @@ describe Gitlab::API do
response.status.should == 200
json_response['body'].should == issue_note.note
end
it "should return a 404 error if issue note not found" do
get api("/projects/#{project.id}/issues/#{issue.id}/notes/123", user)
response.status.should == 404
end
end
context "when noteable is a Snippet" do
@ -92,6 +127,11 @@ describe Gitlab::API do
response.status.should == 200
json_response['body'].should == snippet_note.note
end
it "should return a 404 error if snippet note not found" do
get api("/projects/#{project.id}/snippets/#{snippet.id}/notes/123", user)
response.status.should == 404
end
end
end
@ -103,6 +143,16 @@ describe Gitlab::API do
json_response['body'].should == 'hi!'
json_response['author']['email'].should == user.email
end
it "should return a 400 bad request error if body not given" do
post api("/projects/#{project.id}/issues/#{issue.id}/notes", user)
response.status.should == 400
end
it "should return a 401 unauthorized error if user not authenticated" do
post api("/projects/#{project.id}/issues/#{issue.id}/notes"), body: 'hi!'
response.status.should == 401
end
end
context "when noteable is a Snippet" do
@ -112,6 +162,16 @@ describe Gitlab::API do
json_response['body'].should == 'hi!'
json_response['author']['email'].should == user.email
end
it "should return a 400 bad request error if body not given" do
post api("/projects/#{project.id}/snippets/#{snippet.id}/notes", user)
response.status.should == 400
end
it "should return a 401 unauthorized error if user not authenticated" do
post api("/projects/#{project.id}/snippets/#{snippet.id}/notes"), body: 'hi!'
response.status.should == 401
end
end
end
end

223
spec/requests/api/projects_spec.rb
View file

@ -7,8 +7,8 @@ describe Gitlab::API do
let(:user2) { create(:user) }
let(:user3) { create(:user) }
let(:admin) { create(:admin) }
let!(:hook) { create(:project_hook, project: project, url: "http://example.com") }
let!(:project) { create(:project, namespace: user.namespace ) }
let!(:hook) { create(:project_hook, project: project, url: "http://example.com") }
let!(:snippet) { create(:snippet, author: user, project: project, title: 'example') }
let!(:users_project) { create(:users_project, user: user, project: project, project_access: UsersProject::MASTER) }
let!(:users_project2) { create(:users_project, user: user3, project: project, project_access: UsersProject::DEVELOPER) }
@ -58,6 +58,11 @@ describe Gitlab::API do
expect { post api("/projects", user) }.to_not change {Project.count}
end
it "should return a 400 error if name not given" do
post api("/projects", user)
response.status.should == 400
end
it "should create last project before reaching project limit" do
(1..user2.projects_limit-1).each { |p| post api("/projects", user2), name: "foo#{p}" }
post api("/projects", user2), name: "foo"
@ -69,9 +74,17 @@ describe Gitlab::API do
response.status.should == 201
end
it "should respond with 404 on failure" do
it "should respond with 400 if name is not given" do
post api("/projects", user)
response.status.should == 404
response.status.should == 400
end
it "should return a 403 error if project limit reached" do
(1..user.projects_limit).each do |p|
post api("/projects", user), name: "foo#{p}"
end
post api("/projects", user), name: 'bar'
response.status.should == 403
end
it "should assign attributes to project" do
@ -152,6 +165,12 @@ describe Gitlab::API do
response.status.should == 404
json_response['message'].should == '404 Not Found'
end
it "should return a 404 error if user is not a member" do
other_user = create(:user)
get api("/projects/#{project.id}", other_user)
response.status.should == 404
end
end
describe "GET /projects/:id/repository/branches" do
@ -188,6 +207,17 @@ describe Gitlab::API do
json_response['commit']['id'].should == '621491c677087aa243f165eab467bfdfbee00be1'
json_response['protected'].should == true
end
it "should return a 404 error if branch not found" do
put api("/projects/#{project.id}/repository/branches/unknown/protect", user)
response.status.should == 404
end
it "should return success when protect branch again" do
put api("/projects/#{project.id}/repository/branches/new_design/protect", user)
put api("/projects/#{project.id}/repository/branches/new_design/protect", user)
response.status.should == 200
end
end
describe "PUT /projects/:id/repository/branches/:branch/unprotect" do
@ -199,6 +229,17 @@ describe Gitlab::API do
json_response['commit']['id'].should == '621491c677087aa243f165eab467bfdfbee00be1'
json_response['protected'].should == false
end
it "should return success when unprotect branch" do
put api("/projects/#{project.id}/repository/branches/unknown/unprotect", user)
response.status.should == 404
end
it "should return success when unprotect branch again" do
put api("/projects/#{project.id}/repository/branches/new_design/unprotect", user)
put api("/projects/#{project.id}/repository/branches/new_design/unprotect", user)
response.status.should == 200
end
end
describe "GET /projects/:id/members" do
@ -217,6 +258,11 @@ describe Gitlab::API do
json_response.count.should == 1
json_response.first['email'].should == user.email
end
it "should return a 404 error if id not found" do
get api("/projects/9999/members", user)
response.status.should == 404
end
end
describe "GET /projects/:id/members/:user_id" do
@ -226,6 +272,11 @@ describe Gitlab::API do
json_response['email'].should == user.email
json_response['access_level'].should == UsersProject::MASTER
end
it "should return a 404 error if user id not found" do
get api("/projects/#{project.id}/members/1234", user)
response.status.should == 404
end
end
describe "POST /projects/:id/members" do
@ -239,6 +290,34 @@ describe Gitlab::API do
json_response['email'].should == user2.email
json_response['access_level'].should == UsersProject::DEVELOPER
end
it "should return a 201 status if user is already project member" do
post api("/projects/#{project.id}/members", user), user_id: user2.id,
access_level: UsersProject::DEVELOPER
expect {
post api("/projects/#{project.id}/members", user), user_id: user2.id,
access_level: UsersProject::DEVELOPER
}.not_to change { UsersProject.count }.by(1)
response.status.should == 201
json_response['email'].should == user2.email
json_response['access_level'].should == UsersProject::DEVELOPER
end
it "should return a 400 error when user id is not given" do
post api("/projects/#{project.id}/members", user), access_level: UsersProject::MASTER
response.status.should == 400
end
it "should return a 400 error when access level is not given" do
post api("/projects/#{project.id}/members", user), user_id: user2.id
response.status.should == 400
end
it "should return a 422 error when access level is not known" do
post api("/projects/#{project.id}/members", user), user_id: user2.id, access_level: 1234
response.status.should == 422
end
end
describe "PUT /projects/:id/members/:user_id" do
@ -248,6 +327,21 @@ describe Gitlab::API do
json_response['email'].should == user3.email
json_response['access_level'].should == UsersProject::MASTER
end
it "should return a 404 error if user_id is not found" do
put api("/projects/#{project.id}/members/1234", user), access_level: UsersProject::MASTER
response.status.should == 404
end
it "should return a 400 error when access level is not given" do
put api("/projects/#{project.id}/members/#{user3.id}", user)
response.status.should == 400
end
it "should return a 422 error when access level is not known" do
put api("/projects/#{project.id}/members/#{user3.id}", user), access_level: 123
response.status.should == 422
end
end
describe "DELETE /projects/:id/members/:user_id" do
@ -256,6 +350,30 @@ describe Gitlab::API do
delete api("/projects/#{project.id}/members/#{user3.id}", user)
}.to change { UsersProject.count }.by(-1)
end
it "should return 200 if team member is not part of a project" do
delete api("/projects/#{project.id}/members/#{user3.id}", user)
expect {
delete api("/projects/#{project.id}/members/#{user3.id}", user)
}.to_not change { UsersProject.count }.by(1)
end
it "should return 200 if team member already removed" do
delete api("/projects/#{project.id}/members/#{user3.id}", user)
delete api("/projects/#{project.id}/members/#{user3.id}", user)
response.status.should == 200
end
end
describe "DELETE /projects/:id/members/:user_id" do
it "should return 200 OK when the user was not member" do
expect {
delete api("/projects/#{project.id}/members/1000000", user)
}.to change { UsersProject.count }.by(0)
response.status.should == 200
json_response['message'].should == "Access revoked"
json_response['id'].should == 1000000
end
end
describe "GET /projects/:id/hooks" do
@ -298,6 +416,11 @@ describe Gitlab::API do
response.status.should == 403
end
end
it "should return a 404 error if hook id is not available" do
get api("/projects/#{project.id}/hooks/1234", user)
response.status.should == 404
end
end
describe "POST /projects/:id/hooks" do
@ -306,6 +429,17 @@ describe Gitlab::API do
post api("/projects/#{project.id}/hooks", user),
url: "http://example.com"
}.to change {project.hooks.count}.by(1)
response.status.should == 201
end
it "should return a 400 error if url not given" do
post api("/projects/#{project.id}/hooks", user)
response.status.should == 400
end
it "should return a 422 error if url not valid" do
post api("/projects/#{project.id}/hooks", user), "url" => "ftp://example.com"
response.status.should == 422
end
end
@ -316,13 +450,44 @@ describe Gitlab::API do
response.status.should == 200
json_response['url'].should == 'http://example.org'
end
it "should return 404 error if hook id not found" do
put api("/projects/#{project.id}/hooks/1234", user), url: 'http://example.org'
response.status.should == 404
end
it "should return 400 error if url is not given" do
put api("/projects/#{project.id}/hooks/#{hook.id}", user)
response.status.should == 400
end
it "should return a 422 error if url is not valid" do
put api("/projects/#{project.id}/hooks/#{hook.id}", user), url: 'ftp://example.com'
response.status.should == 422
end
end
describe "DELETE /projects/:id/hooks/:hook_id" do
describe "DELETE /projects/:id/hooks" do
it "should delete hook from project" do
expect {
delete api("/projects/#{project.id}/hooks/#{hook.id}", user)
delete api("/projects/#{project.id}/hooks", user), hook_id: hook.id
}.to change {project.hooks.count}.by(-1)
response.status.should == 200
end
it "should return success when deleting hook" do
delete api("/projects/#{project.id}/hooks", user), hook_id: hook.id
response.status.should == 200
end
it "should return success when deleting non existent hook" do
delete api("/projects/#{project.id}/hooks", user), hook_id: 42
response.status.should == 200
end
it "should return a 400 error if hook id not given" do
delete api("/projects/#{project.id}/hooks", user)
response.status.should == 400
end
end
@ -371,6 +536,11 @@ describe Gitlab::API do
response.status.should == 200
json_response['title'].should == snippet.title
end
it "should return a 404 error if snippet id not found" do
get api("/projects/#{project.id}/snippets/1234", user)
response.status.should == 404
end
end
describe "POST /projects/:id/snippets" do
@ -380,6 +550,24 @@ describe Gitlab::API do
response.status.should == 201
json_response['title'].should == 'api test'
end
it "should return a 400 error if title is not given" do
post api("/projects/#{project.id}/snippets", user),
file_name: 'sample.rb', code: 'test'
response.status.should == 400
end
it "should return a 400 error if file_name not given" do
post api("/projects/#{project.id}/snippets", user),
title: 'api test', code: 'test'
response.status.should == 400
end
it "should return a 400 error if code not given" do
post api("/projects/#{project.id}/snippets", user),
title: 'api test', file_name: 'sample.rb'
response.status.should == 400
end
end
describe "PUT /projects/:id/snippets/:shippet_id" do
@ -390,6 +578,13 @@ describe Gitlab::API do
json_response['title'].should == 'example'
snippet.reload.content.should == 'updated code'
end
it "should update an existing project snippet with new title" do
put api("/projects/#{project.id}/snippets/#{snippet.id}", user),
title: 'other api test'
response.status.should == 200
json_response['title'].should == 'other api test'
end
end
describe "DELETE /projects/:id/snippets/:snippet_id" do
@ -397,6 +592,12 @@ describe Gitlab::API do
expect {
delete api("/projects/#{project.id}/snippets/#{snippet.id}", user)
}.to change { Snippet.count }.by(-1)
response.status.should == 200
end
it "should return success when deleting unknown snippet id" do
delete api("/projects/#{project.id}/snippets/1234", user)
response.status.should == 200
end
end
@ -405,9 +606,14 @@ describe Gitlab::API do
get api("/projects/#{project.id}/snippets/#{snippet.id}/raw", user)
response.status.should == 200
end
it "should return a 404 error if raw project snippet not found" do
get api("/projects/#{project.id}/snippets/5555/raw", user)
response.status.should == 404
end
end
describe "GET /projects/:id/:sha/blob" do
describe "GET /projects/:id/repository/commits/:sha/blob" do
it "should get the raw file contents" do
get api("/projects/#{project.id}/repository/commits/master/blob?filepath=README.md", user)
response.status.should == 200
@ -422,6 +628,11 @@ describe Gitlab::API do
get api("/projects/#{project.id}/repository/commits/master/blob?filepath=README.invalid", user)
response.status.should == 404
end
it "should return a 400 error if filepath is missing" do
get api("/projects/#{project.id}/repository/commits/master/blob", user)
response.status.should == 400
end
end
describe "GET /projects/:id/keys" do

10
spec/requests/api/session_spec.rb
View file

@ -35,5 +35,15 @@ describe Gitlab::API do
json_response['private_token'].should be_nil
end
end
context "when empty name" do
it "should return authentication error" do
post api("/session"), password: user.password
response.status.should == 401
json_response['email'].should be_nil
json_response['private_token'].should be_nil
end
end
end
end

125
spec/requests/api/users_spec.rb
View file

@ -31,26 +31,69 @@ describe Gitlab::API do
response.status.should == 200
json_response['email'].should == user.email
end
it "should return a 401 if unauthenticated" do
get api("/users/9998")
response.status.should == 401
end
it "should return a 404 error if user id not found" do
get api("/users/9999", user)
response.status.should == 404
end
end
describe "POST /users" do
before{ admin }
it "should not create invalid user" do
post api("/users", admin), { email: "invalid email" }
response.status.should == 404
end
it "should create user" do
expect {
post api("/users", admin), attributes_for(:user, projects_limit: 3)
}.to change { User.count }.by(1)
end
it "should return 201 Created on success" do
post api("/users", admin), attributes_for(:user, projects_limit: 3)
response.status.should == 201
end
it "should not create user with invalid email" do
post api("/users", admin), { email: "invalid email", password: 'password' }
response.status.should == 400
end
it "should return 400 error if password not given" do
post api("/users", admin), { email: 'test@example.com' }
response.status.should == 400
end
it "should return 400 error if email not given" do
post api("/users", admin), { password: 'pass1234' }
response.status.should == 400
end
it "shouldn't available for non admin users" do
post api("/users", user), attributes_for(:user)
response.status.should == 403
end
context "with existing user" do
before { post api("/users", admin), { email: 'test@example.com', password: 'password', username: 'test' } }
it "should not create user with same email" do
expect {
post api("/users", admin), { email: 'test@example.com', password: 'password' }
}.to change { User.count }.by(0)
end
it "should return 409 conflict error if user with email exists" do
post api("/users", admin), { email: 'test@example.com', password: 'password' }
end
it "should return 409 conflict error if same username exists" do
post api("/users", admin), { email: 'foo@example.com', password: 'pass', username: 'test' }
end
end
end
describe "GET /users/sign_up" do
@ -81,7 +124,7 @@ describe Gitlab::API do
describe "PUT /users/:id" do
before { admin }
it "should update user" do
it "should update user with new bio" do
put api("/users/#{user.id}", admin), {bio: 'new test bio'}
response.status.should == 200
json_response['bio'].should == 'new test bio'
@ -103,6 +146,25 @@ describe Gitlab::API do
put api("/users/999999", admin), {bio: 'update should fail'}
response.status.should == 404
end
context "with existing user" do
before {
post api("/users", admin), { email: 'test@example.com', password: 'password', username: 'test', name: 'test' }
post api("/users", admin), { email: 'foo@bar.com', password: 'password', username: 'john', name: 'john' }
@user_id = User.all.last.id
}
# it "should return 409 conflict error if email address exists" do
# put api("/users/#{@user_id}", admin), { email: 'test@example.com' }
# response.status.should == 409
# end
#
# it "should return 409 conflict error if username taken" do
# @user_id = User.all.last.id
# put api("/users/#{@user_id}", admin), { username: 'test' }
# response.status.should == 409
# end
end
end
describe "POST /users/:id/keys" do
@ -131,6 +193,11 @@ describe Gitlab::API do
json_response['email'].should == user.email
end
it "should not delete for unauthenticated user" do
delete api("/users/#{user.id}")
response.status.should == 401
end
it "shouldn't available for non admin users" do
delete api("/users/#{user.id}", user)
response.status.should == 403
@ -148,6 +215,11 @@ describe Gitlab::API do
response.status.should == 200
json_response['email'].should == user.email
end
it "should return 401 error if user is unauthenticated" do
get api("/user")
response.status.should == 401
end
end
describe "GET /user/keys" do
@ -183,19 +255,38 @@ describe Gitlab::API do
get api("/user/keys/42", user)
response.status.should == 404
end
it "should return 404 error if admin accesses user's ssh key" do
user.keys << key
user.save
admin
get api("/user/keys/#{key.id}", admin)
response.status.should == 404
end
end
describe "POST /user/keys" do
it "should not create invalid ssh key" do
post api("/user/keys", user), { title: "invalid key" }
response.status.should == 404
end
it "should create ssh key" do
key_attrs = attributes_for :key
expect {
post api("/user/keys", user), key_attrs
}.to change{ user.keys.count }.by(1)
response.status.should == 201
end
it "should return a 401 error if unauthorized" do
post api("/user/keys"), title: 'some title', key: 'some key'
response.status.should == 401
end
it "should not create ssh key without key" do
post api("/user/keys", user), title: 'title'
response.status.should == 400
end
it "should not create ssh key without title" do
post api("/user/keys", user), key: "somekey"
response.status.should == 400
end
end
@ -206,11 +297,19 @@ describe Gitlab::API do
expect {
delete api("/user/keys/#{key.id}", user)
}.to change{user.keys.count}.by(-1)
response.status.should == 200
end
it "should return 404 Not Found within invalid ID" do
it "should return sucess if key ID not found" do
delete api("/user/keys/42", user)
response.status.should == 404
response.status.should == 200
end
it "should return 401 error if unauthorized" do
user.keys << key
user.save
delete api("/user/keys/#{key.id}")
response.status.should == 401
end
end
end