Skip to content
Snippets Groups Projects
Commit 81bbcfac authored by Nicolas MERELLI's avatar Nicolas MERELLI Committed by Toon Claes
Browse files

Add application create API

parent 74da7911
No related branches found
No related tags found
No related merge requests found
---
title: Add application create API
merge_request: 8160
author: Nicolas Merelli @PNSalocin
# Applications API
## Create a application
Create a application by posting a JSON payload.
User must be admin to do that.
Returns `200` if the request succeeds.
```
POST /applications
```
| Attribute | Type | Required | Description |
| --------- | ---- | -------- | ----------- |
| `name` | string | yes | The name of the application |
| `redirect_uri` | string | yes | The redirect URI of the application |
| `scopes` | string | yes | The scopes of the application |
```bash
curl --request POST --header "PRIVATE-TOKEN: 9koXpg98eAheJpvBs5tK" --data "name=MyApplication&redirect_uri=http://redirect.uri&scopes=" https://gitlab.example.com/api/v3/applications
```
Example response:
```json
{
"application_id": "5832fc6e14300a0d962240a8144466eef4ee93ef0d218477e55f11cf12fc3737",
"secret": "ee1dd64b6adc89cf7e2c23099301ccc2c61b441064e9324d963c46902a85ec34",
"callback_url": "http://redirect.uri"
}
```
Loading
Loading
@@ -106,6 +106,7 @@ module API
 
# Keep in alphabetical order
mount ::API::AccessRequests
mount ::API::Applications
mount ::API::AwardEmoji
mount ::API::Boards
mount ::API::Branches
Loading
Loading
module API
# External applications API
class Applications < Grape::API
before { authenticated_as_admin! }
resource :applications do
desc 'Create a new application' do
success Entities::Application
end
params do
requires :name, type: String, desc: 'Application name'
requires :redirect_uri, type: String, desc: 'Application redirect URI'
requires :scopes, type: String, desc: 'Application scopes'
end
post do
application = Doorkeeper::Application.new(declared_params)
if application.save
present application, with: Entities::Application
else
render_validation_error! application
end
end
end
end
end
Loading
Loading
@@ -1157,5 +1157,11 @@ module API
pages_domain
end
end
class Application < Grape::Entity
expose :uid, as: :application_id
expose :secret
expose :redirect_uri, as: :callback_url
end
end
end
require 'spec_helper'
describe API::Applications, :api do
include ApiHelpers
let(:admin_user) { create(:user, admin: true) }
let(:user) { create(:user, admin: false) }
describe 'POST /applications' do
context 'authenticated and authorized user' do
it 'creates and returns an OAuth application' do
expect do
post api('/applications', admin_user), name: 'application_name', redirect_uri: 'http://application.url', scopes: ''
end.to change { Doorkeeper::Application.count }.by 1
application = Doorkeeper::Application.find_by(name: 'application_name', redirect_uri: 'http://application.url')
expect(response).to have_http_status 201
expect(json_response).to be_a Hash
expect(json_response['application_id']).to eq application.uid
expect(json_response['secret']).to eq application.secret
expect(json_response['callback_url']).to eq application.redirect_uri
end
it 'does not allow creating an application with the wrong redirect_uri format' do
expect do
post api('/applications', admin_user), name: 'application_name', redirect_uri: 'wrong_url_format', scopes: ''
end.not_to change { Doorkeeper::Application.count }
expect(response).to have_http_status 400
expect(json_response).to be_a Hash
expect(json_response['message']['redirect_uri'][0]).to eq('must be an absolute URI.')
end
it 'does not allow creating an application without a name' do
expect do
post api('/applications', admin_user), redirect_uri: 'http://application.url', scopes: ''
end.not_to change { Doorkeeper::Application.count }
expect(response).to have_http_status 400
expect(json_response).to be_a Hash
expect(json_response['error']).to eq('name is missing')
end
it 'does not allow creating an application without a redirect_uri' do
expect do
post api('/applications', admin_user), name: 'application_name', scopes: ''
end.not_to change { Doorkeeper::Application.count }
expect(response).to have_http_status 400
expect(json_response).to be_a Hash
expect(json_response['error']).to eq('redirect_uri is missing')
end
it 'does not allow creating an application without scopes' do
expect do
post api('/applications', admin_user), name: 'application_name', redirect_uri: 'http://application.url'
end.not_to change { Doorkeeper::Application.count }
expect(response).to have_http_status 400
expect(json_response).to be_a Hash
expect(json_response['error']).to eq('scopes is missing')
end
end
context 'authorized user without authorization' do
it 'does not create application' do
expect do
post api('/applications', user), name: 'application_name', redirect_uri: 'http://application.url', scopes: ''
end.not_to change { Doorkeeper::Application.count }
expect(response).to have_http_status 403
end
end
context 'non-authenticated user' do
it 'does not create application' do
expect do
post api('/applications'), name: 'application_name', redirect_uri: 'http://application.url'
end.not_to change { Doorkeeper::Application.count }
expect(response).to have_http_status 401
end
end
end
end
0% Loading or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment