diff --git a/changelogs/unreleased/4269-public-repositories-api.yml b/changelogs/unreleased/4269-public-repositories-api.yml
new file mode 100644
index 0000000000000000000000000000000000000000..b88ce63845dfe3af3fb5e93337214369015a8e18
--- /dev/null
+++ b/changelogs/unreleased/4269-public-repositories-api.yml
@@ -0,0 +1,4 @@
+---
+title: Allow Repositories API GET endpoints to be requested anonymously
+merge_request:
+author:
diff --git a/doc/api/repositories.md b/doc/api/repositories.md
index bcf8b955044520ac0bbb22ecba556e18a9ad739d..727617f1ecc53a9c891d5e46f41203f92c563fc1 100644
--- a/doc/api/repositories.md
+++ b/doc/api/repositories.md
@@ -2,7 +2,8 @@
## List repository tree
-Get a list of repository files and directories in a project.
+Get a list of repository files and directories in a project. This endpoint can
+be accessed without authentication if the repository is publicly accessible.
```
GET /projects/:id/repository/tree
@@ -71,7 +72,8 @@ Parameters:
## Raw file content
-Get the raw file contents for a file by commit SHA and path.
+Get the raw file contents for a file by commit SHA and path. This endpoint can
+be accessed without authentication if the repository is publicly accessible.
```
GET /projects/:id/repository/blobs/:sha
@@ -85,7 +87,8 @@ Parameters:
## Raw blob content
-Get the raw file contents for a blob by blob SHA.
+Get the raw file contents for a blob by blob SHA. This endpoint can be accessed
+without authentication if the repository is publicly accessible.
```
GET /projects/:id/repository/raw_blobs/:sha
@@ -98,7 +101,8 @@ Parameters:
## Get file archive
-Get an archive of the repository
+Get an archive of the repository. This endpoint can be accessed without
+authentication if the repository is publicly accessible.
```
GET /projects/:id/repository/archive
@@ -111,6 +115,9 @@ Parameters:
## Compare branches, tags or commits
+This endpoint can be accessed without authentication if the repository is
+publicly accessible.
+
```
GET /projects/:id/repository/compare
```
@@ -163,7 +170,8 @@ Response:
## Contributors
-Get repository contributors list
+Get repository contributors list. This endpoint can be accessed without
+authentication if the repository is publicly accessible.
```
GET /projects/:id/repository/contributors
diff --git a/lib/api/repositories.rb b/lib/api/repositories.rb
index c287ee34a6818018ae858944ddb1158bc48c0786..4ca6646a6f1e99516bb8dab8e0ea5bd38e187203 100644
--- a/lib/api/repositories.rb
+++ b/lib/api/repositories.rb
@@ -2,7 +2,6 @@ require 'mime/types'
module API
class Repositories < Grape::API
- before { authenticate! }
before { authorize! :download_code, user_project }
params do
@@ -79,8 +78,6 @@ module API
optional :format, type: String, desc: 'The archive format'
end
get ':id/repository/archive', requirements: { format: Gitlab::Regex.archive_formats_regex } do
- authorize! :download_code, user_project
-
begin
send_git_archive user_project.repository, ref: params[:sha], format: params[:format]
rescue
@@ -96,7 +93,6 @@ module API
requires :to, type: String, desc: 'The commit, branch name, or tag name to stop comparison'
end
get ':id/repository/compare' do
- authorize! :download_code, user_project
compare = Gitlab::Git::Compare.new(user_project.repository.raw_repository, params[:from], params[:to])
present compare, with: Entities::Compare
end
@@ -105,8 +101,6 @@ module API
success Entities::Contributor
end
get ':id/repository/contributors' do
- authorize! :download_code, user_project
-
begin
present user_project.repository.contributors,
with: Entities::Contributor
diff --git a/spec/requests/api/repositories_spec.rb b/spec/requests/api/repositories_spec.rb
index c90b69e8ebbcc69edbdf7d21af5d8b65aed7698c..67f0bc537fea4d0a21a78c291adbc7d22edb019a 100644
--- a/spec/requests/api/repositories_spec.rb
+++ b/spec/requests/api/repositories_spec.rb
@@ -16,15 +16,32 @@ describe API::Repositories, api: true do
context "authorized user" do
before { project.team << [user2, :reporter] }
- it "returns project commits" do
- get api("/projects/#{project.id}/repository/tree", user)
+ shared_examples_for 'repository tree' do
+ it 'returns the repository tree' do
+ get api("/projects/#{project.id}/repository/tree", current_user)
- expect(response).to have_http_status(200)
+ expect(response).to have_http_status(200)
- expect(json_response).to be_an Array
- expect(json_response.first['name']).to eq('bar')
- expect(json_response.first['type']).to eq('tree')
- expect(json_response.first['mode']).to eq('040000')
+ first_commit = json_response.first
+
+ expect(json_response).to be_an Array
+ expect(first_commit['name']).to eq('bar')
+ expect(first_commit['type']).to eq('tree')
+ expect(first_commit['mode']).to eq('040000')
+ end
+ end
+
+ context 'when unauthenticated' do
+ it_behaves_like 'repository tree' do
+ let(:project) { create(:project, :public) }
+ let(:current_user) { nil }
+ end
+ end
+
+ context 'when authenticated' do
+ it_behaves_like 'repository tree' do
+ let(:current_user) { user }
+ end
end
it 'returns a 404 for unknown ref' do
@@ -39,7 +56,8 @@ describe API::Repositories, api: true do
context "unauthorized user" do
it "does not return project commits" do
get api("/projects/#{project.id}/repository/tree")
- expect(response).to have_http_status(401)
+
+ expect(response).to have_http_status(404)
end
end
end
@@ -72,15 +90,38 @@ describe API::Repositories, api: true do
context "unauthorized user" do
it "does not return project commits" do
get api("/projects/#{project.id}/repository/tree?recursive=1")
- expect(response).to have_http_status(401)
+
+ expect(response).to have_http_status(404)
end
end
end
- describe "GET /projects/:id/repository/blobs/:sha" do
- it "gets the raw file contents" do
- get api("/projects/#{project.id}/repository/blobs/master?filepath=README.md", user)
- expect(response).to have_http_status(200)
+ describe "GET /projects/:id/repository/blobs/:sha & /projects/:id/repository/commits/:sha" do
+ shared_examples_for 'repository blob' do
+ it 'returns the repository blob for /repository/blobs/master' do
+ get api("/projects/#{project.id}/repository/blobs/master?filepath=README.md", current_user)
+
+ expect(response).to have_http_status(200)
+ end
+
+ it 'returns the repository blob for /repository/commits/master' do
+ get api("/projects/#{project.id}/repository/commits/master/blob?filepath=README.md", current_user)
+
+ expect(response).to have_http_status(200)
+ end
+ end
+
+ context 'when unauthenticated' do
+ it_behaves_like 'repository blob' do
+ let(:project) { create(:project, :public) }
+ let(:current_user) { nil }
+ end
+ end
+
+ context 'when authenticated' do
+ it_behaves_like 'repository blob' do
+ let(:current_user) { user }
+ end
end
it "returns 404 for invalid branch_name" do
@@ -99,17 +140,26 @@ describe API::Repositories, api: true do
end
end
- describe "GET /projects/:id/repository/commits/:sha/blob" do
- it "gets the raw file contents" do
- get api("/projects/#{project.id}/repository/commits/master/blob?filepath=README.md", user)
- expect(response).to have_http_status(200)
+ describe "GET /projects/:id/repository/raw_blobs/:sha" do
+ shared_examples_for 'repository raw blob' do
+ it 'returns the repository raw blob' do
+ get api("/projects/#{project.id}/repository/raw_blobs/#{sample_blob.oid}", current_user)
+
+ expect(response).to have_http_status(200)
+ end
end
- end
- describe "GET /projects/:id/repository/raw_blobs/:sha" do
- it "gets the raw file contents" do
- get api("/projects/#{project.id}/repository/raw_blobs/#{sample_blob.oid}", user)
- expect(response).to have_http_status(200)
+ context 'when unauthenticated' do
+ it_behaves_like 'repository raw blob' do
+ let(:project) { create(:project, :public) }
+ let(:current_user) { nil }
+ end
+ end
+
+ context 'when authenticated' do
+ it_behaves_like 'repository raw blob' do
+ let(:current_user) { user }
+ end
end
it 'returns a 404 for unknown blob' do
@@ -122,31 +172,55 @@ describe API::Repositories, api: true do
end
describe "GET /projects/:id/repository/archive(.:format)?:sha" do
- it "gets the archive" do
- get api("/projects/#{project.id}/repository/archive", user)
- repo_name = project.repository.name.gsub("\.git", "")
- expect(response).to have_http_status(200)
- type, params = workhorse_send_data
- expect(type).to eq('git-archive')
- expect(params['ArchivePath']).to match(/#{repo_name}\-[^\.]+\.tar.gz/)
+ shared_examples_for 'repository archive' do
+ it 'returns the repository archive' do
+ get api("/projects/#{project.id}/repository/archive", current_user)
+
+ expect(response).to have_http_status(200)
+
+ repo_name = project.repository.name.gsub("\.git", "")
+ type, params = workhorse_send_data
+
+ expect(type).to eq('git-archive')
+ expect(params['ArchivePath']).to match(/#{repo_name}\-[^\.]+\.tar.gz/)
+ end
+
+ it 'returns the repository archive archive.zip' do
+ get api("/projects/#{project.id}/repository/archive.zip", user)
+
+ expect(response).to have_http_status(200)
+
+ repo_name = project.repository.name.gsub("\.git", "")
+ type, params = workhorse_send_data
+
+ expect(type).to eq('git-archive')
+ expect(params['ArchivePath']).to match(/#{repo_name}\-[^\.]+\.zip/)
+ end
+
+ it 'returns the repository archive archive.tar.bz2' do
+ get api("/projects/#{project.id}/repository/archive.tar.bz2", user)
+
+ expect(response).to have_http_status(200)
+
+ repo_name = project.repository.name.gsub("\.git", "")
+ type, params = workhorse_send_data
+
+ expect(type).to eq('git-archive')
+ expect(params['ArchivePath']).to match(/#{repo_name}\-[^\.]+\.tar.bz2/)
+ end
end
- it "gets the archive.zip" do
- get api("/projects/#{project.id}/repository/archive.zip", user)
- repo_name = project.repository.name.gsub("\.git", "")
- expect(response).to have_http_status(200)
- type, params = workhorse_send_data
- expect(type).to eq('git-archive')
- expect(params['ArchivePath']).to match(/#{repo_name}\-[^\.]+\.zip/)
+ context 'when unauthenticated' do
+ it_behaves_like 'repository archive' do
+ let(:project) { create(:project, :public) }
+ let(:current_user) { nil }
+ end
end
- it "gets the archive.tar.bz2" do
- get api("/projects/#{project.id}/repository/archive.tar.bz2", user)
- repo_name = project.repository.name.gsub("\.git", "")
- expect(response).to have_http_status(200)
- type, params = workhorse_send_data
- expect(type).to eq('git-archive')
- expect(params['ArchivePath']).to match(/#{repo_name}\-[^\.]+\.tar.bz2/)
+ context 'when authenticated' do
+ it_behaves_like 'repository archive' do
+ let(:current_user) { user }
+ end
end
it "returns 404 for invalid sha" do
@@ -156,55 +230,93 @@ describe API::Repositories, api: true do
end
describe 'GET /projects/:id/repository/compare' do
- it "compares branches" do
- get api("/projects/#{project.id}/repository/compare", user), from: 'master', to: 'feature'
- expect(response).to have_http_status(200)
- expect(json_response['commits']).to be_present
- expect(json_response['diffs']).to be_present
- end
+ shared_examples_for 'repository compare' do
+ it "compares branches" do
+ get api("/projects/#{project.id}/repository/compare", current_user), from: 'master', to: 'feature'
- it "compares tags" do
- get api("/projects/#{project.id}/repository/compare", user), from: 'v1.0.0', to: 'v1.1.0'
- expect(response).to have_http_status(200)
- expect(json_response['commits']).to be_present
- expect(json_response['diffs']).to be_present
- end
+ expect(response).to have_http_status(200)
+ expect(json_response['commits']).to be_present
+ expect(json_response['diffs']).to be_present
+ end
+
+ it "compares tags" do
+ get api("/projects/#{project.id}/repository/compare", current_user), from: 'v1.0.0', to: 'v1.1.0'
+
+ expect(response).to have_http_status(200)
+ expect(json_response['commits']).to be_present
+ expect(json_response['diffs']).to be_present
+ end
+
+ it "compares commits" do
+ get api("/projects/#{project.id}/repository/compare", current_user), from: sample_commit.id, to: sample_commit.parent_id
+
+ expect(response).to have_http_status(200)
+ expect(json_response['commits']).to be_empty
+ expect(json_response['diffs']).to be_empty
+ expect(json_response['compare_same_ref']).to be_falsey
+ end
- it "compares commits" do
- get api("/projects/#{project.id}/repository/compare", user), from: sample_commit.id, to: sample_commit.parent_id
- expect(response).to have_http_status(200)
- expect(json_response['commits']).to be_empty
- expect(json_response['diffs']).to be_empty
- expect(json_response['compare_same_ref']).to be_falsey
+ it "compares commits in reverse order" do
+ get api("/projects/#{project.id}/repository/compare", current_user), from: sample_commit.parent_id, to: sample_commit.id
+
+ expect(response).to have_http_status(200)
+ expect(json_response['commits']).to be_present
+ expect(json_response['diffs']).to be_present
+ end
+
+ it "compares same refs" do
+ get api("/projects/#{project.id}/repository/compare", current_user), from: 'master', to: 'master'
+
+ expect(response).to have_http_status(200)
+ expect(json_response['commits']).to be_empty
+ expect(json_response['diffs']).to be_empty
+ expect(json_response['compare_same_ref']).to be_truthy
+ end
end
- it "compares commits in reverse order" do
- get api("/projects/#{project.id}/repository/compare", user), from: sample_commit.parent_id, to: sample_commit.id
- expect(response).to have_http_status(200)
- expect(json_response['commits']).to be_present
- expect(json_response['diffs']).to be_present
+ context 'when unauthenticated' do
+ it_behaves_like 'repository compare' do
+ let(:project) { create(:project, :public) }
+ let(:current_user) { nil }
+ end
end
- it "compares same refs" do
- get api("/projects/#{project.id}/repository/compare", user), from: 'master', to: 'master'
- expect(response).to have_http_status(200)
- expect(json_response['commits']).to be_empty
- expect(json_response['diffs']).to be_empty
- expect(json_response['compare_same_ref']).to be_truthy
+ context 'when authenticated' do
+ it_behaves_like 'repository compare' do
+ let(:current_user) { user }
+ end
end
end
describe 'GET /projects/:id/repository/contributors' do
- it 'returns valid data' do
- get api("/projects/#{project.id}/repository/contributors", user)
- expect(response).to have_http_status(200)
- expect(json_response).to be_an Array
- contributor = json_response.first
- expect(contributor['email']).to eq('tiagonbotelho@hotmail.com')
- expect(contributor['name']).to eq('tiagonbotelho')
- expect(contributor['commits']).to eq(1)
- expect(contributor['additions']).to eq(0)
- expect(contributor['deletions']).to eq(0)
+ shared_examples_for 'repository contributors' do
+ it 'returns valid data' do
+ get api("/projects/#{project.id}/repository/contributors", user)
+
+ expect(response).to have_http_status(200)
+ expect(json_response).to be_an Array
+
+ first_contributor = json_response.first
+
+ expect(first_contributor['email']).to eq('tiagonbotelho@hotmail.com')
+ expect(first_contributor['name']).to eq('tiagonbotelho')
+ expect(first_contributor['commits']).to eq(1)
+ expect(first_contributor['additions']).to eq(0)
+ expect(first_contributor['deletions']).to eq(0)
+ end
+ end
+
+ context 'when unauthenticated' do
+ it_behaves_like 'repository contributors' do
+ let(:project) { create(:project, :public) }
+ let(:current_user) { nil }
+ end
+ end
+
+ context 'when authenticated' do
+ it_behaves_like 'repository contributors' do
+ let(:current_user) { user }
+ end
end
end
end