Merge branch 'api'

randx
2 parents a605943d d12579aa
Showing 4 changed files with 19 additions and 10 deletions Show diff stats
app/views/help/api.html.haml
lib/api/entities.rb
lib/api/session.rb
spec/requests/api/session_spec.rb
@@ -14,6 +14,8 @@
   %li
     %a{href: "#users"} Users
   %li
+    %a{href: "#session"} Session
+  %li
     %a{href: "#issues"} Issues
   %li
     %a{href: "#milestones"} Milestones
@@ -58,6 +60,16 @@
  
 %br
  
+.file_holder#session
+  .file_title
+    %i.icon-file
+    Session
+  .file_content.wiki
+    = preserve do
+      = markdown File.read(Rails.root.join("doc", "api", "session.md"))
+
+%br
+
 .file_holder#issues
   .file_title
     %i.icon-file
@@ -9,8 +9,8 @@ module Gitlab
       expose :id, :email, :name, :blocked, :created_at
     end
  
-    class UserLogin < Grape::Entity
-      expose :id, :email, :name, :private_token, :blocked, :created_at
+    class UserLogin < UserBasic
+      expose :private_token
     end
  
     class Hook < Grape::Entity
@@ -56,9 +56,7 @@ module Gitlab
     end
  
     class Key < Grape::Entity
-      expose  :id,
-              :title,
-              :key
+      expose  :id, :title, :key
     end
   end
 end
@@ -8,14 +8,13 @@ module Gitlab
     post "/session" do
       resource = User.find_for_database_authentication(email: params[:email])
  
-      return forbidden! unless resource
+      return unauthorized! unless resource
  
       if resource.valid_password?(params[:password])
         present resource, with: Entities::UserLogin
       else
-        forbidden!
+        unauthorized!
       end
     end
   end
 end
-
@@ -19,7 +19,7 @@ describe Gitlab::API do
     context "when invalid password" do
       it "should return authentication error" do
         post api("/session"), email: user.email, password: '123'
-        response.status.should == 403
+        response.status.should == 401
  
         json_response['email'].should be_nil
         json_response['private_token'].should be_nil
@@ -29,7 +29,7 @@ describe Gitlab::API do
     context "when empty password" do
       it "should return authentication error" do
         post api("/session"), email: user.email
-        response.status.should == 403
+        response.status.should == 401
  
         json_response['email'].should be_nil
         json_response['private_token'].should be_nil
...	...	@@ -14,6 +14,8 @@
14	14	%li
15	15	%a{href: "#users"} Users
16	16	%li
	17	+ %a{href: "#session"} Session
	18	+ %li
17	19	%a{href: "#issues"} Issues
18	20	%li
19	21	%a{href: "#milestones"} Milestones
...	...	@@ -58,6 +60,16 @@
58	60
59	61	%br
60	62
	63	+.file_holder#session
	64	+ .file_title
	65	+ %i.icon-file
	66	+ Session
	67	+ .file_content.wiki
	68	+ = preserve do
	69	+ = markdown File.read(Rails.root.join("doc", "api", "session.md"))
	70	+
	71	+%br
	72	+
61	73	.file_holder#issues
62	74	.file_title
63	75	%i.icon-file
...	...
...	...	@@ -9,8 +9,8 @@ module Gitlab
9	9	expose :id, :email, :name, :blocked, :created_at
10	10	end
11	11
12		- class UserLogin < Grape::Entity
13		- expose :id, :email, :name, :private_token, :blocked, :created_at
	12	+ class UserLogin < UserBasic
	13	+ expose :private_token
14	14	end
15	15
16	16	class Hook < Grape::Entity
...	...	@@ -56,9 +56,7 @@ module Gitlab
56	56	end
57	57
58	58	class Key < Grape::Entity
59		- expose :id,
60		- :title,
61		- :key
	59	+ expose :id, :title, :key
62	60	end
63	61	end
64	62	end
...	...
...	...	@@ -8,14 +8,13 @@ module Gitlab
8	8	post "/session" do
9	9	resource = User.find_for_database_authentication(email: params[:email])
10	10
11		- return forbidden! unless resource
	11	+ return unauthorized! unless resource
12	12
13	13	if resource.valid_password?(params[:password])
14	14	present resource, with: Entities::UserLogin
15	15	else
16		- forbidden!
	16	+ unauthorized!
17	17	end
18	18	end
19	19	end
20	20	end
21		-
...	...
...	...	@@ -19,7 +19,7 @@ describe Gitlab::API do
19	19	context "when invalid password" do
20	20	it "should return authentication error" do
21	21	post api("/session"), email: user.email, password: '123'
22		- response.status.should == 403
	22	+ response.status.should == 401
23	23
24	24	json_response['email'].should be_nil
25	25	json_response['private_token'].should be_nil
...	...	@@ -29,7 +29,7 @@ describe Gitlab::API do
29	29	context "when empty password" do
30	30	it "should return authentication error" do
31	31	post api("/session"), email: user.email
32		- response.status.should == 403
	32	+ response.status.should == 401
33	33
34	34	json_response['email'].should be_nil
35	35	json_response['private_token'].should be_nil
...	...