Commit bbf4d27a authored by Tomasz Maczukin's avatar Tomasz Maczukin Committed by Kamil Trzciński

Make runner's veryfication working again

In APIv1 we were using UpdateJob to verify if the runner exists. It was
the only method that was using Runner's token and used in special way
had no side effects (like scheduling a new job or unregisterring a
Runner).

In APIv4 we've change UpdateJob to use job's token as authentication
credentials, and that way we've removed the only endpoint that could
be used to verify if the Runner with a certain token exists in target
GitLab installation.

This commit adds `POST /api/v4/runners/verify` endpoint whose only
responsibility is to respond if Runner with posted credentials exists or
not.
parent 691402fb
......@@ -47,6 +47,17 @@ module API
authenticate_runner!
Ci::Runner.find_by_token(params[:token]).destroy
end
desc 'Validates authentication credentials' do
http_codes [[200, 'Credentials are valid'], [403, 'Forbidden']]
end
params do
requires :token, type: String, desc: %q(Runner's authentication token)
end
post '/verify' do
authenticate_runner!
status 200
end
end
resource :jobs do
......
......@@ -152,6 +152,34 @@ describe API::Runner do
end
end
end
describe 'POST /api/v4/runners/verify' do
let(:runner) { create(:ci_runner) }
context 'when no token is provided' do
it 'returns 400 error' do
post api('/runners/verify')
expect(response).to have_http_status :bad_request
end
end
context 'when invalid token is provided' do
it 'returns 403 error' do
post api('/runners/verify'), token: 'invalid-token'
expect(response).to have_http_status 403
end
end
context 'when valid token is provided' do
it 'deletes Runner' do
post api('/runners/verify'), token: runner.token
expect(response).to have_http_status 200
end
end
end
end
describe '/api/v4/jobs' do
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment