summaryrefslogtreecommitdiffstats
path: root/routers
diff options
context:
space:
mode:
authorVlad Temian <vladtemian@gmail.com>2017-12-06 12:27:10 +0200
committerLauris BH <lauris@nix.lv>2017-12-06 12:27:10 +0200
commit469ab99e9a4e31c1e95ab37f363c26b62b782542 (patch)
tree610c3848c07f2d0ca8854c6fb989f72e8a656b3b /routers
parentc7fb6e30870ea1abff13a8214107e0747d293320 (diff)
downloadgitea-469ab99e9a4e31c1e95ab37f363c26b62b782542.tar.gz
gitea-469ab99e9a4e31c1e95ab37f363c26b62b782542.zip
Delete a user's public key via admin api (closes #3014) (#3059)
* Delete a user's public key via admin api * Test admin ssh endpoint for creating a new ssh key * Adapt public ssh key test to also test the delete operation * Test that deleting a missing key will result in a 404 * Test that a normal user can't delete another user's ssh key * Make DeletePublicKey return err * Update swagger doc
Diffstat (limited to 'routers')
-rw-r--r--routers/api/v1/admin/user.go45
-rw-r--r--routers/api/v1/api.go5
-rw-r--r--routers/api/v1/user/key.go6
3 files changed, 54 insertions, 2 deletions
diff --git a/routers/api/v1/admin/user.go b/routers/api/v1/admin/user.go
index 19f24aed8f..fc1d3da2f1 100644
--- a/routers/api/v1/admin/user.go
+++ b/routers/api/v1/admin/user.go
@@ -236,3 +236,48 @@ func CreatePublicKey(ctx *context.APIContext, form api.CreateKeyOption) {
}
user.CreateUserPublicKey(ctx, form, u.ID)
}
+
+// DeleteUserPublicKey api for deleting a user's public key
+func DeleteUserPublicKey(ctx *context.APIContext) {
+ // swagger:operation DELETE /admin/users/{username}/keys/{id} admin adminDeleteUserPublicKey
+ // ---
+ // summary: Delete a user's public key
+ // produces:
+ // - application/json
+ // parameters:
+ // - name: username
+ // in: path
+ // description: username of user
+ // type: string
+ // required: true
+ // - name: id
+ // in: path
+ // description: id of the key to delete
+ // type: integer
+ // required: true
+ // responses:
+ // "204":
+ // "$ref": "#/responses/empty"
+ // "403":
+ // "$ref": "#/responses/forbidden"
+ // "404":
+ // "$ref": "#/responses/notFound"
+ u := user.GetUserByParams(ctx)
+ if ctx.Written() {
+ return
+ }
+
+ if err := models.DeletePublicKey(u, ctx.ParamsInt64(":id")); err != nil {
+ if models.IsErrKeyNotExist(err) {
+ ctx.Status(404)
+ } else if models.IsErrKeyAccessDenied(err) {
+ ctx.Error(403, "", "You do not have access to this key")
+ } else {
+ ctx.Error(500, "DeleteUserPublicKey", err)
+ }
+ return
+ }
+ log.Trace("Key deleted by admin(%s): %s", ctx.User.Name, u.Name)
+
+ ctx.Status(204)
+}
diff --git a/routers/api/v1/api.go b/routers/api/v1/api.go
index 2aa27af091..f6ed844d4a 100644
--- a/routers/api/v1/api.go
+++ b/routers/api/v1/api.go
@@ -542,7 +542,10 @@ func RegisterRoutes(m *macaron.Macaron) {
m.Group("/:username", func() {
m.Combo("").Patch(bind(api.EditUserOption{}), admin.EditUser).
Delete(admin.DeleteUser)
- m.Post("/keys", bind(api.CreateKeyOption{}), admin.CreatePublicKey)
+ m.Group("/keys", func() {
+ m.Post("", bind(api.CreateKeyOption{}), admin.CreatePublicKey)
+ m.Delete("/:id", admin.DeleteUserPublicKey)
+ })
m.Post("/orgs", bind(api.CreateOrgOption{}), admin.CreateOrg)
m.Post("/repos", bind(api.CreateRepoOption{}), admin.CreateRepo)
})
diff --git a/routers/api/v1/user/key.go b/routers/api/v1/user/key.go
index 3649dac9b9..c36ef763dd 100644
--- a/routers/api/v1/user/key.go
+++ b/routers/api/v1/user/key.go
@@ -178,8 +178,12 @@ func DeletePublicKey(ctx *context.APIContext) {
// "$ref": "#/responses/empty"
// "403":
// "$ref": "#/responses/forbidden"
+ // "404":
+ // "$ref": "#/responses/notFound"
if err := models.DeletePublicKey(ctx.User, ctx.ParamsInt64(":id")); err != nil {
- if models.IsErrKeyAccessDenied(err) {
+ if models.IsErrKeyNotExist(err) {
+ ctx.Status(404)
+ } else if models.IsErrKeyAccessDenied(err) {
ctx.Error(403, "", "You do not have access to this key")
} else {
ctx.Error(500, "DeletePublicKey", err)