Make runner's veryfication working again

In APIv1 we were using UpdateJob to verify if the runner exists. It was the only method that was using Runner's token and used in special way had no side effects (like scheduling a new job or unregisterring a Runner). In APIv4 we've change UpdateJob to use job's token as authentication credentials, and that way we've removed the only endpoint that could be used to verify if the Runner with a certain token exists in target GitLab installation. This commit adds `POST /api/v4/runners/verify` endpoint whose only responsibility is to respond if Runner with posted credentials exists or not.

Make runner's veryfication working again
In APIv1 we were using UpdateJob to verify if the runner exists. It was the only method that was using Runner's token and used in special way had no side effects (like scheduling a new job or unregisterring a Runner). In APIv4 we've change UpdateJob to use job's token as authentication credentials, and that way we've removed the only endpoint that could be used to verify if the Runner with a certain token exists in target GitLab installation. This commit adds `POST /api/v4/runners/verify` endpoint whose only responsibility is to respond if Runner with posted credentials exists or not.
bbf4d27a · Tomasz Maczukin · Kamil Trzcinski · 691402fb · bbf4d27a · bbf4d27a
隐藏空白更改
内联并排

Showing with 39 addition and 0 deletion

lib/api/runner.rb lib/api/runner.rb +11 -0

spec/requests/api/runner_spec.rb spec/requests/api/runner_spec.rb +28 -0

未找到文件。
--- a/lib/api/runner.rb
+++ b/lib/api/runner.rb
@@ -47,6 +47,17 @@ module API
        authenticate_runner!
        Ci::Runner.find_by_token(params[:token]).destroy
      end
+
+      desc 'Validates authentication credentials' do
+        http_codes [[200, 'Credentials are valid'], [403, 'Forbidden']]
+      end
+      params do
+        requires :token, type: String, desc: %q(Runner's authentication token)
+      end
+      post '/verify' do
+        authenticate_runner!
+        status 200
+      end
    end

    resource :jobs do

--- a/spec/requests/api/runner_spec.rb
+++ b/spec/requests/api/runner_spec.rb
@@ -152,6 +152,34 @@ describe API::Runner do
        end
      end
    end
+
+    describe 'POST /api/v4/runners/verify' do
+      let(:runner) { create(:ci_runner) }
+
+      context 'when no token is provided' do
+        it 'returns 400 error' do
+          post api('/runners/verify')
+
+          expect(response).to have_http_status :bad_request
+        end
+      end
+
+      context 'when invalid token is provided' do
+        it 'returns 403 error' do
+          post api('/runners/verify'), token: 'invalid-token'
+
+          expect(response).to have_http_status 403
+        end
+      end
+
+      context 'when valid token is provided' do
+        it 'deletes Runner' do
+          post api('/runners/verify'), token: runner.token
+
+          expect(response).to have_http_status 200
+        end
+      end
+    end
  end

  describe '/api/v4/jobs' do