Merge branch 'api-empty-project-snippets' into 'master'

Api empty project snippets

Closes #50270

See merge request gitlab-org/gitlab-ce!21325

3 files changed, 23 insertions, 2 deletions

diff --git a/changelogs/unreleased/api-empty-project-snippets.yml b/changelogs/unreleased/api-empty-project-snippets.yml
new file mode 100644
index 00000000000..7b8c7c9e48d
--- /dev/null
+++ b/changelogs/unreleased/api-empty-project-snippets.yml
@@ -0,0 +1,5 @@
+---
+title: 'API: Catch empty code content for project snippets'
+merge_request: 21325
+author: Robert Schilling
+type: fixed
diff --git a/lib/api/project_snippets.rb b/lib/api/project_snippets.rb
index 1de5551fee9..0ada0ef4708 100644
--- a/lib/api/project_snippets.rb
+++ b/lib/api/project_snippets.rb
@@ -49,7 +49,7 @@ module API
       params do
         requires :title, type: String, desc: 'The title of the snippet'
         requires :file_name, type: String, desc: 'The file name of the snippet'
-        requires :code, type: String, desc: 'The content of the snippet'
+        requires :code, type: String, allow_blank: false, desc: 'The content of the snippet'
         optional :description, type: String, desc: 'The description of a snippet'
         requires :visibility, type: String,
                               values: Gitlab::VisibilityLevel.string_values,
@@ -78,7 +78,7 @@ module API
         requires :snippet_id, type: Integer, desc: 'The ID of a project snippet'
         optional :title, type: String, desc: 'The title of the snippet'
         optional :file_name, type: String, desc: 'The file name of the snippet'
-        optional :code, type: String, desc: 'The content of the snippet'
+        optional :code, type: String, allow_blank: false, desc: 'The content of the snippet'
         optional :description, type: String, desc: 'The description of a snippet'
         optional :visibility, type: String,
                               values: Gitlab::VisibilityLevel.string_values,
diff --git a/spec/requests/api/project_snippets_spec.rb b/spec/requests/api/project_snippets_spec.rb
index a3b5e8c6223..5dec0bc778c 100644
--- a/spec/requests/api/project_snippets_spec.rb
+++ b/spec/requests/api/project_snippets_spec.rb
@@ -116,6 +116,14 @@ describe API::ProjectSnippets do
       expect(response).to have_gitlab_http_status(400)
     end
 
+    it 'returns 400 for empty code field' do
+      params[:code] = ''
+
+      post api("/projects/#{project.id}/snippets/", admin), params
+
+      expect(response).to have_gitlab_http_status(400)
+    end
+
     context 'when the snippet is spam' do
       def create_snippet(project, snippet_params = {})
         project.add_developer(user)
@@ -180,6 +188,14 @@ describe API::ProjectSnippets do
       expect(response).to have_gitlab_http_status(400)
     end
 
+    it 'returns 400 for empty code field' do
+      new_content = ''
+
+      put api("/projects/#{snippet.project.id}/snippets/#{snippet.id}/", admin), code: new_content
+
+      expect(response).to have_gitlab_http_status(400)
+    end
+
     context 'when the snippet is spam' do
       def update_snippet(snippet_params = {})
         put api("/projects/#{snippet.project.id}/snippets/#{snippet.id}", admin), snippet_params