Merge branch 'fj-restore-users-v3-endpoint' into 'master'

Restoring user v3 endpoint

Closes #47565

See merge request gitlab-org/gitlab-ce!19661

4 files changed, 65 insertions, 49 deletions

diff --git a/changelogs/unreleased/fj-restore-users-v3-endpoint.yml b/changelogs/unreleased/fj-restore-users-v3-endpoint.yml
new file mode 100644
index 00000000000..c5f952dfa88
--- /dev/null
+++ b/changelogs/unreleased/fj-restore-users-v3-endpoint.yml
@@ -0,0 +1,5 @@
+---
+title: Restore API v3 user endpoint
+merge_request:
+author:
+type: changed
diff --git a/lib/api/users.rb b/lib/api/users.rb
index 14b8a796c8e..e8df2c5a74a 100644
--- a/lib/api/users.rb
+++ b/lib/api/users.rb
@@ -531,18 +531,22 @@ module API
         authenticate!
       end
 
-      desc 'Get the currently authenticated user' do
-        success Entities::UserPublic
-      end
-      get do
-        entity =
-          if current_user.admin?
-            Entities::UserWithAdmin
-          else
-            Entities::UserPublic
-          end
+      # Enabling /user endpoint for the v3 version to allow oauth
+      # authentication through this endpoint.
+      version %w(v3 v4), using: :path do
+        desc 'Get the currently authenticated user' do
+          success Entities::UserPublic
+        end
+        get do
+          entity =
+            if current_user.admin?
+              Entities::UserWithAdmin
+            else
+              Entities::UserPublic
+            end
 
-        present current_user, with: entity
+          present current_user, with: entity
+        end
       end
 
       desc "Get the currently authenticated user's SSH keys" do
diff --git a/spec/requests/api/users_spec.rb b/spec/requests/api/users_spec.rb
index 05637eb0729..c7678fe1474 100644
--- a/spec/requests/api/users_spec.rb
+++ b/spec/requests/api/users_spec.rb
@@ -1123,58 +1123,63 @@ describe API::Users do
   describe "GET /user" do
     let(:personal_access_token) { create(:personal_access_token, user: user).token }
 
-    context 'with regular user' do
-      context 'with personal access token' do
-        it 'returns 403 without private token when sudo is defined' do
-          get api("/user?private_token=#{personal_access_token}&sudo=123")
+    shared_examples 'get user info' do |version|
+      context 'with regular user' do
+        context 'with personal access token' do
+          it 'returns 403 without private token when sudo is defined' do
+            get api("/user?private_token=#{personal_access_token}&sudo=123", version: version)
 
-          expect(response).to have_gitlab_http_status(403)
+            expect(response).to have_gitlab_http_status(403)
+          end
         end
-      end
 
-      it 'returns current user without private token when sudo not defined' do
-        get api("/user", user)
+        it 'returns current user without private token when sudo not defined' do
+          get api("/user", user, version: version)
 
-        expect(response).to have_gitlab_http_status(200)
-        expect(response).to match_response_schema('public_api/v4/user/public')
-        expect(json_response['id']).to eq(user.id)
-      end
+          expect(response).to have_gitlab_http_status(200)
+          expect(response).to match_response_schema('public_api/v4/user/public')
+          expect(json_response['id']).to eq(user.id)
+        end
 
-      context "scopes" do
-        let(:path) { "/user" }
-        let(:api_call) { method(:api) }
+        context "scopes" do
+          let(:path) { "/user" }
+          let(:api_call) { method(:api) }
 
-        include_examples 'allows the "read_user" scope'
+          include_examples 'allows the "read_user" scope', version
+        end
       end
-    end
 
-    context 'with admin' do
-      let(:admin_personal_access_token) { create(:personal_access_token, user: admin).token }
+      context 'with admin' do
+        let(:admin_personal_access_token) { create(:personal_access_token, user: admin).token }
 
-      context 'with personal access token' do
-        it 'returns 403 without private token when sudo defined' do
-          get api("/user?private_token=#{admin_personal_access_token}&sudo=#{user.id}")
+        context 'with personal access token' do
+          it 'returns 403 without private token when sudo defined' do
+            get api("/user?private_token=#{admin_personal_access_token}&sudo=#{user.id}", version: version)
 
-          expect(response).to have_gitlab_http_status(403)
-        end
+            expect(response).to have_gitlab_http_status(403)
+          end
 
-        it 'returns initial current user without private token but with is_admin when sudo not defined' do
-          get api("/user?private_token=#{admin_personal_access_token}")
+          it 'returns initial current user without private token but with is_admin when sudo not defined' do
+            get api("/user?private_token=#{admin_personal_access_token}", version: version)
 
-          expect(response).to have_gitlab_http_status(200)
-          expect(response).to match_response_schema('public_api/v4/user/admin')
-          expect(json_response['id']).to eq(admin.id)
+            expect(response).to have_gitlab_http_status(200)
+            expect(response).to match_response_schema('public_api/v4/user/admin')
+            expect(json_response['id']).to eq(admin.id)
+          end
         end
       end
-    end
 
-    context 'with unauthenticated user' do
-      it "returns 401 error if user is unauthenticated" do
-        get api("/user")
+      context 'with unauthenticated user' do
+        it "returns 401 error if user is unauthenticated" do
+          get api("/user", version: version)
 
-        expect(response).to have_gitlab_http_status(401)
+          expect(response).to have_gitlab_http_status(401)
+        end
       end
     end
+
+    it_behaves_like 'get user info', 'v3'
+    it_behaves_like 'get user info', 'v4'
   end
 
   describe "GET /user/keys" do
diff --git a/spec/support/api/scopes/read_user_shared_examples.rb b/spec/support/api/scopes/read_user_shared_examples.rb
index 06ae8792c61..d7cef137989 100644
--- a/spec/support/api/scopes/read_user_shared_examples.rb
+++ b/spec/support/api/scopes/read_user_shared_examples.rb
@@ -1,10 +1,12 @@
-shared_examples_for 'allows the "read_user" scope' do
+shared_examples_for 'allows the "read_user" scope' do |api_version|
+  let(:version) { api_version || 'v4' }
+
   context 'for personal access tokens' do
     context 'when the requesting token has the "api" scope' do
       let(:token) { create(:personal_access_token, scopes: ['api'], user: user) }
 
       it 'returns a "200" response' do
-        get api_call.call(path, user, personal_access_token: token)
+        get api_call.call(path, user, personal_access_token: token, version: version)
 
         expect(response).to have_gitlab_http_status(200)
       end
@@ -14,7 +16,7 @@ shared_examples_for 'allows the "read_user" scope' do
       let(:token) { create(:personal_access_token, scopes: ['read_user'], user: user) }
 
       it 'returns a "200" response' do
-        get api_call.call(path, user, personal_access_token: token)
+        get api_call.call(path, user, personal_access_token: token, version: version)
 
         expect(response).to have_gitlab_http_status(200)
       end
@@ -28,7 +30,7 @@ shared_examples_for 'allows the "read_user" scope' do
       end
 
       it 'returns a "403" response' do
-        get api_call.call(path, user, personal_access_token: token)
+        get api_call.call(path, user, personal_access_token: token, version: version)
 
         expect(response).to have_gitlab_http_status(403)
       end