2 files changed, 46 insertions, 3 deletions

diff --git a/lib/api/branches.rb b/lib/api/branches.rb
index 953c6100f8b..d54f9371fbe 100644
--- a/lib/api/branches.rb
+++ b/lib/api/branches.rb
@@ -24,7 +24,7 @@ module API
       #   branch (required) - The name of the branch
       # Example Request:
       #   GET /projects/:id/repository/branches/:branch
-      get ":id/repository/branches/:branch" do
+      get ':id/repository/branches/:branch', requirements: { branch: /.*/ } do
         @branch = user_project.repo.heads.find { |item| item.name == params[:branch] }
         not_found!("Branch does not exist") if @branch.nil?
         present @branch, with: Entities::RepoObject, project: user_project
@@ -37,7 +37,9 @@ module API
       #   branch (required) - The name of the branch
       # Example Request:
       #   PUT /projects/:id/repository/branches/:branch/protect
-      put ":id/repository/branches/:branch/protect" do
+      put ':id/repository/branches/:branch/protect',
+          requirements: { branch: /.*/ } do
+
         authorize_admin_project
 
         @branch = user_project.repository.find_branch(params[:branch])
@@ -55,7 +57,9 @@ module API
       #   branch (required) - The name of the branch
       # Example Request:
       #   PUT /projects/:id/repository/branches/:branch/unprotect
-      put ":id/repository/branches/:branch/unprotect" do
+      put ':id/repository/branches/:branch/unprotect',
+          requirements: { branch: /.*/ } do
+
         authorize_admin_project
 
         @branch = user_project.repository.find_branch(params[:branch])
diff --git a/lib/api/users.rb b/lib/api/users.rb
index ae808b6272b..6ed2740c333 100644
--- a/lib/api/users.rb
+++ b/lib/api/users.rb
@@ -113,6 +113,45 @@ module API
         end
       end
 
+      # Get ssh keys of a specified user. Only available to admin users.
+      #
+      # Parameters:
+      # uid (required) - The ID of a user
+      # Example Request:
+      # GET /users/:uid/keys
+      get ':uid/keys' do
+        authenticated_as_admin!
+        user = User.find_by(id: params[:uid])
+        if user
+          present user.keys, with: Entities::SSHKey
+        else
+          not_found!
+        end
+      end
+
+      # Delete existing ssh key of a specified user. Only available to admin
+      # users.
+      #
+      # Parameters:
+      #   uid (required) - The ID of a user
+      #   id (required) - SSH Key ID
+      # Example Request:
+      #   DELETE /users/:uid/keys/:id
+      delete ':uid/keys/:id' do
+        authenticated_as_admin!
+        user = User.find_by(id: params[:uid])
+        if user
+          begin
+            key = user.keys.find params[:id]
+            key.destroy
+          rescue ActiveRecord::RecordNotFound
+            not_found!
+          end
+        else
+          not_found!
+        end
+      end
+
       # Delete user. Available only for admin
       #
       # Example Request: