diff --git a/app/views/help/api.html.haml b/app/views/help/api.html.haml index 35176f8e214df72361ec44eb34e2bdbd78c39e7d..b1916110ca553caf6e7453284699505d3de646ae 100644 --- a/app/views/help/api.html.haml +++ b/app/views/help/api.html.haml @@ -13,6 +13,8 @@ %a{href: "#snippets"} Snippets %li %a{href: "#users"} Users + %li + %a{href: "#session"} Session %li %a{href: "#issues"} Issues %li @@ -58,6 +60,16 @@ %br +.file_holder#session + .file_title + %i.icon-file + Session + .file_content.wiki + = preserve do + = markdown File.read(Rails.root.join("doc", "api", "session.md")) + +%br + .file_holder#issues .file_title %i.icon-file diff --git a/lib/api/entities.rb b/lib/api/entities.rb index 5d8cc2765b1ab8876c195fd0c42ac8dc74a61d7c..a8b786aebb0e08efe3a8d7529361fc4a1c3d7823 100644 --- a/lib/api/entities.rb +++ b/lib/api/entities.rb @@ -9,8 +9,8 @@ module Gitlab expose :id, :email, :name, :blocked, :created_at end - class UserLogin < Grape::Entity - expose :id, :email, :name, :private_token, :blocked, :created_at + class UserLogin < UserBasic + expose :private_token end class Hook < Grape::Entity @@ -56,9 +56,7 @@ module Gitlab end class Key < Grape::Entity - expose :id, - :title, - :key + expose :id, :title, :key end end end diff --git a/lib/api/session.rb b/lib/api/session.rb index 5bcdf93abe92cf6b5661adda46fa63a56a68fe9d..b4050160ae42facebe03ae10f0af4c7f631454cc 100644 --- a/lib/api/session.rb +++ b/lib/api/session.rb @@ -8,14 +8,13 @@ module Gitlab post "/session" do resource = User.find_for_database_authentication(email: params[:email]) - return forbidden! unless resource + return unauthorized! unless resource if resource.valid_password?(params[:password]) present resource, with: Entities::UserLogin else - forbidden! + unauthorized! end end end end - diff --git a/spec/requests/api/session_spec.rb b/spec/requests/api/session_spec.rb index 0809475be81be8934007218362894ea7e1bb2571..f251f3921acacde95418deb7b3bae3cd54256a45 100644 --- a/spec/requests/api/session_spec.rb +++ b/spec/requests/api/session_spec.rb @@ -19,7 +19,7 @@ describe Gitlab::API do context "when invalid password" do it "should return authentication error" do post api("/session"), email: user.email, password: '123' - response.status.should == 403 + response.status.should == 401 json_response['email'].should be_nil json_response['private_token'].should be_nil @@ -29,7 +29,7 @@ describe Gitlab::API do context "when empty password" do it "should return authentication error" do post api("/session"), email: user.email - response.status.should == 403 + response.status.should == 401 json_response['email'].should be_nil json_response['private_token'].should be_nil