Commit 784d5167 authored by georg's avatar georg

Merge branch 'keys-response-with-subscription-email' into 'release-4.0'

API: Include subscription email in keys response

See merge request !294
parents 9d5dee00 2b0232e0
Pipeline #26581 passed with stages
in 5 minutes and 46 seconds
......@@ -72,23 +72,6 @@ module SchleuderApiDaemonHelper
end
end
def key_to_hash(key, include_keydata=false)
hash = {
fingerprint: key.fingerprint,
email: key.email,
expiry: key.expires,
generated_at: key.generated_at,
primary_uid: key.primary_uid.uid,
oneline: key.oneline,
trust_issues: key.usability_issue
}
if include_keydata
hash[:description] = key.to_s
hash[:ascii] = key.armored
end
hash
end
def set_x_messages(messages)
if messages.present?
headers 'X-Messages' => Array(messages).join(' // ').gsub(/\n/, ' // ')
......
......@@ -5,7 +5,14 @@ class SchleuderApiDaemon < Sinatra::Base
get '/:list_email/keys.json' do |list_email|
keys = keys_controller.find_all(list_email)
keys_hash = keys.sort_by(&:email).map do |key|
key_to_hash(key)
key_hash = key_to_hash(key)
if authorized_to_read_subscriptions?(list_email)
subscription = subscription(list_email, key.fingerprint)
if subscription
key_hash.merge!(subscription: subscription.email)
end
end
key_hash
end
json keys_hash
end
......@@ -24,7 +31,14 @@ class SchleuderApiDaemon < Sinatra::Base
get '/:list_email/keys/:fingerprint.json' do |list_email, fingerprint|
key = keys_controller.find(list_email, fingerprint)
json key_to_hash(key, true)
key_hash = key_to_hash(key, true)
if authorized_to_read_subscriptions?(list_email)
subscription = subscription(list_email, key.fingerprint)
if subscription
key_hash.merge!(subscription: subscription.email)
end
end
json key_hash
end
delete '/:list_email/keys/:fingerprint.json' do |list_email, fingerprint|
......@@ -37,4 +51,42 @@ class SchleuderApiDaemon < Sinatra::Base
def keys_controller
Schleuder::KeysController.new(current_account)
end
def lists_controller
Schleuder::ListsController.new(current_account)
end
def subscriptions_controller
Schleuder::SubscriptionsController.new(current_account)
end
def subscription(list_email, fingerprint)
subscription = subscriptions_controller.find_all(list_email, {fingerprint: fingerprint}).first
subscription ||= nil
end
def authorized_to_read_subscriptions?(list_email)
list = lists_controller.find(list_email)
authorize!(list, :list_subscriptions)
return true
rescue Errors::Unauthorized
return false
end
def key_to_hash(key, include_keydata=false)
hash = {
fingerprint: key.fingerprint,
email: key.email,
expiry: key.expires,
generated_at: key.generated_at,
primary_uid: key.primary_uid.uid,
oneline: key.oneline,
trust_issues: key.usability_issue,
}
if include_keydata
hash[:description] = key.to_s
hash[:ascii] = key.armored
end
hash
end
end
......@@ -55,6 +55,70 @@ describe 'keys via api' do
expect(last_response.status).to be 200
expect(JSON.parse(last_response.body).length).to be 1
end
it 'contains the subscription email in the response authorized as list-admin' do
list = create(:list)
list.subscribe('schleuder@example.org', '59C71FB38AEE22E091C78259D06350440F759BD3', true)
account = create(:account, email: 'schleuder@example.org')
authorize!(account.email, account.set_new_password!)
get "/lists/#{list.email}/keys.json"
expect(JSON.parse(last_response.body).first['subscription']).to eq 'schleuder@example.org'
end
it 'does not contain the subscription key in the response json if user is authorized but no subscription exists' do
list = create(:list)
authorize_as_api_superadmin!
get "/lists/#{list.email}/keys.json"
expect(JSON.parse(last_response.body).first['subscription']).to eq nil
end
it 'does not contain the subscription email in the response if user is not an admin' do
list = create(:list)
list.subscribe('schleuder@example.org', '59C71FB38AEE22E091C78259D06350440F759BD3', false)
account = create(:account, email: 'schleuder@example.org')
authorize!(account.email, account.set_new_password!)
get "/lists/#{list.email}/keys.json"
expect(JSON.parse(last_response.body).first['subscription']).to eq nil
end
end
context 'get key' do
it 'contains the subscription email in the response authorized as list-admin' do
list = create(:list)
list.subscribe('schleuder@example.org', '59C71FB38AEE22E091C78259D06350440F759BD3', true)
account = create(:account, email: 'schleuder@example.org')
authorize!(account.email, account.set_new_password!)
get "/lists/#{list.email}/keys/59C71FB38AEE22E091C78259D06350440F759BD3.json"
expect(JSON.parse(last_response.body)['subscription']).to eq 'schleuder@example.org'
end
it 'does not contain the subscription key in the response json if user is authorized but no subscription exists' do
list = create(:list)
authorize_as_api_superadmin!
get "/lists/#{list.email}/keys/59C71FB38AEE22E091C78259D06350440F759BD3.json"
expect(JSON.parse(last_response.body)['subscription']).to eq nil
end
it 'does not contain the subscription email in the response if user is not an admin' do
list = create(:list)
list.subscribe('schleuder@example.org', '59C71FB38AEE22E091C78259D06350440F759BD3', false)
account = create(:account, email: 'schleuder@example.org')
authorize!(account.email, account.set_new_password!)
get "/lists/#{list.email}/keys/59C71FB38AEE22E091C78259D06350440F759BD3.json"
expect(JSON.parse(last_response.body)['subscription']).to eq nil
end
end
context 'check' do
......
......@@ -3,3 +3,7 @@
# That's actually \nto, which codespell is not able to parse correctly
nto
keyserver
keyservers
fpr
files'
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment