84d830b5b3
Consequences: * Removes the GET endpoint for the HTTP password * Removes digest authentication * Removes auth.gitBasicAuth config option. With the move to NoteDB, the per-account data (including the HTTP password) will be stored in a branch in the All-Users repo, where it is subject to Gerrit ACLs. Since these are notoriously hard to setup correctly, we want to avoid storing the password in plaintext. With this change, we support hashed passwords, and a schema upgrade populates the existing 'password' field using previous passwords. Tested migration manually: * ran schema upgrade * verified that schema upgrade inserts hashed passwords with gsql. * verified that the password still works with the new code. Tested passwords manually: * verified that correct passwords get accepted when using curl --user. * verified that wrong passwords get rejected when using curl --user. Change-Id: I26f5bcd7848040107e3721eeabf75baeb79c1724
90 lines
2.3 KiB
Plaintext
90 lines
2.3 KiB
Plaintext
= Gerrit Code Review - REST API Developers' Notes
|
|
|
|
This document is about developing the REST API. For details of the
|
|
actual APIs available in Gerrit, please see the
|
|
link:rest-api.html[REST API interface reference].
|
|
|
|
|
|
== Testing REST API Functionality
|
|
|
|
|
|
=== Basic Testing
|
|
|
|
Basic testing of REST API functionality can be done with `curl`:
|
|
|
|
----
|
|
curl http://localhost:8080/path/to/api/
|
|
----
|
|
|
|
By default, `curl` sends `GET` requests. To test APIs with `PUT`, `POST`,
|
|
or `DELETE`, an additional argument is required:
|
|
|
|
----
|
|
curl -X PUT http://localhost:8080/path/to/api/
|
|
curl -X POST http://localhost:8080/path/to/api/
|
|
curl -X DELETE http://localhost:8080/path/to/api/
|
|
----
|
|
|
|
|
|
=== Sending Data in the Request
|
|
|
|
Some REST APIs accept data in the request body of `PUT` and `POST` requests.
|
|
|
|
Test data can be included from a local file:
|
|
|
|
----
|
|
curl -X PUT -d@testdata.txt --header "Content-Type: application/json" http://localhost:8080/path/to/api/
|
|
----
|
|
|
|
Note that the `-d` option will remove the newlines from the content of the
|
|
local file. If the content should be sent as-is then use the `--data-binary`
|
|
option instead:
|
|
|
|
----
|
|
curl -X PUT --data-binary @testdata.txt --header "Content-Type: text/plain" http://localhost:8080/path/to/api/
|
|
----
|
|
|
|
Example to set a Gerrit project's link:rest-api-projects.html#set-project-description[description]:
|
|
|
|
----
|
|
curl -X PUT --user john:2LlAB3K9B0PF --data-binary @project-desc.txt --header "Content-Type: application/json; charset=UTF-8" http://localhost:8080/a/projects/myproject/description
|
|
----
|
|
|
|
=== Authentication
|
|
|
|
To test APIs that require authentication, the username and password must be specified on
|
|
the command line:
|
|
|
|
----
|
|
curl --user username:password http://localhost:8080/a/path/to/api/
|
|
----
|
|
|
|
This makes it easy to switch users for testing of permissions.
|
|
|
|
It is also possible to test with a username and password from the `.netrc`
|
|
file (on Windows, `_netrc`):
|
|
|
|
----
|
|
curl -n http://localhost:8080/a/path/to/api/
|
|
----
|
|
|
|
In both cases, the password should be the user's link:user-upload.html#http[HTTP password].
|
|
|
|
=== Verifying Header Content
|
|
|
|
To verify the headers returned from a REST API call, use `curl` in verbose mode:
|
|
|
|
----
|
|
curl -v -n -X DELETE http://localhost:8080/a/path/to/api/
|
|
----
|
|
|
|
The headers on both the request and the response will be printed.
|
|
|
|
|
|
GERRIT
|
|
------
|
|
Part of link:index.html[Gerrit Code Review]
|
|
|
|
SEARCHBOX
|
|
---------
|