1 files changed, 124 insertions, 104 deletions

diff --git a/spec/requests/api/users_spec.rb b/spec/requests/api/users_spec.rb
index bb913ae0e79..f3431e0be3d 100644
--- a/spec/requests/api/users_spec.rb
+++ b/spec/requests/api/users_spec.rb
@@ -43,7 +43,7 @@ describe API::Users do
       end
 
       it "returns the user when a valid `username` parameter is passed" do
-        get api("/users"), username: user.username
+        get api("/users"), params: { username: user.username }
 
         expect(response).to match_response_schema('public_api/v4/user/basics')
         expect(json_response.size).to eq(1)
@@ -52,7 +52,7 @@ describe API::Users do
       end
 
       it "returns the user when a valid `username` parameter is passed (case insensitive)" do
-        get api("/users"), username: user.username.upcase
+        get api("/users"), params: { username: user.username.upcase }
 
         expect(response).to match_response_schema('public_api/v4/user/basics')
         expect(json_response.size).to eq(1)
@@ -61,7 +61,7 @@ describe API::Users do
       end
 
       it "returns an empty response when an invalid `username` parameter is passed" do
-        get api("/users"), username: 'invalid'
+        get api("/users"), params: { username: 'invalid' }
 
         expect(response).to have_gitlab_http_status(200)
         expect(json_response).to be_an Array
@@ -74,7 +74,7 @@ describe API::Users do
         end
 
         it "returns authorization error when the `username` parameter refers to an inaccessible user" do
-          get api("/users"), username: user.username
+          get api("/users"), params: { username: user.username }
 
           expect(response).to have_gitlab_http_status(403)
         end
@@ -243,7 +243,7 @@ describe API::Users do
         admin
         user
 
-        get api('/users', admin), { order_by: 'id', sort: 'asc' }
+        get api('/users', admin), params: { order_by: 'id', sort: 'asc' }
 
         expect(response).to match_response_schema('public_api/v4/user/admins')
         expect(json_response.size).to eq(2)
@@ -256,7 +256,7 @@ describe API::Users do
         user
         user_with_2fa = create(:user, :two_factor_via_otp)
 
-        get api('/users', admin), { two_factor: 'enabled' }
+        get api('/users', admin), params: { two_factor: 'enabled' }
 
         expect(response).to match_response_schema('public_api/v4/user/admins')
         expect(json_response.size).to eq(1)
@@ -264,7 +264,7 @@ describe API::Users do
       end
 
       it 'returns 400 when provided incorrect sort params' do
-        get api('/users', admin), { order_by: 'magic', sort: 'asc' }
+        get api('/users', admin), params: { order_by: 'magic', sort: 'asc' }
 
         expect(response).to have_gitlab_http_status(400)
       end
@@ -375,12 +375,12 @@ describe API::Users do
 
     it "creates user" do
       expect do
-        post api("/users", admin), attributes_for(:user, projects_limit: 3)
+        post api("/users", admin), params: attributes_for(:user, projects_limit: 3)
       end.to change { User.count }.by(1)
     end
 
     it "creates user with correct attributes" do
-      post api('/users', admin), attributes_for(:user, admin: true, can_create_group: true)
+      post api('/users', admin), params: attributes_for(:user, admin: true, can_create_group: true)
       expect(response).to have_gitlab_http_status(201)
       user_id = json_response['id']
       new_user = User.find(user_id)
@@ -393,13 +393,13 @@ describe API::Users do
       optional_attributes = { confirm: true }
       attributes = attributes_for(:user).merge(optional_attributes)
 
-      post api('/users', admin), attributes
+      post api('/users', admin), params: attributes
 
       expect(response).to have_gitlab_http_status(201)
     end
 
     it "creates non-admin user" do
-      post api('/users', admin), attributes_for(:user, admin: false, can_create_group: false)
+      post api('/users', admin), params: attributes_for(:user, admin: false, can_create_group: false)
       expect(response).to have_gitlab_http_status(201)
       user_id = json_response['id']
       new_user = User.find(user_id)
@@ -409,7 +409,7 @@ describe API::Users do
     end
 
     it "creates non-admin users by default" do
-      post api('/users', admin), attributes_for(:user)
+      post api('/users', admin), params: attributes_for(:user)
       expect(response).to have_gitlab_http_status(201)
       user_id = json_response['id']
       new_user = User.find(user_id)
@@ -418,12 +418,12 @@ describe API::Users do
     end
 
     it "returns 201 Created on success" do
-      post api("/users", admin), attributes_for(:user, projects_limit: 3)
+      post api("/users", admin), params: attributes_for(:user, projects_limit: 3)
       expect(response).to have_gitlab_http_status(201)
     end
 
     it 'creates non-external users by default' do
-      post api("/users", admin), attributes_for(:user)
+      post api("/users", admin), params: attributes_for(:user)
       expect(response).to have_gitlab_http_status(201)
 
       user_id = json_response['id']
@@ -433,7 +433,7 @@ describe API::Users do
     end
 
     it 'allows an external user to be created' do
-      post api("/users", admin), attributes_for(:user, external: true)
+      post api("/users", admin), params: attributes_for(:user, external: true)
       expect(response).to have_gitlab_http_status(201)
 
       user_id = json_response['id']
@@ -443,7 +443,7 @@ describe API::Users do
     end
 
     it "creates user with reset password" do
-      post api('/users', admin), attributes_for(:user, reset_password: true).except(:password)
+      post api('/users', admin), params: attributes_for(:user, reset_password: true).except(:password)
 
       expect(response).to have_gitlab_http_status(201)
 
@@ -455,7 +455,7 @@ describe API::Users do
     end
 
     it "creates user with private profile" do
-      post api('/users', admin), attributes_for(:user, private_profile: true)
+      post api('/users', admin), params: attributes_for(:user, private_profile: true)
 
       expect(response).to have_gitlab_http_status(201)
 
@@ -468,40 +468,44 @@ describe API::Users do
 
     it "does not create user with invalid email" do
       post api('/users', admin),
-           email: 'invalid email',
-           password: 'password',
-           name: 'test'
+           params: {
+             email: 'invalid email',
+             password: 'password',
+             name: 'test'
+           }
       expect(response).to have_gitlab_http_status(400)
     end
 
     it 'returns 400 error if name not given' do
-      post api('/users', admin), attributes_for(:user).except(:name)
+      post api('/users', admin), params: attributes_for(:user).except(:name)
       expect(response).to have_gitlab_http_status(400)
     end
 
     it 'returns 400 error if password not given' do
-      post api('/users', admin), attributes_for(:user).except(:password)
+      post api('/users', admin), params: attributes_for(:user).except(:password)
       expect(response).to have_gitlab_http_status(400)
     end
 
     it 'returns 400 error if email not given' do
-      post api('/users', admin), attributes_for(:user).except(:email)
+      post api('/users', admin), params: attributes_for(:user).except(:email)
       expect(response).to have_gitlab_http_status(400)
     end
 
     it 'returns 400 error if username not given' do
-      post api('/users', admin), attributes_for(:user).except(:username)
+      post api('/users', admin), params: attributes_for(:user).except(:username)
       expect(response).to have_gitlab_http_status(400)
     end
 
     it 'returns 400 error if user does not validate' do
       post api('/users', admin),
-           password: 'pass',
-           email: 'test@example.com',
-           username: 'test!',
-           name: 'test',
-           bio: 'g' * 256,
-           projects_limit: -1
+           params: {
+             password: 'pass',
+             email: 'test@example.com',
+             username: 'test!',
+             name: 'test',
+             bio: 'g' * 256,
+             projects_limit: -1
+           }
       expect(response).to have_gitlab_http_status(400)
       expect(json_response['message']['password'])
         .to eq(['is too short (minimum is 8 characters)'])
@@ -514,26 +518,30 @@ describe API::Users do
     end
 
     it "is not available for non admin users" do
-      post api("/users", user), attributes_for(:user)
+      post api("/users", user), params: attributes_for(:user)
       expect(response).to have_gitlab_http_status(403)
     end
 
     context 'with existing user' do
       before do
         post api('/users', admin),
-             email: 'test@example.com',
-             password: 'password',
-             username: 'test',
-             name: 'foo'
+             params: {
+               email: 'test@example.com',
+               password: 'password',
+               username: 'test',
+               name: 'foo'
+             }
       end
 
       it 'returns 409 conflict error if user with same email exists' do
         expect do
           post api('/users', admin),
-               name: 'foo',
-               email: 'test@example.com',
-               password: 'password',
-               username: 'foo'
+               params: {
+                 name: 'foo',
+                 email: 'test@example.com',
+                 password: 'password',
+                 username: 'foo'
+               }
         end.to change { User.count }.by(0)
         expect(response).to have_gitlab_http_status(409)
         expect(json_response['message']).to eq('Email has already been taken')
@@ -542,10 +550,12 @@ describe API::Users do
       it 'returns 409 conflict error if same username exists' do
         expect do
           post api('/users', admin),
-               name: 'foo',
-               email: 'foo@example.com',
-               password: 'password',
-               username: 'test'
+               params: {
+                 name: 'foo',
+                 email: 'foo@example.com',
+                 password: 'password',
+                 username: 'test'
+               }
         end.to change { User.count }.by(0)
         expect(response).to have_gitlab_http_status(409)
         expect(json_response['message']).to eq('Username has already been taken')
@@ -554,17 +564,19 @@ describe API::Users do
       it 'returns 409 conflict error if same username exists (case insensitive)' do
         expect do
           post api('/users', admin),
-               name: 'foo',
-               email: 'foo@example.com',
-               password: 'password',
-               username: 'TEST'
+               params: {
+                 name: 'foo',
+                 email: 'foo@example.com',
+                 password: 'password',
+                 username: 'TEST'
+               }
         end.to change { User.count }.by(0)
         expect(response).to have_gitlab_http_status(409)
         expect(json_response['message']).to eq('Username has already been taken')
       end
 
       it 'creates user with new identity' do
-        post api("/users", admin), attributes_for(:user, provider: 'github', extern_uid: '67890')
+        post api("/users", admin), params: attributes_for(:user, provider: 'github', extern_uid: '67890')
 
         expect(response).to have_gitlab_http_status(201)
         expect(json_response['identities'].first['extern_uid']).to eq('67890')
@@ -593,7 +605,7 @@ describe API::Users do
     let!(:admin_user) { create(:admin) }
 
     it "updates user with new bio" do
-      put api("/users/#{user.id}", admin), { bio: 'new test bio' }
+      put api("/users/#{user.id}", admin), params: { bio: 'new test bio' }
 
       expect(response).to have_gitlab_http_status(200)
       expect(json_response['bio']).to eq('new test bio')
@@ -601,14 +613,14 @@ describe API::Users do
     end
 
     it "updates user with new password and forces reset on next login" do
-      put api("/users/#{user.id}", admin), password: '12345678'
+      put api("/users/#{user.id}", admin), params: { password: '12345678' }
 
       expect(response).to have_gitlab_http_status(200)
       expect(user.reload.password_expires_at).to be <= Time.now
     end
 
     it "updates user with organization" do
-      put api("/users/#{user.id}", admin), { organization: 'GitLab' }
+      put api("/users/#{user.id}", admin), params: { organization: 'GitLab' }
 
       expect(response).to have_gitlab_http_status(200)
       expect(json_response['organization']).to eq('GitLab')
@@ -616,7 +628,7 @@ describe API::Users do
     end
 
     it 'updates user with avatar' do
-      put api("/users/#{user.id}", admin), { avatar: fixture_file_upload('spec/fixtures/banana_sample.gif', 'image/gif') }
+      put api("/users/#{user.id}", admin), params: { avatar: fixture_file_upload('spec/fixtures/banana_sample.gif', 'image/gif') }
 
       user.reload
 
@@ -628,7 +640,7 @@ describe API::Users do
     it 'updates user with a new email' do
       old_email = user.email
       old_notification_email = user.notification_email
-      put api("/users/#{user.id}", admin), email: 'new@email.com'
+      put api("/users/#{user.id}", admin), params: { email: 'new@email.com' }
 
       user.reload
 
@@ -640,7 +652,7 @@ describe API::Users do
     end
 
     it 'skips reconfirmation when requested' do
-      put api("/users/#{user.id}", admin), email: 'new@email.com', skip_reconfirmation: true
+      put api("/users/#{user.id}", admin), params: { email: 'new@email.com', skip_reconfirmation: true }
 
       user.reload
 
@@ -650,7 +662,7 @@ describe API::Users do
     end
 
     it 'updates user with his own username' do
-      put api("/users/#{user.id}", admin), username: user.username
+      put api("/users/#{user.id}", admin), params: { username: user.username }
 
       expect(response).to have_gitlab_http_status(200)
       expect(json_response['username']).to eq(user.username)
@@ -658,14 +670,14 @@ describe API::Users do
     end
 
     it "updates user's existing identity" do
-      put api("/users/#{omniauth_user.id}", admin), provider: 'ldapmain', extern_uid: '654321'
+      put api("/users/#{omniauth_user.id}", admin), params: { provider: 'ldapmain', extern_uid: '654321' }
 
       expect(response).to have_gitlab_http_status(200)
       expect(omniauth_user.reload.identities.first.extern_uid).to eq('654321')
     end
 
     it 'updates user with new identity' do
-      put api("/users/#{user.id}", admin), provider: 'github', extern_uid: 'john'
+      put api("/users/#{user.id}", admin), params: { provider: 'github', extern_uid: 'john' }
 
       expect(response).to have_gitlab_http_status(200)
       expect(user.reload.identities.first.extern_uid).to eq('john')
@@ -673,14 +685,14 @@ describe API::Users do
     end
 
     it "updates admin status" do
-      put api("/users/#{user.id}", admin), { admin: true }
+      put api("/users/#{user.id}", admin), params: { admin: true }
 
       expect(response).to have_gitlab_http_status(200)
       expect(user.reload.admin).to eq(true)
     end
 
     it "updates external status" do
-      put api("/users/#{user.id}", admin), { external: true }
+      put api("/users/#{user.id}", admin), params: { external: true }
 
       expect(response.status).to eq 200
       expect(json_response['external']).to eq(true)
@@ -688,14 +700,14 @@ describe API::Users do
     end
 
     it "updates private profile" do
-      put api("/users/#{user.id}", admin), { private_profile: true }
+      put api("/users/#{user.id}", admin), params: { private_profile: true }
 
       expect(response).to have_gitlab_http_status(200)
       expect(user.reload.private_profile).to eq(true)
     end
 
     it "does not update admin status" do
-      put api("/users/#{admin_user.id}", admin), { can_create_group: false }
+      put api("/users/#{admin_user.id}", admin), params: { can_create_group: false }
 
       expect(response).to have_gitlab_http_status(200)
       expect(admin_user.reload.admin).to eq(true)
@@ -703,7 +715,7 @@ describe API::Users do
     end
 
     it "does not allow invalid update" do
-      put api("/users/#{user.id}", admin), { email: 'invalid email' }
+      put api("/users/#{user.id}", admin), params: { email: 'invalid email' }
 
       expect(response).to have_gitlab_http_status(400)
       expect(user.reload.email).not_to eq('invalid email')
@@ -712,7 +724,7 @@ describe API::Users do
     context 'when the current user is not an admin' do
       it "is not available" do
         expect do
-          put api("/users/#{user.id}", user), attributes_for(:user)
+          put api("/users/#{user.id}", user), params: attributes_for(:user)
         end.not_to change { user.reload.attributes }
 
         expect(response).to have_gitlab_http_status(403)
@@ -720,7 +732,7 @@ describe API::Users do
     end
 
     it "returns 404 for non-existing user" do
-      put api("/users/999999", admin), { bio: 'update should fail' }
+      put api("/users/999999", admin), params: { bio: 'update should fail' }
 
       expect(response).to have_gitlab_http_status(404)
       expect(json_response['message']).to eq('404 User Not Found')
@@ -734,12 +746,14 @@ describe API::Users do
 
     it 'returns 400 error if user does not validate' do
       put api("/users/#{user.id}", admin),
-          password: 'pass',
-          email: 'test@example.com',
-          username: 'test!',
-          name: 'test',
-          bio: 'g' * 256,
-          projects_limit: -1
+          params: {
+            password: 'pass',
+            email: 'test@example.com',
+            username: 'test!',
+            name: 'test',
+            bio: 'g' * 256,
+            projects_limit: -1
+          }
       expect(response).to have_gitlab_http_status(400)
       expect(json_response['message']['password'])
         .to eq(['is too short (minimum is 8 characters)'])
@@ -752,26 +766,26 @@ describe API::Users do
     end
 
     it 'returns 400 if provider is missing for identity update' do
-      put api("/users/#{omniauth_user.id}", admin), extern_uid: '654321'
+      put api("/users/#{omniauth_user.id}", admin), params: { extern_uid: '654321' }
 
       expect(response).to have_gitlab_http_status(400)
     end
 
     it 'returns 400 if external UID is missing for identity update' do
-      put api("/users/#{omniauth_user.id}", admin), provider: 'ldap'
+      put api("/users/#{omniauth_user.id}", admin), params: { provider: 'ldap' }
 
       expect(response).to have_gitlab_http_status(400)
     end
 
     context "with existing user" do
       before do
-        post api("/users", admin), { email: 'test@example.com', password: 'password', username: 'test', name: 'test' }
-        post api("/users", admin), { email: 'foo@bar.com', password: 'password', username: 'john', name: 'john' }
+        post api("/users", admin), params: { email: 'test@example.com', password: 'password', username: 'test', name: 'test' }
+        post api("/users", admin), params: { email: 'foo@bar.com', password: 'password', username: 'john', name: 'john' }
         @user = User.all.last
       end
 
       it 'returns 409 conflict error if email address exists' do
-        put api("/users/#{@user.id}", admin), email: 'test@example.com'
+        put api("/users/#{@user.id}", admin), params: { email: 'test@example.com' }
 
         expect(response).to have_gitlab_http_status(409)
         expect(@user.reload.email).to eq(@user.email)
@@ -779,7 +793,7 @@ describe API::Users do
 
       it 'returns 409 conflict error if username taken' do
         @user_id = User.all.last.id
-        put api("/users/#{@user.id}", admin), username: 'test'
+        put api("/users/#{@user.id}", admin), params: { username: 'test' }
 
         expect(response).to have_gitlab_http_status(409)
         expect(@user.reload.username).to eq(@user.username)
@@ -787,7 +801,7 @@ describe API::Users do
 
       it 'returns 409 conflict error if username taken (case insensitive)' do
         @user_id = User.all.last.id
-        put api("/users/#{@user.id}", admin), username: 'TEST'
+        put api("/users/#{@user.id}", admin), params: { username: 'TEST' }
 
         expect(response).to have_gitlab_http_status(409)
         expect(@user.reload.username).to eq(@user.username)
@@ -801,14 +815,14 @@ describe API::Users do
     end
 
     it "does not create invalid ssh key" do
-      post api("/users/#{user.id}/keys", admin), { title: "invalid key" }
+      post api("/users/#{user.id}/keys", admin), params: { title: "invalid key" }
 
       expect(response).to have_gitlab_http_status(400)
       expect(json_response['error']).to eq('key is missing')
     end
 
     it 'does not create key without title' do
-      post api("/users/#{user.id}/keys", admin), key: 'some key'
+      post api("/users/#{user.id}/keys", admin), params: { key: 'some key' }
 
       expect(response).to have_gitlab_http_status(400)
       expect(json_response['error']).to eq('title is missing')
@@ -817,7 +831,7 @@ describe API::Users do
     it "creates ssh key" do
       key_attrs = attributes_for :key
       expect do
-        post api("/users/#{user.id}/keys", admin), key_attrs
+        post api("/users/#{user.id}/keys", admin), params: key_attrs
       end.to change { user.keys.count }.by(1)
     end
 
@@ -909,7 +923,7 @@ describe API::Users do
     it 'creates GPG key' do
       key_attrs = attributes_for :gpg_key
       expect do
-        post api("/users/#{user.id}/gpg_keys", admin), key_attrs
+        post api("/users/#{user.id}/gpg_keys", admin), params: key_attrs
 
         expect(response).to have_gitlab_http_status(201)
       end.to change { user.gpg_keys.count }.by(1)
@@ -1058,7 +1072,7 @@ describe API::Users do
     end
 
     it "does not create invalid email" do
-      post api("/users/#{user.id}/emails", admin), {}
+      post api("/users/#{user.id}/emails", admin), params: {}
 
       expect(response).to have_gitlab_http_status(400)
       expect(json_response['error']).to eq('email is missing')
@@ -1067,7 +1081,7 @@ describe API::Users do
     it "creates unverified email" do
       email_attrs = attributes_for :email
       expect do
-        post api("/users/#{user.id}/emails", admin), email_attrs
+        post api("/users/#{user.id}/emails", admin), params: email_attrs
       end.to change { user.emails.count }.by(1)
 
       email = Email.find_by(user_id: user.id, email: email_attrs[:email])
@@ -1084,7 +1098,7 @@ describe API::Users do
       email_attrs = attributes_for :email
       email_attrs[:skip_confirmation] = true
 
-      post api("/users/#{user.id}/emails", admin), email_attrs
+      post api("/users/#{user.id}/emails", admin), params: email_attrs
 
       expect(response).to have_gitlab_http_status(201)
 
@@ -1379,32 +1393,32 @@ describe API::Users do
     it "creates ssh key" do
       key_attrs = attributes_for :key
       expect do
-        post api("/user/keys", user), key_attrs
+        post api("/user/keys", user), params: key_attrs
       end.to change { user.keys.count }.by(1)
       expect(response).to have_gitlab_http_status(201)
     end
 
     it "returns a 401 error if unauthorized" do
-      post api("/user/keys"), title: 'some title', key: 'some key'
+      post api("/user/keys"), params: { title: 'some title', key: 'some key' }
       expect(response).to have_gitlab_http_status(401)
     end
 
     it "does not create ssh key without key" do
-      post api("/user/keys", user), title: 'title'
+      post api("/user/keys", user), params: { title: 'title' }
 
       expect(response).to have_gitlab_http_status(400)
       expect(json_response['error']).to eq('key is missing')
     end
 
     it 'does not create ssh key without title' do
-      post api('/user/keys', user), key: 'some key'
+      post api('/user/keys', user), params: { key: 'some key' }
 
       expect(response).to have_gitlab_http_status(400)
       expect(json_response['error']).to eq('title is missing')
     end
 
     it "does not create ssh key without title" do
-      post api("/user/keys", user), key: "somekey"
+      post api("/user/keys", user), params: { key: "somekey" }
       expect(response).to have_gitlab_http_status(400)
     end
   end
@@ -1523,14 +1537,14 @@ describe API::Users do
     it 'creates a GPG key' do
       key_attrs = attributes_for :gpg_key
       expect do
-        post api('/user/gpg_keys', user), key_attrs
+        post api('/user/gpg_keys', user), params: key_attrs
 
         expect(response).to have_gitlab_http_status(201)
       end.to change { user.gpg_keys.count }.by(1)
     end
 
     it 'returns a 401 error if unauthorized' do
-      post api('/user/gpg_keys'), key: 'some key'
+      post api('/user/gpg_keys'), params: { key: 'some key' }
 
       expect(response).to have_gitlab_http_status(401)
     end
@@ -1685,18 +1699,18 @@ describe API::Users do
     it "creates email" do
       email_attrs = attributes_for :email
       expect do
-        post api("/user/emails", user), email_attrs
+        post api("/user/emails", user), params: email_attrs
       end.to change { user.emails.count }.by(1)
       expect(response).to have_gitlab_http_status(201)
     end
 
     it "returns a 401 error if unauthorized" do
-      post api("/user/emails"), email: 'some email'
+      post api("/user/emails"), params: { email: 'some email' }
       expect(response).to have_gitlab_http_status(401)
     end
 
     it "does not create email with invalid email" do
-      post api("/user/emails", user), {}
+      post api("/user/emails", user), params: {}
 
       expect(response).to have_gitlab_http_status(400)
       expect(json_response['error']).to eq('email is missing')
@@ -1864,14 +1878,14 @@ describe API::Users do
 
   describe 'PUT /user/status' do
     it 'saves the status' do
-      put api('/user/status', user), { emoji: 'smirk', message: 'hello world' }
+      put api('/user/status', user), params: { emoji: 'smirk', message: 'hello world' }
 
       expect(response).to have_gitlab_http_status(:success)
       expect(json_response['emoji']).to eq('smirk')
     end
 
     it 'renders errors when the status was invalid' do
-      put api('/user/status', user), { emoji: 'does not exist', message: 'hello world' }
+      put api('/user/status', user), params: { emoji: 'does not exist', message: 'hello world' }
 
       expect(response).to have_gitlab_http_status(400)
       expect(json_response['message']['emoji']).to be_present
@@ -1950,8 +1964,10 @@ describe API::Users do
 
     it 'returns a 404 error if user not found' do
       post api("/users/#{not_existing_user_id}/impersonation_tokens", admin),
-        name: name,
-        expires_at: expires_at
+        params: {
+          name: name,
+          expires_at: expires_at
+        }
 
       expect(response).to have_gitlab_http_status(404)
       expect(json_response['message']).to eq('404 User Not Found')
@@ -1959,8 +1975,10 @@ describe API::Users do
 
     it 'returns a 403 error when authenticated as normal user' do
       post api("/users/#{user.id}/impersonation_tokens", user),
-        name: name,
-        expires_at: expires_at
+        params: {
+          name: name,
+          expires_at: expires_at
+        }
 
       expect(response).to have_gitlab_http_status(403)
       expect(json_response['message']).to eq('403 Forbidden')
@@ -1968,10 +1986,12 @@ describe API::Users do
 
     it 'creates a impersonation token' do
       post api("/users/#{user.id}/impersonation_tokens", admin),
-        name: name,
-        expires_at: expires_at,
-        scopes: scopes,
-        impersonation: impersonation
+        params: {
+          name: name,
+          expires_at: expires_at,
+          scopes: scopes,
+          impersonation: impersonation
+        }
 
       expect(response).to have_gitlab_http_status(201)
       expect(json_response['name']).to eq(name)