summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorazul <azul@leap.se>2014-07-21 10:36:22 +0200
committerazul <azul@leap.se>2014-07-21 10:36:22 +0200
commit791033d4a3021cc0a476a514667b17a6d519aa89 (patch)
tree650d0dff3c8f4ee77efdd237087df7c10b60cf8c
parentbbd41c9bfd2cb88a88d7436dd58a8b46a5d10cf1 (diff)
parent11d1efaef622335fe6d45917ce0b50a02e4a24a1 (diff)
Merge pull request #181 from azul/feature/allow_anonymous_config_access
Allow fetching configs if anonymous EIP access is allowed
-rw-r--r--app/controllers/v1/configs_controller.rb6
-rw-r--r--features/step_definitions/auth_steps.rb17
-rw-r--r--features/step_definitions/config_steps.rb10
-rw-r--r--features/support/hooks.rb6
-rw-r--r--features/unauthenticated.feature15
5 files changed, 51 insertions, 3 deletions
diff --git a/app/controllers/v1/configs_controller.rb b/app/controllers/v1/configs_controller.rb
index accdf5a..9c01605 100644
--- a/app/controllers/v1/configs_controller.rb
+++ b/app/controllers/v1/configs_controller.rb
@@ -1,7 +1,7 @@
class V1::ConfigsController < ApiController
include ControllerExtension::JsonFile
- before_filter :require_login
+ before_filter :require_login, :unless => :anonymous_certs_allowed?
before_filter :sanitize_filename, only: :show
before_filter :fetch_file, only: :show
@@ -21,6 +21,10 @@ class V1::ConfigsController < ApiController
protected
+ def anonymous_certs_allowed?
+ APP_CONFIG[:allow_anonymous_certs]
+ end
+
def service_paths
Hash[SERVICES.map{|k,v| [k,"/1/configs/#{v}"] } ]
end
diff --git a/features/step_definitions/auth_steps.rb b/features/step_definitions/auth_steps.rb
index 00d9004..e75455a 100644
--- a/features/step_definitions/auth_steps.rb
+++ b/features/step_definitions/auth_steps.rb
@@ -1,6 +1,21 @@
-
Given /^I authenticated$/ do
@user = FactoryGirl.create(:user)
@my_auth_token = Token.create user_id: @user.id
end
+Given /^I am not logged in$/ do
+ @my_auth_token = nil
+end
+
+When /^I send requests to these endpoints:$/ do |endpoints|
+ @endpoints = endpoints.rows_hash
+end
+
+Then /^they should require authentication$/ do
+ @endpoints.each do |type, path|
+ opts = {method: type.downcase.to_sym}
+ request path, opts
+ assert_equal 401, last_response.status,
+ "Expected #{type} #{path} to require authentication."
+ end
+end
diff --git a/features/step_definitions/config_steps.rb b/features/step_definitions/config_steps.rb
index 50ae829..70ff1aa 100644
--- a/features/step_definitions/config_steps.rb
+++ b/features/step_definitions/config_steps.rb
@@ -4,3 +4,13 @@ Given /the provider config is:$/ do |config|
@tempfile.close
StaticConfigController::PROVIDER_JSON = @tempfile.path
end
+
+# use with @config tag so the config changes are reverted after the scenario
+Given /^"([^"]*)" is (enabled|disabled|"[^"]") in the config$/ do |key, value|
+ value = case value
+ when 'disabled' then false
+ when 'enabled' then true
+ else value.gsub('"', '')
+ end
+ APP_CONFIG.merge! key => value
+end
diff --git a/features/support/hooks.rb b/features/support/hooks.rb
index f11e602..f2e3b41 100644
--- a/features/support/hooks.rb
+++ b/features/support/hooks.rb
@@ -5,6 +5,12 @@ After '@tempfile' do
end
end
+Around '@config' do |scenario, block|
+ old_config = APP_CONFIG.dup
+ block.call
+ APP_CONFIG.replace old_config
+end
+
# store end of server log for failing scenarios
After do |scenario|
if scenario.failed?
diff --git a/features/unauthenticated.feature b/features/unauthenticated.feature
index 120274b..870adb1 100644
--- a/features/unauthenticated.feature
+++ b/features/unauthenticated.feature
@@ -21,9 +21,22 @@ Feature: Unauthenticated API endpoints
{"config": "me"}
"""
- Scenario: Authentication required for all other API endpoints
+ @config
+ Scenario: Fetch configs when anonymous certs are allowed
+ Given "allow_anonymous_certs" is enabled in the config
+ When I send a GET request to "/1/configs.json"
+ Then the response status should be "200"
+
+ Scenario: Authentication required response
When I send a GET request to "/1/configs"
Then the response status should be "401"
And the response should have "error" with "not_authorized_login"
And the response should have "message"
+ Scenario: Authentication required for all other API endpoints (incomplete)
+ Given I am not logged in
+ When I send requests to these endpoints:
+ | GET | /1/configs |
+ | GET | /1/configs/config_id.json |
+ | DELETE | /1/logout |
+ Then they should require authentication