summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorazul <azul@riseup.net>2017-11-07 22:58:09 -0800
committerazul <azul@riseup.net>2017-11-07 22:58:09 -0800
commite7dfe732599df8df4299c60d14f7c1e3e112b27d (patch)
treeb48d01737e18f708b15d178bbe51ea95d8d6e3db
parentd717aba320abc5cc2ebf5650cbd52a69a56926b5 (diff)
parentef91e8fe1fb5c1cf8f2f84fd25ef2b115f0ec8c8 (diff)
Merge branch '8800-hand-out-configs-json-without-authentication' into 'master'
feat: allow unauthenticated access to list of configs Closes #8800 See merge request leap/webapp!45
-rw-r--r--app/controllers/api/configs_controller.rb4
-rw-r--r--features/1/authentication.feature4
-rw-r--r--features/1/unauthenticated.feature3
-rw-r--r--features/authentication.feature4
-rw-r--r--features/unauthenticated.feature17
-rw-r--r--test/functional/api/token_auth_test.rb8
6 files changed, 27 insertions, 13 deletions
diff --git a/app/controllers/api/configs_controller.rb b/app/controllers/api/configs_controller.rb
index 0f9b8a6..2a05bed 100644
--- a/app/controllers/api/configs_controller.rb
+++ b/app/controllers/api/configs_controller.rb
@@ -1,7 +1,9 @@
class Api::ConfigsController < ApiController
include ControllerExtension::JsonFile
- before_filter :require_login, :unless => :anonymous_access_allowed?
+ before_filter :require_login,
+ :unless => :anonymous_access_allowed?,
+ :except => :index
before_filter :sanitize_id, only: :show
def index
diff --git a/features/1/authentication.feature b/features/1/authentication.feature
index 52b562f..a6e5538 100644
--- a/features/1/authentication.feature
+++ b/features/1/authentication.feature
@@ -13,12 +13,12 @@ Feature: Authentication
Given I authenticated
And I set headers:
| Authorization | Token token="MY_AUTH_TOKEN" |
- When I send a GET request to "/1/configs.json"
+ When I send a GET request to "/1/service"
Then the response status should be "200"
Scenario: Submitting an invalid token
Given I authenticated
And I set headers:
| Authorization | Token token="InvalidToken" |
- When I send a GET request to "/1/configs.json"
+ When I send a GET request to "/1/service"
Then the response status should be "401"
diff --git a/features/1/unauthenticated.feature b/features/1/unauthenticated.feature
index aea7117..a135f14 100644
--- a/features/1/unauthenticated.feature
+++ b/features/1/unauthenticated.feature
@@ -16,7 +16,7 @@ Feature: Unauthenticated API endpoints
And the response should be that config
Scenario: Authentication required response
- When I send a GET request to "/1/configs"
+ When I send a GET request to "/1/configs/config_id.json"
Then the response status should be "401"
And the response should have "error" with "not_authorized_login"
And the response should have "message"
@@ -24,7 +24,6 @@ Feature: Unauthenticated API endpoints
Scenario: Authentication required for all other API endpoints (incomplete)
Given I am not logged in
When I send requests to these endpoints:
- | GET | /1/configs |
| GET | /1/configs/config_id.json |
| GET | /1/service |
| DELETE | /1/logout |
diff --git a/features/authentication.feature b/features/authentication.feature
index 806e2b7..4dc6c78 100644
--- a/features/authentication.feature
+++ b/features/authentication.feature
@@ -13,12 +13,12 @@ Feature: Authentication
Given I authenticated
And I set headers:
| Authorization | Token token="MY_AUTH_TOKEN" |
- When I send a GET request to "/2/configs.json"
+ When I send a GET request to "/2/service"
Then the response status should be "200"
Scenario: Submitting an invalid token
Given I authenticated
And I set headers:
| Authorization | Token token="InvalidToken" |
- When I send a GET request to "/2/configs.json"
+ When I send a GET request to "/2/service"
Then the response status should be "401"
diff --git a/features/unauthenticated.feature b/features/unauthenticated.feature
index b4b0f55..a55faa7 100644
--- a/features/unauthenticated.feature
+++ b/features/unauthenticated.feature
@@ -15,8 +15,22 @@ Feature: Unauthenticated API endpoints
Then the response status should be "200"
And the response should be that config
+ Scenario: Fetch list of available configs
+ When I send a GET request to "/2/configs.json"
+ Then the response status should be "200"
+ And the response should be:
+ """
+ {
+ "services": {
+ "soledad": "/2/configs/soledad-service.json",
+ "eip": "/2/configs/eip-service.json",
+ "smtp": "/2/configs/smtp-service.json"
+ }
+ }
+ """
+
Scenario: Authentication required response
- When I send a GET request to "/2/configs"
+ When I send a GET request to "/2/configs/config_id.json"
Then the response status should be "401"
And the response should have "error" with "not_authorized_login"
And the response should have "message"
@@ -24,7 +38,6 @@ Feature: Unauthenticated API endpoints
Scenario: Authentication required for all other API endpoints (incomplete)
Given I am not logged in
When I send requests to these endpoints:
- | GET | /2/configs |
| GET | /2/configs/config_id.json |
| GET | /2/service |
| DELETE | /2/logout |
diff --git a/test/functional/api/token_auth_test.rb b/test/functional/api/token_auth_test.rb
index c7f91c7..d6731a1 100644
--- a/test/functional/api/token_auth_test.rb
+++ b/test/functional/api/token_auth_test.rb
@@ -6,12 +6,12 @@
require 'test_helper'
class Api::TokenAuthTest < ApiControllerTest
- tests Api::ConfigsController
+ tests Api::ServicesController
def test_login_via_api_token
with_config(:allow_anonymous_certs => false) do
monitor_auth do
- api_get :index
+ api_get :show
assert assigns(:token), 'should have authenticated via api token'
assert assigns(:token).is_a? ApiToken
assert @controller.send(:current_user).is_a? ApiMonitorUser
@@ -26,10 +26,10 @@ class Api::TokenAuthTest < ApiControllerTest
with_config(new_config) do
monitor_auth do
request.env['REMOTE_ADDR'] = "1.1.1.1"
- api_get :index
+ api_get :show
assert_nil assigns(:token), "should not be able to auth with api token when ip restriction doesn't allow it"
request.env['REMOTE_ADDR'] = allowed
- api_get :index
+ api_get :show
assert assigns(:token), "should have authenticated via api token"
end
end