feat: allow unauthenticated access to list of configs

This should simplify client code significantly according to
platform#8849

6 files changed, 27 insertions, 13 deletions

diff --git a/app/controllers/api/configs_controller.rb b/app/controllers/api/configs_controller.rb
index 0f9b8a6..2a05bed 100644
--- a/app/controllers/api/configs_controller.rb
+++ b/app/controllers/api/configs_controller.rb
@@ -1,7 +1,9 @@
 class Api::ConfigsController < ApiController
   include ControllerExtension::JsonFile
 
-  before_filter :require_login, :unless => :anonymous_access_allowed?
+  before_filter :require_login,
+    :unless => :anonymous_access_allowed?,
+    :except => :index
   before_filter :sanitize_id, only: :show
 
   def index
diff --git a/features/1/authentication.feature b/features/1/authentication.feature
index 52b562f..a6e5538 100644
--- a/features/1/authentication.feature
+++ b/features/1/authentication.feature
@@ -13,12 +13,12 @@ Feature: Authentication
     Given I authenticated
     And I set headers:
       | Authorization | Token token="MY_AUTH_TOKEN" |
-    When I send a GET request to "/1/configs.json"
+    When I send a GET request to "/1/service"
     Then the response status should be "200"
 
   Scenario: Submitting an invalid token
     Given I authenticated
     And I set headers:
       | Authorization | Token token="InvalidToken" |
-    When I send a GET request to "/1/configs.json"
+    When I send a GET request to "/1/service"
     Then the response status should be "401"
diff --git a/features/1/unauthenticated.feature b/features/1/unauthenticated.feature
index aea7117..a135f14 100644
--- a/features/1/unauthenticated.feature
+++ b/features/1/unauthenticated.feature
@@ -16,7 +16,7 @@ Feature: Unauthenticated API endpoints
     And the response should be that config
 
   Scenario: Authentication required response
-    When I send a GET request to "/1/configs"
+    When I send a GET request to "/1/configs/config_id.json"
     Then the response status should be "401"
     And the response should have "error" with "not_authorized_login"
     And the response should have "message"
@@ -24,7 +24,6 @@ Feature: Unauthenticated API endpoints
   Scenario: Authentication required for all other API endpoints (incomplete)
     Given I am not logged in
     When I send requests to these endpoints:
-      |  GET   | /1/configs                |
       |  GET   | /1/configs/config_id.json |
       |  GET   | /1/service                |
       | DELETE | /1/logout                 |
diff --git a/features/authentication.feature b/features/authentication.feature
index 806e2b7..4dc6c78 100644
--- a/features/authentication.feature
+++ b/features/authentication.feature
@@ -13,12 +13,12 @@ Feature: Authentication
     Given I authenticated
     And I set headers:
       | Authorization | Token token="MY_AUTH_TOKEN" |
-    When I send a GET request to "/2/configs.json"
+    When I send a GET request to "/2/service"
     Then the response status should be "200"
 
   Scenario: Submitting an invalid token
     Given I authenticated
     And I set headers:
       | Authorization | Token token="InvalidToken" |
-    When I send a GET request to "/2/configs.json"
+    When I send a GET request to "/2/service"
     Then the response status should be "401"
diff --git a/features/unauthenticated.feature b/features/unauthenticated.feature
index b4b0f55..a55faa7 100644
--- a/features/unauthenticated.feature
+++ b/features/unauthenticated.feature
@@ -15,8 +15,22 @@ Feature: Unauthenticated API endpoints
     Then the response status should be "200"
     And the response should be that config
 
+  Scenario: Fetch list of available configs
+    When I send a GET request to "/2/configs.json"
+    Then the response status should be "200"
+    And the response should be:
+      """
+      {
+        "services": {
+          "soledad": "/2/configs/soledad-service.json",
+          "eip": "/2/configs/eip-service.json",
+          "smtp": "/2/configs/smtp-service.json"
+        }
+      }
+      """
+
   Scenario: Authentication required response
-    When I send a GET request to "/2/configs"
+    When I send a GET request to "/2/configs/config_id.json"
     Then the response status should be "401"
     And the response should have "error" with "not_authorized_login"
     And the response should have "message"
@@ -24,7 +38,6 @@ Feature: Unauthenticated API endpoints
   Scenario: Authentication required for all other API endpoints (incomplete)
     Given I am not logged in
     When I send requests to these endpoints:
-      |  GET   | /2/configs                |
       |  GET   | /2/configs/config_id.json |
       |  GET   | /2/service                |
       | DELETE | /2/logout                 |
diff --git a/test/functional/api/token_auth_test.rb b/test/functional/api/token_auth_test.rb
index c7f91c7..d6731a1 100644
--- a/test/functional/api/token_auth_test.rb
+++ b/test/functional/api/token_auth_test.rb
@@ -6,12 +6,12 @@
 require 'test_helper'
 
 class Api::TokenAuthTest < ApiControllerTest
-  tests Api::ConfigsController
+  tests Api::ServicesController
 
   def test_login_via_api_token
     with_config(:allow_anonymous_certs => false) do
       monitor_auth do
-        api_get :index
+        api_get :show
         assert assigns(:token), 'should have authenticated via api token'
         assert assigns(:token).is_a? ApiToken
         assert @controller.send(:current_user).is_a? ApiMonitorUser
@@ -26,10 +26,10 @@ class Api::TokenAuthTest < ApiControllerTest
       with_config(new_config) do
         monitor_auth do
           request.env['REMOTE_ADDR'] = "1.1.1.1"
-          api_get :index
+          api_get :show
           assert_nil assigns(:token), "should not be able to auth with api token when ip restriction doesn't allow it"
           request.env['REMOTE_ADDR'] = allowed
-          api_get :index
+          api_get :show
           assert assigns(:token), "should have authenticated via api token"
         end
       end