added configuration setting for disabling free certs

2 files changed, 21 insertions, 4 deletions

diff --git a/certs/app/controllers/certs_controller.rb b/certs/app/controllers/certs_controller.rb
index 3b7d35d..977e03e 100644
--- a/certs/app/controllers/certs_controller.rb
+++ b/certs/app/controllers/certs_controller.rb
@@ -1,9 +1,16 @@
 class CertsController < ApplicationController
 
+  before_filter :logged_in_or_free_certs
+
   # GET /cert
   def show
     @cert = ClientCertificate.new(free: !logged_in?)
     render text: @cert.to_s, content_type: 'text/plain'
   end
 
+  protected
+
+  def logged_in_or_free_certs
+    authorize unless APP_CONFIG[:free_certs_enabled]
+  end
 end
diff --git a/certs/test/functional/certs_controller_test.rb b/certs/test/functional/certs_controller_test.rb
index a579a00..70ca56d 100644
--- a/certs/test/functional/certs_controller_test.rb
+++ b/certs/test/functional/certs_controller_test.rb
@@ -1,10 +1,8 @@
 require 'test_helper'
 
 class CertsControllerTest < ActionController::TestCase
-  setup do
-  end
 
-  test "should send free cert without login" do
+  test "send free cert without login" do
     cert = stub :to_s => "free cert"
     ClientCertificate.expects(:new).with(free: true).returns(cert)
     get :show
@@ -12,7 +10,7 @@ class CertsControllerTest < ActionController::TestCase
     assert_equal cert.to_s, @response.body
   end
 
-  test "should send cert" do
+  test "send cert" do
     login
     cert = stub :to_s => "real cert"
     ClientCertificate.expects(:new).with(free: false).returns(cert)
@@ -20,4 +18,16 @@ class CertsControllerTest < ActionController::TestCase
     assert_response :success
     assert_equal cert.to_s, @response.body
   end
+
+  test "login required if free certs disabled" do
+    begin
+      old_setting = APP_CONFIG[:free_certs_enabled]
+      APP_CONFIG[:free_certs_enabled] = false
+      get :show
+      assert_response :redirect
+    ensure
+      APP_CONFIG[:free_certs_enabled] = old_setting
+    end
+  end
+
 end