Allow fetching configs if anonymous EIP access is allowed

1 files changed, 14 insertions, 1 deletions

diff --git a/features/unauthenticated.feature b/features/unauthenticated.feature
index 120274b..870adb1 100644
--- a/features/unauthenticated.feature
+++ b/features/unauthenticated.feature
@@ -21,9 +21,22 @@ Feature: Unauthenticated API endpoints
       {"config": "me"}
       """
 
-  Scenario: Authentication required for all other API endpoints
+  @config
+  Scenario: Fetch configs when anonymous certs are allowed
+    Given "allow_anonymous_certs" is enabled in the config
+    When I send a GET request to "/1/configs.json"
+    Then the response status should be "200"
+
+  Scenario: Authentication required response
     When I send a GET request to "/1/configs"
     Then the response status should be "401"
     And the response should have "error" with "not_authorized_login"
     And the response should have "message"
 
+  Scenario: Authentication required for all other API endpoints (incomplete)
+    Given I am not logged in
+    When I send requests to these endpoints:
+      |  GET   | /1/configs                |
+      |  GET   | /1/configs/config_id.json |
+      | DELETE | /1/logout                 |
+    Then they should require authentication