diff options
-rw-r--r-- | features/config.feature | 17 | ||||
-rw-r--r-- | features/unauthenticated.feature | 31 |
2 files changed, 36 insertions, 12 deletions
diff --git a/features/config.feature b/features/config.feature index f53d0bf..6e6c429 100644 --- a/features/config.feature +++ b/features/config.feature @@ -2,12 +2,16 @@ Feature: Download Provider Configuration The LEAP Provider exposes parts of its configuration through the API. - This can be used to find out about services offered. The big picture can be retrieved from `/provider.json`. More detailed settings of the services are available after authentication. You can get a list of the available settings from `/1/configs.json`. + This can be used to find out about services offered. The big picture can be retrieved from `/provider.json`. Which is available without authentication (see unauthenticated.feature). + + More detailed settings of the services are available after authentication. You can get a list of the available settings from `/1/configs.json`. Background: + Given I authenticated Given I set headers: | Accept | application/json | | Content-Type | application/json | + | Authorization | Token token="MY_AUTH_TOKEN" | @tempfile Scenario: Fetch provider config @@ -30,18 +34,7 @@ Feature: Download Provider Configuration {"error": "not found"} """ - Scenario: Authentication required for list of configs - When I send a GET request to "/1/configs" - Then the response status should be "401" - And the response should be: - """ - {"error": "Please log in to perform that action."} - """ - Scenario: Fetch list of available configs - Given I authenticated - And I set headers: - | Authorization | Token token="MY_AUTH_TOKEN" | When I send a GET request to "/1/configs.json" Then the response status should be "200" And the response should be: diff --git a/features/unauthenticated.feature b/features/unauthenticated.feature new file mode 100644 index 0000000..b810bea --- /dev/null +++ b/features/unauthenticated.feature @@ -0,0 +1,31 @@ +Feature: Unauthenticated API endpoints + + Most of the LEAP Provider API requires authentication. + However there are a few exceptions - mostly prerequisits of authenticating. This feature and the authentication feature document these. + + Background: + Given I set headers: + | Accept | application/json | + | Content-Type | application/json | + + @tempfile + Scenario: Fetch provider config + Given the provider config is: + """ + {"config": "me"} + """ + When I send a GET request to "/provider.json" + Then the response status should be "200" + And the response should be: + """ + {"config": "me"} + """ + + Scenario: Authentication required for all other API endpoints + When I send a GET request to "/1/configs" + Then the response status should be "401" + And the response should be: + """ + {"error": "Please log in to perform that action."} + """ + |