summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--features/config.feature17
-rw-r--r--features/unauthenticated.feature31
2 files changed, 36 insertions, 12 deletions
diff --git a/features/config.feature b/features/config.feature
index f53d0bf..6e6c429 100644
--- a/features/config.feature
+++ b/features/config.feature
@@ -2,12 +2,16 @@ Feature: Download Provider Configuration
The LEAP Provider exposes parts of its configuration through the API.
- This can be used to find out about services offered. The big picture can be retrieved from `/provider.json`. More detailed settings of the services are available after authentication. You can get a list of the available settings from `/1/configs.json`.
+ This can be used to find out about services offered. The big picture can be retrieved from `/provider.json`. Which is available without authentication (see unauthenticated.feature).
+
+ More detailed settings of the services are available after authentication. You can get a list of the available settings from `/1/configs.json`.
Background:
+ Given I authenticated
Given I set headers:
| Accept | application/json |
| Content-Type | application/json |
+ | Authorization | Token token="MY_AUTH_TOKEN" |
@tempfile
Scenario: Fetch provider config
@@ -30,18 +34,7 @@ Feature: Download Provider Configuration
{"error": "not found"}
"""
- Scenario: Authentication required for list of configs
- When I send a GET request to "/1/configs"
- Then the response status should be "401"
- And the response should be:
- """
- {"error": "Please log in to perform that action."}
- """
-
Scenario: Fetch list of available configs
- Given I authenticated
- And I set headers:
- | Authorization | Token token="MY_AUTH_TOKEN" |
When I send a GET request to "/1/configs.json"
Then the response status should be "200"
And the response should be:
diff --git a/features/unauthenticated.feature b/features/unauthenticated.feature
new file mode 100644
index 0000000..b810bea
--- /dev/null
+++ b/features/unauthenticated.feature
@@ -0,0 +1,31 @@
+Feature: Unauthenticated API endpoints
+
+ Most of the LEAP Provider API requires authentication.
+ However there are a few exceptions - mostly prerequisits of authenticating. This feature and the authentication feature document these.
+
+ Background:
+ Given I set headers:
+ | Accept | application/json |
+ | Content-Type | application/json |
+
+ @tempfile
+ Scenario: Fetch provider config
+ Given the provider config is:
+ """
+ {"config": "me"}
+ """
+ When I send a GET request to "/provider.json"
+ Then the response status should be "200"
+ And the response should be:
+ """
+ {"config": "me"}
+ """
+
+ Scenario: Authentication required for all other API endpoints
+ When I send a GET request to "/1/configs"
+ Then the response status should be "401"
+ And the response should be:
+ """
+ {"error": "Please log in to perform that action."}
+ """
+