diff options
| -rw-r--r-- | app/controllers/api/configs_controller.rb | 6 | ||||
| -rw-r--r-- | features/1/anonymous.feature | 34 | ||||
| -rw-r--r-- | features/1/authentication.feature | 24 | ||||
| -rw-r--r-- | features/1/config.feature | 58 | ||||
| -rw-r--r-- | features/1/service.feature | 33 | ||||
| -rw-r--r-- | features/1/unauthenticated.feature | 31 | ||||
| -rw-r--r-- | features/anonymous.feature | 8 | ||||
| -rw-r--r-- | features/authentication.feature | 4 | ||||
| -rw-r--r-- | features/config.feature | 16 | ||||
| -rw-r--r-- | features/service.feature | 4 | ||||
| -rw-r--r-- | features/support/hooks.rb | 4 | ||||
| -rw-r--r-- | features/unauthenticated.feature | 10 |
12 files changed, 208 insertions, 24 deletions
diff --git a/app/controllers/api/configs_controller.rb b/app/controllers/api/configs_controller.rb index 55ceb4f..0f9b8a6 100644 --- a/app/controllers/api/configs_controller.rb +++ b/app/controllers/api/configs_controller.rb @@ -21,7 +21,11 @@ class Api::ConfigsController < ApiController } def service_paths - Hash[SERVICE_IDS.map{|k,v| [k,"/1/configs/#{v}.json"] } ] + Hash[SERVICE_IDS.map{|k,v| [k,"/#{api_version}/configs/#{v}.json"] } ] + end + + def api_version + ["1", "2"].include?(params[:version]) ? params[:version] : "2" end def sanitize_id diff --git a/features/1/anonymous.feature b/features/1/anonymous.feature new file mode 100644 index 0000000..73a6d3f --- /dev/null +++ b/features/1/anonymous.feature @@ -0,0 +1,34 @@ +@config +Feature: Anonymous access to EIP + + A provider may choose to allow anonymous access to EIP. + In this case some endpoints that would normally require authentication + will be available without authentication. + + Background: + Given "allow_anonymous_certs" is enabled in the config + And I set headers: + | Accept | application/json | + | Content-Type | application/json | + + Scenario: Fetch configs when anonymous certs are allowed + When I send a GET request to "/1/configs.json" + Then the response status should be "200" + + Scenario: Fetch EIP config when anonymous certs are allowed + Given there is a config for the eip + When I send a GET request to "/1/configs/eip-service.json" + Then the response status should be "200" + + Scenario: Fetch service description + When I send a GET request to "/1/service.json" + Then the response status should be "200" + And the response should be: + """ + { + "name": "anonymous", + "description": "anonymous access to the VPN", + "eip_rate_limit": false + } + """ + diff --git a/features/1/authentication.feature b/features/1/authentication.feature new file mode 100644 index 0000000..52b562f --- /dev/null +++ b/features/1/authentication.feature @@ -0,0 +1,24 @@ +Feature: Authentication + + Authentication is handled with SRP. Once the SRP handshake has been successful a token will be transmitted. This token is used to authenticate further requests. + + In the scenarios MY_AUTH_TOKEN will serve as a placeholder for the actual token received. + + Background: + Given I set headers: + | Accept | application/json | + | Content-Type | application/json | + + Scenario: Submitting a valid token + Given I authenticated + And I set headers: + | Authorization | Token token="MY_AUTH_TOKEN" | + When I send a GET request to "/1/configs.json" + Then the response status should be "200" + + Scenario: Submitting an invalid token + Given I authenticated + And I set headers: + | Authorization | Token token="InvalidToken" | + When I send a GET request to "/1/configs.json" + Then the response status should be "401" diff --git a/features/1/config.feature b/features/1/config.feature new file mode 100644 index 0000000..ff04e9d --- /dev/null +++ b/features/1/config.feature @@ -0,0 +1,58 @@ +Feature: Download Provider Configuration + + The LEAP Provider exposes parts of its configuration through the API. + + This can be used to find out about services offered. The big picture can be retrieved from `/provider.json`. Which is available without authentication (see unauthenticated.feature). + + More detailed settings of the services are available after authentication. You can get a list of the available settings from `/1/configs.json`. + + Background: + Given I authenticated + Given I set headers: + | Accept | application/json | + | Content-Type | application/json | + | Authorization | Token token="MY_AUTH_TOKEN" | + + @tempfile + Scenario: Fetch provider config + Given there is a config for the provider + When I send a GET request to "/provider.json" + Then the response status should be "200" + And the response should be that config + + Scenario: Missing provider config + When I send a GET request to "/provider.json" + Then the response status should be "404" + And the response should have "error" with "not_found" + + Scenario: Fetch list of available configs + When I send a GET request to "/1/configs.json" + Then the response status should be "200" + And the response should be: + """ + { + "services": { + "soledad": "/1/configs/soledad-service.json", + "eip": "/1/configs/eip-service.json", + "smtp": "/1/configs/smtp-service.json" + } + } + """ + + Scenario: Attempt to fetch an invalid config + When I send a GET request to "/1/configs/non-existing.json" + Then the response status should be "403" + + # I am not sure what this test is about, that config is not + # actually missing. + #Scenario: Attempt to fetch a config that is missing on the server + # When I send a GET request to "/1/configs/eip-service.json" + # Then the response status should be "404" + + @tempfile, @config + Scenario: Attempt to fetch the EIP config + Given there is a config for the eip + When I send a GET request to "/1/configs/eip-service.json" + Then the response status should be "200" + And the response should be that config + diff --git a/features/1/service.feature b/features/1/service.feature new file mode 100644 index 0000000..ea49c74 --- /dev/null +++ b/features/1/service.feature @@ -0,0 +1,33 @@ +Feature: Get service description for current user + + The LEAP provider can offer different services and their availability may + depend upon a users service level - so wether they are paying or not. + + The /1/service endpoint allows the client to find out about the services + available to the authenticated user. + + Background: + Given I authenticated + Given I set headers: + | Accept | application/json | + | Content-Type | application/json | + | Authorization | Token token="MY_AUTH_TOKEN" | + + Scenario: Get service settings + When I send a GET request to "/1/service" + Then the response status should be "200" + And the response should be: + """ + { + "name": "free", + "description": "free account, with rate limited VPN", + "eip_rate_limit": true, + "storage": 100, + "services": [ + "eip" + ] + } + """ + + + diff --git a/features/1/unauthenticated.feature b/features/1/unauthenticated.feature new file mode 100644 index 0000000..aea7117 --- /dev/null +++ b/features/1/unauthenticated.feature @@ -0,0 +1,31 @@ +Feature: Unauthenticated API endpoints + + Most of the LEAP Provider API requires authentication. + However there are a few exceptions - mostly prerequisits of authenticating. This feature and the authentication feature document these. + + Background: + Given I set headers: + | Accept | application/json | + | Content-Type | application/json | + + @tempfile + Scenario: Fetch provider config + Given there is a config for the provider + When I send a GET request to "/provider.json" + Then the response status should be "200" + And the response should be that config + + Scenario: Authentication required response + When I send a GET request to "/1/configs" + Then the response status should be "401" + And the response should have "error" with "not_authorized_login" + And the response should have "message" + + Scenario: Authentication required for all other API endpoints (incomplete) + Given I am not logged in + When I send requests to these endpoints: + | GET | /1/configs | + | GET | /1/configs/config_id.json | + | GET | /1/service | + | DELETE | /1/logout | + Then they should require authentication diff --git a/features/anonymous.feature b/features/anonymous.feature index 73a6d3f..d6b3ce2 100644 --- a/features/anonymous.feature +++ b/features/anonymous.feature @@ -5,23 +5,23 @@ Feature: Anonymous access to EIP In this case some endpoints that would normally require authentication will be available without authentication. - Background: + Background: Given "allow_anonymous_certs" is enabled in the config And I set headers: | Accept | application/json | | Content-Type | application/json | Scenario: Fetch configs when anonymous certs are allowed - When I send a GET request to "/1/configs.json" + When I send a GET request to "/2/configs.json" Then the response status should be "200" Scenario: Fetch EIP config when anonymous certs are allowed Given there is a config for the eip - When I send a GET request to "/1/configs/eip-service.json" + When I send a GET request to "/2/configs/eip-service.json" Then the response status should be "200" Scenario: Fetch service description - When I send a GET request to "/1/service.json" + When I send a GET request to "/2/service.json" Then the response status should be "200" And the response should be: """ diff --git a/features/authentication.feature b/features/authentication.feature index 52b562f..806e2b7 100644 --- a/features/authentication.feature +++ b/features/authentication.feature @@ -13,12 +13,12 @@ Feature: Authentication Given I authenticated And I set headers: | Authorization | Token token="MY_AUTH_TOKEN" | - When I send a GET request to "/1/configs.json" + When I send a GET request to "/2/configs.json" Then the response status should be "200" Scenario: Submitting an invalid token Given I authenticated And I set headers: | Authorization | Token token="InvalidToken" | - When I send a GET request to "/1/configs.json" + When I send a GET request to "/2/configs.json" Then the response status should be "401" diff --git a/features/config.feature b/features/config.feature index ff04e9d..bd627de 100644 --- a/features/config.feature +++ b/features/config.feature @@ -4,7 +4,7 @@ Feature: Download Provider Configuration This can be used to find out about services offered. The big picture can be retrieved from `/provider.json`. Which is available without authentication (see unauthenticated.feature). - More detailed settings of the services are available after authentication. You can get a list of the available settings from `/1/configs.json`. + More detailed settings of the services are available after authentication. You can get a list of the available settings from `/2/configs.json`. Background: Given I authenticated @@ -26,33 +26,33 @@ Feature: Download Provider Configuration And the response should have "error" with "not_found" Scenario: Fetch list of available configs - When I send a GET request to "/1/configs.json" + When I send a GET request to "/2/configs.json" Then the response status should be "200" And the response should be: """ { "services": { - "soledad": "/1/configs/soledad-service.json", - "eip": "/1/configs/eip-service.json", - "smtp": "/1/configs/smtp-service.json" + "soledad": "/2/configs/soledad-service.json", + "eip": "/2/configs/eip-service.json", + "smtp": "/2/configs/smtp-service.json" } } """ Scenario: Attempt to fetch an invalid config - When I send a GET request to "/1/configs/non-existing.json" + When I send a GET request to "/2/configs/non-existing.json" Then the response status should be "403" # I am not sure what this test is about, that config is not # actually missing. #Scenario: Attempt to fetch a config that is missing on the server - # When I send a GET request to "/1/configs/eip-service.json" + # When I send a GET request to "/2/configs/eip-service.json" # Then the response status should be "404" @tempfile, @config Scenario: Attempt to fetch the EIP config Given there is a config for the eip - When I send a GET request to "/1/configs/eip-service.json" + When I send a GET request to "/2/configs/eip-service.json" Then the response status should be "200" And the response should be that config diff --git a/features/service.feature b/features/service.feature index ea49c74..6244f6c 100644 --- a/features/service.feature +++ b/features/service.feature @@ -3,7 +3,7 @@ Feature: Get service description for current user The LEAP provider can offer different services and their availability may depend upon a users service level - so wether they are paying or not. - The /1/service endpoint allows the client to find out about the services + The /2/service endpoint allows the client to find out about the services available to the authenticated user. Background: @@ -14,7 +14,7 @@ Feature: Get service description for current user | Authorization | Token token="MY_AUTH_TOKEN" | Scenario: Get service settings - When I send a GET request to "/1/service" + When I send a GET request to "/2/service" Then the response status should be "200" And the response should be: """ diff --git a/features/support/hooks.rb b/features/support/hooks.rb index 256e5d8..4ddc77e 100644 --- a/features/support/hooks.rb +++ b/features/support/hooks.rb @@ -13,9 +13,9 @@ end After do |scenario| if scenario.failed? logfile_path = Rails.root + 'tmp' - logfile_path += "#{scenario.title.gsub(/\s/, '_')}.log" + logfile_path += "#{scenario.name.gsub(/\s/, '_')}.log" File.open(logfile_path, 'w') do |test_log| - test_log.puts scenario.title + test_log.puts scenario.name test_log.puts "=========================" test_log.puts `tail log/test.log -n 200` end diff --git a/features/unauthenticated.feature b/features/unauthenticated.feature index aea7117..b4b0f55 100644 --- a/features/unauthenticated.feature +++ b/features/unauthenticated.feature @@ -16,7 +16,7 @@ Feature: Unauthenticated API endpoints And the response should be that config Scenario: Authentication required response - When I send a GET request to "/1/configs" + When I send a GET request to "/2/configs" Then the response status should be "401" And the response should have "error" with "not_authorized_login" And the response should have "message" @@ -24,8 +24,8 @@ Feature: Unauthenticated API endpoints Scenario: Authentication required for all other API endpoints (incomplete) Given I am not logged in When I send requests to these endpoints: - | GET | /1/configs | - | GET | /1/configs/config_id.json | - | GET | /1/service | - | DELETE | /1/logout | + | GET | /2/configs | + | GET | /2/configs/config_id.json | + | GET | /2/service | + | DELETE | /2/logout | Then they should require authentication |