diff options
| -rw-r--r-- | app/controllers/controller_extension/authentication.rb | 6 | ||||
| -rw-r--r-- | app/controllers/v1/certs_controller.rb | 6 | ||||
| -rw-r--r-- | app/models/anonymous_service_level.rb | 31 | ||||
| -rw-r--r-- | app/models/anonymous_user.rb (renamed from app/models/unauthenticated_user.rb) | 4 | ||||
| -rw-r--r-- | app/models/service_level.rb | 30 | ||||
| -rw-r--r-- | app/views/users/_change_service_level.html.haml | 4 | ||||
| -rw-r--r-- | config/defaults.yml | 21 | ||||
| -rw-r--r-- | test/functional/v1/certs_controller_test.rb | 30 | ||||
| -rw-r--r-- | test/functional/v1/services_controller_test.rb | 23 | ||||
| -rw-r--r-- | test/unit/anonymous_user_test.rb | 23 | ||||
| -rw-r--r-- | test/unit/unauthenticated_user_test.rb | 7 |
11 files changed, 120 insertions, 65 deletions
diff --git a/app/controllers/controller_extension/authentication.rb b/app/controllers/controller_extension/authentication.rb index 2bc0aee..1f73f38 100644 --- a/app/controllers/controller_extension/authentication.rb +++ b/app/controllers/controller_extension/authentication.rb @@ -8,7 +8,7 @@ module ControllerExtension::Authentication end def current_user - @current_user ||= token_authenticate || warden.user || unauthenticated + @current_user ||= token_authenticate || warden.user || anonymous end def logged_in? @@ -75,7 +75,7 @@ module ControllerExtension::Authentication protected - def unauthenticated - UnauthenticatedUser.new + def anonymous + AnonymousUser.new end end diff --git a/app/controllers/v1/certs_controller.rb b/app/controllers/v1/certs_controller.rb index 580c90c..73409ef 100644 --- a/app/controllers/v1/certs_controller.rb +++ b/app/controllers/v1/certs_controller.rb @@ -1,6 +1,6 @@ class V1::CertsController < ApplicationController - before_filter :require_eip_access + before_filter :require_login, :unless => :anonymous_certs_allowed? # GET /cert def show @@ -10,8 +10,8 @@ class V1::CertsController < ApplicationController protected - def require_eip_access - access_denied unless service_level.provides?(:eip) + def anonymous_certs_allowed? + APP_CONFIG[:allow_anonymous_certs] end def service_level diff --git a/app/models/anonymous_service_level.rb b/app/models/anonymous_service_level.rb new file mode 100644 index 0000000..c51ce9e --- /dev/null +++ b/app/models/anonymous_service_level.rb @@ -0,0 +1,31 @@ +class AnonymousServiceLevel + + delegate :to_json, to: :config_hash + + def cert_prefix + if APP_CONFIG[:allow_limited_certs] + APP_CONFIG[:limited_cert_prefix] + else + APP_CONFIG[:unlimited_cert_prefix] + end + end + + def description + if APP_CONFIG[:allow_anonymous_certs] + "anonymous access to the VPN" + else + "please login to access our services" + end + end + + protected + + def config_hash + { name: "anonymous", + description: description, + cost: 0, + eip_rate_limit: APP_CONFIG[:allow_limited_certs] + } + end + +end diff --git a/app/models/unauthenticated_user.rb b/app/models/anonymous_user.rb index 7845a6f..360a577 100644 --- a/app/models/unauthenticated_user.rb +++ b/app/models/anonymous_user.rb @@ -1,8 +1,8 @@ # The nil object for the user class -class UnauthenticatedUser < Object +class AnonymousUser < Object def effective_service_level - ServiceLevel.new id: APP_CONFIG[:unauthenticated_service_level] + AnonymousServiceLevel.new end def is_admin? diff --git a/app/models/service_level.rb b/app/models/service_level.rb index d0bd9b3..06ad202 100644 --- a/app/models/service_level.rb +++ b/app/models/service_level.rb @@ -4,29 +4,35 @@ class ServiceLevel @id = attributes[:id] || APP_CONFIG[:default_service_level] end - def self.authenticated_select_options - APP_CONFIG[:service_levels].map { |id,config_hash| [config_hash[:description], id] if config_hash[:name] != 'anonymous'}.compact + def self.select_options + APP_CONFIG[:service_levels].map do |id,config_hash| + [config_hash[:description], id] + end end def id @id end - def config_hash - @config_hash || APP_CONFIG[:service_levels][@id].with_indifferent_access - end - delegate :to_json, to: :config_hash - def provides?(service) - services.include? service.to_s + def cert_prefix + if limited_cert? + APP_CONFIG[:limited_cert_prefix] + else + APP_CONFIG[:unlimited_cert_prefix] + end end - def services - config_hash[:services] || [] + protected + + def limited_cert? + APP_CONFIG[:allow_limited_certs] && + (!APP_CONFIG[:allow_unlimited_certs] || config_hash[:eip_rate_limit]) end - def cert_prefix - config_hash[:cert_prefix] + def config_hash + @config_hash || APP_CONFIG[:service_levels][@id].with_indifferent_access end + end diff --git a/app/views/users/_change_service_level.html.haml b/app/views/users/_change_service_level.html.haml index 61e67d9..42315a2 100644 --- a/app/views/users/_change_service_level.html.haml +++ b/app/views/users/_change_service_level.html.haml @@ -8,11 +8,11 @@ %legend= t(:service_level) - if @user != current_user = t(:desired_service_level) - = f.select :desired_service_level_code, ServiceLevel.authenticated_select_options, :selected => @user.desired_service_level.id + = f.select :desired_service_level_code, ServiceLevel.select_options, :selected => @user.desired_service_level.id - if @user != current_user %p = t(:effective_service_level) - = f.select :effective_service_level_code, ServiceLevel.authenticated_select_options, :selected => @user.effective_service_level.id + = f.select :effective_service_level_code, ServiceLevel.select_options, :selected => @user.effective_service_level.id .control-group .controls = f.submit t(:save), :class => 'btn', :data => {"loading-text" => "Saving..."} diff --git a/config/defaults.yml b/config/defaults.yml index 383aa1c..a7b70a3 100644 --- a/config/defaults.yml +++ b/config/defaults.yml @@ -7,6 +7,11 @@ cert_options: &cert_options client_cert_lifespan: 2 client_cert_bit_size: 2024 client_cert_hash: "SHA256" + allow_limited_certs: false + allow_unlimited_certs: true + allow_anonymous_certs: false + limited_cert_prefix: "LIMITED" + unlimited_cert_prefix: "UNLIMITED" downloads: &downloads client_download_domain: https://dl.bitmask.net @@ -44,33 +49,19 @@ common: &common service_levels: &service_levels service_levels: - 0: - name: anonymous - cert_prefix: "LIMITED" - description: "anonymous account, with rate limited VPN" - services: - - eip 1: name: free - cert_prefix: "LIMITED" description: "free account, with rate limited VPN" cost: 0 + eip_rate_limit: true quota: 100 - services: - - eip - - email 2: name: premium - cert_prefix: "UNLIMITED" description: "premium account, with unlimited vpn" cost: USD: 10 EUR: 10 - services: - - eip - - email default_service_level: 1 - unauthenticated_service_level: 0 development: <<: *downloads diff --git a/test/functional/v1/certs_controller_test.rb b/test/functional/v1/certs_controller_test.rb index 3631947..fb8e9c4 100644 --- a/test/functional/v1/certs_controller_test.rb +++ b/test/functional/v1/certs_controller_test.rb @@ -2,19 +2,23 @@ require 'test_helper' class V1::CertsControllerTest < ActionController::TestCase - test "send limited cert without login" do - cert = expect_cert('LIMITED') - get :show - assert_response :success - assert_equal cert.to_s, @response.body + test "send unlimited cert without login" do + with_config allow_anonymous_certs: true do + cert = expect_cert('UNLIMITED') + get :show + assert_response :success + assert_equal cert.to_s, @response.body + end end test "send limited cert" do - login - cert = expect_cert('LIMITED') - get :show - assert_response :success - assert_equal cert.to_s, @response.body + with_config allow_limited_certs: true do + login + cert = expect_cert('LIMITED') + get :show + assert_response :success + assert_equal cert.to_s, @response.body + end end test "send unlimited cert" do @@ -26,10 +30,8 @@ class V1::CertsControllerTest < ActionController::TestCase end test "redirect if no eip service offered" do - with_config({service_levels: {0 => {services: []}}}) do - get :show - assert_response :redirect - end + get :show + assert_response :redirect end protected diff --git a/test/functional/v1/services_controller_test.rb b/test/functional/v1/services_controller_test.rb index bcb7abc..b81103f 100644 --- a/test/functional/v1/services_controller_test.rb +++ b/test/functional/v1/services_controller_test.rb @@ -2,23 +2,32 @@ require 'test_helper' class V1::ServicesControllerTest < ActionController::TestCase - test "anonymous user can request service info" do + test "anonymous user gets login required service info" do get :show, format: :json assert_json_response name: 'anonymous', - cert_prefix: 'LIMITED', - description: 'anonymous account, with rate limited VPN', - services: ["eip"] + eip_rate_limit: false, + description: 'please login to access our services', + cost: 0 + end + + test "anonymous user gets vpn service info" do + with_config allow_anonymous_certs: true do + get :show, format: :json + assert_json_response name: 'anonymous', + eip_rate_limit: false, + description: 'anonymous access to the VPN', + cost: 0 + end end test "user can see their service info" do login get :show, format: :json assert_json_response name: 'free', - cert_prefix: 'LIMITED', + eip_rate_limit: true, description: 'free account, with rate limited VPN', cost: 0, - quota: 100, - services: ["eip", "email"] + quota: 100 end end diff --git a/test/unit/anonymous_user_test.rb b/test/unit/anonymous_user_test.rb new file mode 100644 index 0000000..6e94d39 --- /dev/null +++ b/test/unit/anonymous_user_test.rb @@ -0,0 +1,23 @@ +require 'test_helper' + +class AnonymousUserTest < ActiveSupport::TestCase + + setup do + @anonymous = AnonymousUser.new + end + + test "has nil values" do + assert_nil @anonymous.id + assert_nil @anonymous.email_address + assert_nil @anonymous.login + end + + test "has no messages" do + assert_equal [], @anonymous.messages + end + + test "has anonymous service level" do + assert @anonymous.effective_service_level.is_a? AnonymousServiceLevel + end + +end diff --git a/test/unit/unauthenticated_user_test.rb b/test/unit/unauthenticated_user_test.rb deleted file mode 100644 index e5fafb8..0000000 --- a/test/unit/unauthenticated_user_test.rb +++ /dev/null @@ -1,7 +0,0 @@ -require 'test_helper' - -class UnauthenticatedUserTest < ActiveSupport::TestCase - # test "the truth" do - # assert true - # end -end |