summaryrefslogtreecommitdiff
path: root/features/1
diff options
context:
space:
mode:
Diffstat (limited to 'features/1')
-rw-r--r--features/1/anonymous.feature34
-rw-r--r--features/1/authentication.feature24
-rw-r--r--features/1/config.feature58
-rw-r--r--features/1/service.feature33
-rw-r--r--features/1/unauthenticated.feature31
5 files changed, 180 insertions, 0 deletions
diff --git a/features/1/anonymous.feature b/features/1/anonymous.feature
new file mode 100644
index 0000000..73a6d3f
--- /dev/null
+++ b/features/1/anonymous.feature
@@ -0,0 +1,34 @@
+@config
+Feature: Anonymous access to EIP
+
+ A provider may choose to allow anonymous access to EIP.
+ In this case some endpoints that would normally require authentication
+ will be available without authentication.
+
+ Background:
+ Given "allow_anonymous_certs" is enabled in the config
+ And I set headers:
+ | Accept | application/json |
+ | Content-Type | application/json |
+
+ Scenario: Fetch configs when anonymous certs are allowed
+ When I send a GET request to "/1/configs.json"
+ Then the response status should be "200"
+
+ Scenario: Fetch EIP config when anonymous certs are allowed
+ Given there is a config for the eip
+ When I send a GET request to "/1/configs/eip-service.json"
+ Then the response status should be "200"
+
+ Scenario: Fetch service description
+ When I send a GET request to "/1/service.json"
+ Then the response status should be "200"
+ And the response should be:
+ """
+ {
+ "name": "anonymous",
+ "description": "anonymous access to the VPN",
+ "eip_rate_limit": false
+ }
+ """
+
diff --git a/features/1/authentication.feature b/features/1/authentication.feature
new file mode 100644
index 0000000..52b562f
--- /dev/null
+++ b/features/1/authentication.feature
@@ -0,0 +1,24 @@
+Feature: Authentication
+
+ Authentication is handled with SRP. Once the SRP handshake has been successful a token will be transmitted. This token is used to authenticate further requests.
+
+ In the scenarios MY_AUTH_TOKEN will serve as a placeholder for the actual token received.
+
+ Background:
+ Given I set headers:
+ | Accept | application/json |
+ | Content-Type | application/json |
+
+ Scenario: Submitting a valid token
+ Given I authenticated
+ And I set headers:
+ | Authorization | Token token="MY_AUTH_TOKEN" |
+ When I send a GET request to "/1/configs.json"
+ Then the response status should be "200"
+
+ Scenario: Submitting an invalid token
+ Given I authenticated
+ And I set headers:
+ | Authorization | Token token="InvalidToken" |
+ When I send a GET request to "/1/configs.json"
+ Then the response status should be "401"
diff --git a/features/1/config.feature b/features/1/config.feature
new file mode 100644
index 0000000..ff04e9d
--- /dev/null
+++ b/features/1/config.feature
@@ -0,0 +1,58 @@
+Feature: Download Provider Configuration
+
+ The LEAP Provider exposes parts of its configuration through the API.
+
+ This can be used to find out about services offered. The big picture can be retrieved from `/provider.json`. Which is available without authentication (see unauthenticated.feature).
+
+ More detailed settings of the services are available after authentication. You can get a list of the available settings from `/1/configs.json`.
+
+ Background:
+ Given I authenticated
+ Given I set headers:
+ | Accept | application/json |
+ | Content-Type | application/json |
+ | Authorization | Token token="MY_AUTH_TOKEN" |
+
+ @tempfile
+ Scenario: Fetch provider config
+ Given there is a config for the provider
+ When I send a GET request to "/provider.json"
+ Then the response status should be "200"
+ And the response should be that config
+
+ Scenario: Missing provider config
+ When I send a GET request to "/provider.json"
+ Then the response status should be "404"
+ And the response should have "error" with "not_found"
+
+ Scenario: Fetch list of available configs
+ When I send a GET request to "/1/configs.json"
+ Then the response status should be "200"
+ And the response should be:
+ """
+ {
+ "services": {
+ "soledad": "/1/configs/soledad-service.json",
+ "eip": "/1/configs/eip-service.json",
+ "smtp": "/1/configs/smtp-service.json"
+ }
+ }
+ """
+
+ Scenario: Attempt to fetch an invalid config
+ When I send a GET request to "/1/configs/non-existing.json"
+ Then the response status should be "403"
+
+ # I am not sure what this test is about, that config is not
+ # actually missing.
+ #Scenario: Attempt to fetch a config that is missing on the server
+ # When I send a GET request to "/1/configs/eip-service.json"
+ # Then the response status should be "404"
+
+ @tempfile, @config
+ Scenario: Attempt to fetch the EIP config
+ Given there is a config for the eip
+ When I send a GET request to "/1/configs/eip-service.json"
+ Then the response status should be "200"
+ And the response should be that config
+
diff --git a/features/1/service.feature b/features/1/service.feature
new file mode 100644
index 0000000..ea49c74
--- /dev/null
+++ b/features/1/service.feature
@@ -0,0 +1,33 @@
+Feature: Get service description for current user
+
+ The LEAP provider can offer different services and their availability may
+ depend upon a users service level - so wether they are paying or not.
+
+ The /1/service endpoint allows the client to find out about the services
+ available to the authenticated user.
+
+ Background:
+ Given I authenticated
+ Given I set headers:
+ | Accept | application/json |
+ | Content-Type | application/json |
+ | Authorization | Token token="MY_AUTH_TOKEN" |
+
+ Scenario: Get service settings
+ When I send a GET request to "/1/service"
+ Then the response status should be "200"
+ And the response should be:
+ """
+ {
+ "name": "free",
+ "description": "free account, with rate limited VPN",
+ "eip_rate_limit": true,
+ "storage": 100,
+ "services": [
+ "eip"
+ ]
+ }
+ """
+
+
+
diff --git a/features/1/unauthenticated.feature b/features/1/unauthenticated.feature
new file mode 100644
index 0000000..aea7117
--- /dev/null
+++ b/features/1/unauthenticated.feature
@@ -0,0 +1,31 @@
+Feature: Unauthenticated API endpoints
+
+ Most of the LEAP Provider API requires authentication.
+ However there are a few exceptions - mostly prerequisits of authenticating. This feature and the authentication feature document these.
+
+ Background:
+ Given I set headers:
+ | Accept | application/json |
+ | Content-Type | application/json |
+
+ @tempfile
+ Scenario: Fetch provider config
+ Given there is a config for the provider
+ When I send a GET request to "/provider.json"
+ Then the response status should be "200"
+ And the response should be that config
+
+ Scenario: Authentication required response
+ When I send a GET request to "/1/configs"
+ Then the response status should be "401"
+ And the response should have "error" with "not_authorized_login"
+ And the response should have "message"
+
+ Scenario: Authentication required for all other API endpoints (incomplete)
+ Given I am not logged in
+ When I send requests to these endpoints:
+ | GET | /1/configs |
+ | GET | /1/configs/config_id.json |
+ | GET | /1/service |
+ | DELETE | /1/logout |
+ Then they should require authentication