diff options
Diffstat (limited to 'features/1')
-rw-r--r-- | features/1/anonymous.feature | 34 | ||||
-rw-r--r-- | features/1/authentication.feature | 24 | ||||
-rw-r--r-- | features/1/config.feature | 58 | ||||
-rw-r--r-- | features/1/service.feature | 33 | ||||
-rw-r--r-- | features/1/unauthenticated.feature | 31 |
5 files changed, 180 insertions, 0 deletions
diff --git a/features/1/anonymous.feature b/features/1/anonymous.feature new file mode 100644 index 0000000..73a6d3f --- /dev/null +++ b/features/1/anonymous.feature @@ -0,0 +1,34 @@ +@config +Feature: Anonymous access to EIP + + A provider may choose to allow anonymous access to EIP. + In this case some endpoints that would normally require authentication + will be available without authentication. + + Background: + Given "allow_anonymous_certs" is enabled in the config + And I set headers: + | Accept | application/json | + | Content-Type | application/json | + + Scenario: Fetch configs when anonymous certs are allowed + When I send a GET request to "/1/configs.json" + Then the response status should be "200" + + Scenario: Fetch EIP config when anonymous certs are allowed + Given there is a config for the eip + When I send a GET request to "/1/configs/eip-service.json" + Then the response status should be "200" + + Scenario: Fetch service description + When I send a GET request to "/1/service.json" + Then the response status should be "200" + And the response should be: + """ + { + "name": "anonymous", + "description": "anonymous access to the VPN", + "eip_rate_limit": false + } + """ + diff --git a/features/1/authentication.feature b/features/1/authentication.feature new file mode 100644 index 0000000..52b562f --- /dev/null +++ b/features/1/authentication.feature @@ -0,0 +1,24 @@ +Feature: Authentication + + Authentication is handled with SRP. Once the SRP handshake has been successful a token will be transmitted. This token is used to authenticate further requests. + + In the scenarios MY_AUTH_TOKEN will serve as a placeholder for the actual token received. + + Background: + Given I set headers: + | Accept | application/json | + | Content-Type | application/json | + + Scenario: Submitting a valid token + Given I authenticated + And I set headers: + | Authorization | Token token="MY_AUTH_TOKEN" | + When I send a GET request to "/1/configs.json" + Then the response status should be "200" + + Scenario: Submitting an invalid token + Given I authenticated + And I set headers: + | Authorization | Token token="InvalidToken" | + When I send a GET request to "/1/configs.json" + Then the response status should be "401" diff --git a/features/1/config.feature b/features/1/config.feature new file mode 100644 index 0000000..ff04e9d --- /dev/null +++ b/features/1/config.feature @@ -0,0 +1,58 @@ +Feature: Download Provider Configuration + + The LEAP Provider exposes parts of its configuration through the API. + + This can be used to find out about services offered. The big picture can be retrieved from `/provider.json`. Which is available without authentication (see unauthenticated.feature). + + More detailed settings of the services are available after authentication. You can get a list of the available settings from `/1/configs.json`. + + Background: + Given I authenticated + Given I set headers: + | Accept | application/json | + | Content-Type | application/json | + | Authorization | Token token="MY_AUTH_TOKEN" | + + @tempfile + Scenario: Fetch provider config + Given there is a config for the provider + When I send a GET request to "/provider.json" + Then the response status should be "200" + And the response should be that config + + Scenario: Missing provider config + When I send a GET request to "/provider.json" + Then the response status should be "404" + And the response should have "error" with "not_found" + + Scenario: Fetch list of available configs + When I send a GET request to "/1/configs.json" + Then the response status should be "200" + And the response should be: + """ + { + "services": { + "soledad": "/1/configs/soledad-service.json", + "eip": "/1/configs/eip-service.json", + "smtp": "/1/configs/smtp-service.json" + } + } + """ + + Scenario: Attempt to fetch an invalid config + When I send a GET request to "/1/configs/non-existing.json" + Then the response status should be "403" + + # I am not sure what this test is about, that config is not + # actually missing. + #Scenario: Attempt to fetch a config that is missing on the server + # When I send a GET request to "/1/configs/eip-service.json" + # Then the response status should be "404" + + @tempfile, @config + Scenario: Attempt to fetch the EIP config + Given there is a config for the eip + When I send a GET request to "/1/configs/eip-service.json" + Then the response status should be "200" + And the response should be that config + diff --git a/features/1/service.feature b/features/1/service.feature new file mode 100644 index 0000000..ea49c74 --- /dev/null +++ b/features/1/service.feature @@ -0,0 +1,33 @@ +Feature: Get service description for current user + + The LEAP provider can offer different services and their availability may + depend upon a users service level - so wether they are paying or not. + + The /1/service endpoint allows the client to find out about the services + available to the authenticated user. + + Background: + Given I authenticated + Given I set headers: + | Accept | application/json | + | Content-Type | application/json | + | Authorization | Token token="MY_AUTH_TOKEN" | + + Scenario: Get service settings + When I send a GET request to "/1/service" + Then the response status should be "200" + And the response should be: + """ + { + "name": "free", + "description": "free account, with rate limited VPN", + "eip_rate_limit": true, + "storage": 100, + "services": [ + "eip" + ] + } + """ + + + diff --git a/features/1/unauthenticated.feature b/features/1/unauthenticated.feature new file mode 100644 index 0000000..aea7117 --- /dev/null +++ b/features/1/unauthenticated.feature @@ -0,0 +1,31 @@ +Feature: Unauthenticated API endpoints + + Most of the LEAP Provider API requires authentication. + However there are a few exceptions - mostly prerequisits of authenticating. This feature and the authentication feature document these. + + Background: + Given I set headers: + | Accept | application/json | + | Content-Type | application/json | + + @tempfile + Scenario: Fetch provider config + Given there is a config for the provider + When I send a GET request to "/provider.json" + Then the response status should be "200" + And the response should be that config + + Scenario: Authentication required response + When I send a GET request to "/1/configs" + Then the response status should be "401" + And the response should have "error" with "not_authorized_login" + And the response should have "message" + + Scenario: Authentication required for all other API endpoints (incomplete) + Given I am not logged in + When I send requests to these endpoints: + | GET | /1/configs | + | GET | /1/configs/config_id.json | + | GET | /1/service | + | DELETE | /1/logout | + Then they should require authentication |