From 11d1efaef622335fe6d45917ce0b50a02e4a24a1 Mon Sep 17 00:00:00 2001 From: Azul Date: Fri, 18 Jul 2014 12:22:56 +0200 Subject: Allow fetching configs if anonymous EIP access is allowed --- app/controllers/v1/configs_controller.rb | 6 +++++- features/step_definitions/auth_steps.rb | 17 ++++++++++++++++- features/step_definitions/config_steps.rb | 10 ++++++++++ features/support/hooks.rb | 6 ++++++ features/unauthenticated.feature | 15 ++++++++++++++- 5 files changed, 51 insertions(+), 3 deletions(-) diff --git a/app/controllers/v1/configs_controller.rb b/app/controllers/v1/configs_controller.rb index accdf5a..9c01605 100644 --- a/app/controllers/v1/configs_controller.rb +++ b/app/controllers/v1/configs_controller.rb @@ -1,7 +1,7 @@ class V1::ConfigsController < ApiController include ControllerExtension::JsonFile - before_filter :require_login + before_filter :require_login, :unless => :anonymous_certs_allowed? before_filter :sanitize_filename, only: :show before_filter :fetch_file, only: :show @@ -21,6 +21,10 @@ class V1::ConfigsController < ApiController protected + def anonymous_certs_allowed? + APP_CONFIG[:allow_anonymous_certs] + end + def service_paths Hash[SERVICES.map{|k,v| [k,"/1/configs/#{v}"] } ] end diff --git a/features/step_definitions/auth_steps.rb b/features/step_definitions/auth_steps.rb index 00d9004..e75455a 100644 --- a/features/step_definitions/auth_steps.rb +++ b/features/step_definitions/auth_steps.rb @@ -1,6 +1,21 @@ - Given /^I authenticated$/ do @user = FactoryGirl.create(:user) @my_auth_token = Token.create user_id: @user.id end +Given /^I am not logged in$/ do + @my_auth_token = nil +end + +When /^I send requests to these endpoints:$/ do |endpoints| + @endpoints = endpoints.rows_hash +end + +Then /^they should require authentication$/ do + @endpoints.each do |type, path| + opts = {method: type.downcase.to_sym} + request path, opts + assert_equal 401, last_response.status, + "Expected #{type} #{path} to require authentication." + end +end diff --git a/features/step_definitions/config_steps.rb b/features/step_definitions/config_steps.rb index 50ae829..70ff1aa 100644 --- a/features/step_definitions/config_steps.rb +++ b/features/step_definitions/config_steps.rb @@ -4,3 +4,13 @@ Given /the provider config is:$/ do |config| @tempfile.close StaticConfigController::PROVIDER_JSON = @tempfile.path end + +# use with @config tag so the config changes are reverted after the scenario +Given /^"([^"]*)" is (enabled|disabled|"[^"]") in the config$/ do |key, value| + value = case value + when 'disabled' then false + when 'enabled' then true + else value.gsub('"', '') + end + APP_CONFIG.merge! key => value +end diff --git a/features/support/hooks.rb b/features/support/hooks.rb index f11e602..f2e3b41 100644 --- a/features/support/hooks.rb +++ b/features/support/hooks.rb @@ -5,6 +5,12 @@ After '@tempfile' do end end +Around '@config' do |scenario, block| + old_config = APP_CONFIG.dup + block.call + APP_CONFIG.replace old_config +end + # store end of server log for failing scenarios After do |scenario| if scenario.failed? diff --git a/features/unauthenticated.feature b/features/unauthenticated.feature index 120274b..870adb1 100644 --- a/features/unauthenticated.feature +++ b/features/unauthenticated.feature @@ -21,9 +21,22 @@ Feature: Unauthenticated API endpoints {"config": "me"} """ - Scenario: Authentication required for all other API endpoints + @config + Scenario: Fetch configs when anonymous certs are allowed + Given "allow_anonymous_certs" is enabled in the config + When I send a GET request to "/1/configs.json" + Then the response status should be "200" + + Scenario: Authentication required response When I send a GET request to "/1/configs" Then the response status should be "401" And the response should have "error" with "not_authorized_login" And the response should have "message" + Scenario: Authentication required for all other API endpoints (incomplete) + Given I am not logged in + When I send requests to these endpoints: + | GET | /1/configs | + | GET | /1/configs/config_id.json | + | DELETE | /1/logout | + Then they should require authentication -- cgit v1.2.3