From 297b42cd7557a7508cdbf091163da48bbd52a79a Mon Sep 17 00:00:00 2001 From: Azul Date: Mon, 28 Jul 2014 09:52:47 +0200 Subject: use ApiController#anonymous_access_allowed? There are some places where we only want to require login unless you can use EIP anonymously. So far we had an anonymous_certs_allowed? method in all these controllers. Now it's replaced with ApiController#anonymous_access_allowed?. The naming better reflects that there might be other services that allow anonymous use at some point. This also fixed a typo name -> @filename that broke the ConfigsController. --- app/controllers/api_controller.rb | 6 ++++++ app/controllers/v1/certs_controller.rb | 6 +----- app/controllers/v1/configs_controller.rb | 8 ++------ app/controllers/v1/services_controller.rb | 2 ++ test/functional/v1/services_controller_test.rb | 5 ++--- 5 files changed, 13 insertions(+), 14 deletions(-) diff --git a/app/controllers/api_controller.rb b/app/controllers/api_controller.rb index 0aa9507..70b3cac 100644 --- a/app/controllers/api_controller.rb +++ b/app/controllers/api_controller.rb @@ -3,9 +3,15 @@ class ApiController < ApplicationController skip_before_filter :verify_authenticity_token respond_to :json + protected + def require_login require_token end + def anonymous_access_allowed? + APP_CONFIG[:allow_anonymous_certs] + end + end diff --git a/app/controllers/v1/certs_controller.rb b/app/controllers/v1/certs_controller.rb index 68d6586..99aec16 100644 --- a/app/controllers/v1/certs_controller.rb +++ b/app/controllers/v1/certs_controller.rb @@ -1,6 +1,6 @@ class V1::CertsController < ApiController - before_filter :require_login, :unless => :anonymous_certs_allowed? + before_filter :require_login, :unless => :anonymous_access_allowed? # GET /cert # deprecated - we actually create a new cert and that can @@ -18,10 +18,6 @@ class V1::CertsController < ApiController protected - def anonymous_certs_allowed? - APP_CONFIG[:allow_anonymous_certs] - end - def service_level current_user.effective_service_level end diff --git a/app/controllers/v1/configs_controller.rb b/app/controllers/v1/configs_controller.rb index 9c01605..b050f0a 100644 --- a/app/controllers/v1/configs_controller.rb +++ b/app/controllers/v1/configs_controller.rb @@ -1,7 +1,7 @@ class V1::ConfigsController < ApiController include ControllerExtension::JsonFile - before_filter :require_login, :unless => :anonymous_certs_allowed? + before_filter :require_login, :unless => :anonymous_access_allowed? before_filter :sanitize_filename, only: :show before_filter :fetch_file, only: :show @@ -21,10 +21,6 @@ class V1::ConfigsController < ApiController protected - def anonymous_certs_allowed? - APP_CONFIG[:allow_anonymous_certs] - end - def service_paths Hash[SERVICES.map{|k,v| [k,"/1/configs/#{v}"] } ] end @@ -32,7 +28,7 @@ class V1::ConfigsController < ApiController def sanitize_filename @filename = params[:id].downcase @filename += '.json' unless @filename.ends_with?('.json') - access_denied unless SERVICES.values.include? name + access_denied unless SERVICES.values.include? @filename @filename = Rails.root.join('public', '1', 'config', @filename) end end diff --git a/app/controllers/v1/services_controller.rb b/app/controllers/v1/services_controller.rb index 114870f..523eb44 100644 --- a/app/controllers/v1/services_controller.rb +++ b/app/controllers/v1/services_controller.rb @@ -1,5 +1,7 @@ class V1::ServicesController < ApiController + before_filter :require_login, :unless => :anonymous_access_allowed? + def show respond_with current_user.effective_service_level end diff --git a/test/functional/v1/services_controller_test.rb b/test/functional/v1/services_controller_test.rb index cde7d9f..039eb27 100644 --- a/test/functional/v1/services_controller_test.rb +++ b/test/functional/v1/services_controller_test.rb @@ -4,9 +4,8 @@ class V1::ServicesControllerTest < ActionController::TestCase test "anonymous user gets login required service info" do get :show, format: :json - assert_json_response name: 'anonymous', - eip_rate_limit: false, - description: 'please login to access our services' + assert_json_response error: 'not_authorized_login', + message: 'Please log in to perform that action.' end test "anonymous user gets vpn service info" do -- cgit v1.2.3 From 1092bbc337edc5973fad63bea559ecc2a3a5b896 Mon Sep 17 00:00:00 2001 From: Azul Date: Mon, 28 Jul 2014 11:05:46 +0200 Subject: features for anonymous use and service endpoint Also moved the location of the config files into a configuration setting. --- app/controllers/v1/configs_controller.rb | 31 ++++++++++++++++------------ config/defaults.yml | 4 ++++ features/anonymous.feature | 34 +++++++++++++++++++++++++++++++ features/config.feature | 26 +++++++++++++++-------- features/service.feature | 33 ++++++++++++++++++++++++++++++ features/step_definitions/config_steps.rb | 22 +++++++++++++++----- features/support/hooks.rb | 6 ++---- features/unauthenticated.feature | 17 +++------------- 8 files changed, 129 insertions(+), 44 deletions(-) create mode 100644 features/anonymous.feature create mode 100644 features/service.feature diff --git a/app/controllers/v1/configs_controller.rb b/app/controllers/v1/configs_controller.rb index b050f0a..4a6f455 100644 --- a/app/controllers/v1/configs_controller.rb +++ b/app/controllers/v1/configs_controller.rb @@ -2,7 +2,8 @@ class V1::ConfigsController < ApiController include ControllerExtension::JsonFile before_filter :require_login, :unless => :anonymous_access_allowed? - before_filter :sanitize_filename, only: :show + before_filter :sanitize_id, only: :show + before_filter :lookup_file, only: :show before_filter :fetch_file, only: :show def index @@ -13,22 +14,26 @@ class V1::ConfigsController < ApiController send_file end - SERVICES = { - soledad: "soledad-service.json", - eip: "eip-service.json", - smtp: "smtp-service.json" - } - protected + SERVICE_IDS = { + soledad: "soledad-service", + eip: "eip-service", + smtp: "smtp-service" + } + def service_paths - Hash[SERVICES.map{|k,v| [k,"/1/configs/#{v}"] } ] + Hash[SERVICE_IDS.map{|k,v| [k,"/1/configs/#{v}.json"] } ] + end + + def sanitize_id + @id = params[:id].downcase + access_denied unless SERVICE_IDS.values.include? @id end - def sanitize_filename - @filename = params[:id].downcase - @filename += '.json' unless @filename.ends_with?('.json') - access_denied unless SERVICES.values.include? @filename - @filename = Rails.root.join('public', '1', 'config', @filename) + def lookup_file + path = APP_CONFIG[:config_file_paths][@id] + not_found if path.blank? + @filename = Rails.root.join path end end diff --git a/config/defaults.yml b/config/defaults.yml index 42c7be9..daef122 100644 --- a/config/defaults.yml +++ b/config/defaults.yml @@ -50,6 +50,10 @@ common: &common - support - billing allow_registration: true + config_file_paths: + soledad-service: 'public/1/config/soledad-service.json' + eip-service: 'public/1/config/eip-service.json' + smtp-service: 'public/1/config/smtp-service.json' service_levels: &service_levels service_levels: diff --git a/features/anonymous.feature b/features/anonymous.feature new file mode 100644 index 0000000..73a6d3f --- /dev/null +++ b/features/anonymous.feature @@ -0,0 +1,34 @@ +@config +Feature: Anonymous access to EIP + + A provider may choose to allow anonymous access to EIP. + In this case some endpoints that would normally require authentication + will be available without authentication. + + Background: + Given "allow_anonymous_certs" is enabled in the config + And I set headers: + | Accept | application/json | + | Content-Type | application/json | + + Scenario: Fetch configs when anonymous certs are allowed + When I send a GET request to "/1/configs.json" + Then the response status should be "200" + + Scenario: Fetch EIP config when anonymous certs are allowed + Given there is a config for the eip + When I send a GET request to "/1/configs/eip-service.json" + Then the response status should be "200" + + Scenario: Fetch service description + When I send a GET request to "/1/service.json" + Then the response status should be "200" + And the response should be: + """ + { + "name": "anonymous", + "description": "anonymous access to the VPN", + "eip_rate_limit": false + } + """ + diff --git a/features/config.feature b/features/config.feature index 6adaed9..0b2ee70 100644 --- a/features/config.feature +++ b/features/config.feature @@ -15,16 +15,10 @@ Feature: Download Provider Configuration @tempfile Scenario: Fetch provider config - Given the provider config is: - """ - {"config": "me"} - """ + Given there is a config for the provider When I send a GET request to "/provider.json" Then the response status should be "200" - And the response should be: - """ - {"config": "me"} - """ + And the response should be that config Scenario: Missing provider config When I send a GET request to "/provider.json" @@ -44,3 +38,19 @@ Feature: Download Provider Configuration } } """ + + Scenario: Attempt to fetch an invalid config + When I send a GET request to "/1/configs/non-existing.json" + Then the response status should be "403" + + Scenario: Attempt to fetch a config that is missing on the server + When I send a GET request to "/1/configs/eip-service.json" + Then the response status should be "404" + + @tempfile, @config + Scenario: Attempt to fetch the EIP config + Given there is a config for the eip + When I send a GET request to "/1/configs/eip-service.json" + Then the response status should be "200" + And the response should be that config + diff --git a/features/service.feature b/features/service.feature new file mode 100644 index 0000000..ea49c74 --- /dev/null +++ b/features/service.feature @@ -0,0 +1,33 @@ +Feature: Get service description for current user + + The LEAP provider can offer different services and their availability may + depend upon a users service level - so wether they are paying or not. + + The /1/service endpoint allows the client to find out about the services + available to the authenticated user. + + Background: + Given I authenticated + Given I set headers: + | Accept | application/json | + | Content-Type | application/json | + | Authorization | Token token="MY_AUTH_TOKEN" | + + Scenario: Get service settings + When I send a GET request to "/1/service" + Then the response status should be "200" + And the response should be: + """ + { + "name": "free", + "description": "free account, with rate limited VPN", + "eip_rate_limit": true, + "storage": 100, + "services": [ + "eip" + ] + } + """ + + + diff --git a/features/step_definitions/config_steps.rb b/features/step_definitions/config_steps.rb index 70ff1aa..1fc67f5 100644 --- a/features/step_definitions/config_steps.rb +++ b/features/step_definitions/config_steps.rb @@ -1,12 +1,20 @@ -Given /the provider config is:$/ do |config| - @tempfile = Tempfile.new('provider.json') - @tempfile.write config +# use with @tempfile, @config +Given /there is a config for the (.*)$/ do |config| + @dummy_config = {dummy_config_for: config}.to_json + @tempfile = Tempfile.new("#{config}.json") + @tempfile.write @dummy_config @tempfile.close - StaticConfigController::PROVIDER_JSON = @tempfile.path + if config == 'provider' + StaticConfigController::PROVIDER_JSON = @tempfile.path + else + @orig_config ||= APP_CONFIG.dup + APP_CONFIG[:config_file_paths].merge! "#{config}-service" => @tempfile.path + end end -# use with @config tag so the config changes are reverted after the scenario +# use with @config Given /^"([^"]*)" is (enabled|disabled|"[^"]") in the config$/ do |key, value| + @orig_config ||= APP_CONFIG.dup value = case value when 'disabled' then false when 'enabled' then true @@ -14,3 +22,7 @@ Given /^"([^"]*)" is (enabled|disabled|"[^"]") in the config$/ do |key, value| end APP_CONFIG.merge! key => value end + +Then /^the response should be that config$/ do + assert_equal @dummy_config, last_response.body +end diff --git a/features/support/hooks.rb b/features/support/hooks.rb index f2e3b41..256e5d8 100644 --- a/features/support/hooks.rb +++ b/features/support/hooks.rb @@ -5,10 +5,8 @@ After '@tempfile' do end end -Around '@config' do |scenario, block| - old_config = APP_CONFIG.dup - block.call - APP_CONFIG.replace old_config +After '@config' do |scenario, block| + APP_CONFIG.replace @orig_config if @orig_config end # store end of server log for failing scenarios diff --git a/features/unauthenticated.feature b/features/unauthenticated.feature index 870adb1..aea7117 100644 --- a/features/unauthenticated.feature +++ b/features/unauthenticated.feature @@ -10,22 +10,10 @@ Feature: Unauthenticated API endpoints @tempfile Scenario: Fetch provider config - Given the provider config is: - """ - {"config": "me"} - """ + Given there is a config for the provider When I send a GET request to "/provider.json" Then the response status should be "200" - And the response should be: - """ - {"config": "me"} - """ - - @config - Scenario: Fetch configs when anonymous certs are allowed - Given "allow_anonymous_certs" is enabled in the config - When I send a GET request to "/1/configs.json" - Then the response status should be "200" + And the response should be that config Scenario: Authentication required response When I send a GET request to "/1/configs" @@ -38,5 +26,6 @@ Feature: Unauthenticated API endpoints When I send requests to these endpoints: | GET | /1/configs | | GET | /1/configs/config_id.json | + | GET | /1/service | | DELETE | /1/logout | Then they should require authentication -- cgit v1.2.3 From cbf73046f42aeafb760e378d872f8c06f8bdfe86 Mon Sep 17 00:00:00 2001 From: Azul Date: Thu, 31 Jul 2014 09:42:37 +0200 Subject: update debugger to work with latest ruby --- Gemfile.lock | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/Gemfile.lock b/Gemfile.lock index 38a8793..0a269f0 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -101,12 +101,12 @@ GEM nokogiri (~> 1.5) rails (>= 3, < 5) daemons (1.1.9) - debugger (1.6.6) + debugger (1.6.8) columnize (>= 0.3.1) debugger-linecache (~> 1.2.0) - debugger-ruby_core_source (~> 1.3.2) + debugger-ruby_core_source (~> 1.3.5) debugger-linecache (1.2.0) - debugger-ruby_core_source (1.3.2) + debugger-ruby_core_source (1.3.5) diff-lcs (1.2.5) erubis (2.7.0) eventmachine (1.0.3) -- cgit v1.2.3