From ef91e8fe1fb5c1cf8f2f84fd25ef2b115f0ec8c8 Mon Sep 17 00:00:00 2001 From: Azul Date: Mon, 11 Sep 2017 14:55:14 +0200 Subject: feat: allow unauthenticated access to list of configs This should simplify client code significantly according to platform#8849 --- app/controllers/api/configs_controller.rb | 4 +++- features/1/authentication.feature | 4 ++-- features/1/unauthenticated.feature | 3 +-- features/authentication.feature | 4 ++-- features/unauthenticated.feature | 17 +++++++++++++++-- test/functional/api/token_auth_test.rb | 8 ++++---- 6 files changed, 27 insertions(+), 13 deletions(-) diff --git a/app/controllers/api/configs_controller.rb b/app/controllers/api/configs_controller.rb index 0f9b8a6..2a05bed 100644 --- a/app/controllers/api/configs_controller.rb +++ b/app/controllers/api/configs_controller.rb @@ -1,7 +1,9 @@ class Api::ConfigsController < ApiController include ControllerExtension::JsonFile - before_filter :require_login, :unless => :anonymous_access_allowed? + before_filter :require_login, + :unless => :anonymous_access_allowed?, + :except => :index before_filter :sanitize_id, only: :show def index diff --git a/features/1/authentication.feature b/features/1/authentication.feature index 52b562f..a6e5538 100644 --- a/features/1/authentication.feature +++ b/features/1/authentication.feature @@ -13,12 +13,12 @@ Feature: Authentication Given I authenticated And I set headers: | Authorization | Token token="MY_AUTH_TOKEN" | - When I send a GET request to "/1/configs.json" + When I send a GET request to "/1/service" Then the response status should be "200" Scenario: Submitting an invalid token Given I authenticated And I set headers: | Authorization | Token token="InvalidToken" | - When I send a GET request to "/1/configs.json" + When I send a GET request to "/1/service" Then the response status should be "401" diff --git a/features/1/unauthenticated.feature b/features/1/unauthenticated.feature index aea7117..a135f14 100644 --- a/features/1/unauthenticated.feature +++ b/features/1/unauthenticated.feature @@ -16,7 +16,7 @@ Feature: Unauthenticated API endpoints And the response should be that config Scenario: Authentication required response - When I send a GET request to "/1/configs" + When I send a GET request to "/1/configs/config_id.json" Then the response status should be "401" And the response should have "error" with "not_authorized_login" And the response should have "message" @@ -24,7 +24,6 @@ Feature: Unauthenticated API endpoints Scenario: Authentication required for all other API endpoints (incomplete) Given I am not logged in When I send requests to these endpoints: - | GET | /1/configs | | GET | /1/configs/config_id.json | | GET | /1/service | | DELETE | /1/logout | diff --git a/features/authentication.feature b/features/authentication.feature index 806e2b7..4dc6c78 100644 --- a/features/authentication.feature +++ b/features/authentication.feature @@ -13,12 +13,12 @@ Feature: Authentication Given I authenticated And I set headers: | Authorization | Token token="MY_AUTH_TOKEN" | - When I send a GET request to "/2/configs.json" + When I send a GET request to "/2/service" Then the response status should be "200" Scenario: Submitting an invalid token Given I authenticated And I set headers: | Authorization | Token token="InvalidToken" | - When I send a GET request to "/2/configs.json" + When I send a GET request to "/2/service" Then the response status should be "401" diff --git a/features/unauthenticated.feature b/features/unauthenticated.feature index b4b0f55..a55faa7 100644 --- a/features/unauthenticated.feature +++ b/features/unauthenticated.feature @@ -15,8 +15,22 @@ Feature: Unauthenticated API endpoints Then the response status should be "200" And the response should be that config + Scenario: Fetch list of available configs + When I send a GET request to "/2/configs.json" + Then the response status should be "200" + And the response should be: + """ + { + "services": { + "soledad": "/2/configs/soledad-service.json", + "eip": "/2/configs/eip-service.json", + "smtp": "/2/configs/smtp-service.json" + } + } + """ + Scenario: Authentication required response - When I send a GET request to "/2/configs" + When I send a GET request to "/2/configs/config_id.json" Then the response status should be "401" And the response should have "error" with "not_authorized_login" And the response should have "message" @@ -24,7 +38,6 @@ Feature: Unauthenticated API endpoints Scenario: Authentication required for all other API endpoints (incomplete) Given I am not logged in When I send requests to these endpoints: - | GET | /2/configs | | GET | /2/configs/config_id.json | | GET | /2/service | | DELETE | /2/logout | diff --git a/test/functional/api/token_auth_test.rb b/test/functional/api/token_auth_test.rb index c7f91c7..d6731a1 100644 --- a/test/functional/api/token_auth_test.rb +++ b/test/functional/api/token_auth_test.rb @@ -6,12 +6,12 @@ require 'test_helper' class Api::TokenAuthTest < ApiControllerTest - tests Api::ConfigsController + tests Api::ServicesController def test_login_via_api_token with_config(:allow_anonymous_certs => false) do monitor_auth do - api_get :index + api_get :show assert assigns(:token), 'should have authenticated via api token' assert assigns(:token).is_a? ApiToken assert @controller.send(:current_user).is_a? ApiMonitorUser @@ -26,10 +26,10 @@ class Api::TokenAuthTest < ApiControllerTest with_config(new_config) do monitor_auth do request.env['REMOTE_ADDR'] = "1.1.1.1" - api_get :index + api_get :show assert_nil assigns(:token), "should not be able to auth with api token when ip restriction doesn't allow it" request.env['REMOTE_ADDR'] = allowed - api_get :index + api_get :show assert assigns(:token), "should have authenticated via api token" end end -- cgit v1.2.3