From 11d1efaef622335fe6d45917ce0b50a02e4a24a1 Mon Sep 17 00:00:00 2001
From: Azul <azul@leap.se>
Date: Fri, 18 Jul 2014 12:22:56 +0200
Subject: Allow fetching configs if anonymous EIP access is allowed

---
 features/unauthenticated.feature | 15 ++++++++++++++-
 1 file changed, 14 insertions(+), 1 deletion(-)

(limited to 'features/unauthenticated.feature')

diff --git a/features/unauthenticated.feature b/features/unauthenticated.feature
index 120274b..870adb1 100644
--- a/features/unauthenticated.feature
+++ b/features/unauthenticated.feature
@@ -21,9 +21,22 @@ Feature: Unauthenticated API endpoints
       {"config": "me"}
       """
 
-  Scenario: Authentication required for all other API endpoints
+  @config
+  Scenario: Fetch configs when anonymous certs are allowed
+    Given "allow_anonymous_certs" is enabled in the config
+    When I send a GET request to "/1/configs.json"
+    Then the response status should be "200"
+
+  Scenario: Authentication required response
     When I send a GET request to "/1/configs"
     Then the response status should be "401"
     And the response should have "error" with "not_authorized_login"
     And the response should have "message"
 
+  Scenario: Authentication required for all other API endpoints (incomplete)
+    Given I am not logged in
+    When I send requests to these endpoints:
+      |  GET   | /1/configs                |
+      |  GET   | /1/configs/config_id.json |
+      | DELETE | /1/logout                 |
+    Then they should require authentication
-- 
cgit v1.2.3