diff --git a/app/controllers/v1/configs_controller.rb b/app/controllers/v1/configs_controller.rb
index accdf5a00113b46c0e9c2edc9dd8604d841dce01..9c016051acb5a12f9f5e6c24c35e8a294a966125 100644
--- a/app/controllers/v1/configs_controller.rb
+++ b/app/controllers/v1/configs_controller.rb
@@ -1,7 +1,7 @@
class V1::ConfigsController < ApiController
include ControllerExtension::JsonFile
- before_filter :require_login
+ before_filter :require_login, :unless => :anonymous_certs_allowed?
before_filter :sanitize_filename, only: :show
before_filter :fetch_file, only: :show
@@ -21,6 +21,10 @@ class V1::ConfigsController < ApiController
protected
+ def anonymous_certs_allowed?
+ APP_CONFIG[:allow_anonymous_certs]
+ end
+
def service_paths
Hash[SERVICES.map{|k,v| [k,"/1/configs/#{v}"] } ]
end
diff --git a/features/step_definitions/auth_steps.rb b/features/step_definitions/auth_steps.rb
index 00d90045f29b04e181e1d7a7a2f09490cf953725..e75455a065a90dce5d7878943b6e283f278dc2dd 100644
--- a/features/step_definitions/auth_steps.rb
+++ b/features/step_definitions/auth_steps.rb
@@ -1,6 +1,21 @@
-
Given /^I authenticated$/ do
@user = FactoryGirl.create(:user)
@my_auth_token = Token.create user_id: @user.id
end
+Given /^I am not logged in$/ do
+ @my_auth_token = nil
+end
+
+When /^I send requests to these endpoints:$/ do |endpoints|
+ @endpoints = endpoints.rows_hash
+end
+
+Then /^they should require authentication$/ do
+ @endpoints.each do |type, path|
+ opts = {method: type.downcase.to_sym}
+ request path, opts
+ assert_equal 401, last_response.status,
+ "Expected #{type} #{path} to require authentication."
+ end
+end
diff --git a/features/step_definitions/config_steps.rb b/features/step_definitions/config_steps.rb
index 50ae829bf88463c2e3063e9bb56da39671997422..70ff1aa88564c8fb3cbe29b35a2c0deeca0186c1 100644
--- a/features/step_definitions/config_steps.rb
+++ b/features/step_definitions/config_steps.rb
@@ -4,3 +4,13 @@ Given /the provider config is:$/ do |config|
@tempfile.close
StaticConfigController::PROVIDER_JSON = @tempfile.path
end
+
+# use with @config tag so the config changes are reverted after the scenario
+Given /^"([^"]*)" is (enabled|disabled|"[^"]") in the config$/ do |key, value|
+ value = case value
+ when 'disabled' then false
+ when 'enabled' then true
+ else value.gsub('"', '')
+ end
+ APP_CONFIG.merge! key => value
+end
diff --git a/features/support/hooks.rb b/features/support/hooks.rb
index f11e60222964b0639a03162045a0e438efeac314..f2e3b418f17f6ef3663f915354eb7545deffffb5 100644
--- a/features/support/hooks.rb
+++ b/features/support/hooks.rb
@@ -5,6 +5,12 @@ After '@tempfile' do
end
end
+Around '@config' do |scenario, block|
+ old_config = APP_CONFIG.dup
+ block.call
+ APP_CONFIG.replace old_config
+end
+
# store end of server log for failing scenarios
After do |scenario|
if scenario.failed?
diff --git a/features/unauthenticated.feature b/features/unauthenticated.feature
index 120274b0f6c04159234772f33c364a73ec49d0ae..870adb1554b4f31e53582788de5f44a62ed9ff99 100644
--- a/features/unauthenticated.feature
+++ b/features/unauthenticated.feature
@@ -21,9 +21,22 @@ Feature: Unauthenticated API endpoints
{"config": "me"}
"""
- Scenario: Authentication required for all other API endpoints
+ @config
+ Scenario: Fetch configs when anonymous certs are allowed
+ Given "allow_anonymous_certs" is enabled in the config
+ When I send a GET request to "/1/configs.json"
+ Then the response status should be "200"
+
+ Scenario: Authentication required response
When I send a GET request to "/1/configs"
Then the response status should be "401"
And the response should have "error" with "not_authorized_login"
And the response should have "message"
+ Scenario: Authentication required for all other API endpoints (incomplete)
+ Given I am not logged in
+ When I send requests to these endpoints:
+ | GET | /1/configs |
+ | GET | /1/configs/config_id.json |
+ | DELETE | /1/logout |
+ Then they should require authentication