Skip to content
Snippets Groups Projects
Commit e7dfe732 authored by azul's avatar azul
Browse files

Merge branch '8800-hand-out-configs-json-without-authentication' into 'master'

feat: allow unauthenticated access to list of configs

Closes #8800

See merge request !45
parents d717aba3 ef91e8fe
No related branches found
No related tags found
1 merge request!45feat: allow unauthenticated access to list of configs
Pipeline #
class Api::ConfigsController < ApiController class Api::ConfigsController < ApiController
include ControllerExtension::JsonFile include ControllerExtension::JsonFile
before_filter :require_login, :unless => :anonymous_access_allowed? before_filter :require_login,
:unless => :anonymous_access_allowed?,
:except => :index
before_filter :sanitize_id, only: :show before_filter :sanitize_id, only: :show
def index def index
......
...@@ -13,12 +13,12 @@ Feature: Authentication ...@@ -13,12 +13,12 @@ Feature: Authentication
Given I authenticated Given I authenticated
And I set headers: And I set headers:
| Authorization | Token token="MY_AUTH_TOKEN" | | Authorization | Token token="MY_AUTH_TOKEN" |
When I send a GET request to "/1/configs.json" When I send a GET request to "/1/service"
Then the response status should be "200" Then the response status should be "200"
Scenario: Submitting an invalid token Scenario: Submitting an invalid token
Given I authenticated Given I authenticated
And I set headers: And I set headers:
| Authorization | Token token="InvalidToken" | | Authorization | Token token="InvalidToken" |
When I send a GET request to "/1/configs.json" When I send a GET request to "/1/service"
Then the response status should be "401" Then the response status should be "401"
...@@ -16,7 +16,7 @@ Feature: Unauthenticated API endpoints ...@@ -16,7 +16,7 @@ Feature: Unauthenticated API endpoints
And the response should be that config And the response should be that config
Scenario: Authentication required response Scenario: Authentication required response
When I send a GET request to "/1/configs" When I send a GET request to "/1/configs/config_id.json"
Then the response status should be "401" Then the response status should be "401"
And the response should have "error" with "not_authorized_login" And the response should have "error" with "not_authorized_login"
And the response should have "message" And the response should have "message"
...@@ -24,7 +24,6 @@ Feature: Unauthenticated API endpoints ...@@ -24,7 +24,6 @@ Feature: Unauthenticated API endpoints
Scenario: Authentication required for all other API endpoints (incomplete) Scenario: Authentication required for all other API endpoints (incomplete)
Given I am not logged in Given I am not logged in
When I send requests to these endpoints: When I send requests to these endpoints:
| GET | /1/configs |
| GET | /1/configs/config_id.json | | GET | /1/configs/config_id.json |
| GET | /1/service | | GET | /1/service |
| DELETE | /1/logout | | DELETE | /1/logout |
......
...@@ -13,12 +13,12 @@ Feature: Authentication ...@@ -13,12 +13,12 @@ Feature: Authentication
Given I authenticated Given I authenticated
And I set headers: And I set headers:
| Authorization | Token token="MY_AUTH_TOKEN" | | Authorization | Token token="MY_AUTH_TOKEN" |
When I send a GET request to "/2/configs.json" When I send a GET request to "/2/service"
Then the response status should be "200" Then the response status should be "200"
Scenario: Submitting an invalid token Scenario: Submitting an invalid token
Given I authenticated Given I authenticated
And I set headers: And I set headers:
| Authorization | Token token="InvalidToken" | | Authorization | Token token="InvalidToken" |
When I send a GET request to "/2/configs.json" When I send a GET request to "/2/service"
Then the response status should be "401" Then the response status should be "401"
...@@ -15,8 +15,22 @@ Feature: Unauthenticated API endpoints ...@@ -15,8 +15,22 @@ Feature: Unauthenticated API endpoints
Then the response status should be "200" Then the response status should be "200"
And the response should be that config And the response should be that config
Scenario: Fetch list of available configs
When I send a GET request to "/2/configs.json"
Then the response status should be "200"
And the response should be:
"""
{
"services": {
"soledad": "/2/configs/soledad-service.json",
"eip": "/2/configs/eip-service.json",
"smtp": "/2/configs/smtp-service.json"
}
}
"""
Scenario: Authentication required response Scenario: Authentication required response
When I send a GET request to "/2/configs" When I send a GET request to "/2/configs/config_id.json"
Then the response status should be "401" Then the response status should be "401"
And the response should have "error" with "not_authorized_login" And the response should have "error" with "not_authorized_login"
And the response should have "message" And the response should have "message"
...@@ -24,7 +38,6 @@ Feature: Unauthenticated API endpoints ...@@ -24,7 +38,6 @@ Feature: Unauthenticated API endpoints
Scenario: Authentication required for all other API endpoints (incomplete) Scenario: Authentication required for all other API endpoints (incomplete)
Given I am not logged in Given I am not logged in
When I send requests to these endpoints: When I send requests to these endpoints:
| GET | /2/configs |
| GET | /2/configs/config_id.json | | GET | /2/configs/config_id.json |
| GET | /2/service | | GET | /2/service |
| DELETE | /2/logout | | DELETE | /2/logout |
......
...@@ -6,12 +6,12 @@ ...@@ -6,12 +6,12 @@
require 'test_helper' require 'test_helper'
class Api::TokenAuthTest < ApiControllerTest class Api::TokenAuthTest < ApiControllerTest
tests Api::ConfigsController tests Api::ServicesController
def test_login_via_api_token def test_login_via_api_token
with_config(:allow_anonymous_certs => false) do with_config(:allow_anonymous_certs => false) do
monitor_auth do monitor_auth do
api_get :index api_get :show
assert assigns(:token), 'should have authenticated via api token' assert assigns(:token), 'should have authenticated via api token'
assert assigns(:token).is_a? ApiToken assert assigns(:token).is_a? ApiToken
assert @controller.send(:current_user).is_a? ApiMonitorUser assert @controller.send(:current_user).is_a? ApiMonitorUser
...@@ -26,10 +26,10 @@ class Api::TokenAuthTest < ApiControllerTest ...@@ -26,10 +26,10 @@ class Api::TokenAuthTest < ApiControllerTest
with_config(new_config) do with_config(new_config) do
monitor_auth do monitor_auth do
request.env['REMOTE_ADDR'] = "1.1.1.1" request.env['REMOTE_ADDR'] = "1.1.1.1"
api_get :index api_get :show
assert_nil assigns(:token), "should not be able to auth with api token when ip restriction doesn't allow it" assert_nil assigns(:token), "should not be able to auth with api token when ip restriction doesn't allow it"
request.env['REMOTE_ADDR'] = allowed request.env['REMOTE_ADDR'] = allowed
api_get :index api_get :show
assert assigns(:token), "should have authenticated via api token" assert assigns(:token), "should have authenticated via api token"
end end
end end
......
0% Loading or .
You are about to add 0 people to the discussion. Proceed with caution.
Please register or to comment