diff --git a/app/controllers/api/configs_controller.rb b/app/controllers/api/configs_controller.rb
index 0f9b8a657c5cc269656227986bd666a671c6c5b9..2a05bedc4127e2c7708b6194b324097d323d23a5 100644
--- a/app/controllers/api/configs_controller.rb
+++ b/app/controllers/api/configs_controller.rb
@@ -1,7 +1,9 @@
class Api::ConfigsController < ApiController
include ControllerExtension::JsonFile
- before_filter :require_login, :unless => :anonymous_access_allowed?
+ before_filter :require_login,
+ :unless => :anonymous_access_allowed?,
+ :except => :index
before_filter :sanitize_id, only: :show
def index
diff --git a/features/1/authentication.feature b/features/1/authentication.feature
index 52b562f0c51482f645d5ad82e0fa8b4743f42b8e..a6e553813afb37f2df6fc6db45240bda84b7b0b6 100644
--- a/features/1/authentication.feature
+++ b/features/1/authentication.feature
@@ -13,12 +13,12 @@ Feature: Authentication
Given I authenticated
And I set headers:
| Authorization | Token token="MY_AUTH_TOKEN" |
- When I send a GET request to "/1/configs.json"
+ When I send a GET request to "/1/service"
Then the response status should be "200"
Scenario: Submitting an invalid token
Given I authenticated
And I set headers:
| Authorization | Token token="InvalidToken" |
- When I send a GET request to "/1/configs.json"
+ When I send a GET request to "/1/service"
Then the response status should be "401"
diff --git a/features/1/unauthenticated.feature b/features/1/unauthenticated.feature
index aea7117ea6e5a30052cbbf09b3ec66223e2c79fe..a135f145b385d9819158f6d481bcea5b27b5a687 100644
--- a/features/1/unauthenticated.feature
+++ b/features/1/unauthenticated.feature
@@ -16,7 +16,7 @@ Feature: Unauthenticated API endpoints
And the response should be that config
Scenario: Authentication required response
- When I send a GET request to "/1/configs"
+ When I send a GET request to "/1/configs/config_id.json"
Then the response status should be "401"
And the response should have "error" with "not_authorized_login"
And the response should have "message"
@@ -24,7 +24,6 @@ Feature: Unauthenticated API endpoints
Scenario: Authentication required for all other API endpoints (incomplete)
Given I am not logged in
When I send requests to these endpoints:
- | GET | /1/configs |
| GET | /1/configs/config_id.json |
| GET | /1/service |
| DELETE | /1/logout |
diff --git a/features/authentication.feature b/features/authentication.feature
index 806e2b71e5d08b27ac2f3cf875816ef957c20f1c..4dc6c78dbaf75df4432963ccbd4b97d7d8f88e52 100644
--- a/features/authentication.feature
+++ b/features/authentication.feature
@@ -13,12 +13,12 @@ Feature: Authentication
Given I authenticated
And I set headers:
| Authorization | Token token="MY_AUTH_TOKEN" |
- When I send a GET request to "/2/configs.json"
+ When I send a GET request to "/2/service"
Then the response status should be "200"
Scenario: Submitting an invalid token
Given I authenticated
And I set headers:
| Authorization | Token token="InvalidToken" |
- When I send a GET request to "/2/configs.json"
+ When I send a GET request to "/2/service"
Then the response status should be "401"
diff --git a/features/unauthenticated.feature b/features/unauthenticated.feature
index b4b0f55d7373d7463611f3c7a2bf37fb1f17c330..a55faa7c2a23082ea30bd4a9e7db5258877220b0 100644
--- a/features/unauthenticated.feature
+++ b/features/unauthenticated.feature
@@ -15,8 +15,22 @@ Feature: Unauthenticated API endpoints
Then the response status should be "200"
And the response should be that config
+ Scenario: Fetch list of available configs
+ When I send a GET request to "/2/configs.json"
+ Then the response status should be "200"
+ And the response should be:
+ """
+ {
+ "services": {
+ "soledad": "/2/configs/soledad-service.json",
+ "eip": "/2/configs/eip-service.json",
+ "smtp": "/2/configs/smtp-service.json"
+ }
+ }
+ """
+
Scenario: Authentication required response
- When I send a GET request to "/2/configs"
+ When I send a GET request to "/2/configs/config_id.json"
Then the response status should be "401"
And the response should have "error" with "not_authorized_login"
And the response should have "message"
@@ -24,7 +38,6 @@ Feature: Unauthenticated API endpoints
Scenario: Authentication required for all other API endpoints (incomplete)
Given I am not logged in
When I send requests to these endpoints:
- | GET | /2/configs |
| GET | /2/configs/config_id.json |
| GET | /2/service |
| DELETE | /2/logout |
diff --git a/test/functional/api/token_auth_test.rb b/test/functional/api/token_auth_test.rb
index c7f91c7f33a8a4d88863cc287e5e24e1dc6b83f0..d6731a115b926e24580848fc3803703708aa4493 100644
--- a/test/functional/api/token_auth_test.rb
+++ b/test/functional/api/token_auth_test.rb
@@ -6,12 +6,12 @@
require 'test_helper'
class Api::TokenAuthTest < ApiControllerTest
- tests Api::ConfigsController
+ tests Api::ServicesController
def test_login_via_api_token
with_config(:allow_anonymous_certs => false) do
monitor_auth do
- api_get :index
+ api_get :show
assert assigns(:token), 'should have authenticated via api token'
assert assigns(:token).is_a? ApiToken
assert @controller.send(:current_user).is_a? ApiMonitorUser
@@ -26,10 +26,10 @@ class Api::TokenAuthTest < ApiControllerTest
with_config(new_config) do
monitor_auth do
request.env['REMOTE_ADDR'] = "1.1.1.1"
- api_get :index
+ api_get :show
assert_nil assigns(:token), "should not be able to auth with api token when ip restriction doesn't allow it"
request.env['REMOTE_ADDR'] = allowed
- api_get :index
+ api_get :show
assert assigns(:token), "should have authenticated via api token"
end
end