mirror of
https://github.com/internetee/registry.git
synced 2025-07-24 03:30:33 +02:00
Add IP block on authentication via EID
Also, correct mistakenly used 403 error code. Update aplication-example.yml to include new functionality.
This commit is contained in:
parent
8f234a5852
commit
42004f933f
6 changed files with 42 additions and 6 deletions
|
@ -33,6 +33,20 @@ class RegistrantApiAuthenticationTest < ApplicationSystemTestCase
|
|||
end
|
||||
end
|
||||
|
||||
def test_request_returns_401_from_a_not_whitelisted_ip
|
||||
params = { foo: :bar, test: :test }
|
||||
@original_whitelist_ip = ENV['registrant_api_auth_allowed_ips']
|
||||
ENV['registrant_api_auth_allowed_ips'] = '1.2.3.4'
|
||||
|
||||
post '/api/v1/registrant/auth/eid', params
|
||||
assert_equal(401, response.status)
|
||||
json_body = JSON.parse(response.body, symbolize_names: true)
|
||||
|
||||
assert_equal({error: 'Not authorized'}, json_body)
|
||||
|
||||
ENV['registrant_api_auth_allowed_ips'] = @original_whitelist_ip
|
||||
end
|
||||
|
||||
def test_request_documented_parameters_are_required
|
||||
params = { foo: :bar, test: :test }
|
||||
|
||||
|
|
|
@ -14,9 +14,12 @@ class RegistrantApiDomainsTest < ApplicationSystemTestCase
|
|||
assert_equal(200, response.status)
|
||||
end
|
||||
|
||||
def test_root_returns_403_without_authorization
|
||||
def test_root_returns_401_without_authorization
|
||||
get '/api/v1/registrant/domains', {}, {}
|
||||
assert_equal(403, response.status)
|
||||
assert_equal(401, response.status)
|
||||
json_body = JSON.parse(response.body, symbolize_names: true)
|
||||
|
||||
assert_equal({error: 'Not authorized'}, json_body)
|
||||
end
|
||||
|
||||
private
|
||||
|
|
Loading…
Add table
Add a link
Reference in a new issue