zydronium/internetee-registry
1
0
Fork 0
mirror of https://github.com/internetee/registry.git synced 2025-07-26 04:28:27 +02:00
Code Issues Projects Releases Packages Wiki Activity

Add IP block on authentication via EID

Browse source 
Also, correct mistakenly used 403 error code.
Update aplication-example.yml to include new functionality.
This commit is contained in:
Maciej Szlosarczyk 2018-07-24 11:33:51 +03:00
parent 8f234a5852
commit 42004f933f
No known key found for this signature in database
GPG key ID: 41D62D42D3B0D765
6 changed files with 42 additions and 6 deletions
Download patch file Download diff file Expand all files Collapse all files

14
test/system/api/registrant/registrant_api_authentication_test.rb
View file

@ -33,6 +33,20 @@ class RegistrantApiAuthenticationTest < ApplicationSystemTestCase
end
end
def test_request_returns_401_from_a_not_whitelisted_ip
params = { foo: :bar, test: :test }
@original_whitelist_ip = ENV['registrant_api_auth_allowed_ips']
ENV['registrant_api_auth_allowed_ips'] = '1.2.3.4'
post '/api/v1/registrant/auth/eid', params
assert_equal(401, response.status)
json_body = JSON.parse(response.body, symbolize_names: true)
assert_equal({error: 'Not authorized'}, json_body)
ENV['registrant_api_auth_allowed_ips'] = @original_whitelist_ip
end
def test_request_documented_parameters_are_required
params = { foo: :bar, test: :test }

7
test/system/api/registrant/registrant_api_domains_test.rb
View file

@ -14,9 +14,12 @@ class RegistrantApiDomainsTest < ApplicationSystemTestCase
assert_equal(200, response.status)
end
def test_root_returns_403_without_authorization
def test_root_returns_401_without_authorization
get '/api/v1/registrant/domains', {}, {}
assert_equal(403, response.status)
assert_equal(401, response.status)
json_body = JSON.parse(response.body, symbolize_names: true)
assert_equal({error: 'Not authorized'}, json_body)
end
private