Require an auth token to use snapshots

2026-01-26 01:58:41 -05:00 · 2015-07-16 10:58:21 -07:00 · 2015-07-16 10:58:21 -07:00 · 1689133b19
commit 1689133b19
parent fe65d5b11b
2 changed files with 66 additions and 0 deletions
--- a/lib/vmpooler/api/v1.rb
+++ b/lib/vmpooler/api/v1.rb
@ -518,6 +518,8 @@ module Vmpooler
    post "#{api_prefix}/vm/:hostname/snapshot/?" do
      content_type :json

+      need_token! if Vmpooler::API.settings.config[:auth]
+
      status 404
      result = { 'ok' => false }

@ -541,6 +543,8 @@ module Vmpooler
    post "#{api_prefix}/vm/:hostname/snapshot/:snapshot/?" do
      content_type :json

+      need_token! if Vmpooler::API.settings.config[:auth]
+
      status 404
      result = { 'ok' => false }

--- a/spec/vmpooler/api/v1_spec.rb
+++ b/spec/vmpooler/api/v1_spec.rb
@ -434,6 +434,9 @@ describe Vmpooler::API::V1 do
    end

    describe 'POST /vm/:hostname/snapshot' do
+      context '(auth not configured)' do
+        let(:config) { { auth: false } }
+
        it 'creates a snapshot' do
          expect(redis).to receive(:sadd)

@ -444,9 +447,39 @@ describe Vmpooler::API::V1 do
          expect(JSON.parse(last_response.body)['testhost']['snapshot'].length).to be(32)
          expect(last_response.status).to eq(202)
        end
+      end
+
+      context '(auth configured)' do
+        let(:config) { { auth: true } }
+
+        it 'returns a 401 if not authed' do
+          post "#{prefix}/vm/testhost/snapshot"
+
+          expect(last_response).not_to be_ok
+          expect(last_response.header['Content-Type']).to eq('application/json')
+          expect(last_response.body).to eq(JSON.pretty_generate({'ok' => false}))
+          expect(last_response.status).to eq(401)
+        end
+
+        it 'creates a snapshot if authed' do
+          expect(redis).to receive(:sadd)
+
+          post "#{prefix}/vm/testhost/snapshot", "", {
+            'HTTP_X_AUTH_TOKEN' => 'abcdefghijklmnopqrstuvwxyz012345'
+          }
+
+          expect(last_response.header['Content-Type']).to eq('application/json')
+          expect(JSON.parse(last_response.body)['ok']).to eq(true)
+          expect(JSON.parse(last_response.body)['testhost']['snapshot'].length).to be(32)
+          expect(last_response.status).to eq(202)
+        end
+      end
    end

    describe 'POST /vm/:hostname/snapshot/:snapshot' do
+      context '(auth not configured)' do
+        let(:config) { { auth: false } }
+
        it 'reverts to a snapshot' do
          expect(redis).to receive(:exists).with('vmpooler__vm__testhost').and_return(1)
          expect(redis).to receive(:hget).with('vmpooler__vm__testhost', 'snapshot:testsnapshot').and_return(1)
@ -458,6 +491,35 @@ describe Vmpooler::API::V1 do
          expect(last_response.body).to include('"ok": true')
          expect(last_response.status).to eq(202)
        end
+      end
+
+      context '(auth configured)' do
+        let(:config) { { auth: true } }
+
+        it 'returns a 401 if not authed' do
+          post "#{prefix}/vm/testhost/snapshot"
+
+          expect(last_response).not_to be_ok
+          expect(last_response.header['Content-Type']).to eq('application/json')
+          expect(last_response.body).to eq(JSON.pretty_generate({'ok' => false}))
+          expect(last_response.status).to eq(401)
+        end
+
+        it 'reverts to a snapshot if authed' do
+          expect(redis).to receive(:exists).with('vmpooler__vm__testhost').and_return(1)
+          expect(redis).to receive(:hget).with('vmpooler__vm__testhost', 'snapshot:testsnapshot').and_return(1)
+          expect(redis).to receive(:sadd)
+
+          post "#{prefix}/vm/testhost/snapshot/testsnapshot", "", {
+            'HTTP_X_AUTH_TOKEN' => 'abcdefghijklmnopqrstuvwxyz012345'
+          }
+
+          expect(last_response.header['Content-Type']).to eq('application/json')
+          expect(last_response.body).to include('"ok": true')
+          expect(last_response.status).to eq(202)
+        end
+      end
+
    end
  end