From 1689133b1940f32a74aa2a8781edd73c33293ef0 Mon Sep 17 00:00:00 2001 From: Scott Schneider Date: Thu, 16 Jul 2015 10:58:21 -0700 Subject: [PATCH] Require an auth token to use snapshots --- lib/vmpooler/api/v1.rb | 4 +++ spec/vmpooler/api/v1_spec.rb | 62 ++++++++++++++++++++++++++++++++++++ 2 files changed, 66 insertions(+) diff --git a/lib/vmpooler/api/v1.rb b/lib/vmpooler/api/v1.rb index e30a16e..8df2608 100644 --- a/lib/vmpooler/api/v1.rb +++ b/lib/vmpooler/api/v1.rb @@ -518,6 +518,8 @@ module Vmpooler post "#{api_prefix}/vm/:hostname/snapshot/?" do content_type :json + need_token! if Vmpooler::API.settings.config[:auth] + status 404 result = { 'ok' => false } @@ -541,6 +543,8 @@ module Vmpooler post "#{api_prefix}/vm/:hostname/snapshot/:snapshot/?" do content_type :json + need_token! if Vmpooler::API.settings.config[:auth] + status 404 result = { 'ok' => false } diff --git a/spec/vmpooler/api/v1_spec.rb b/spec/vmpooler/api/v1_spec.rb index 3fe760b..0e58d38 100644 --- a/spec/vmpooler/api/v1_spec.rb +++ b/spec/vmpooler/api/v1_spec.rb @@ -434,6 +434,9 @@ describe Vmpooler::API::V1 do end describe 'POST /vm/:hostname/snapshot' do + context '(auth not configured)' do + let(:config) { { auth: false } } + it 'creates a snapshot' do expect(redis).to receive(:sadd) @@ -444,9 +447,39 @@ describe Vmpooler::API::V1 do expect(JSON.parse(last_response.body)['testhost']['snapshot'].length).to be(32) expect(last_response.status).to eq(202) end + end + + context '(auth configured)' do + let(:config) { { auth: true } } + + it 'returns a 401 if not authed' do + post "#{prefix}/vm/testhost/snapshot" + + expect(last_response).not_to be_ok + expect(last_response.header['Content-Type']).to eq('application/json') + expect(last_response.body).to eq(JSON.pretty_generate({'ok' => false})) + expect(last_response.status).to eq(401) + end + + it 'creates a snapshot if authed' do + expect(redis).to receive(:sadd) + + post "#{prefix}/vm/testhost/snapshot", "", { + 'HTTP_X_AUTH_TOKEN' => 'abcdefghijklmnopqrstuvwxyz012345' + } + + expect(last_response.header['Content-Type']).to eq('application/json') + expect(JSON.parse(last_response.body)['ok']).to eq(true) + expect(JSON.parse(last_response.body)['testhost']['snapshot'].length).to be(32) + expect(last_response.status).to eq(202) + end + end end describe 'POST /vm/:hostname/snapshot/:snapshot' do + context '(auth not configured)' do + let(:config) { { auth: false } } + it 'reverts to a snapshot' do expect(redis).to receive(:exists).with('vmpooler__vm__testhost').and_return(1) expect(redis).to receive(:hget).with('vmpooler__vm__testhost', 'snapshot:testsnapshot').and_return(1) @@ -458,6 +491,35 @@ describe Vmpooler::API::V1 do expect(last_response.body).to include('"ok": true') expect(last_response.status).to eq(202) end + end + + context '(auth configured)' do + let(:config) { { auth: true } } + + it 'returns a 401 if not authed' do + post "#{prefix}/vm/testhost/snapshot" + + expect(last_response).not_to be_ok + expect(last_response.header['Content-Type']).to eq('application/json') + expect(last_response.body).to eq(JSON.pretty_generate({'ok' => false})) + expect(last_response.status).to eq(401) + end + + it 'reverts to a snapshot if authed' do + expect(redis).to receive(:exists).with('vmpooler__vm__testhost').and_return(1) + expect(redis).to receive(:hget).with('vmpooler__vm__testhost', 'snapshot:testsnapshot').and_return(1) + expect(redis).to receive(:sadd) + + post "#{prefix}/vm/testhost/snapshot/testsnapshot", "", { + 'HTTP_X_AUTH_TOKEN' => 'abcdefghijklmnopqrstuvwxyz012345' + } + + expect(last_response.header['Content-Type']).to eq('application/json') + expect(last_response.body).to include('"ok": true') + expect(last_response.status).to eq(202) + end + end + end end