Don't require username/password authentication for GET /token/:token route

2026-01-26 10:08:40 -05:00 · 2015-11-04 13:19:15 -08:00 · 2015-11-04 13:19:15 -08:00 · d74c9ff512
commit d74c9ff512
parent e0356968df
3 changed files with 2 additions and 17 deletions
--- a/API.md
+++ b/API.md
@ -43,8 +43,7 @@ Enter host password for user 'jdoe':
 Get information about an existing token (including associated VMs).

 ```
-$ curl -u jdoe --url vmpooler.company.com/api/v1/token/utpg2i2xswor6h8ttjhu3d47z53yy47y
-Enter host password for user 'jdoe':
+$ curl --url vmpooler.company.com/api/v1/token/utpg2i2xswor6h8ttjhu3d47z53yy47y
 ```
 ```json
 {
--- a/lib/vmpooler/api/v1.rb
+++ b/lib/vmpooler/api/v1.rb
@ -201,10 +201,6 @@ module Vmpooler
      result = { 'ok' => false }

      if Vmpooler::API.settings.config[:auth]
-        status 401
-
-        need_auth!
-
        token = backend.hgetall('vmpooler__token__' + params[:token])

        if not token.nil? and not token.empty?
@ -221,8 +217,6 @@ module Vmpooler
          end

          result = { 'ok' => true, params[:token] => token }
-        else
-          status 404
        end
      end

--- a/spec/vmpooler/api/v1_spec.rb
+++ b/spec/vmpooler/api/v1_spec.rb
@ -127,19 +127,11 @@ describe Vmpooler::API::V1 do
          ]
        } }

-        it 'returns a 401 if not authed' do
-          get "#{prefix}/token/this"
-
-          expect_json(ok = false, http = 401)
-        end
-
-        it 'returns a token if authed' do
+        it 'returns a token' do
          expect(redis).to receive(:hgetall).with('vmpooler__token__this').and_return({'user' => 'admin'})
          expect(redis).to receive(:smembers).with('vmpooler__running__pool1').and_return(['vmhostname'])
          expect(redis).to receive(:hget).with('vmpooler__vm__vmhostname', 'token:token').and_return('this')

-          authorize 'admin', 's3cr3t'
-
          get "#{prefix}/token/this"

          expect(JSON.parse(last_response.body)['ok']).to eq(true)