Commit 3bb70b83 authored by Antonio Terceiro's avatar Antonio Terceiro

api: don't crash on failed authentication

parent 9ce17e1d
......@@ -394,8 +394,7 @@ module Debci
def authenticate!
key = env['HTTP_AUTH_KEY']
@user = Debci::Key.authenticate(key)
if @user
if key && @user = Debci::Key.authenticate(key)
response['Auth-User'] = @user
else
halt(403, "Invalid key\n")
......
......@@ -247,6 +247,11 @@ describe Debci::API do
context 'retriggers' do
it 'rejects non-authenticated requests' do
post '/api/v1/retry/1'
expect(last_response.status).to eq(403)
end
it 'displays a user friendly page' do
get '/api/v1/retry/1'
expect(last_response.status).to eq(200)
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment