diff --git a/lib/debci/api.rb b/lib/debci/api.rb index 208a0023b00e4fef1e80fcc42bd69a4c7458e735..c565d9f18d94c49984b661e5b7b6eb54e83778bf 100644 --- a/lib/debci/api.rb +++ b/lib/debci/api.rb @@ -126,7 +126,12 @@ module Debci Presents a simple UI for retrying a test EOF get '/retry/:run_id' do - erb :retry + @user = ENV['FAKE_CERTIFICATE_USER'] || env['SSL_CLIENT_S_DN_CN'] + if @user + erb :retry + else + [403, erb(:cant_retry)] + end end doc <<-EOF @@ -138,8 +143,8 @@ module Debci * `:run_id`: which Job ID to retry EOF post '/retry/:run_id' do - username = ENV['FAKE_CERTIFICATE_USER'] || env['SSL_CLIENT_S_DN_CN'] - if not username + @user = ENV['FAKE_CERTIFICATE_USER'] || env['SSL_CLIENT_S_DN_CN'] + if not @user authenticate! end run_id = params[:run_id] diff --git a/lib/debci/api/cant_retry.erb b/lib/debci/api/cant_retry.erb new file mode 100644 index 0000000000000000000000000000000000000000..cd49088b3dd1b444d38fbdc6a08402fdc5a8e767 --- /dev/null +++ b/lib/debci/api/cant_retry.erb @@ -0,0 +1,45 @@ + + + + + + + +

403 Forbidden: missing authentication

+ +

+ To retry a test job, you need to be authenticated with a client certificate + (e.g. Debian SSO), or with a API key. See the API + documentation for more information. +

+ +

+ Once you are properly authenticated, just reload this page to get the retry + form. +

+ + + diff --git a/spec/debci/api_spec.rb b/spec/debci/api_spec.rb index b53bdfd92055fc596772bb412bd0a2c37dc9dc85..b275548b9041a66033fe6f1334499e67526855df 100644 --- a/spec/debci/api_spec.rb +++ b/spec/debci/api_spec.rb @@ -252,12 +252,18 @@ describe Debci::API do expect(last_response.status).to eq(403) end - it 'displays a user friendly page' do - get '/api/v1/retry/1' + it 'displays a user friendly page to authenticated users' do + get '/api/v1/retry/1', {}, { 'SSL_CLIENT_S_DN_CN' => 'foo@bar.com' } expect(last_response.status).to eq(200) expect(last_response.content_type).to match('text/html') end + it 'displays a "Forbidden" page to non-authenticated users' do + get '/api/v1/retry/1' + expect(last_response.status).to eq(403) + expect(last_response.content_type).to match('text/html') + end + it 'can retrigger a valid request with key' do package = 'mypackage' user = 'myuser'