<!--

Copyright 2017-2018 Lars Wirzenius

This program is free software: you can redistribute it and/or modify
it under the terms of the GNU Affero General Public License as published by
the Free Software Foundation, either version 3 of the License, or
(at your option) any later version.

This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
GNU Affero General Public License for more details.

You should have received a copy of the GNU Affero General Public License
along with this program.  If not, see <http://www.gnu.org/licenses/>.

-->

# Unauthorized requests

This scenario make unauthorized requests and checks the right error is
returned.

    SCENARIO unauthorized requests

Set up the controller.

    GIVEN an RSA key pair for token signing
    AND controller config uses statedir at the state directory
    AND controller config uses https://blobs.example.com as artifact store
    AND controller config uses https://auth.example.com as authentication
    AND controller config uses https://notify.example.com as notify
    AND an access token for user with scopes
    ... uapi_projects_post
    ... uapi_projects_id_status_put
    ... uapi_projects_id_status_get
    ... uapi_projects_id_builds_get
    ... uapi_workers_id_get
    ... uapi_builds_get
    ... uapi_builds_id_get
    ... uapi_logs_id_get
    AND a running ick controller

    WHEN user makes request POST /projects with a valid token and body
    ... {
    ...     "project": "rome",
    ...     "pipelines": [
    ...         {
    ...             "pipeline": "construct",
    ...             "actions": [
    ...                 { "shell": "day 1" },
    ...                 { "shell": "day 2" }
    ...             ]
    ...         }
    ...     ]
    ... }
    THEN result has status code 201

    GIVEN an access token for outsider with scopes
    ... uapi_version_get
    WHEN outsider makes request POST /projects 
    ... with an invalid token and body {}
    THEN result has status code 401

    WHEN outsider makes request GET /builds with an invalid token
    THEN result has status code 401

    WHEN outsider makes request
    ... POST /workers with an invalid token and body [}
    THEN result has status code 401

    WHEN outsider makes request
    ... GET /work with an invalid token
    THEN result has status code 401

    WHEN outsider makes request
    ... GET /workers with an invalid token
    THEN result has status code 401

    WHEN outsider makes request
    ... GET /builds with an invalid token
    THEN result has status code 401

    WHEN outsider makes request GET /logs/1 with an invalid token
    THEN result has status code 401

    WHEN outsider makes request POST /work with an invalid token and body {}
    THEN result has status code 401

    FINALLY stop ick controller