diff --git a/briar-headless/README.md b/briar-headless/README.md index d2782368f..a6ac23cdf 100644 --- a/briar-headless/README.md +++ b/briar-headless/README.md @@ -87,7 +87,7 @@ outside of Briar via an external channel. Once you have received the link of your future contact, you can add them by posting the link together with an arbitrary nickname (or alias): -`POST /v1/contacts/add` +`POST /v1/contacts/add/pending` The link and the alias should be posted as a JSON object: diff --git a/briar-headless/src/main/java/org/briarproject/briar/headless/Router.kt b/briar-headless/src/main/java/org/briarproject/briar/headless/Router.kt index 6dffbeb0a..12afce4f5 100644 --- a/briar-headless/src/main/java/org/briarproject/briar/headless/Router.kt +++ b/briar-headless/src/main/java/org/briarproject/briar/headless/Router.kt @@ -65,12 +65,12 @@ constructor( path("/contacts") { get { ctx -> contactController.list(ctx) } path("add") { - post { ctx -> contactController.addPendingContact(ctx) } path("link") { get { ctx -> contactController.link(ctx) } } path("pending") { get { ctx -> contactController.listPendingContacts(ctx) } + post { ctx -> contactController.addPendingContact(ctx) } delete { ctx -> contactController.removePendingContact(ctx) } } } diff --git a/briar-headless/src/test/java/org/briarproject/briar/headless/IntegrationTest.kt b/briar-headless/src/test/java/org/briarproject/briar/headless/IntegrationTest.kt index 2ef97aced..9f53cd275 100644 --- a/briar-headless/src/test/java/org/briarproject/briar/headless/IntegrationTest.kt +++ b/briar-headless/src/test/java/org/briarproject/briar/headless/IntegrationTest.kt @@ -59,6 +59,10 @@ abstract class IntegrationTest { return khttp.post(url, getAuthTokenHeader(token), data = data) } + protected fun postWithWrongToken(url: String) : Response { + return khttp.post(url, getAuthTokenHeader("wrongToken"), data = "") + } + protected fun delete(url: String) : Response { return khttp.delete(url, getAuthTokenHeader(token)) } diff --git a/briar-headless/src/test/java/org/briarproject/briar/headless/contact/ContactControllerIntegrationTest.kt b/briar-headless/src/test/java/org/briarproject/briar/headless/contact/ContactControllerIntegrationTest.kt index 96cd0b0ad..bd63c1193 100644 --- a/briar-headless/src/test/java/org/briarproject/briar/headless/contact/ContactControllerIntegrationTest.kt +++ b/briar-headless/src/test/java/org/briarproject/briar/headless/contact/ContactControllerIntegrationTest.kt @@ -45,6 +45,12 @@ class ContactControllerIntegrationTest: IntegrationTest() { assertEquals(BASE32_LINK_BYTES + 8, link.length) } + @Test + fun `returning own handshake link needs authentication token`() { + val response = getWithWrongToken("$url/contacts/add/link") + assertEquals(401, response.statusCode) + } + @Test fun `returns list of pending contacts`() { // retrieve empty list of pending contacts @@ -58,7 +64,7 @@ class ContactControllerIntegrationTest: IntegrationTest() { "link": "${getRealHandshakeLink(crypto)}", "alias": "$alias" }""" - response = post("$url/contacts/add", json) + response = post("$url/contacts/add/pending", json) assertEquals(200, response.statusCode) // get added contact as only list item @@ -81,6 +87,24 @@ class ContactControllerIntegrationTest: IntegrationTest() { assertEquals(0, response.jsonArray.length()) } + @Test + fun `returning list of pending contacts needs authentication token`() { + val response = getWithWrongToken("$url/contacts/add/pending") + assertEquals(401, response.statusCode) + } + + @Test + fun `adding pending contacts needs authentication token`() { + val response = postWithWrongToken("$url/contacts/add/pending") + assertEquals(401, response.statusCode) + } + + @Test + fun `removing a pending contact needs authentication token`() { + val response = deleteWithWrongToken("$url/contacts/add/pending") + assertEquals(401, response.statusCode) + } + @Test fun `deleting contact need authentication token`() { val response = deleteWithWrongToken("$url/contacts/1")