diff --git a/src/routes/apps.js b/src/routes/apps.js index 937f4d076..a58d5ffc2 100644 --- a/src/routes/apps.js +++ b/src/routes/apps.js @@ -154,6 +154,8 @@ function configureApp(req, res, next) { if (('portBindings' in data) && typeof data.portBindings !== 'object') return next(new HttpError(400, 'portBindings must be an object')); if (typeof data.accessRestriction !== 'object') return next(new HttpError(400, 'accessRestriction is required')); if (typeof data.oauthProxy !== 'boolean') return next(new HttpError(400, 'oauthProxy must be a boolean')); + if (data.cert && !data.key) return next(new HttpError(400, 'key must be provided')); + if (!data.cert && data.key) return next(new HttpError(400, 'cert must be provided')); debug('Configuring app id:%s location:%s bindings:%j accessRestriction:%j oauthProxy:%s', req.params.id, data.location, data.portBindings, data.accessRestriction, data.oauthProxy); diff --git a/src/routes/test/apps-test.js b/src/routes/test/apps-test.js index 8dae353eb..f1eefb74c 100644 --- a/src/routes/test/apps-test.js +++ b/src/routes/test/apps-test.js @@ -61,7 +61,10 @@ var USERNAME_1 = 'user', PASSWORD_1 = 'password', EMAIL_1 ='user@me.com'; var token = null; // authentication token var token_1 = null; - var awsHostedZones = { +var TEST_CRT_FILEPATH = null; +var TEST_KEY_FILEPATH = null; + +var awsHostedZones = { HostedZones: [{ Id: '/hostedzone/ZONEID', Name: 'localhost.', @@ -131,6 +134,14 @@ function setup(done) { }); }, + function (callback) { + // keep in sync with script + TEST_CRT_FILEPATH = '/tmp/test.crt'; + TEST_KEY_FILEPATH = '/tmp/test.key'; + + child_process.exec(__dirname + '/create_test_certificate.sh', callback); + }, + function (callback) { console.log('Starting addons, this can take 10 seconds'); child_process.exec(__dirname + '/start_addons.sh', callback); @@ -1288,6 +1299,26 @@ describe('App installation - port bindings', function () { }); }); + it('cannot reconfigure app with only the cert, no key', function (done) { + request.post(SERVER_URL + '/api/v1/apps/' + APP_ID + '/configure') + .query({ access_token: token }) + .send({ appId: APP_ID, password: PASSWORD, location: APP_LOCATION_NEW, portBindings: { ECHO_SERVER_PORT: 7172 }, accessRestriction: null, oauthProxy: true, cert: fs.readFileSync(TEST_CRT_FILEPATH) }) + .end(function (err, res) { + expect(res.statusCode).to.equal(400); + done(); + }); + }); + + it('cannot reconfigure app with only the key, no cert', function (done) { + request.post(SERVER_URL + '/api/v1/apps/' + APP_ID + '/configure') + .query({ access_token: token }) + .send({ appId: APP_ID, password: PASSWORD, location: APP_LOCATION_NEW, portBindings: { ECHO_SERVER_PORT: 7172 }, accessRestriction: null, oauthProxy: true, key: fs.readFileSync(TEST_KEY_FILEPATH) }) + .end(function (err, res) { + expect(res.statusCode).to.equal(400); + done(); + }); + }); + it('non admin cannot reconfigure app', function (done) { request.post(SERVER_URL + '/api/v1/apps/' + APP_ID + '/configure') .query({ access_token: token_1 }) @@ -1382,6 +1413,16 @@ describe('App installation - port bindings', function () { }, done); }); + it('can reconfigure app with custom certificate', function (done) { + request.post(SERVER_URL + '/api/v1/apps/' + APP_ID + '/configure') + .query({ access_token: token }) + .send({ appId: APP_ID, password: PASSWORD, location: APP_LOCATION_NEW, portBindings: { ECHO_SERVER_PORT: 7172 }, accessRestriction: null, oauthProxy: true, cert: fs.readFileSync(TEST_CRT_FILEPATH), key: fs.readFileSync(TEST_KEY_FILEPATH) }) + .end(function (err, res) { + expect(res.statusCode).to.equal(202); + checkConfigureStatus(0, done); + }); + }); + it('can stop app', function (done) { request.post(SERVER_URL + '/api/v1/apps/' + APP_ID + '/stop') .query({ access_token: token })