From 69ab586ba929262c7b69947e1f66a477fd3cadab Mon Sep 17 00:00:00 2001
From: Beth Skurrie <beth@bethesque.com>
Date: Sun, 17 Sep 2017 11:17:55 +1000
Subject: [PATCH] feat: changed configuration property name from  to

---
 .../api/renderers/html_pact_renderer.rb       |  2 +-
 lib/pact_broker/api/resources/badge.rb        |  2 +-
 lib/pact_broker/configuration.rb              | 13 +++--
 spec/features/get_latest_pact_badge_spec.rb   |  2 +-
 .../get_latest_tagged_pact_badge_spec.rb      |  2 +-
 .../get_latest_untagged_pact_badge_spec.rb    |  2 +-
 .../api/renderers/html_pact_renderer_spec.rb  |  2 +-
 .../pact_broker/api/resources/badge_spec.rb   | 47 +++++++++++++------
 8 files changed, 48 insertions(+), 24 deletions(-)

diff --git a/lib/pact_broker/api/renderers/html_pact_renderer.rb b/lib/pact_broker/api/renderers/html_pact_renderer.rb
index e5a2d35fd..c1ca69ac8 100644
--- a/lib/pact_broker/api/renderers/html_pact_renderer.rb
+++ b/lib/pact_broker/api/renderers/html_pact_renderer.rb
@@ -70,7 +70,7 @@ def pact_metadata
         end
 
         def badge_list_items
-          if PactBroker.configuration.enable_badge_resources
+          if PactBroker.configuration.enable_public_badge_access
             "<li class='badge'>
               <img src='#{badge_url}'/>
             </li>
diff --git a/lib/pact_broker/api/resources/badge.rb b/lib/pact_broker/api/resources/badge.rb
index e545b6f3a..bdd299e08 100644
--- a/lib/pact_broker/api/resources/badge.rb
+++ b/lib/pact_broker/api/resources/badge.rb
@@ -21,7 +21,7 @@ def resource_exists?
         end
 
         def is_authorized?(authorization_header)
-          PactBroker.configuration.enable_badge_resources
+          super || PactBroker.configuration.enable_public_badge_access
         end
 
         def forbidden?
diff --git a/lib/pact_broker/configuration.rb b/lib/pact_broker/configuration.rb
index 75f711418..3954a742c 100644
--- a/lib/pact_broker/configuration.rb
+++ b/lib/pact_broker/configuration.rb
@@ -11,15 +11,17 @@ def self.reset_configuration
 
   class Configuration
 
-    SAVABLE_SETTING_NAMES = [:order_versions_by_date, :use_case_sensitive_resource_names, :enable_badge_resources, :shields_io_base_url]
+    SAVABLE_SETTING_NAMES = [:order_versions_by_date, :use_case_sensitive_resource_names, :enable_public_badge_access, :shields_io_base_url]
 
     attr_accessor :log_dir, :database_connection, :auto_migrate_db, :use_hal_browser, :html_pact_renderer
     attr_accessor :validate_database_connection_config, :enable_diagnostic_endpoints, :version_parser
     attr_accessor :use_case_sensitive_resource_names, :order_versions_by_date
     attr_accessor :semver_formats
-    attr_accessor :enable_badge_resources, :shields_io_base_url
+    attr_accessor :enable_public_badge_access, :shields_io_base_url
     attr_writer :logger
 
+    alias_method :enable_badge_resources=, :enable_public_badge_access=
+
     def initialize
       @before_resource_hook = ->(resource){}
       @after_resource_hook = ->(resource){}
@@ -39,7 +41,7 @@ def self.default_configuration
       config.use_hal_browser = true
       config.validate_database_connection_config = true
       config.enable_diagnostic_endpoints = true
-      config.enable_badge_resources = false # For security
+      config.enable_public_badge_access = false # For security
       config.shields_io_base_url = "https://img.shields.io".freeze
       config.use_case_sensitive_resource_names = true
       config.html_pact_renderer = default_html_pact_render
@@ -106,6 +108,11 @@ def after_resource &block
       end
     end
 
+    def enable_badge_resources= enable_badge_resources
+      puts "Pact Broker configuration property `enable_badge_resources` is deprecated. Please use `enable_public_badge_access`"
+      enable_public_badge_access= enable_badge_resources
+    end
+
     def save_to_database
       # Can't require a Sequel::Model class before the connection has been set
       require 'pact_broker/config/save'
diff --git a/spec/features/get_latest_pact_badge_spec.rb b/spec/features/get_latest_pact_badge_spec.rb
index 52ba47c00..30e11283c 100644
--- a/spec/features/get_latest_pact_badge_spec.rb
+++ b/spec/features/get_latest_pact_badge_spec.rb
@@ -3,7 +3,7 @@
 describe "get latest pact badge" do
 
   before do
-    PactBroker.configuration.enable_badge_resources = true
+    PactBroker.configuration.enable_public_badge_access = true
     TestDataBuilder.new
       .create_consumer('consumer')
       .create_provider('provider')
diff --git a/spec/features/get_latest_tagged_pact_badge_spec.rb b/spec/features/get_latest_tagged_pact_badge_spec.rb
index 228a72dfb..2263185d5 100644
--- a/spec/features/get_latest_tagged_pact_badge_spec.rb
+++ b/spec/features/get_latest_tagged_pact_badge_spec.rb
@@ -3,7 +3,7 @@
 describe "get latest tagged pact badge" do
 
   before do
-    PactBroker.configuration.enable_badge_resources = true
+    PactBroker.configuration.enable_public_badge_access = true
     PactBroker.configuration.shields_io_base_url = nil
     TestDataBuilder.new
       .create_consumer('consumer')
diff --git a/spec/features/get_latest_untagged_pact_badge_spec.rb b/spec/features/get_latest_untagged_pact_badge_spec.rb
index b2007c730..b15a145d2 100644
--- a/spec/features/get_latest_untagged_pact_badge_spec.rb
+++ b/spec/features/get_latest_untagged_pact_badge_spec.rb
@@ -3,7 +3,7 @@
 describe "get latest untagged pact badge" do
 
   before do
-    PactBroker.configuration.enable_badge_resources = true
+    PactBroker.configuration.enable_public_badge_access = true
     PactBroker.configuration.shields_io_base_url = nil
     TestDataBuilder.new
       .create_consumer('consumer')
diff --git a/spec/lib/pact_broker/api/renderers/html_pact_renderer_spec.rb b/spec/lib/pact_broker/api/renderers/html_pact_renderer_spec.rb
index 307d59803..80bb0a26b 100644
--- a/spec/lib/pact_broker/api/renderers/html_pact_renderer_spec.rb
+++ b/spec/lib/pact_broker/api/renderers/html_pact_renderer_spec.rb
@@ -9,7 +9,7 @@ module Renderers
         before do
           ENV['BACKUP_TZ'] = ENV['TZ']
           ENV['TZ'] = "Australia/Melbourne"
-          PactBroker.configuration.enable_badge_resources = true
+          PactBroker.configuration.enable_public_badge_access = true
         end
 
         after do
diff --git a/spec/lib/pact_broker/api/resources/badge_spec.rb b/spec/lib/pact_broker/api/resources/badge_spec.rb
index 7f9a2e3f5..a515edb4e 100644
--- a/spec/lib/pact_broker/api/resources/badge_spec.rb
+++ b/spec/lib/pact_broker/api/resources/badge_spec.rb
@@ -8,32 +8,49 @@ module Resources
         let(:path) { "/pacts/provider/provider/consumer/consumer/latest/badge" }
         let(:params) { {} }
 
+        before do
+          allow(PactBroker::Pacts::Service).to receive(:find_latest_pact).and_return(pact)
+          allow(PactBroker::Verifications::Service).to receive(:find_latest_verification_for).and_return(verification)
+          allow(PactBroker::Badges::Service).to receive(:pact_verification_badge).and_return("badge")
+          allow(PactBroker::Verifications::Status).to receive(:new).and_return(verification_status)
+        end
+
+        let(:pact) { instance_double("PactBroker::Domain::Pact", consumer: consumer, provider: provider) }
+        let(:consumer) { double('consumer') }
+        let(:provider) { double('provider') }
+        let(:verification) { double("verification") }
+        let(:verification_status) { instance_double("PactBroker::Verifications::Status", to_sym: :verified) }
+
+
         subject { get path, params, {'HTTP_ACCEPT' => 'image/svg+xml'}; last_response }
 
-        context "when enable_badge_resources is false" do
+        context "when enable_public_badge_access is false and the request is not authenticated" do
           before do
-            PactBroker.configuration.enable_badge_resources = false
+            PactBroker.configuration.enable_public_badge_access = false
+            allow_any_instance_of(Badge).to receive(:authenticated?).and_return(false)
           end
 
-          it "returns a 404" do
-            expect(subject.status).to eq 404
+          it "returns a 401" do
+            expect(subject.status).to eq 401
           end
         end
 
-        context "when enable_badge_resources is true" do
+        context "when enable_public_badge_access is false but the request is authenticated" do
           before do
-            PactBroker.configuration.enable_badge_resources = true
-            allow(PactBroker::Pacts::Service).to receive(:find_latest_pact).and_return(pact)
-            allow(PactBroker::Verifications::Service).to receive(:find_latest_verification_for).and_return(verification)
-            allow(PactBroker::Badges::Service).to receive(:pact_verification_badge).and_return("badge")
-            allow(PactBroker::Verifications::Status).to receive(:new).and_return(verification_status)
+            PactBroker.configuration.enable_public_badge_access = false
+            allow_any_instance_of(Badge).to receive(:authenticated?).and_return(true)
           end
 
-          let(:pact) { instance_double("PactBroker::Domain::Pact", consumer: consumer, provider: provider) }
-          let(:consumer) { double('consumer') }
-          let(:provider) { double('provider') }
-          let(:verification) { double("verification") }
-          let(:verification_status) { instance_double("PactBroker::Verifications::Status", to_sym: :verified) }
+          it "returns a 200" do
+            expect(subject.status).to eq 200
+          end
+        end
+
+        context "when enable_public_badge_access is true" do
+
+          before do
+            PactBroker.configuration.enable_public_badge_access = true
+          end
 
           it "retrieves the latest pact" do
             expect(PactBroker::Pacts::Service).to receive(:find_latest_pact)