Flip back to default allow

In order to serve the frontend and all assets and all paths we have to allow access by default. This change does that and then lists routes where access should be denied.
ilios · Nov 15, 2021 · fb967f3 · fb967f3
1 parent 1419910
commit fb967f3
Show file tree

Hide file tree

Showing 3 changed files with 41 additions and 4 deletions.
diff --git a/config/packages/security.yaml b/config/packages/security.yaml
@@ -3,12 +3,14 @@ security:
   access_control:
     - { path: '^/api/doc', roles: PUBLIC_ACCESS }
     - { path: '^/api$', roles: PUBLIC_ACCESS }
-    - { path: '^/lm/[a-zA-Z0-9]{64}$', roles: PUBLIC_ACCESS }
-    - { path: '^/ci-report-dl/[a-zA-Z0-9]{64}$', roles: PUBLIC_ACCESS }
     - { path: '^/application/config', roles: PUBLIC_ACCESS }
     - { path: '^/auth/(login|logout)', roles: PUBLIC_ACCESS }
-    - { path: '^/ilios/health', roles: PUBLIC_ACCESS }
-    - { path: '^/', roles: IS_AUTHENTICATED_FULLY }
+    - { path: '^/auth', roles: IS_AUTHENTICATED_FULLY }
+    - { path: '^/api', roles: IS_AUTHENTICATED_FULLY }
+    - { path: '^/application', roles: IS_AUTHENTICATED_FULLY }
+    - { path: '^/upload', roles: IS_AUTHENTICATED_FULLY }
+    - { path: '^/error', roles: IS_AUTHENTICATED_FULLY }
+    - { path: '^/', roles: PUBLIC_ACCESS }
   access_decision_manager:
     allow_if_all_abstain: false
     strategy: unanimous

diff --git a/tests/Controller/ErrorControllerTest.php b/tests/Controller/ErrorControllerTest.php
@@ -53,4 +53,23 @@ public function testIndex()
         $response = $this->kernelBrowser->getResponse();
         $this->assertEquals(Response::HTTP_NO_CONTENT, $response->getStatusCode(), $response->getContent());
     }
+
+    public function testAnonymousAccessDenied()
+    {
+        $faker = FakerFactory::create();
+
+        $data = [
+            'mainMessage' => $faker->text(100),
+            'stack' => $faker->text(1000)
+        ];
+        $this->makeJsonRequest(
+            $this->kernelBrowser,
+            'POST',
+            '/errors',
+            json_encode(['data' => json_encode($data)])
+        );
+
+        $response = $this->kernelBrowser->getResponse();
+        $this->assertEquals(Response::HTTP_UNAUTHORIZED, $response->getStatusCode());
+    }
 }
diff --git a/tests/Controller/UploadControllerTest.php b/tests/Controller/UploadControllerTest.php
@@ -65,6 +65,22 @@ public function testUploadFile()
         $this->assertSame($data['filename'], 'TESTFILE.txt');
         $this->assertSame($data['fileHash'], md5_file(__FILE__));
     }
+    public function testAnonymousUploadFileDenied()
+    {
+        $client = static::createClient();
+
+        $this->makeJsonRequest(
+            $client,
+            'POST',
+            '/upload',
+            null,
+            [],
+            ['file' => $this->fakeTestFile]
+        );
+
+        $response = $client->getResponse();
+        $this->assertJsonResponse($response, Response::HTTP_UNAUTHORIZED);
+    }
 
     public function testBadUpload()
     {