diff --git a/mailbox-core/src/main/java/org/briarproject/mailbox/core/server/Routing.kt b/mailbox-core/src/main/java/org/briarproject/mailbox/core/server/Routing.kt
index 15605cf8578c3dd017e75c0b3264c2657688e780..20ecdee08460628233187c39fc9244cb35b8f83d 100644
--- a/mailbox-core/src/main/java/org/briarproject/mailbox/core/server/Routing.kt
+++ b/mailbox-core/src/main/java/org/briarproject/mailbox/core/server/Routing.kt
@@ -4,6 +4,7 @@ import io.ktor.application.Application
import io.ktor.application.ApplicationCall
import io.ktor.application.call
import io.ktor.auth.authenticate
+import io.ktor.auth.principal
import io.ktor.features.BadRequestException
import io.ktor.features.MissingRequestParameterException
import io.ktor.http.ContentType
@@ -33,11 +34,20 @@ internal fun Application.configureBasicApi(
) = routing {
route(V) {
get {
- call.respondText("Hello, I'm a Briar teapot",
+ call.respondText(
+ "Hello, I'm a Briar teapot",
ContentType.Text.Plain,
- HttpStatusCode(418, "I'm a teapot"))
+ HttpStatusCode(418, "I'm a teapot")
+ )
}
authenticate {
+ get("/status") {
+ call.handle {
+ if (call.principal<MailboxPrincipal>() !is MailboxPrincipal.OwnerPrincipal)
+ throw AuthException()
+ call.respond(HttpStatusCode.OK)
+ }
+ }
delete {
call.handle {
wipeManager.onWipeRequest(call)
diff --git a/mailbox-core/src/test/java/org/briarproject/mailbox/core/server/StatusIntegrationTest.kt b/mailbox-core/src/test/java/org/briarproject/mailbox/core/server/StatusIntegrationTest.kt
new file mode 100644
index 0000000000000000000000000000000000000000..2439ef58a6690482d36b4ed24bd65a94e8a5b9a4
--- /dev/null
+++ b/mailbox-core/src/test/java/org/briarproject/mailbox/core/server/StatusIntegrationTest.kt
@@ -0,0 +1,54 @@
+package org.briarproject.mailbox.core.server
+
+import io.ktor.client.request.get
+import io.ktor.client.statement.HttpResponse
+import io.ktor.client.statement.readText
+import io.ktor.http.HttpStatusCode
+import kotlinx.coroutines.runBlocking
+import org.junit.jupiter.api.BeforeEach
+import org.junit.jupiter.api.Test
+import kotlin.test.assertEquals
+
+class StatusIntegrationTest : IntegrationTest() {
+
+ @BeforeEach
+ fun initDb() {
+ addOwnerToken()
+ addContact(contact1)
+ addContact(contact2)
+ }
+
+ @Test
+ fun `owner can access status`(): Unit = runBlocking {
+ val response: HttpResponse = httpClient.get("$baseUrl/status") {
+ authenticateWithToken(ownerToken)
+ }
+ assertEquals(HttpStatusCode.OK, response.status)
+ assertEquals("", response.readText())
+ }
+
+ @Test
+ fun `contact cannot access status`(): Unit = runBlocking {
+ val response: HttpResponse = httpClient.get("$baseUrl/status") {
+ authenticateWithToken(contact1.token)
+ }
+ assertEquals(HttpStatusCode.Unauthorized, response.status)
+ }
+
+ @Test
+ fun `wrong token cannot access status`(): Unit = runBlocking {
+ val response: HttpResponse = httpClient.get("$baseUrl/status") {
+ authenticateWithToken(token)
+ }
+ assertEquals(HttpStatusCode.Unauthorized, response.status)
+ }
+
+ @Test
+ fun `empty token cannot access status`(): Unit = runBlocking {
+ val response: HttpResponse = httpClient.get("$baseUrl/status") {
+ authenticateWithToken("")
+ }
+ assertEquals(HttpStatusCode.Unauthorized, response.status)
+ }
+
+}