make sure :SearchApiRequiresToken is respected #3900

IQSS · Jun 26, 2017 · 6fcd1ce · 6fcd1ce
1 parent 0308476
commit 6fcd1ce
Show file tree

Hide file tree

Showing 3 changed files with 16 additions and 6 deletions.
diff --git a/src/main/java/edu/harvard/iq/dataverse/api/Search.java b/src/main/java/edu/harvard/iq/dataverse/api/Search.java
@@ -226,8 +226,10 @@ public boolean nonPublicSearchAllowed() {
     }
 
     public boolean tokenLessSearchAllowed() {
-        boolean outOfBoxBehavior = true;
-        return settingsSvc.isTrueForKey(SettingsServiceBean.Key.SearchApiRequiresToken, outOfBoxBehavior);
+        boolean outOfBoxBehavior = false;
+        boolean tokenLessSearchAllowed = settingsSvc.isFalseForKey(SettingsServiceBean.Key.SearchApiRequiresToken, outOfBoxBehavior);
+        logger.fine("tokenLessSearchAllowed: " + tokenLessSearchAllowed);
+        return tokenLessSearchAllowed;
     }
 
     private boolean getDataRelatedToMe() {

diff --git a/src/main/java/edu/harvard/iq/dataverse/settings/SettingsServiceBean.java b/src/main/java/edu/harvard/iq/dataverse/settings/SettingsServiceBean.java
@@ -393,6 +393,10 @@ public boolean isTrue( String name, boolean defaultValue ) {
     public boolean isTrueForKey( Key key, boolean defaultValue ) {
         return isTrue( key.toString(), defaultValue );
     }
+
+    public boolean isFalseForKey( Key key, boolean defaultValue ) {
+        return ! isTrue( key.toString(), defaultValue );
+    }
 
     public void deleteValueForKey( Key name ) {
         delete( name.toString() );

diff --git a/src/test/java/edu/harvard/iq/dataverse/api/SearchIT.java b/src/test/java/edu/harvard/iq/dataverse/api/SearchIT.java
@@ -134,6 +134,10 @@ public void testSearchPermisions() throws InterruptedException {
         disableNonPublicSearch.then().assertThat()
                 .statusCode(OK.getStatusCode());
 
+        Response makeSureTokenlessSearchIsEnabled = UtilIT.deleteSetting(SettingsServiceBean.Key.SearchApiRequiresToken);
+        makeSureTokenlessSearchIsEnabled.then().assertThat()
+                .statusCode(OK.getStatusCode());
+
         Response publishedPublicDataShouldBeVisibleToTokenless = UtilIT.search("id:dataset_" + datasetId1, nullToken);
         publishedPublicDataShouldBeVisibleToTokenless.prettyPrint();
         publishedPublicDataShouldBeVisibleToTokenless.then().assertThat()
@@ -142,13 +146,13 @@ public void testSearchPermisions() throws InterruptedException {
                 .body("data.items[0].name", CoreMatchers.is("Darwin's Finches"))
                 .statusCode(OK.getStatusCode());
 
-        Response disableTokenlessSearch = UtilIT.setSetting(SettingsServiceBean.Key.SearchApiRequiresToken, "false");
+        Response disableTokenlessSearch = UtilIT.setSetting(SettingsServiceBean.Key.SearchApiRequiresToken, "true");
         disableTokenlessSearch.then().assertThat()
                 .statusCode(OK.getStatusCode());
 
-        Response dataverse462behaviorOfTokensBeingRequired = UtilIT.search("id:dataset_" + datasetId1, nullToken);
-        dataverse462behaviorOfTokensBeingRequired.prettyPrint();
-        dataverse462behaviorOfTokensBeingRequired.then().assertThat()
+        Response dataverse47behaviorOfTokensBeingRequired = UtilIT.search("id:dataset_" + datasetId1, nullToken);
+        dataverse47behaviorOfTokensBeingRequired.prettyPrint();
+        dataverse47behaviorOfTokensBeingRequired.then().assertThat()
                 .body("message", CoreMatchers.equalTo("Please provide a key query parameter (?key=XXX) or via the HTTP header X-Dataverse-key"))
                 .statusCode(UNAUTHORIZED.getStatusCode());