Merge pull request #3579 from alphagov/skip-api-authentication-in-dev…

…-environment Skip API authentication in dev environment
alphagov · Feb 10, 2025 · 7110be4 · 7110be4
2 parents f34747b + 3f02ae7
commit 7110be4
Show file tree

Hide file tree

Showing 2 changed files with 19 additions and 3 deletions.
diff --git a/app/controllers/api/users_controller.rb b/app/controllers/api/users_controller.rb
@@ -1,5 +1,5 @@
 class Api::UsersController < ApplicationController
-  before_action :doorkeeper_authorize!, :check_signon_permissions
+  before_action :authorize_api_access, unless: -> { Rails.env.development? }
   skip_after_action :verify_authorized
 
   def index
@@ -9,6 +9,10 @@ def index
 
 private
 
+  def authorize_api_access
+    doorkeeper_authorize! && check_signon_permissions
+  end
+
   def check_signon_permissions
     head :unauthorized unless doorkeeper_token&.application&.signon?
   end

diff --git a/test/controllers/api/users_controller_test.rb b/test/controllers/api/users_controller_test.rb
@@ -2,7 +2,7 @@
 
 class Api::UsersControllerTest < ActionController::TestCase
   setup do
-    @application = create(:application, name: "Signon API")
+    @application = create(:application)
   end
 
   context "as admin user" do
@@ -18,9 +18,21 @@ class Api::UsersControllerTest < ActionController::TestCase
     end
   end
 
+  context "in development environment" do
+    setup do
+      Rails.env.stubs(:development?).returns(true)
+    end
+
+    should "be able to access the API endpoint" do
+      get :index
+
+      assert_equal "200", response.code
+    end
+  end
+
   context "as a user with a valid token" do
     setup do
-      @user = create(:user)
+      @user = create(:user, name: "Signon API")
       @user.grant_application_signin_permission(@application)
       @token = create(:access_token, application: @application, resource_owner_id: @user.id)