feature: S3C-2144 Allow disabling authentication

README.md

@@ -15,6 +15,14 @@ To run the server:
 npm start
 ```
 
+To run the server without using the [Signature Version 4 Signing Process](
+https://docs.aws.amazon.com/general/latest/gr/signature-version-4.html), set the
+environment variable `NO_AUTH` to `'true'`:
+
+```
+NO_AUTH=true npm start
+```
+
 ## Client
 
 The module exposes a client, named UtapiClient. Projects can use this client to

src/router/Router.js

@@ -199,6 +199,10 @@ class Router {
      */
     _authSquared(utapiRequest, cb) {
         const log = utapiRequest.getLog();
+        if (process.env.NO_AUTH === 'true') {
+            log.trace('skipping authentication check');
+            return process.nextTick(() => cb());
+        }
         const authHeader = utapiRequest.getRequestHeaders().authorization;
         if (!authHeader || !authHeader.startsWith('AWS4')) {
             log.trace('missing auth header for v4 auth');

tests/unit/testRouter.js

@@ -0,0 +1,53 @@
+import assert from 'assert';
+import { errors } from 'arsenal';
+import { Logger } from 'werelogs';
+import config from '../../src/lib/Config';
+import Router from '../../src/router/Router';
+import UtapiRequest from '../../src/lib/UtapiRequest';
+
+describe('Router', () => {
+    const router = new Router(config);
+
+    describe('::_authSquared', () => {
+        const log = new Logger('UtapiRequest');
+        const request = new UtapiRequest().setLog(log);
+
+        describe('with unauthorized request', () => {
+            before(() => {
+                const incomingMessage = {
+                    headers: {
+                        authorization: false,
+                    },
+                };
+                request.setRequest(incomingMessage);
+            });
+
+            after(() => {
+                request.setRequest(null);
+            });
+
+            it('should return InvalidRequest error', done => {
+                const expected = errors.InvalidRequest
+                    .customizeDescription('Must use Auth V4 for this request.');
+                router._authSquared(request, err => {
+                    assert.deepStrictEqual(expected, err);
+                    done();
+                });
+            });
+
+            describe('with NO_AUTH=true', () => {
+                before(() => {
+                    process.env.NO_AUTH = 'true';
+                });
+
+                after(() => {
+                    process.env.NO_AUTH = 'false';
+                });
+
+                it('should not return InvalidRequest error', done => {
+                    router._authSquared(request, done);
+                });
+            });
+        });
+    });
+});