jro_apps/redmine Files · test/integration/api_test/disabled_rest_api_test.rb

Use File#expand_path for require's in script/* for Ruby 1.9.2 compatibility. #4050...

Use File#expand_path for require's in script/* for Ruby 1.9.2 compatibility. #4050 Since Ruby 1.9.2, LOAD_PATH does not include "." directory anymore, so we should use absolute paths instead to ensure both 1.8.x and 1.9.x compatibility. It has been included in railties 2.3.x branch since july 2009, see http://github.com/rails/rails/commit/7a427a83ca4da92c70760007aaf313638a5d8374 git-svn-id: svn+ssh://rubyforge.org/var/svn/redmine/trunk@4359 e93f8b46-1217-0410-a6f0-8f06a7374b81

Eric Davis - - Load All Authors

File last commit:

r4243:d5fde17bf5d0


                r4245:27049b848dd4

Download file

             disabled_rest_api_test.rb
        
                    110 lines
            
             | 3.7 KiB
            
                | text/x-ruby
            
             |
                RubyLexer
            
             / test / integration / api_test / disabled_rest_api_test.rb
          
                    History
                
                 |
                  Source
                 | Raw
                 |Copy content
                 |Copy permalink

        Eric Davis
    
Move all API tests into the ApiTest module to make management easier...

              r4243
            
      require "#{File.dirname(__FILE__)}/../../test_helper"

        Eric Davis
    
Added an Admin setting to enable/disable the REST web service. (#3920)...

              r3106
            
        Eric Davis
    
Move all API tests into the ApiTest module to make management easier...

              r4243
            
      class ApiTest::DisabledRestApiTest < ActionController::IntegrationTest

        Eric Davis
    
Added an Admin setting to enable/disable the REST web service. (#3920)...

              r3106
            
        fixtures :all

        def setup

          Setting.rest_api_enabled = '0'

          Setting.login_required = '1'

        end

        def teardown

          Setting.rest_api_enabled = '1'

          Setting.login_required = '0'

        end

        # Using the NewsController because it's a simple API.

        context "get /news with the API disabled" do

          context "in :xml format" do

            context "with a valid api token" do

              setup do

                @user = User.generate_with_protected!

                @token = Token.generate!(:user => @user, :action => 'api')

                get "/news.xml?key=#{@token.value}"

              end

              should_respond_with :unauthorized

              should_respond_with_content_type :xml

              should "not login as the user" do

                assert_equal User.anonymous, User.current

              end

            end

            context "with a valid HTTP authentication" do

              setup do

                @user = User.generate_with_protected!(:password => 'my_password', :password_confirmation => 'my_password')

                @authorization = ActionController::HttpAuthentication::Basic.encode_credentials(@user.login, 'my_password')

                get "/news.xml", nil, :authorization => @authorization

              end

              should_respond_with :unauthorized

              should_respond_with_content_type :xml

              should "not login as the user" do

                assert_equal User.anonymous, User.current

              end

            end

            context "with a valid HTTP authentication using the API token" do

              setup do

                @user = User.generate_with_protected!

                @token = Token.generate!(:user => @user, :action => 'api')

                @authorization = ActionController::HttpAuthentication::Basic.encode_credentials(@token.value, 'X')

                get "/news.xml", nil, :authorization => @authorization

              end

              should_respond_with :unauthorized

              should_respond_with_content_type :xml

              should "not login as the user" do

                assert_equal User.anonymous, User.current

              end

            end

          end

          context "in :json format" do

            context "with a valid api token" do

              setup do

                @user = User.generate_with_protected!

                @token = Token.generate!(:user => @user, :action => 'api')

                get "/news.json?key=#{@token.value}"

              end

              should_respond_with :unauthorized

              should_respond_with_content_type :json

              should "not login as the user" do

                assert_equal User.anonymous, User.current

              end

            end

            context "with a valid HTTP authentication" do

              setup do

                @user = User.generate_with_protected!(:password => 'my_password', :password_confirmation => 'my_password')

                @authorization = ActionController::HttpAuthentication::Basic.encode_credentials(@user.login, 'my_password')

                get "/news.json", nil, :authorization => @authorization

              end

              should_respond_with :unauthorized

              should_respond_with_content_type :json

              should "not login as the user" do

                assert_equal User.anonymous, User.current

              end

            end

            context "with a valid HTTP authentication using the API token" do

              setup do

                @user = User.generate_with_protected!

                @token = Token.generate!(:user => @user, :action => 'api')

                @authorization = ActionController::HttpAuthentication::Basic.encode_credentials(@token.value, 'DoesNotMatter')

                get "/news.json", nil, :authorization => @authorization

              end

              should_respond_with :unauthorized

              should_respond_with_content_type :json

              should "not login as the user" do

                assert_equal User.anonymous, User.current

              end

            end

          end    

        end

      end

	Site-wide shortcuts
/	Use quick search box
g h	Goto home page
g g	Goto my private gists page
g G	Goto my public gists page
g 0-9	Goto bookmarked items from 0-9
n r	New repository page
n g	New gist page

	Repositories
g s	Goto summary page
g c	Goto changelog page
g f	Goto files page
g F	Goto files page with file search activated
g p	Goto pull requests page
g o	Goto repository settings
g O	Goto repository access permissions settings
t s	Toggle sidebar on some pages

Eric Davis Move all API tests into the ApiTest module to make management easier...	r4243	require "#{File.dirname(__FILE__)}/../../test_helper"
Eric Davis Added an Admin setting to enable/disable the REST web service. (#3920)...	r3106
Eric Davis Move all API tests into the ApiTest module to make management easier...	r4243	class ApiTest::DisabledRestApiTest < ActionController::IntegrationTest
Eric Davis Added an Admin setting to enable/disable the REST web service. (#3920)...	r3106	fixtures :all

		def setup
		Setting.rest_api_enabled = '0'
		Setting.login_required = '1'
		end

		def teardown
		Setting.rest_api_enabled = '1'
		Setting.login_required = '0'
		end

		# Using the NewsController because it's a simple API.
		context "get /news with the API disabled" do

		context "in :xml format" do
		context "with a valid api token" do
		setup do
		@user = User.generate_with_protected!
		@token = Token.generate!(:user => @user, :action => 'api')
		get "/news.xml?key=#{@token.value}"
		end

		should_respond_with :unauthorized
		should_respond_with_content_type :xml
		should "not login as the user" do
		assert_equal User.anonymous, User.current
		end
		end

		context "with a valid HTTP authentication" do
		setup do
		@user = User.generate_with_protected!(:password => 'my_password', :password_confirmation => 'my_password')
		@authorization = ActionController::HttpAuthentication::Basic.encode_credentials(@user.login, 'my_password')
		get "/news.xml", nil, :authorization => @authorization
		end

		should_respond_with :unauthorized
		should_respond_with_content_type :xml
		should "not login as the user" do
		assert_equal User.anonymous, User.current
		end
		end

		context "with a valid HTTP authentication using the API token" do
		setup do
		@user = User.generate_with_protected!
		@token = Token.generate!(:user => @user, :action => 'api')
		@authorization = ActionController::HttpAuthentication::Basic.encode_credentials(@token.value, 'X')
		get "/news.xml", nil, :authorization => @authorization
		end

		should_respond_with :unauthorized
		should_respond_with_content_type :xml
		should "not login as the user" do
		assert_equal User.anonymous, User.current
		end
		end
		end

		context "in :json format" do
		context "with a valid api token" do
		setup do
		@user = User.generate_with_protected!
		@token = Token.generate!(:user => @user, :action => 'api')
		get "/news.json?key=#{@token.value}"
		end

		should_respond_with :unauthorized
		should_respond_with_content_type :json
		should "not login as the user" do
		assert_equal User.anonymous, User.current
		end
		end

		context "with a valid HTTP authentication" do
		setup do
		@user = User.generate_with_protected!(:password => 'my_password', :password_confirmation => 'my_password')
		@authorization = ActionController::HttpAuthentication::Basic.encode_credentials(@user.login, 'my_password')
		get "/news.json", nil, :authorization => @authorization
		end

		should_respond_with :unauthorized
		should_respond_with_content_type :json
		should "not login as the user" do
		assert_equal User.anonymous, User.current
		end
		end

		context "with a valid HTTP authentication using the API token" do
		setup do
		@user = User.generate_with_protected!
		@token = Token.generate!(:user => @user, :action => 'api')
		@authorization = ActionController::HttpAuthentication::Basic.encode_credentials(@token.value, 'DoesNotMatter')
		get "/news.json", nil, :authorization => @authorization
		end

		should_respond_with :unauthorized
		should_respond_with_content_type :json
		should "not login as the user" do
		assert_equal User.anonymous, User.current
		end
		end

		end
		end
		end