From 541a371b412afe3392f83fa364660c5528cd8a5c 2010-11-27 15:16:26 From: Jean-Philippe Lang Date: 2010-11-27 15:16:26 Subject: [PATCH] Backported r4357, r4358, r4360 and r4363 to r4367 from trunk. git-svn-id: svn+ssh://rubyforge.org/var/svn/redmine/branches/1.0-stable@4439 e93f8b46-1217-0410-a6f0-8f06a7374b81 --- diff --git a/app/controllers/issues_controller.rb b/app/controllers/issues_controller.rb index df5a356..ec34dc4 100644 --- a/app/controllers/issues_controller.rb +++ b/app/controllers/issues_controller.rb @@ -26,7 +26,7 @@ class IssuesController < ApplicationController before_filter :find_optional_project, :only => [:index] before_filter :check_for_default_issue_status, :only => [:new, :create] before_filter :build_new_issue_from_params, :only => [:new, :create] - accept_key_auth :index, :show + accept_key_auth :index, :show, :create, :update, :destroy rescue_from Query::StatementInvalid, :with => :query_statement_invalid diff --git a/test/integration/disabled_rest_api_test.rb b/test/integration/api_test/disabled_rest_api_test.rb similarity index 97% rename from test/integration/disabled_rest_api_test.rb rename to test/integration/api_test/disabled_rest_api_test.rb index 5ebf91c..d94d14b 100644 --- a/test/integration/disabled_rest_api_test.rb +++ b/test/integration/api_test/disabled_rest_api_test.rb @@ -1,6 +1,6 @@ -require "#{File.dirname(__FILE__)}/../test_helper" +require "#{File.dirname(__FILE__)}/../../test_helper" -class DisabledRestApi < ActionController::IntegrationTest +class ApiTest::DisabledRestApiTest < ActionController::IntegrationTest fixtures :all def setup diff --git a/test/integration/api_test/http_basic_login_test.rb b/test/integration/api_test/http_basic_login_test.rb new file mode 100644 index 0000000..21b584c --- /dev/null +++ b/test/integration/api_test/http_basic_login_test.rb @@ -0,0 +1,31 @@ +require "#{File.dirname(__FILE__)}/../../test_helper" + +class ApiTest::HttpBasicLoginTest < ActionController::IntegrationTest + fixtures :all + + def setup + Setting.rest_api_enabled = '1' + Setting.login_required = '1' + end + + def teardown + Setting.rest_api_enabled = '0' + Setting.login_required = '0' + end + + # Using the NewsController because it's a simple API. + context "get /news" do + setup do + project = Project.find('onlinestore') + EnabledModule.create(:project => project, :name => 'news') + end + + context "in :xml format" do + should_allow_http_basic_auth_with_username_and_password(:get, "/projects/onlinestore/news.xml") + end + + context "in :json format" do + should_allow_http_basic_auth_with_username_and_password(:get, "/projects/onlinestore/news.json") + end + end +end diff --git a/test/integration/api_test/http_basic_login_with_api_token_test.rb b/test/integration/api_test/http_basic_login_with_api_token_test.rb new file mode 100644 index 0000000..42c0be2 --- /dev/null +++ b/test/integration/api_test/http_basic_login_with_api_token_test.rb @@ -0,0 +1,27 @@ +require "#{File.dirname(__FILE__)}/../../test_helper" + +class ApiTest::HttpBasicLoginWithApiTokenTest < ActionController::IntegrationTest + fixtures :all + + def setup + Setting.rest_api_enabled = '1' + Setting.login_required = '1' + end + + def teardown + Setting.rest_api_enabled = '0' + Setting.login_required = '0' + end + + # Using the NewsController because it's a simple API. + context "get /news" do + + context "in :xml format" do + should_allow_http_basic_auth_with_key(:get, "/news.xml") + end + + context "in :json format" do + should_allow_http_basic_auth_with_key(:get, "/news.json") + end + end +end diff --git a/test/integration/api_test/issues_test.rb b/test/integration/api_test/issues_test.rb new file mode 100644 index 0000000..60ee66b --- /dev/null +++ b/test/integration/api_test/issues_test.rb @@ -0,0 +1,336 @@ +# Redmine - project management software +# Copyright (C) 2006-2010 Jean-Philippe Lang +# +# This program is free software; you can redistribute it and/or +# modify it under the terms of the GNU General Public License +# as published by the Free Software Foundation; either version 2 +# of the License, or (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. + +require "#{File.dirname(__FILE__)}/../../test_helper" + +class ApiTest::IssuesTest < ActionController::IntegrationTest + fixtures :projects, + :users, + :roles, + :members, + :member_roles, + :issues, + :issue_statuses, + :versions, + :trackers, + :projects_trackers, + :issue_categories, + :enabled_modules, + :enumerations, + :attachments, + :workflows, + :custom_fields, + :custom_values, + :custom_fields_projects, + :custom_fields_trackers, + :time_entries, + :journals, + :journal_details, + :queries + + def setup + Setting.rest_api_enabled = '1' + end + + # Use a private project to make sure auth is really working and not just + # only showing public issues. + context "/index.xml" do + should_allow_api_authentication(:get, "/projects/private-child/issues.xml") + end + + context "/index.json" do + should_allow_api_authentication(:get, "/projects/private-child/issues.json") + end + + context "/index.xml with filter" do + should_allow_api_authentication(:get, "/projects/private-child/issues.xml?status_id=5") + + should "show only issues with the status_id" do + get '/issues.xml?status_id=5' + assert_tag :tag => 'issues', + :children => { :count => Issue.visible.count(:conditions => {:status_id => 5}), + :only => { :tag => 'issue' } } + end + end + + context "/index.json with filter" do + should_allow_api_authentication(:get, "/projects/private-child/issues.json?status_id=5") + + should "show only issues with the status_id" do + get '/issues.json?status_id=5' + + json = ActiveSupport::JSON.decode(response.body) + status_ids_used = json.collect {|j| j['status_id'] } + assert_equal 3, status_ids_used.length + assert status_ids_used.all? {|id| id == 5 } + end + + end + + # Issue 6 is on a private project + context "/issues/6.xml" do + should_allow_api_authentication(:get, "/issues/6.xml") + end + + context "/issues/6.json" do + should_allow_api_authentication(:get, "/issues/6.json") + end + + context "POST /issues.xml" do + should_allow_api_authentication(:post, + '/issues.xml', + {:issue => {:project_id => 1, :subject => 'API test', :tracker_id => 2, :status_id => 3}}, + {:success_code => :created}) + + should "create an issue with the attributes" do + assert_difference('Issue.count') do + post '/issues.xml', {:issue => {:project_id => 1, :subject => 'API test', :tracker_id => 2, :status_id => 3}}, :authorization => credentials('jsmith') + end + + issue = Issue.first(:order => 'id DESC') + assert_equal 1, issue.project_id + assert_equal 2, issue.tracker_id + assert_equal 3, issue.status_id + assert_equal 'API test', issue.subject + end + end + + context "POST /issues.xml with failure" do + should_allow_api_authentication(:post, + '/issues.xml', + {:issue => {:project_id => 1}}, + {:success_code => :unprocessable_entity}) + + should "have an errors tag" do + assert_no_difference('Issue.count') do + post '/issues.xml', {:issue => {:project_id => 1}}, :authorization => credentials('jsmith') + end + + assert_tag :errors, :child => {:tag => 'error', :content => "Subject can't be blank"} + end + end + + context "POST /issues.json" do + should_allow_api_authentication(:post, + '/issues.json', + {:issue => {:project_id => 1, :subject => 'API test', :tracker_id => 2, :status_id => 3}}, + {:success_code => :created}) + + should "create an issue with the attributes" do + assert_difference('Issue.count') do + post '/issues.json', {:issue => {:project_id => 1, :subject => 'API test', :tracker_id => 2, :status_id => 3}}, :authorization => credentials('jsmith') + end + + issue = Issue.first(:order => 'id DESC') + assert_equal 1, issue.project_id + assert_equal 2, issue.tracker_id + assert_equal 3, issue.status_id + assert_equal 'API test', issue.subject + end + + end + + context "POST /issues.json with failure" do + should_allow_api_authentication(:post, + '/issues.json', + {:issue => {:project_id => 1}}, + {:success_code => :unprocessable_entity}) + + should "have an errors element" do + assert_no_difference('Issue.count') do + post '/issues.json', {:issue => {:project_id => 1}}, :authorization => credentials('jsmith') + end + + json = ActiveSupport::JSON.decode(response.body) + assert_equal "can't be blank", json.first['subject'] + end + end + + # Issue 6 is on a private project + context "PUT /issues/6.xml" do + setup do + @parameters = {:issue => {:subject => 'API update', :notes => 'A new note'}} + @headers = { :authorization => credentials('jsmith') } + end + + should_allow_api_authentication(:put, + '/issues/6.xml', + {:issue => {:subject => 'API update', :notes => 'A new note'}}, + {:success_code => :ok}) + + should "not create a new issue" do + assert_no_difference('Issue.count') do + put '/issues/6.xml', @parameters, @headers + end + end + + should "create a new journal" do + assert_difference('Journal.count') do + put '/issues/6.xml', @parameters, @headers + end + end + + should "add the note to the journal" do + put '/issues/6.xml', @parameters, @headers + + journal = Journal.last + assert_equal "A new note", journal.notes + end + + should "update the issue" do + put '/issues/6.xml', @parameters, @headers + + issue = Issue.find(6) + assert_equal "API update", issue.subject + end + + end + + context "PUT /issues/6.xml with failed update" do + setup do + @parameters = {:issue => {:subject => ''}} + @headers = { :authorization => credentials('jsmith') } + end + + should_allow_api_authentication(:put, + '/issues/6.xml', + {:issue => {:subject => ''}}, # Missing subject should fail + {:success_code => :unprocessable_entity}) + + should "not create a new issue" do + assert_no_difference('Issue.count') do + put '/issues/6.xml', @parameters, @headers + end + end + + should "not create a new journal" do + assert_no_difference('Journal.count') do + put '/issues/6.xml', @parameters, @headers + end + end + + should "have an errors tag" do + put '/issues/6.xml', @parameters, @headers + + assert_tag :errors, :child => {:tag => 'error', :content => "Subject can't be blank"} + end + end + + context "PUT /issues/6.json" do + setup do + @parameters = {:issue => {:subject => 'API update', :notes => 'A new note'}} + @headers = { :authorization => credentials('jsmith') } + end + + should_allow_api_authentication(:put, + '/issues/6.json', + {:issue => {:subject => 'API update', :notes => 'A new note'}}, + {:success_code => :ok}) + + should "not create a new issue" do + assert_no_difference('Issue.count') do + put '/issues/6.json', @parameters, @headers + end + end + + should "create a new journal" do + assert_difference('Journal.count') do + put '/issues/6.json', @parameters, @headers + end + end + + should "add the note to the journal" do + put '/issues/6.json', @parameters, @headers + + journal = Journal.last + assert_equal "A new note", journal.notes + end + + should "update the issue" do + put '/issues/6.json', @parameters, @headers + + issue = Issue.find(6) + assert_equal "API update", issue.subject + end + + end + + context "PUT /issues/6.json with failed update" do + setup do + @parameters = {:issue => {:subject => ''}} + @headers = { :authorization => credentials('jsmith') } + end + + should_allow_api_authentication(:put, + '/issues/6.json', + {:issue => {:subject => ''}}, # Missing subject should fail + {:success_code => :unprocessable_entity}) + + should "not create a new issue" do + assert_no_difference('Issue.count') do + put '/issues/6.json', @parameters, @headers + end + end + + should "not create a new journal" do + assert_no_difference('Journal.count') do + put '/issues/6.json', @parameters, @headers + end + end + + should "have an errors attribute" do + put '/issues/6.json', @parameters, @headers + + json = ActiveSupport::JSON.decode(response.body) + assert_equal "can't be blank", json.first['subject'] + end + end + + context "DELETE /issues/1.xml" do + should_allow_api_authentication(:delete, + '/issues/6.xml', + {}, + {:success_code => :ok}) + + should "delete the issue" do + assert_difference('Issue.count',-1) do + delete '/issues/6.xml', {}, :authorization => credentials('jsmith') + end + + assert_nil Issue.find_by_id(6) + end + end + + context "DELETE /issues/1.json" do + should_allow_api_authentication(:delete, + '/issues/6.json', + {}, + {:success_code => :ok}) + + should "delete the issue" do + assert_difference('Issue.count',-1) do + delete '/issues/6.json', {}, :authorization => credentials('jsmith') + end + + assert_nil Issue.find_by_id(6) + end + end + + def credentials(user, password=nil) + ActionController::HttpAuthentication::Basic.encode_credentials(user, password || user) + end +end diff --git a/test/integration/projects_api_test.rb b/test/integration/api_test/projects_test.rb similarity index 97% rename from test/integration/projects_api_test.rb rename to test/integration/api_test/projects_test.rb index 6b08d64..7c090a9 100644 --- a/test/integration/projects_api_test.rb +++ b/test/integration/api_test/projects_test.rb @@ -15,9 +15,9 @@ # along with this program; if not, write to the Free Software # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. -require "#{File.dirname(__FILE__)}/../test_helper" +require "#{File.dirname(__FILE__)}/../../test_helper" -class ProjectsApiTest < ActionController::IntegrationTest +class ApiTest::ProjectsTest < ActionController::IntegrationTest fixtures :projects, :versions, :users, :roles, :members, :member_roles, :issues, :journals, :journal_details, :trackers, :projects_trackers, :issue_statuses, :enabled_modules, :enumerations, :boards, :messages, :attachments, :custom_fields, :custom_values, :time_entries @@ -43,15 +43,12 @@ class ProjectsApiTest < ActionController::IntegrationTest assert_difference 'Project.count' do post '/projects.xml', {:project => attributes}, :authorization => credentials('admin') end - + assert_response :created + assert_equal 'application/xml', @response.content_type project = Project.first(:order => 'id DESC') attributes.each do |attribute, value| assert_equal value, project.send(attribute) end - - assert_response :created - assert_equal 'application/xml', @response.content_type - assert_tag 'project', :child => {:tag => 'id', :content => project.id.to_s} end def test_create_failure diff --git a/test/integration/api_test/token_authentication_test.rb b/test/integration/api_test/token_authentication_test.rb new file mode 100644 index 0000000..5c116c1 --- /dev/null +++ b/test/integration/api_test/token_authentication_test.rb @@ -0,0 +1,26 @@ +require "#{File.dirname(__FILE__)}/../../test_helper" + +class ApiTest::TokenAuthenticationTest < ActionController::IntegrationTest + fixtures :all + + def setup + Setting.rest_api_enabled = '1' + Setting.login_required = '1' + end + + def teardown + Setting.rest_api_enabled = '0' + Setting.login_required = '0' + end + + # Using the NewsController because it's a simple API. + context "get /news" do + context "in :xml format" do + should_allow_key_based_auth(:get, "/news.xml") + end + + context "in :json format" do + should_allow_key_based_auth(:get, "/news.json") + end + end +end diff --git a/test/integration/api_token_login_test.rb b/test/integration/api_token_login_test.rb deleted file mode 100644 index 43f6eb0..0000000 --- a/test/integration/api_token_login_test.rb +++ /dev/null @@ -1,80 +0,0 @@ -require "#{File.dirname(__FILE__)}/../test_helper" - -class ApiTokenLoginTest < ActionController::IntegrationTest - fixtures :all - - def setup - Setting.rest_api_enabled = '1' - Setting.login_required = '1' - end - - def teardown - Setting.rest_api_enabled = '0' - Setting.login_required = '0' - end - - # Using the NewsController because it's a simple API. - context "get /news" do - - context "in :xml format" do - context "with a valid api token" do - setup do - @user = User.generate_with_protected! - @token = Token.generate!(:user => @user, :action => 'api') - get "/news.xml?key=#{@token.value}" - end - - should_respond_with :success - should_respond_with_content_type :xml - should "login as the user" do - assert_equal @user, User.current - end - end - - context "with an invalid api token" do - setup do - @user = User.generate_with_protected! - @token = Token.generate!(:user => @user, :action => 'feeds') - get "/news.xml?key=#{@token.value}" - end - - should_respond_with :unauthorized - should_respond_with_content_type :xml - should "not login as the user" do - assert_equal User.anonymous, User.current - end - end - end - - context "in :json format" do - context "with a valid api token" do - setup do - @user = User.generate_with_protected! - @token = Token.generate!(:user => @user, :action => 'api') - get "/news.json?key=#{@token.value}" - end - - should_respond_with :success - should_respond_with_content_type :json - should "login as the user" do - assert_equal @user, User.current - end - end - - context "with an invalid api token" do - setup do - @user = User.generate_with_protected! - @token = Token.generate!(:user => @user, :action => 'feeds') - get "/news.json?key=#{@token.value}" - end - - should_respond_with :unauthorized - should_respond_with_content_type :json - should "not login as the user" do - assert_equal User.anonymous, User.current - end - end - end - - end -end diff --git a/test/integration/http_basic_login_test.rb b/test/integration/http_basic_login_test.rb deleted file mode 100644 index 9ec69a8..0000000 --- a/test/integration/http_basic_login_test.rb +++ /dev/null @@ -1,103 +0,0 @@ -require "#{File.dirname(__FILE__)}/../test_helper" - -class HttpBasicLoginTest < ActionController::IntegrationTest - fixtures :all - - def setup - Setting.rest_api_enabled = '1' - Setting.login_required = '1' - end - - def teardown - Setting.rest_api_enabled = '0' - Setting.login_required = '0' - end - - # Using the NewsController because it's a simple API. - context "get /news" do - - context "in :xml format" do - context "with a valid HTTP authentication" do - setup do - @user = User.generate_with_protected!(:password => 'my_password', :password_confirmation => 'my_password') - @authorization = ActionController::HttpAuthentication::Basic.encode_credentials(@user.login, 'my_password') - get "/news.xml", nil, :authorization => @authorization - end - - should_respond_with :success - should_respond_with_content_type :xml - should "login as the user" do - assert_equal @user, User.current - end - end - - context "with an invalid HTTP authentication" do - setup do - @user = User.generate_with_protected! - @authorization = ActionController::HttpAuthentication::Basic.encode_credentials(@user.login, 'wrong_password') - get "/news.xml", nil, :authorization => @authorization - end - - should_respond_with :unauthorized - should_respond_with_content_type :xml - should "not login as the user" do - assert_equal User.anonymous, User.current - end - end - - context "without credentials" do - setup do - get "/projects/onlinestore/news.xml" - end - - should_respond_with :unauthorized - should_respond_with_content_type :xml - should "include_www_authenticate_header" do - assert @controller.response.headers.has_key?('WWW-Authenticate') - end - end - end - - context "in :json format" do - context "with a valid HTTP authentication" do - setup do - @user = User.generate_with_protected!(:password => 'my_password', :password_confirmation => 'my_password') - @authorization = ActionController::HttpAuthentication::Basic.encode_credentials(@user.login, 'my_password') - get "/news.json", nil, :authorization => @authorization - end - - should_respond_with :success - should_respond_with_content_type :json - should "login as the user" do - assert_equal @user, User.current - end - end - - context "with an invalid HTTP authentication" do - setup do - @user = User.generate_with_protected! - @authorization = ActionController::HttpAuthentication::Basic.encode_credentials(@user.login, 'wrong_password') - get "/news.json", nil, :authorization => @authorization - end - - should_respond_with :unauthorized - should_respond_with_content_type :json - should "not login as the user" do - assert_equal User.anonymous, User.current - end - end - end - - context "without credentials" do - setup do - get "/projects/onlinestore/news.json" - end - - should_respond_with :unauthorized - should_respond_with_content_type :json - should "include_www_authenticate_header" do - assert @controller.response.headers.has_key?('WWW-Authenticate') - end - end - end -end diff --git a/test/integration/http_basic_login_with_api_token_test.rb b/test/integration/http_basic_login_with_api_token_test.rb deleted file mode 100644 index fe3df31..0000000 --- a/test/integration/http_basic_login_with_api_token_test.rb +++ /dev/null @@ -1,84 +0,0 @@ -require "#{File.dirname(__FILE__)}/../test_helper" - -class HttpBasicLoginWithApiTokenTest < ActionController::IntegrationTest - fixtures :all - - def setup - Setting.rest_api_enabled = '1' - Setting.login_required = '1' - end - - def teardown - Setting.rest_api_enabled = '0' - Setting.login_required = '0' - end - - # Using the NewsController because it's a simple API. - context "get /news" do - - context "in :xml format" do - context "with a valid HTTP authentication using the API token" do - setup do - @user = User.generate_with_protected! - @token = Token.generate!(:user => @user, :action => 'api') - @authorization = ActionController::HttpAuthentication::Basic.encode_credentials(@token.value, 'X') - get "/news.xml", nil, :authorization => @authorization - end - - should_respond_with :success - should_respond_with_content_type :xml - should "login as the user" do - assert_equal @user, User.current - end - end - - context "with an invalid HTTP authentication" do - setup do - @user = User.generate_with_protected! - @token = Token.generate!(:user => @user, :action => 'feeds') - @authorization = ActionController::HttpAuthentication::Basic.encode_credentials(@token.value, 'X') - get "/news.xml", nil, :authorization => @authorization - end - - should_respond_with :unauthorized - should_respond_with_content_type :xml - should "not login as the user" do - assert_equal User.anonymous, User.current - end - end - end - - context "in :json format" do - context "with a valid HTTP authentication" do - setup do - @user = User.generate_with_protected! - @token = Token.generate!(:user => @user, :action => 'api') - @authorization = ActionController::HttpAuthentication::Basic.encode_credentials(@token.value, 'DoesNotMatter') - get "/news.json", nil, :authorization => @authorization - end - - should_respond_with :success - should_respond_with_content_type :json - should "login as the user" do - assert_equal @user, User.current - end - end - - context "with an invalid HTTP authentication" do - setup do - @user = User.generate_with_protected! - @token = Token.generate!(:user => @user, :action => 'feeds') - @authorization = ActionController::HttpAuthentication::Basic.encode_credentials(@token.value, 'DoesNotMatter') - get "/news.json", nil, :authorization => @authorization - end - - should_respond_with :unauthorized - should_respond_with_content_type :json - should "not login as the user" do - assert_equal User.anonymous, User.current - end - end - end - - end -end diff --git a/test/integration/issues_api_test.rb b/test/integration/issues_api_test.rb deleted file mode 100644 index e26cf64..0000000 --- a/test/integration/issues_api_test.rb +++ /dev/null @@ -1,349 +0,0 @@ -# Redmine - project management software -# Copyright (C) 2006-2010 Jean-Philippe Lang -# -# This program is free software; you can redistribute it and/or -# modify it under the terms of the GNU General Public License -# as published by the Free Software Foundation; either version 2 -# of the License, or (at your option) any later version. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with this program; if not, write to the Free Software -# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. - -require "#{File.dirname(__FILE__)}/../test_helper" - -class IssuesApiTest < ActionController::IntegrationTest - fixtures :projects, - :users, - :roles, - :members, - :member_roles, - :issues, - :issue_statuses, - :versions, - :trackers, - :projects_trackers, - :issue_categories, - :enabled_modules, - :enumerations, - :attachments, - :workflows, - :custom_fields, - :custom_values, - :custom_fields_projects, - :custom_fields_trackers, - :time_entries, - :journals, - :journal_details, - :queries - - def setup - Setting.rest_api_enabled = '1' - end - - context "/index.xml" do - setup do - get '/issues.xml' - end - - should_respond_with :success - should_respond_with_content_type 'application/xml' - end - - context "/index.json" do - setup do - get '/issues.json' - end - - should_respond_with :success - should_respond_with_content_type 'application/json' - - should 'return a valid JSON string' do - assert ActiveSupport::JSON.decode(response.body) - end - end - - context "/index.xml with filter" do - setup do - get '/issues.xml?status_id=5' - end - - should_respond_with :success - should_respond_with_content_type 'application/xml' - should "show only issues with the status_id" do - assert_tag :tag => 'issues', - :children => { :count => Issue.visible.count(:conditions => {:status_id => 5}), - :only => { :tag => 'issue' } } - end - end - - context "/index.json with filter" do - setup do - get '/issues.json?status_id=5' - end - - should_respond_with :success - should_respond_with_content_type 'application/json' - - should 'return a valid JSON string' do - assert ActiveSupport::JSON.decode(response.body) - end - - should "show only issues with the status_id" do - json = ActiveSupport::JSON.decode(response.body) - status_ids_used = json.collect {|j| j['status_id'] } - assert_equal 3, status_ids_used.length - assert status_ids_used.all? {|id| id == 5 } - end - - end - - context "/issues/1.xml" do - setup do - get '/issues/1.xml' - end - - should_respond_with :success - should_respond_with_content_type 'application/xml' - end - - context "/issues/1.json" do - setup do - get '/issues/1.json' - end - - should_respond_with :success - should_respond_with_content_type 'application/json' - - should 'return a valid JSON string' do - assert ActiveSupport::JSON.decode(response.body) - end - end - - context "POST /issues.xml" do - setup do - @issue_count = Issue.count - @attributes = {:project_id => 1, :subject => 'API test', :tracker_id => 2, :status_id => 3} - post '/issues.xml', {:issue => @attributes}, :authorization => credentials('jsmith') - end - - should_respond_with :created - should_respond_with_content_type 'application/xml' - - should "create an issue with the attributes" do - assert_equal Issue.count, @issue_count + 1 - - issue = Issue.first(:order => 'id DESC') - @attributes.each do |attribute, value| - assert_equal value, issue.send(attribute) - end - end - end - - context "POST /issues.xml with failure" do - setup do - @attributes = {:project_id => 1} - post '/issues.xml', {:issue => @attributes}, :authorization => credentials('jsmith') - end - - should_respond_with :unprocessable_entity - should_respond_with_content_type 'application/xml' - - should "have an errors tag" do - assert_tag :errors, :child => {:tag => 'error', :content => "Subject can't be blank"} - end - end - - context "POST /issues.json" do - setup do - @issue_count = Issue.count - @attributes = {:project_id => 1, :subject => 'API test', :tracker_id => 2, :status_id => 3} - post '/issues.json', {:issue => @attributes}, :authorization => credentials('jsmith') - end - - should_respond_with :created - should_respond_with_content_type 'application/json' - - should "create an issue with the attributes" do - assert_equal Issue.count, @issue_count + 1 - - issue = Issue.first(:order => 'id DESC') - @attributes.each do |attribute, value| - assert_equal value, issue.send(attribute) - end - end - end - - context "POST /issues.json with failure" do - setup do - @attributes = {:project_id => 1} - post '/issues.json', {:issue => @attributes}, :authorization => credentials('jsmith') - end - - should_respond_with :unprocessable_entity - should_respond_with_content_type 'application/json' - - should "have an errors element" do - json = ActiveSupport::JSON.decode(response.body) - assert_equal "can't be blank", json.first['subject'] - end - end - - context "PUT /issues/1.xml" do - setup do - @issue_count = Issue.count - @journal_count = Journal.count - @attributes = {:subject => 'API update', :notes => 'A new note'} - - put '/issues/1.xml', {:issue => @attributes}, :authorization => credentials('jsmith') - end - - should_respond_with :ok - should_respond_with_content_type 'application/xml' - - should "not create a new issue" do - assert_equal Issue.count, @issue_count - end - - should "create a new journal" do - assert_equal Journal.count, @journal_count + 1 - end - - should "add the note to the journal" do - journal = Journal.last - assert_equal "A new note", journal.notes - end - - should "update the issue" do - issue = Issue.find(1) - @attributes.each do |attribute, value| - assert_equal value, issue.send(attribute) unless attribute == :notes - end - end - - end - - context "PUT /issues/1.xml with failed update" do - setup do - @attributes = {:subject => ''} - @issue_count = Issue.count - @journal_count = Journal.count - - put '/issues/1.xml', {:issue => @attributes}, :authorization => credentials('jsmith') - end - - should_respond_with :unprocessable_entity - should_respond_with_content_type 'application/xml' - - should "not create a new issue" do - assert_equal Issue.count, @issue_count - end - - should "not create a new journal" do - assert_equal Journal.count, @journal_count - end - - should "have an errors tag" do - assert_tag :errors, :child => {:tag => 'error', :content => "Subject can't be blank"} - end - end - - context "PUT /issues/1.json" do - setup do - @issue_count = Issue.count - @journal_count = Journal.count - @attributes = {:subject => 'API update', :notes => 'A new note'} - - put '/issues/1.json', {:issue => @attributes}, :authorization => credentials('jsmith') - end - - should_respond_with :ok - should_respond_with_content_type 'application/json' - - should "not create a new issue" do - assert_equal Issue.count, @issue_count - end - - should "create a new journal" do - assert_equal Journal.count, @journal_count + 1 - end - - should "add the note to the journal" do - journal = Journal.last - assert_equal "A new note", journal.notes - end - - should "update the issue" do - issue = Issue.find(1) - @attributes.each do |attribute, value| - assert_equal value, issue.send(attribute) unless attribute == :notes - end - end - - end - - context "PUT /issues/1.json with failed update" do - setup do - @attributes = {:subject => ''} - @issue_count = Issue.count - @journal_count = Journal.count - - put '/issues/1.json', {:issue => @attributes}, :authorization => credentials('jsmith') - end - - should_respond_with :unprocessable_entity - should_respond_with_content_type 'application/json' - - should "not create a new issue" do - assert_equal Issue.count, @issue_count - end - - should "not create a new journal" do - assert_equal Journal.count, @journal_count - end - - should "have an errors attribute" do - json = ActiveSupport::JSON.decode(response.body) - assert_equal "can't be blank", json.first['subject'] - end - end - - context "DELETE /issues/1.xml" do - setup do - @issue_count = Issue.count - delete '/issues/1.xml', {}, :authorization => credentials('jsmith') - end - - should_respond_with :ok - should_respond_with_content_type 'application/xml' - - should "delete the issue" do - assert_equal Issue.count, @issue_count -1 - assert_nil Issue.find_by_id(1) - end - end - - context "DELETE /issues/1.json" do - setup do - @issue_count = Issue.count - delete '/issues/1.json', {}, :authorization => credentials('jsmith') - end - - should_respond_with :ok - should_respond_with_content_type 'application/json' - - should "delete the issue" do - assert_equal Issue.count, @issue_count -1 - assert_nil Issue.find_by_id(1) - end - end - - def credentials(user, password=nil) - ActionController::HttpAuthentication::Basic.encode_credentials(user, password || user) - end -end diff --git a/test/test_helper.rb b/test/test_helper.rb index 9a27610..06d99ec 100644 --- a/test/test_helper.rb +++ b/test/test_helper.rb @@ -181,4 +181,236 @@ class ActiveSupport::TestCase assert !user.new_record? end end + + # Test that a request allows the three types of API authentication + # + # * HTTP Basic with username and password + # * HTTP Basic with an api key for the username + # * Key based with the key=X parameter + # + # @param [Symbol] http_method the HTTP method for request (:get, :post, :put, :delete) + # @param [String] url the request url + # @param [optional, Hash] parameters additional request parameters + # @param [optional, Hash] options additional options + # @option options [Symbol] :success_code Successful response code (:success) + # @option options [Symbol] :failure_code Failure response code (:unauthorized) + def self.should_allow_api_authentication(http_method, url, parameters={}, options={}) + should_allow_http_basic_auth_with_username_and_password(http_method, url, parameters, options) + should_allow_http_basic_auth_with_key(http_method, url, parameters, options) + should_allow_key_based_auth(http_method, url, parameters, options) + end + + # Test that a request allows the username and password for HTTP BASIC + # + # @param [Symbol] http_method the HTTP method for request (:get, :post, :put, :delete) + # @param [String] url the request url + # @param [optional, Hash] parameters additional request parameters + # @param [optional, Hash] options additional options + # @option options [Symbol] :success_code Successful response code (:success) + # @option options [Symbol] :failure_code Failure response code (:unauthorized) + def self.should_allow_http_basic_auth_with_username_and_password(http_method, url, parameters={}, options={}) + success_code = options[:success_code] || :success + failure_code = options[:failure_code] || :unauthorized + + context "should allow http basic auth using a username and password for #{http_method} #{url}" do + context "with a valid HTTP authentication" do + setup do + @user = User.generate_with_protected!(:password => 'my_password', :password_confirmation => 'my_password', :admin => true) # Admin so they can access the project + @authorization = ActionController::HttpAuthentication::Basic.encode_credentials(@user.login, 'my_password') + send(http_method, url, parameters, {:authorization => @authorization}) + end + + should_respond_with success_code + should_respond_with_content_type_based_on_url(url) + should "login as the user" do + assert_equal @user, User.current + end + end + + context "with an invalid HTTP authentication" do + setup do + @user = User.generate_with_protected! + @authorization = ActionController::HttpAuthentication::Basic.encode_credentials(@user.login, 'wrong_password') + send(http_method, url, parameters, {:authorization => @authorization}) + end + + should_respond_with failure_code + should_respond_with_content_type_based_on_url(url) + should "not login as the user" do + assert_equal User.anonymous, User.current + end + end + + context "without credentials" do + setup do + send(http_method, url, parameters, {:authorization => ''}) + end + + should_respond_with failure_code + should_respond_with_content_type_based_on_url(url) + should "include_www_authenticate_header" do + assert @controller.response.headers.has_key?('WWW-Authenticate') + end + end + end + + end + + # Test that a request allows the API key with HTTP BASIC + # + # @param [Symbol] http_method the HTTP method for request (:get, :post, :put, :delete) + # @param [String] url the request url + # @param [optional, Hash] parameters additional request parameters + # @param [optional, Hash] options additional options + # @option options [Symbol] :success_code Successful response code (:success) + # @option options [Symbol] :failure_code Failure response code (:unauthorized) + def self.should_allow_http_basic_auth_with_key(http_method, url, parameters={}, options={}) + success_code = options[:success_code] || :success + failure_code = options[:failure_code] || :unauthorized + + context "should allow http basic auth with a key for #{http_method} #{url}" do + context "with a valid HTTP authentication using the API token" do + setup do + @user = User.generate_with_protected!(:admin => true) + @token = Token.generate!(:user => @user, :action => 'api') + @authorization = ActionController::HttpAuthentication::Basic.encode_credentials(@token.value, 'X') + send(http_method, url, parameters, {:authorization => @authorization}) + end + + should_respond_with success_code + should_respond_with_content_type_based_on_url(url) + should_be_a_valid_response_string_based_on_url(url) + should "login as the user" do + assert_equal @user, User.current + end + end + + context "with an invalid HTTP authentication" do + setup do + @user = User.generate_with_protected! + @token = Token.generate!(:user => @user, :action => 'feeds') + @authorization = ActionController::HttpAuthentication::Basic.encode_credentials(@token.value, 'X') + send(http_method, url, parameters, {:authorization => @authorization}) + end + + should_respond_with failure_code + should_respond_with_content_type_based_on_url(url) + should "not login as the user" do + assert_equal User.anonymous, User.current + end + end + end + end + + # Test that a request allows full key authentication + # + # @param [Symbol] http_method the HTTP method for request (:get, :post, :put, :delete) + # @param [String] url the request url, without the key=ZXY parameter + # @param [optional, Hash] parameters additional request parameters + # @param [optional, Hash] options additional options + # @option options [Symbol] :success_code Successful response code (:success) + # @option options [Symbol] :failure_code Failure response code (:unauthorized) + def self.should_allow_key_based_auth(http_method, url, parameters={}, options={}) + success_code = options[:success_code] || :success + failure_code = options[:failure_code] || :unauthorized + + context "should allow key based auth using key=X for #{http_method} #{url}" do + context "with a valid api token" do + setup do + @user = User.generate_with_protected!(:admin => true) + @token = Token.generate!(:user => @user, :action => 'api') + # Simple url parse to add on ?key= or &key= + request_url = if url.match(/\?/) + url + "&key=#{@token.value}" + else + url + "?key=#{@token.value}" + end + send(http_method, request_url, parameters) + end + + should_respond_with success_code + should_respond_with_content_type_based_on_url(url) + should_be_a_valid_response_string_based_on_url(url) + should "login as the user" do + assert_equal @user, User.current + end + end + + context "with an invalid api token" do + setup do + @user = User.generate_with_protected! + @token = Token.generate!(:user => @user, :action => 'feeds') + # Simple url parse to add on ?key= or &key= + request_url = if url.match(/\?/) + url + "&key=#{@token.value}" + else + url + "?key=#{@token.value}" + end + send(http_method, request_url, parameters) + end + + should_respond_with failure_code + should_respond_with_content_type_based_on_url(url) + should "not login as the user" do + assert_equal User.anonymous, User.current + end + end + end + + end + + # Uses should_respond_with_content_type based on what's in the url: + # + # '/project/issues.xml' => should_respond_with_content_type :xml + # '/project/issues.json' => should_respond_with_content_type :json + # + # @param [String] url Request + def self.should_respond_with_content_type_based_on_url(url) + case + when url.match(/xml/i) + should_respond_with_content_type :xml + when url.match(/json/i) + should_respond_with_content_type :json + else + raise "Unknown content type for should_respond_with_content_type_based_on_url: #{url}" + end + + end + + # Uses the url to assert which format the response should be in + # + # '/project/issues.xml' => should_be_a_valid_xml_string + # '/project/issues.json' => should_be_a_valid_json_string + # + # @param [String] url Request + def self.should_be_a_valid_response_string_based_on_url(url) + case + when url.match(/xml/i) + should_be_a_valid_xml_string + when url.match(/json/i) + should_be_a_valid_json_string + else + raise "Unknown content type for should_be_a_valid_response_based_on_url: #{url}" + end + + end + + # Checks that the response is a valid JSON string + def self.should_be_a_valid_json_string + should "be a valid JSON string (or empty)" do + assert (response.body.blank? || ActiveSupport::JSON.decode(response.body)) + end + end + + # Checks that the response is a valid XML string + def self.should_be_a_valid_xml_string + should "be a valid XML string" do + assert REXML::Document.new(response.body) + end + end + +end + +# Simple module to "namespace" all of the API tests +module ApiTest end