jro_apps/redmine Commit - r4459:07fe46e9dfc1

Makes the API accepts the X-Redmine-API-Key header to hold the API key....

Jean-Philippe Lang -

r4459:07fe46e9dfc1

parent child

Context file:

r4459:07fe46e9dfc1

Collapse all files

app/controllers/application_controller.rb +12 -3

                  elsif params[:format] == 'atom' && params[:key] && accept_key_auth_actions.include?(params[:action])
                    # RSS key authentication does not start a session
                    User.find_by_rss_key(params[:key])
-                 elsif Setting.rest_api_enabled? && ['xml', 'json'].include?(params[:format])
-                   if params[:key].present? && accept_key_auth_actions.include?(params[:action])
+                 elsif Setting.rest_api_enabled? && api_request?
+                   if (key = api_key_from_request) && accept_key_auth_actions.include?(params[:action])
                      # Use API key
-                     User.find_by_api_key(params[:key])
+                     User.find_by_api_key(key)
                    else
                      # HTTP Basic, either username/password or API key/random
                      authenticate_with_http_basic do |username, password|
                def api_request?
                  %w(xml json).include? params[:format]
                end
+               # Returns the API key present in the request
+               def api_key_from_request
+                 if params[:key].present?
+                   params[:key]
+                 elsif request.headers["X-Redmine-API-Key"].present?
+                   request.headers["X-Redmine-API-Key"]
+                 end
+               end
                # Renders a warning flash if obj has unsaved attachments
                def render_attachment_warning_if_needed(obj)

test/test_helper.rb +14 0

                    end
                  end
+                 context "should allow key based auth using X-Redmine-API-Key header for #{http_method} #{url}" do
+                   setup do
+                     @user = User.generate_with_protected!(:admin => true)
+                     @token = Token.generate!(:user => @user, :action => 'api')
+                     send(http_method, url, parameters, {'X-Redmine-API-Key' => @token.value.to_s})
+                   end
+                   should_respond_with success_code
+                   should_respond_with_content_type_based_on_url(url)
+                   should_be_a_valid_response_string_based_on_url(url)
+                   should "login as the user" do
+                     assert_equal @user, User.current
+                   end
+                 end
                end
                # Uses should_respond_with_content_type based on what's in the url:

General Comments 0

Write
Preview

You need to be logged in to leave comments. Login now

No TODOs yet

	Site-wide shortcuts
/	Use quick search box
g h	Goto home page
g g	Goto my private gists page
g G	Goto my public gists page
g 0-9	Goto bookmarked items from 0-9
n r	New repository page
n g	New gist page

	Repositories
g s	Goto summary page
g c	Goto changelog page
g f	Goto files page
g F	Goto files page with file search activated
g p	Goto pull requests page
g o	Goto repository settings
g O	Goto repository access permissions settings
t s	Toggle sidebar on some pages