| @@ -1,110 +1,110 | |||
|
|
1 | 1 | require File.expand_path('../../../test_helper', __FILE__) |
|
|
2 | 2 | |
|
|
3 | 3 | class ApiTest::DisabledRestApiTest < ActionController::IntegrationTest |
|
|
4 | 4 | fixtures :all |
|
|
5 | 5 | |
|
|
6 | 6 | def setup |
|
|
7 | 7 | Setting.rest_api_enabled = '0' |
|
|
8 | 8 | Setting.login_required = '1' |
|
|
9 | 9 | end |
|
|
10 | 10 | |
|
|
11 | 11 | def teardown |
|
|
12 | 12 | Setting.rest_api_enabled = '1' |
|
|
13 | 13 | Setting.login_required = '0' |
|
|
14 | 14 | end |
|
|
15 | ||
|
|
15 | ||
|
|
16 | 16 | # Using the NewsController because it's a simple API. |
|
|
17 | 17 | context "get /news with the API disabled" do |
|
|
18 | 18 | |
|
|
19 | 19 | context "in :xml format" do |
|
|
20 | 20 | context "with a valid api token" do |
|
|
21 | 21 | setup do |
|
|
22 | 22 | @user = User.generate_with_protected! |
|
|
23 | 23 | @token = Token.generate!(:user => @user, :action => 'api') |
|
|
24 | 24 | get "/news.xml?key=#{@token.value}" |
|
|
25 | 25 | end |
|
|
26 | ||
|
|
26 | ||
|
|
27 | 27 | should_respond_with :unauthorized |
|
|
28 | 28 | should_respond_with_content_type :xml |
|
|
29 | 29 | should "not login as the user" do |
|
|
30 | 30 | assert_equal User.anonymous, User.current |
|
|
31 | 31 | end |
|
|
32 | 32 | end |
|
|
33 | 33 | |
|
|
34 | 34 | context "with a valid HTTP authentication" do |
|
|
35 | 35 | setup do |
|
|
36 | 36 | @user = User.generate_with_protected!(:password => 'my_password', :password_confirmation => 'my_password') |
|
|
37 | 37 | @authorization = ActionController::HttpAuthentication::Basic.encode_credentials(@user.login, 'my_password') |
|
|
38 | 38 | get "/news.xml", nil, :authorization => @authorization |
|
|
39 | 39 | end |
|
|
40 | ||
|
|
40 | ||
|
|
41 | 41 | should_respond_with :unauthorized |
|
|
42 | 42 | should_respond_with_content_type :xml |
|
|
43 | 43 | should "not login as the user" do |
|
|
44 | 44 | assert_equal User.anonymous, User.current |
|
|
45 | 45 | end |
|
|
46 | 46 | end |
|
|
47 | 47 | |
|
|
48 | 48 | context "with a valid HTTP authentication using the API token" do |
|
|
49 | 49 | setup do |
|
|
50 | 50 | @user = User.generate_with_protected! |
|
|
51 | 51 | @token = Token.generate!(:user => @user, :action => 'api') |
|
|
52 | 52 | @authorization = ActionController::HttpAuthentication::Basic.encode_credentials(@token.value, 'X') |
|
|
53 | 53 | get "/news.xml", nil, :authorization => @authorization |
|
|
54 | 54 | end |
|
|
55 | ||
|
|
55 | ||
|
|
56 | 56 | should_respond_with :unauthorized |
|
|
57 | 57 | should_respond_with_content_type :xml |
|
|
58 | 58 | should "not login as the user" do |
|
|
59 | 59 | assert_equal User.anonymous, User.current |
|
|
60 | 60 | end |
|
|
61 | 61 | end |
|
|
62 | 62 | end |
|
|
63 | 63 | |
|
|
64 | 64 | context "in :json format" do |
|
|
65 | 65 | context "with a valid api token" do |
|
|
66 | 66 | setup do |
|
|
67 | 67 | @user = User.generate_with_protected! |
|
|
68 | 68 | @token = Token.generate!(:user => @user, :action => 'api') |
|
|
69 | 69 | get "/news.json?key=#{@token.value}" |
|
|
70 | 70 | end |
|
|
71 | ||
|
|
71 | ||
|
|
72 | 72 | should_respond_with :unauthorized |
|
|
73 | 73 | should_respond_with_content_type :json |
|
|
74 | 74 | should "not login as the user" do |
|
|
75 | 75 | assert_equal User.anonymous, User.current |
|
|
76 | 76 | end |
|
|
77 | 77 | end |
|
|
78 | 78 | |
|
|
79 | 79 | context "with a valid HTTP authentication" do |
|
|
80 | 80 | setup do |
|
|
81 | 81 | @user = User.generate_with_protected!(:password => 'my_password', :password_confirmation => 'my_password') |
|
|
82 | 82 | @authorization = ActionController::HttpAuthentication::Basic.encode_credentials(@user.login, 'my_password') |
|
|
83 | 83 | get "/news.json", nil, :authorization => @authorization |
|
|
84 | 84 | end |
|
|
85 | ||
|
|
85 | ||
|
|
86 | 86 | should_respond_with :unauthorized |
|
|
87 | 87 | should_respond_with_content_type :json |
|
|
88 | 88 | should "not login as the user" do |
|
|
89 | 89 | assert_equal User.anonymous, User.current |
|
|
90 | 90 | end |
|
|
91 | 91 | end |
|
|
92 | 92 | |
|
|
93 | 93 | context "with a valid HTTP authentication using the API token" do |
|
|
94 | 94 | setup do |
|
|
95 | 95 | @user = User.generate_with_protected! |
|
|
96 | 96 | @token = Token.generate!(:user => @user, :action => 'api') |
|
|
97 | 97 | @authorization = ActionController::HttpAuthentication::Basic.encode_credentials(@token.value, 'DoesNotMatter') |
|
|
98 | 98 | get "/news.json", nil, :authorization => @authorization |
|
|
99 | 99 | end |
|
|
100 | 100 | |
|
|
101 | 101 | should_respond_with :unauthorized |
|
|
102 | 102 | should_respond_with_content_type :json |
|
|
103 | 103 | should "not login as the user" do |
|
|
104 | 104 | assert_equal User.anonymous, User.current |
|
|
105 | 105 | end |
|
|
106 | 106 | end |
|
|
107 | ||
|
|
108 |
end |
|
|
|
107 | ||
|
|
108 | end | |
|
|
109 | 109 | end |
|
|
110 | 110 | end |
General Comments 0
You need to be logged in to leave comments.
Login now