jro_apps/redmine Commit - r4251:4b1dd334a596

Allow key authentication when creating issues (with tests) #6447...

Eric Davis -

r4251:4b1dd334a596

parent child

Context file:

r4251:4b1dd334a596

Collapse all files

app/controllers/issues_controller.rb +1 -1

               before_filter :find_optional_project, :only => [:index]
               before_filter :check_for_default_issue_status, :only => [:new, :create]
               before_filter :build_new_issue_from_params, :only => [:new, :create]
-              accept_key_auth :index, :show
+              accept_key_auth :index, :show, :create
               rescue_from Query::StatementInvalid, :with => :query_statement_invalid

test/integration/api_test/issues_test.rb +41 -40

@@ -91,69 +91,70 class ApiTest::IssuesTest < ActionController::IntegrationTest
91	end	91	end
92		92
93	context "POST /issues.xml" do	93	context "POST /issues.xml" do
94	setup do	94	should_allow_api_authentication(:post,
95	@issue_count = Issue.count	95	'/issues.xml',
96	~~@attributes~~ = {:project_id => 1, :subject => 'API test', :tracker_id => 2, :status_id => 3}	96	{:issue => {:project_id => 1, :subject => 'API test', :tracker_id => 2, :status_id => 3}},
97	post '/issues.xml', {:issue => @attributes}, :authorization => credentials('jsmith')	97	{:success_code => :created})
98	end
99
100	should_respond_with :created
101	should_respond_with_content_type 'application/xml'
102		98
103	should "create an issue with the attributes" do	99	should "create an issue with the attributes" do
104	assert_~~equal~~ ~~Issue~~.~~count~~, ~~@issue_count~~ + 1	100	assert_difference('Issue.count') do
105		101	post '/issues.xml', {:issue => {:project_id => 1, :subject => 'API test', :tracker_id => 2, :status_id => 3}}, :authorization => credentials('jsmith')
106	issue = Issue.first(:order => 'id DESC')
107	@attributes.each do \|attribute, value\|
108	assert_equal value, issue.send(attribute)
109	end	102	end
		103
		104	issue = Issue.first(:order => 'id DESC')
		105	assert_equal 1, issue.project_id
		106	assert_equal 2, issue.tracker_id
		107	assert_equal 3, issue.status_id
		108	assert_equal 'API test', issue.subject
110	end	109	end
111	end	110	end
112		111
113	context "POST /issues.xml with failure" do	112	context "POST /issues.xml with failure" do
114	setup do	113	should_allow_api_authentication(:post,
115	@attributes = {:project_id => 1}	114	'/issues.xml',
116	post '/issues.xml', {:issue => @attributes}, :authorization => credentials('jsmith')	115	{:issue => {:project_id => 1}},
117	end	116	{:success_code => :unprocessable_entity})
118
119	should_respond_with :unprocessable_entity
120	should_respond_with_content_type 'application/xml'
121		117
122	should "have an errors tag" do	118	should "have an errors tag" do
		119	assert_no_difference('Issue.count') do
		120	post '/issues.xml', {:issue => {:project_id => 1}}, :authorization => credentials('jsmith')
		121	end
		122
123	assert_tag :errors, :child => {:tag => 'error', :content => "Subject can't be blank"}	123	assert_tag :errors, :child => {:tag => 'error', :content => "Subject can't be blank"}
124	end	124	end
125	end	125	end
126		126
127	context "POST /issues.json" do	127	context "POST /issues.json" do
128	setup do	128	should_allow_api_authentication(:post,
129	@issue_count = Issue.count	129	'/issues.json',
130	~~@attributes~~ = {:project_id => 1, :subject => 'API test', :tracker_id => 2, :status_id => 3}	130	{:issue => {:project_id => 1, :subject => 'API test', :tracker_id => 2, :status_id => 3}},
131	post '/issues.json', {:issue => @attributes}, :authorization => credentials('jsmith')	131	{:success_code => :created})
132	end
133
134	should_respond_with :created
135	should_respond_with_content_type 'application/json'
136		132
137	should "create an issue with the attributes" do	133	should "create an issue with the attributes" do
138	assert_~~equal~~ ~~Issue~~.~~count~~, ~~@issue_count~~ + 1	134	assert_difference('Issue.count') do
139		135	post '/issues.json', {:issue => {:project_id => 1, :subject => 'API test', :tracker_id => 2, :status_id => 3}}, :authorization => credentials('jsmith')
140	issue = Issue.first(:order => 'id DESC')
141	@attributes.each do \|attribute, value\|
142	assert_equal value, issue.send(attribute)
143	end	136	end
		137
		138	issue = Issue.first(:order => 'id DESC')
		139	assert_equal 1, issue.project_id
		140	assert_equal 2, issue.tracker_id
		141	assert_equal 3, issue.status_id
		142	assert_equal 'API test', issue.subject
144	end	143	end
		144
145	end	145	end
146		146
147	context "POST /issues.json with failure" do	147	context "POST /issues.json with failure" do
148	setup do	148	should_allow_api_authentication(:post,
149	@attributes = {:project_id => 1}	149	'/issues.json',
150	post '/issues.json', {:issue => @attributes}, :authorization => credentials('jsmith')	150	{:issue => {:project_id => 1}},
151	end	151	{:success_code => :unprocessable_entity})
152
153	should_respond_with :unprocessable_entity
154	should_respond_with_content_type 'application/json'
155		152
156	should "have an errors element" do	153	should "have an errors element" do
		154	assert_no_difference('Issue.count') do
		155	post '/issues.json', {:issue => {:project_id => 1}}, :authorization => credentials('jsmith')
		156	end
		157
157	json = ActiveSupport::JSON.decode(response.body)	158	json = ActiveSupport::JSON.decode(response.body)
158	assert_equal "can't be blank", json.first['subject']	159	assert_equal "can't be blank", json.first['subject']
159	end	160	end

test/test_helper.rb +42 -15

               # @param [Symbol] http_method the HTTP method for request (:get, :post, :put, :delete)
               # @param [String] url the request url
               # @param [optional, Hash] parameters additional request parameters
-              def self.should_allow_api_authentication(http_method, url, parameters={})
+              # @param [optional, Hash] options additional options
-                should_allow_http_basic_auth_with_username_and_password(http_method, url, parameters)
+              # @option options [Symbol] :success_code Successful response code (:success)
-                should_allow_http_basic_auth_with_key(http_method, url, parameters)
+              # @option options [Symbol] :failure_code Failure response code (:unauthorized)
-                should_allow_key_based_auth(http_method, url, parameters)
+              def self.should_allow_api_authentication(http_method, url, parameters={}, options={})
+                should_allow_http_basic_auth_with_username_and_password(http_method, url, parameters, options)
+                should_allow_http_basic_auth_with_key(http_method, url, parameters, options)
+                should_allow_key_based_auth(http_method, url, parameters, options)
               end
               # Test that a request allows the username and password for HTTP BASIC
               # @param [Symbol] http_method the HTTP method for request (:get, :post, :put, :delete)
               # @param [String] url the request url
               # @param [optional, Hash] parameters additional request parameters
-              def self.should_allow_http_basic_auth_with_username_and_password(http_method, url, parameters={})
+              # @param [optional, Hash] options additional options
+              # @option options [Symbol] :success_code Successful response code (:success)
+              # @option options [Symbol] :failure_code Failure response code (:unauthorized)
+              def self.should_allow_http_basic_auth_with_username_and_password(http_method, url, parameters={}, options={})
+                success_code = options[:success_code] || :success
+                failure_code = options[:failure_code] || :unauthorized
                 context "should allow http basic auth using a username and password for #{http_method} #{url}" do
                   context "with a valid HTTP authentication" do
                     setup do
                       send(http_method, url, parameters, {:authorization => @authorization})
                     end
-                    should_respond_with :success
+                    should_respond_with success_code
                     should_respond_with_content_type_based_on_url(url)
                     should "login as the user" do
                       assert_equal @user, User.current
                       send(http_method, url, parameters, {:authorization => @authorization})
                     end
-                    should_respond_with :unauthorized
+                    should_respond_with failure_code
                     should_respond_with_content_type_based_on_url(url)
                     should "not login as the user" do
                       assert_equal User.anonymous, User.current
                       send(http_method, url, parameters, {:authorization => ''})
                     end
-                    should_respond_with :unauthorized
+                    should_respond_with failure_code
                     should_respond_with_content_type_based_on_url(url)
                     should "include_www_authenticate_header" do
                       assert @controller.response.headers.has_key?('WWW-Authenticate')
               # @param [Symbol] http_method the HTTP method for request (:get, :post, :put, :delete)
               # @param [String] url the request url
               # @param [optional, Hash] parameters additional request parameters
-              def self.should_allow_http_basic_auth_with_key(http_method, url, parameters={})
+              # @param [optional, Hash] options additional options
+              # @option options [Symbol] :success_code Successful response code (:success)
+              # @option options [Symbol] :failure_code Failure response code (:unauthorized)
+              def self.should_allow_http_basic_auth_with_key(http_method, url, parameters={}, options={})
+                success_code = options[:success_code] || :success
+                failure_code = options[:failure_code] || :unauthorized
                 context "should allow http basic auth with a key for #{http_method} #{url}" do
                   context "with a valid HTTP authentication using the API token" do
                     setup do
                       send(http_method, url, parameters, {:authorization => @authorization})
                     end
-                    should_respond_with :success
+                    should_respond_with success_code
                     should_respond_with_content_type_based_on_url(url)
                     should_be_a_valid_response_string_based_on_url(url)
                     should "login as the user" do
                       send(http_method, url, parameters, {:authorization => @authorization})
                     end
-                    should_respond_with :unauthorized
+                    should_respond_with failure_code
                     should_respond_with_content_type_based_on_url(url)
                     should "not login as the user" do
                       assert_equal User.anonymous, User.current
               # @param [Symbol] http_method the HTTP method for request (:get, :post, :put, :delete)
               # @param [String] url the request url, without the key=ZXY parameter
               # @param [optional, Hash] parameters additional request parameters
-              def self.should_allow_key_based_auth(http_method, url, parameters={})
+              # @param [optional, Hash] options additional options
+              # @option options [Symbol] :success_code Successful response code (:success)
+              # @option options [Symbol] :failure_code Failure response code (:unauthorized)
+              def self.should_allow_key_based_auth(http_method, url, parameters={}, options={})
+                success_code = options[:success_code] || :success
+                failure_code = options[:failure_code] || :unauthorized
                 context "should allow key based auth using key=X for #{http_method} #{url}" do
                   context "with a valid api token" do
                     setup do
                       send(http_method, request_url, parameters)
                     end
-                    should_respond_with :success
+                    should_respond_with success_code
                     should_respond_with_content_type_based_on_url(url)
                     should_be_a_valid_response_string_based_on_url(url)
                     should "login as the user" do
                     setup do
                       @user = User.generate_with_protected!
                       @token = Token.generate!(:user => @user, :action => 'feeds')
-                      send(http_method, url + "?key=#{@token.value}")
+                      # Simple url parse to add on ?key= or &key=
+                      request_url = if url.match(/\?/)
+                                      url + "&key=#{@token.value}"
+                                    else
+                                      url + "?key=#{@token.value}"
+                                    end
+                      send(http_method, request_url, parameters)
                     end
-                    should_respond_with :unauthorized
+                    should_respond_with failure_code
                     should_respond_with_content_type_based_on_url(url)
                     should "not login as the user" do
                       assert_equal User.anonymous, User.current

General Comments 0

Write
Preview

You need to be logged in to leave comments. Login now

No TODOs yet

	Site-wide shortcuts
/	Use quick search box
g h	Goto home page
g g	Goto my private gists page
g G	Goto my public gists page
g 0-9	Goto bookmarked items from 0-9
n r	New repository page
n g	New gist page

	Repositories
g s	Goto summary page
g c	Goto changelog page
g f	Goto files page
g F	Goto files page with file search activated
g p	Goto pull requests page
g o	Goto repository settings
g O	Goto repository access permissions settings
t s	Toggle sidebar on some pages