jro_apps/redmine Commit - r4251:4b1dd334a596

Allow key authentication when creating issues (with tests) #6447...

Eric Davis -

r4251:4b1dd334a596

parent child

Context file:

r4251:4b1dd334a596

Collapse all files

app/controllers/issues_controller.rb +1 -1

             # Redmine - project management software
             # Copyright (C) 2006-2008  Jean-Philippe Lang
             #
             # This program is free software; you can redistribute it and/or
             # modify it under the terms of the GNU General Public License
             # as published by the Free Software Foundation; either version 2
             # of the License, or (at your option) any later version.
             #
             # This program is distributed in the hope that it will be useful,
             # but WITHOUT ANY WARRANTY; without even the implied warranty of
             # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
             # GNU General Public License for more details.
             #
             # You should have received a copy of the GNU General Public License
             # along with this program; if not, write to the Free Software
             # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301, USA.
             class IssuesController < ApplicationController
               menu_item :new_issue, :only => [:new, :create]
               default_search_scope :issues
               before_filter :find_issue, :only => [:show, :edit, :update]
               before_filter :find_issues, :only => [:bulk_edit, :bulk_update, :move, :perform_move, :destroy]
               before_filter :check_project_uniqueness, :only => [:move, :perform_move]
               before_filter :find_project, :only => [:new, :create]
               before_filter :authorize, :except => [:index]
               before_filter :find_optional_project, :only => [:index]
               before_filter :check_for_default_issue_status, :only => [:new, :create]
               before_filter :build_new_issue_from_params, :only => [:new, :create]
-              accept_key_auth :index, :show
+              accept_key_auth :index, :show, :create
               rescue_from Query::StatementInvalid, :with => :query_statement_invalid
               helper :journals
               helper :projects
               include ProjectsHelper
               helper :custom_fields
               include CustomFieldsHelper
               helper :issue_relations
               include IssueRelationsHelper
               helper :watchers
               include WatchersHelper
               helper :attachments
               include AttachmentsHelper
               helper :queries
               include QueriesHelper
               helper :sort
               include SortHelper
               include IssuesHelper
               helper :timelog
               helper :gantt
               include Redmine::Export::PDF
               verify :method => [:post, :delete],
                      :only => :destroy,
                      :render => { :nothing => true, :status => :method_not_allowed }
               verify :method => :post, :only => :create, :render => {:nothing => true, :status => :method_not_allowed }
               verify :method => :post, :only => :bulk_update, :render => {:nothing => true, :status => :method_not_allowed }
               verify :method => :put, :only => :update, :render => {:nothing => true, :status => :method_not_allowed }
               def index
                 retrieve_query
                 sort_init(@query.sort_criteria.empty? ? [['id', 'desc']] : @query.sort_criteria)
                 sort_update(@query.sortable_columns)
                 if @query.valid?
                   limit = case params[:format]
                   when 'csv', 'pdf'
                     Setting.issues_export_limit.to_i
                   when 'atom'
                     Setting.feeds_limit.to_i
                   else
                     per_page_option
                   end
                   @issue_count = @query.issue_count
                   @issue_pages = Paginator.new self, @issue_count, limit, params['page']
                   @issues = @query.issues(:include => [:assigned_to, :tracker, :priority, :category, :fixed_version],
                                           :order => sort_clause,
                                           :offset => @issue_pages.current.offset,
                                           :limit => limit)
                   @issue_count_by_group = @query.issue_count_by_group
                   respond_to do |format|
                     format.html { render :template => 'issues/index.rhtml', :layout => !request.xhr? }
                     format.xml  { render :layout => false }
                     format.json { render :text => @issues.to_json, :layout => false }
                     format.atom { render_feed(@issues, :title => "#{@project || Setting.app_title}: #{l(:label_issue_plural)}") }
                     format.csv  { send_data(issues_to_csv(@issues, @project), :type => 'text/csv; header=present', :filename => 'export.csv') }
                     format.pdf  { send_data(issues_to_pdf(@issues, @project, @query), :type => 'application/pdf', :filename => 'export.pdf') }
                   end
                 else
                   # Send html if the query is not valid
                   render(:template => 'issues/index.rhtml', :layout => !request.xhr?)
                 end
               rescue ActiveRecord::RecordNotFound
                 render_404
               end
               def show
                 @journals = @issue.journals.find(:all, :include => [:user, :details], :order => "#{Journal.table_name}.created_on ASC")
                 @journals.each_with_index {|j,i| j.indice = i+1}
                 @journals.reverse! if User.current.wants_comments_in_reverse_order?
                 @changesets = @issue.changesets.visible.all
                 @changesets.reverse! if User.current.wants_comments_in_reverse_order?
                 @allowed_statuses = @issue.new_statuses_allowed_to(User.current)
                 @edit_allowed = User.current.allowed_to?(:edit_issues, @project)
                 @priorities = IssuePriority.all
                 @time_entry = TimeEntry.new
                 respond_to do |format|
                   format.html { render :template => 'issues/show.rhtml' }
                   format.xml  { render :layout => false }
                   format.json { render :text => @issue.to_json, :layout => false }
                   format.atom { render :template => 'journals/index', :layout => false, :content_type => 'application/atom+xml' }
                   format.pdf  { send_data(issue_to_pdf(@issue), :type => 'application/pdf', :filename => "#{@project.identifier}-#{@issue.id}.pdf") }
                 end
               end
               # Add a new issue
               # The new issue will be created from an existing one if copy_from parameter is given
               def new
                 respond_to do |format|
                   format.html { render :action => 'new', :layout => !request.xhr? }
                   format.js { render :partial => 'attributes' }
                 end
               end
               def create
                 call_hook(:controller_issues_new_before_save, { :params => params, :issue => @issue })
                 if @issue.save
                   attachments = Attachment.attach_files(@issue, params[:attachments])
                   render_attachment_warning_if_needed(@issue)
                   flash[:notice] = l(:notice_successful_create)
                   call_hook(:controller_issues_new_after_save, { :params => params, :issue => @issue})
                   respond_to do |format|
                     format.html {
                       redirect_to(params[:continue] ?  { :action => 'new', :project_id => @project, :issue => {:tracker_id => @issue.tracker, :parent_issue_id => @issue.parent_issue_id}.reject {|k,v| v.nil?} } :
                                   { :action => 'show', :id => @issue })
                     }
                     format.xml  { render :action => 'show', :status => :created, :location => url_for(:controller => 'issues', :action => 'show', :id => @issue) }
                     format.json { render :text => @issue.to_json, :status => :created, :location => url_for(:controller => 'issues', :action => 'show'), :layout => false }
                   end
                   return
                 else
                   respond_to do |format|
                     format.html { render :action => 'new' }
                     format.xml  { render(:xml => @issue.errors, :status => :unprocessable_entity); return }
                     format.json { render :text => object_errors_to_json(@issue), :status => :unprocessable_entity, :layout => false }
                   end
                 end
               end
               # Attributes that can be updated on workflow transition (without :edit permission)
               # TODO: make it configurable (at least per role)
               UPDATABLE_ATTRS_ON_TRANSITION = %w(status_id assigned_to_id fixed_version_id done_ratio) unless const_defined?(:UPDATABLE_ATTRS_ON_TRANSITION)
               def edit
                 update_issue_from_params
                 @journal = @issue.current_journal
                 respond_to do |format|
                   format.html { }
                   format.xml  { }
                 end
               end
               def update
                 update_issue_from_params
                 if @issue.save_issue_with_child_records(params, @time_entry)
                   render_attachment_warning_if_needed(@issue)
                   flash[:notice] = l(:notice_successful_update) unless @issue.current_journal.new_record?
                   respond_to do |format|
                     format.html { redirect_back_or_default({:action => 'show', :id => @issue}) }
                     format.xml  { head :ok }
                     format.json  { head :ok }
                   end
                 else
                   render_attachment_warning_if_needed(@issue)
                   flash[:notice] = l(:notice_successful_update) unless @issue.current_journal.new_record?
                   @journal = @issue.current_journal
                   respond_to do |format|
                     format.html { render :action => 'edit' }
                     format.xml  { render :xml => @issue.errors, :status => :unprocessable_entity }
                     format.json { render :text => object_errors_to_json(@issue), :status => :unprocessable_entity, :layout => false }
                   end
                 end
               end
               # Bulk edit a set of issues
               def bulk_edit
                 @issues.sort!
                 @available_statuses = @projects.map{|p|Workflow.available_statuses(p)}.inject{|memo,w|memo & w}
                 @custom_fields = @projects.map{|p|p.all_issue_custom_fields}.inject{|memo,c|memo & c}
                 @assignables = @projects.map(&:assignable_users).inject{|memo,a| memo & a}
                 @trackers = @projects.map(&:trackers).inject{|memo,t| memo & t}
               end
               def bulk_update
                 @issues.sort!
                 attributes = parse_params_for_bulk_issue_attributes(params)
                 unsaved_issue_ids = []
                 @issues.each do |issue|
                   issue.reload
                   journal = issue.init_journal(User.current, params[:notes])
                   issue.safe_attributes = attributes
                   call_hook(:controller_issues_bulk_edit_before_save, { :params => params, :issue => issue })
                   unless issue.save
                     # Keep unsaved issue ids to display them in flash error
                     unsaved_issue_ids << issue.id
                   end
                 end
                 set_flash_from_bulk_issue_save(@issues, unsaved_issue_ids)
                 redirect_back_or_default({:controller => 'issues', :action => 'index', :project_id => @project})
               end
               def destroy
                 @hours = TimeEntry.sum(:hours, :conditions => ['issue_id IN (?)', @issues]).to_f
                 if @hours > 0
                   case params[:todo]
                   when 'destroy'
                     # nothing to do
                   when 'nullify'
                     TimeEntry.update_all('issue_id = NULL', ['issue_id IN (?)', @issues])
                   when 'reassign'
                     reassign_to = @project.issues.find_by_id(params[:reassign_to_id])
                     if reassign_to.nil?
                       flash.now[:error] = l(:error_issue_not_found_in_project)
                       return
                     else
                       TimeEntry.update_all("issue_id = #{reassign_to.id}", ['issue_id IN (?)', @issues])
                     end
                   else
                     unless params[:format] == 'xml' || params[:format] == 'json'
                       # display the destroy form if it's a user request
                       return
                     end
                   end
                 end
                 @issues.each(&:destroy)
                 respond_to do |format|
                   format.html { redirect_back_or_default(:action => 'index', :project_id => @project) }
                   format.xml  { head :ok }
                   format.json  { head :ok }
                 end
               end
             private
               def find_issue
                 @issue = Issue.find(params[:id], :include => [:project, :tracker, :status, :author, :priority, :category])
                 @project = @issue.project
               rescue ActiveRecord::RecordNotFound
                 render_404
               end
               def find_project
                 project_id = (params[:issue] && params[:issue][:project_id]) || params[:project_id]
                 @project = Project.find(project_id)
               rescue ActiveRecord::RecordNotFound
                 render_404
               end
               # Used by #edit and #update to set some common instance variables
               # from the params
               # TODO: Refactor, not everything in here is needed by #edit
               def update_issue_from_params
                 @allowed_statuses = @issue.new_statuses_allowed_to(User.current)
                 @priorities = IssuePriority.all
                 @edit_allowed = User.current.allowed_to?(:edit_issues, @project)
                 @time_entry = TimeEntry.new
                 @notes = params[:notes] || (params[:issue].present? ? params[:issue][:notes] : nil)
                 @issue.init_journal(User.current, @notes)
                 # User can change issue attributes only if he has :edit permission or if a workflow transition is allowed
                 if (@edit_allowed || !@allowed_statuses.empty?) && params[:issue]
                   attrs = params[:issue].dup
                   attrs.delete_if {|k,v| !UPDATABLE_ATTRS_ON_TRANSITION.include?(k) } unless @edit_allowed
                   attrs.delete(:status_id) unless @allowed_statuses.detect {|s| s.id.to_s == attrs[:status_id].to_s}
                   @issue.safe_attributes = attrs
                 end
               end
               # TODO: Refactor, lots of extra code in here
               # TODO: Changing tracker on an existing issue should not trigger this
               def build_new_issue_from_params
                 if params[:id].blank?
                   @issue = Issue.new
                   @issue.copy_from(params[:copy_from]) if params[:copy_from]
                   @issue.project = @project
                 else
                   @issue = @project.issues.visible.find(params[:id])
                 end
                 @issue.project = @project
                 # Tracker must be set before custom field values
                 @issue.tracker ||= @project.trackers.find((params[:issue] && params[:issue][:tracker_id]) || params[:tracker_id] || :first)
                 if @issue.tracker.nil?
                   render_error l(:error_no_tracker_in_project)
                   return false
                 end
                 if params[:issue].is_a?(Hash)
                   @issue.safe_attributes = params[:issue]
                   if User.current.allowed_to?(:add_issue_watchers, @project) && @issue.new_record?
                     @issue.watcher_user_ids = params[:issue]['watcher_user_ids']
                   end
                 end
                 @issue.author = User.current
                 @issue.start_date ||= Date.today
                 @priorities = IssuePriority.all
                 @allowed_statuses = @issue.new_statuses_allowed_to(User.current, true)
               end
               def check_for_default_issue_status
                 if IssueStatus.default.nil?
                   render_error l(:error_no_default_issue_status)
                   return false
                 end
               end
               def parse_params_for_bulk_issue_attributes(params)
                 attributes = (params[:issue] || {}).reject {|k,v| v.blank?}
                 attributes.keys.each {|k| attributes[k] = '' if attributes[k] == 'none'}
                 attributes[:custom_field_values].reject! {|k,v| v.blank?} if attributes[:custom_field_values]
                 attributes
               end
             end

test/integration/api_test/issues_test.rb +41 -40

             # Redmine - project management software
             # Copyright (C) 2006-2010  Jean-Philippe Lang
             #
             # This program is free software; you can redistribute it and/or
             # modify it under the terms of the GNU General Public License
             # as published by the Free Software Foundation; either version 2
             # of the License, or (at your option) any later version.
             #
             # This program is distributed in the hope that it will be useful,
             # but WITHOUT ANY WARRANTY; without even the implied warranty of
             # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
             # GNU General Public License for more details.
             #
             # You should have received a copy of the GNU General Public License
             # along with this program; if not, write to the Free Software
             # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301, USA.
             require "#{File.dirname(__FILE__)}/../../test_helper"
             class ApiTest::IssuesTest < ActionController::IntegrationTest
               fixtures :projects,
                 :users,
                 :roles,
                 :members,
                 :member_roles,
                 :issues,
                 :issue_statuses,
                 :versions,
                 :trackers,
                 :projects_trackers,
                 :issue_categories,
                 :enabled_modules,
                 :enumerations,
                 :attachments,
                 :workflows,
                 :custom_fields,
                 :custom_values,
                 :custom_fields_projects,
                 :custom_fields_trackers,
                 :time_entries,
                 :journals,
                 :journal_details,
                 :queries
               def setup
                 Setting.rest_api_enabled = '1'
               end
               # Use a private project to make sure auth is really working and not just
               # only showing public issues.
               context "/index.xml" do
                 should_allow_api_authentication(:get, "/projects/private-child/issues.xml")
               end
               context "/index.json" do
                 should_allow_api_authentication(:get, "/projects/private-child/issues.json")
               end
               context "/index.xml with filter" do
                 should_allow_api_authentication(:get, "/projects/private-child/issues.xml?status_id=5")
                 should "show only issues with the status_id" do
                   get '/issues.xml?status_id=5'
                   assert_tag :tag => 'issues',
                              :children => { :count => Issue.visible.count(:conditions => {:status_id => 5}),
                                             :only => { :tag => 'issue' } }
                 end
               end
               context "/index.json with filter" do
                 should_allow_api_authentication(:get, "/projects/private-child/issues.json?status_id=5")
                 should "show only issues with the status_id" do
                   get '/issues.json?status_id=5'
                   json = ActiveSupport::JSON.decode(response.body)
                   status_ids_used = json.collect {|j| j['status_id'] }
                   assert_equal 3, status_ids_used.length
                   assert status_ids_used.all? {|id| id == 5 }
                 end
               end
               # Issue 6 is on a private project
               context "/issues/6.xml" do
                 should_allow_api_authentication(:get, "/issues/6.xml")
               end
               context "/issues/6.json" do
                 should_allow_api_authentication(:get, "/issues/6.json")
               end
               context "POST /issues.xml" do
-                setup do
+                should_allow_api_authentication(:post,
-                  @issue_count = Issue.count
+                                                '/issues.xml',
-                  @attributes = {:project_id => 1, :subject => 'API test', :tracker_id => 2, :status_id => 3}
+                                                {:issue => {:project_id => 1, :subject => 'API test', :tracker_id => 2, :status_id => 3}},
-                  post '/issues.xml', {:issue => @attributes}, :authorization => credentials('jsmith')
+                                                {:success_code => :created})
-                end
-                should_respond_with :created
-                should_respond_with_content_type 'application/xml'
                 should "create an issue with the attributes" do
-                  assert_equal Issue.count, @issue_count + 1
+                  assert_difference('Issue.count') do
+                    post '/issues.xml', {:issue => {:project_id => 1, :subject => 'API test', :tracker_id => 2, :status_id => 3}}, :authorization => credentials('jsmith')
-                  issue = Issue.first(:order => 'id DESC')
-                  @attributes.each do |attribute, value|
-                    assert_equal value, issue.send(attribute)
                   end
+                  issue = Issue.first(:order => 'id DESC')
+                  assert_equal 1, issue.project_id
+                  assert_equal 2, issue.tracker_id
+                  assert_equal 3, issue.status_id
+                  assert_equal 'API test', issue.subject
                 end
               end
               context "POST /issues.xml with failure" do
-                setup do
+                should_allow_api_authentication(:post,
-                  @attributes = {:project_id => 1}
+                                                '/issues.xml',
-                  post '/issues.xml', {:issue => @attributes}, :authorization => credentials('jsmith')
+                                                {:issue => {:project_id => 1}},
-                end
+                                                {:success_code => :unprocessable_entity})
-                should_respond_with :unprocessable_entity
-                should_respond_with_content_type 'application/xml'
                 should "have an errors tag" do
+                  assert_no_difference('Issue.count') do
+                    post '/issues.xml', {:issue => {:project_id => 1}}, :authorization => credentials('jsmith')
+                  end
                   assert_tag :errors, :child => {:tag => 'error', :content => "Subject can't be blank"}
                 end
               end
               context "POST /issues.json" do
-                setup do
+                should_allow_api_authentication(:post,
-                  @issue_count = Issue.count
+                                                '/issues.json',
-                  @attributes = {:project_id => 1, :subject => 'API test', :tracker_id => 2, :status_id => 3}
+                                                {:issue => {:project_id => 1, :subject => 'API test', :tracker_id => 2, :status_id => 3}},
-                  post '/issues.json', {:issue => @attributes}, :authorization => credentials('jsmith')
+                                                {:success_code => :created})
-                end
-                should_respond_with :created
-                should_respond_with_content_type 'application/json'
                 should "create an issue with the attributes" do
-                  assert_equal Issue.count, @issue_count + 1
+                  assert_difference('Issue.count') do
+                    post '/issues.json', {:issue => {:project_id => 1, :subject => 'API test', :tracker_id => 2, :status_id => 3}}, :authorization => credentials('jsmith')
-                  issue = Issue.first(:order => 'id DESC')
-                  @attributes.each do |attribute, value|
-                    assert_equal value, issue.send(attribute)
                   end
+                  issue = Issue.first(:order => 'id DESC')
+                  assert_equal 1, issue.project_id
+                  assert_equal 2, issue.tracker_id
+                  assert_equal 3, issue.status_id
+                  assert_equal 'API test', issue.subject
                 end
               end
               context "POST /issues.json with failure" do
-                setup do
+                should_allow_api_authentication(:post,
-                  @attributes = {:project_id => 1}
+                                                '/issues.json',
-                  post '/issues.json', {:issue => @attributes}, :authorization => credentials('jsmith')
+                                                {:issue => {:project_id => 1}},
-                end
+                                                {:success_code => :unprocessable_entity})
-                should_respond_with :unprocessable_entity
-                should_respond_with_content_type 'application/json'
                 should "have an errors element" do
+                  assert_no_difference('Issue.count') do
+                    post '/issues.json', {:issue => {:project_id => 1}}, :authorization => credentials('jsmith')
+                  end
                   json = ActiveSupport::JSON.decode(response.body)
                   assert_equal "can't be blank", json.first['subject']
                 end
               end
               context "PUT /issues/1.xml" do
                 setup do
                   @issue_count = Issue.count
                   @journal_count = Journal.count
                   @attributes = {:subject => 'API update', :notes => 'A new note'}
                   put '/issues/1.xml', {:issue => @attributes}, :authorization => credentials('jsmith')
                 end
                 should_respond_with :ok
                 should_respond_with_content_type 'application/xml'
                 should "not create a new issue" do
                   assert_equal Issue.count, @issue_count
                 end
                 should "create a new journal" do
                   assert_equal Journal.count, @journal_count + 1
                 end
                 should "add the note to the journal" do
                   journal = Journal.last
                   assert_equal "A new note", journal.notes
                 end
                 should "update the issue" do
                   issue = Issue.find(1)
                   @attributes.each do |attribute, value|
                     assert_equal value, issue.send(attribute) unless attribute == :notes
                   end
                 end
               end
               context "PUT /issues/1.xml with failed update" do
                 setup do
                   @attributes = {:subject => ''}
                   @issue_count = Issue.count
                   @journal_count = Journal.count
                   put '/issues/1.xml', {:issue => @attributes}, :authorization => credentials('jsmith')
                 end
                 should_respond_with :unprocessable_entity
                 should_respond_with_content_type 'application/xml'
                 should "not create a new issue" do
                   assert_equal Issue.count, @issue_count
                 end
                 should "not create a new journal" do
                   assert_equal Journal.count, @journal_count
                 end
                 should "have an errors tag" do
                   assert_tag :errors, :child => {:tag => 'error', :content => "Subject can't be blank"}
                 end
               end
               context "PUT /issues/1.json" do
                 setup do
                   @issue_count = Issue.count
                   @journal_count = Journal.count
                   @attributes = {:subject => 'API update', :notes => 'A new note'}
                   put '/issues/1.json', {:issue => @attributes}, :authorization => credentials('jsmith')
                 end
                 should_respond_with :ok
                 should_respond_with_content_type 'application/json'
                 should "not create a new issue" do
                   assert_equal Issue.count, @issue_count
                 end
                 should "create a new journal" do
                   assert_equal Journal.count, @journal_count + 1
                 end
                 should "add the note to the journal" do
                   journal = Journal.last
                   assert_equal "A new note", journal.notes
                 end
                 should "update the issue" do
                   issue = Issue.find(1)
                   @attributes.each do |attribute, value|
                     assert_equal value, issue.send(attribute) unless attribute == :notes
                   end
                 end
               end
               context "PUT /issues/1.json with failed update" do
                 setup do
                   @attributes = {:subject => ''}
                   @issue_count = Issue.count
                   @journal_count = Journal.count
                   put '/issues/1.json', {:issue => @attributes}, :authorization => credentials('jsmith')
                 end
                 should_respond_with :unprocessable_entity
                 should_respond_with_content_type 'application/json'
                 should "not create a new issue" do
                   assert_equal Issue.count, @issue_count
                 end
                 should "not create a new journal" do
                   assert_equal Journal.count, @journal_count
                 end
                 should "have an errors attribute" do
                   json = ActiveSupport::JSON.decode(response.body)
                   assert_equal "can't be blank", json.first['subject']
                 end
               end
               context "DELETE /issues/1.xml" do
                 setup do
                   @issue_count = Issue.count
                   delete '/issues/1.xml', {}, :authorization => credentials('jsmith')
                 end
                 should_respond_with :ok
                 should_respond_with_content_type 'application/xml'
                 should "delete the issue" do
                   assert_equal Issue.count, @issue_count -1
                   assert_nil Issue.find_by_id(1)
                 end
               end
               context "DELETE /issues/1.json" do
                 setup do
                   @issue_count = Issue.count
                   delete '/issues/1.json', {}, :authorization => credentials('jsmith')
                 end
                 should_respond_with :ok
                 should_respond_with_content_type 'application/json'
                 should "delete the issue" do
                   assert_equal Issue.count, @issue_count -1
                   assert_nil Issue.find_by_id(1)
                 end
               end
               def credentials(user, password=nil)
                 ActionController::HttpAuthentication::Basic.encode_credentials(user, password || user)
               end
             end

test/test_helper.rb +42 -15

             # redMine - project management software
             # Copyright (C) 2006  Jean-Philippe Lang
             #
             # This program is free software; you can redistribute it and/or
             # modify it under the terms of the GNU General Public License
             # as published by the Free Software Foundation; either version 2
             # of the License, or (at your option) any later version.
             #
             # This program is distributed in the hope that it will be useful,
             # but WITHOUT ANY WARRANTY; without even the implied warranty of
             # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
             # GNU General Public License for more details.
             #
             # You should have received a copy of the GNU General Public License
             # along with this program; if not, write to the Free Software
             # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301, USA.
             ENV["RAILS_ENV"] = "test"
             require File.expand_path(File.dirname(__FILE__) + "/../config/environment")
             require 'test_help'
             require File.expand_path(File.dirname(__FILE__) + '/helper_testcase')
             require File.join(RAILS_ROOT,'test', 'mocks', 'open_id_authentication_mock.rb')
             require File.expand_path(File.dirname(__FILE__) + '/object_daddy_helpers')
             include ObjectDaddyHelpers
             class ActiveSupport::TestCase
               # Transactional fixtures accelerate your tests by wrapping each test method
               # in a transaction that's rolled back on completion.  This ensures that the
               # test database remains unchanged so your fixtures don't have to be reloaded
               # between every test method.  Fewer database queries means faster tests.
               #
               # Read Mike Clark's excellent walkthrough at
               #   http://clarkware.com/cgi/blosxom/2005/10/24#Rails10FastTesting
               #
               # Every Active Record database supports transactions except MyISAM tables
               # in MySQL.  Turn off transactional fixtures in this case; however, if you
               # don't care one way or the other, switching from MyISAM to InnoDB tables
               # is recommended.
               self.use_transactional_fixtures = true
               # Instantiated fixtures are slow, but give you @david where otherwise you
               # would need people(:david).  If you don't want to migrate your existing
               # test cases which use the @david style and don't mind the speed hit (each
               # instantiated fixtures translates to a database query per test method),
               # then set this back to true.
               self.use_instantiated_fixtures  = false
               # Add more helper methods to be used by all tests here...
               def log_user(login, password)
                 User.anonymous
                 get "/login"
                 assert_equal nil, session[:user_id]
                 assert_response :success
                 assert_template "account/login"
                 post "/login", :username => login, :password => password
                 assert_equal login, User.find(session[:user_id]).login
               end
               def uploaded_test_file(name, mime)
                 ActionController::TestUploadedFile.new(ActiveSupport::TestCase.fixture_path + "/files/#{name}", mime)
               end
               # Mock out a file
               def self.mock_file
                 file = 'a_file.png'
                 file.stubs(:size).returns(32)
                 file.stubs(:original_filename).returns('a_file.png')
                 file.stubs(:content_type).returns('image/png')
                 file.stubs(:read).returns(false)
                 file
               end
               def mock_file
                 self.class.mock_file
               end
               # Use a temporary directory for attachment related tests
               def set_tmp_attachments_directory
                 Dir.mkdir "#{RAILS_ROOT}/tmp/test" unless File.directory?("#{RAILS_ROOT}/tmp/test")
                 Dir.mkdir "#{RAILS_ROOT}/tmp/test/attachments" unless File.directory?("#{RAILS_ROOT}/tmp/test/attachments")
                 Attachment.storage_path = "#{RAILS_ROOT}/tmp/test/attachments"
               end
               def with_settings(options, &block)
                 saved_settings = options.keys.inject({}) {|h, k| h[k] = Setting[k].dup; h}
                 options.each {|k, v| Setting[k] = v}
                 yield
                 saved_settings.each {|k, v| Setting[k] = v}
               end
               def change_user_password(login, new_password)
                 user = User.first(:conditions => {:login => login})
                 user.password, user.password_confirmation = new_password, new_password
                 user.save!
               end
               def self.ldap_configured?
                 @test_ldap = Net::LDAP.new(:host => '127.0.0.1', :port => 389)
                 return @test_ldap.bind
               rescue Exception => e
                 # LDAP is not listening
                 return nil
               end
               # Returns the path to the test +vendor+ repository
               def self.repository_path(vendor)
                 File.join(RAILS_ROOT.gsub(%r{config\/\.\.}, ''), "/tmp/test/#{vendor.downcase}_repository")
               end
               # Returns true if the +vendor+ test repository is configured
               def self.repository_configured?(vendor)
                 File.directory?(repository_path(vendor))
               end
               def assert_error_tag(options={})
                 assert_tag({:tag => 'p', :attributes => { :id => 'errorExplanation' }}.merge(options))
               end
               # Shoulda macros
               def self.should_render_404
                 should_respond_with :not_found
                 should_render_template 'common/error'
               end
               def self.should_have_before_filter(expected_method, options = {})
                 should_have_filter('before', expected_method, options)
               end
               def self.should_have_after_filter(expected_method, options = {})
                 should_have_filter('after', expected_method, options)
               end
               def self.should_have_filter(filter_type, expected_method, options)
                 description = "have #{filter_type}_filter :#{expected_method}"
                 description << " with #{options.inspect}" unless options.empty?
                 should description do
                   klass = "action_controller/filters/#{filter_type}_filter".classify.constantize
                   expected = klass.new(:filter, expected_method.to_sym, options)
                   assert_equal 1, @controller.class.filter_chain.select { |filter|
                     filter.method == expected.method && filter.kind == expected.kind &&
                     filter.options == expected.options && filter.class == expected.class
                   }.size
                 end
               end
               def self.should_show_the_old_and_new_values_for(prop_key, model, &block)
                 context "" do
                   setup do
                     if block_given?
                       instance_eval &block
                     else
                       @old_value = model.generate!
                       @new_value = model.generate!
                     end
                   end
                   should "use the new value's name" do
                     @detail = JournalDetail.generate!(:property => 'attr',
                                                       :old_value => @old_value.id,
                                                       :value => @new_value.id,
                                                       :prop_key => prop_key)
                     assert_match @new_value.name, show_detail(@detail, true)
                   end
                   should "use the old value's name" do
                     @detail = JournalDetail.generate!(:property => 'attr',
                                                       :old_value => @old_value.id,
                                                       :value => @new_value.id,
                                                       :prop_key => prop_key)
                     assert_match @old_value.name, show_detail(@detail, true)
                   end
                 end
               end
               def self.should_create_a_new_user(&block)
                 should "create a new user" do
                   user = instance_eval &block
                   assert user
                   assert_kind_of User, user
                   assert !user.new_record?
                 end
               end
               # Test that a request allows the three types of API authentication
               #
               # * HTTP Basic with username and password
               # * HTTP Basic with an api key for the username
               # * Key based with the key=X parameter
               #
               # @param [Symbol] http_method the HTTP method for request (:get, :post, :put, :delete)
               # @param [String] url the request url
               # @param [optional, Hash] parameters additional request parameters
-              def self.should_allow_api_authentication(http_method, url, parameters={})
+              # @param [optional, Hash] options additional options
-                should_allow_http_basic_auth_with_username_and_password(http_method, url, parameters)
+              # @option options [Symbol] :success_code Successful response code (:success)
-                should_allow_http_basic_auth_with_key(http_method, url, parameters)
+              # @option options [Symbol] :failure_code Failure response code (:unauthorized)
-                should_allow_key_based_auth(http_method, url, parameters)
+              def self.should_allow_api_authentication(http_method, url, parameters={}, options={})
+                should_allow_http_basic_auth_with_username_and_password(http_method, url, parameters, options)
+                should_allow_http_basic_auth_with_key(http_method, url, parameters, options)
+                should_allow_key_based_auth(http_method, url, parameters, options)
               end
               # Test that a request allows the username and password for HTTP BASIC
               #
               # @param [Symbol] http_method the HTTP method for request (:get, :post, :put, :delete)
               # @param [String] url the request url
               # @param [optional, Hash] parameters additional request parameters
-              def self.should_allow_http_basic_auth_with_username_and_password(http_method, url, parameters={})
+              # @param [optional, Hash] options additional options
+              # @option options [Symbol] :success_code Successful response code (:success)
+              # @option options [Symbol] :failure_code Failure response code (:unauthorized)
+              def self.should_allow_http_basic_auth_with_username_and_password(http_method, url, parameters={}, options={})
+                success_code = options[:success_code] || :success
+                failure_code = options[:failure_code] || :unauthorized
                 context "should allow http basic auth using a username and password for #{http_method} #{url}" do
                   context "with a valid HTTP authentication" do
                     setup do
                       @user = User.generate_with_protected!(:password => 'my_password', :password_confirmation => 'my_password', :admin => true) # Admin so they can access the project
                       @authorization = ActionController::HttpAuthentication::Basic.encode_credentials(@user.login, 'my_password')
                       send(http_method, url, parameters, {:authorization => @authorization})
                     end
-                    should_respond_with :success
+                    should_respond_with success_code
                     should_respond_with_content_type_based_on_url(url)
                     should "login as the user" do
                       assert_equal @user, User.current
                     end
                   end
                   context "with an invalid HTTP authentication" do
                     setup do
                       @user = User.generate_with_protected!
                       @authorization = ActionController::HttpAuthentication::Basic.encode_credentials(@user.login, 'wrong_password')
                       send(http_method, url, parameters, {:authorization => @authorization})
                     end
-                    should_respond_with :unauthorized
+                    should_respond_with failure_code
                     should_respond_with_content_type_based_on_url(url)
                     should "not login as the user" do
                       assert_equal User.anonymous, User.current
                     end
                   end
                   context "without credentials" do
                     setup do
                       send(http_method, url, parameters, {:authorization => ''})
                     end
-                    should_respond_with :unauthorized
+                    should_respond_with failure_code
                     should_respond_with_content_type_based_on_url(url)
                     should "include_www_authenticate_header" do
                       assert @controller.response.headers.has_key?('WWW-Authenticate')
                     end
                   end
                 end
               end
               # Test that a request allows the API key with HTTP BASIC
               #
               # @param [Symbol] http_method the HTTP method for request (:get, :post, :put, :delete)
               # @param [String] url the request url
               # @param [optional, Hash] parameters additional request parameters
-              def self.should_allow_http_basic_auth_with_key(http_method, url, parameters={})
+              # @param [optional, Hash] options additional options
+              # @option options [Symbol] :success_code Successful response code (:success)
+              # @option options [Symbol] :failure_code Failure response code (:unauthorized)
+              def self.should_allow_http_basic_auth_with_key(http_method, url, parameters={}, options={})
+                success_code = options[:success_code] || :success
+                failure_code = options[:failure_code] || :unauthorized
                 context "should allow http basic auth with a key for #{http_method} #{url}" do
                   context "with a valid HTTP authentication using the API token" do
                     setup do
                       @user = User.generate_with_protected!(:admin => true)
                       @token = Token.generate!(:user => @user, :action => 'api')
                       @authorization = ActionController::HttpAuthentication::Basic.encode_credentials(@token.value, 'X')
                       send(http_method, url, parameters, {:authorization => @authorization})
                     end
-                    should_respond_with :success
+                    should_respond_with success_code
                     should_respond_with_content_type_based_on_url(url)
                     should_be_a_valid_response_string_based_on_url(url)
                     should "login as the user" do
                       assert_equal @user, User.current
                     end
                   end
                   context "with an invalid HTTP authentication" do
                     setup do
                       @user = User.generate_with_protected!
                       @token = Token.generate!(:user => @user, :action => 'feeds')
                       @authorization = ActionController::HttpAuthentication::Basic.encode_credentials(@token.value, 'X')
                       send(http_method, url, parameters, {:authorization => @authorization})
                     end
-                    should_respond_with :unauthorized
+                    should_respond_with failure_code
                     should_respond_with_content_type_based_on_url(url)
                     should "not login as the user" do
                       assert_equal User.anonymous, User.current
                     end
                   end
                 end
               end
               # Test that a request allows full key authentication
               #
               # @param [Symbol] http_method the HTTP method for request (:get, :post, :put, :delete)
               # @param [String] url the request url, without the key=ZXY parameter
               # @param [optional, Hash] parameters additional request parameters
-              def self.should_allow_key_based_auth(http_method, url, parameters={})
+              # @param [optional, Hash] options additional options
+              # @option options [Symbol] :success_code Successful response code (:success)
+              # @option options [Symbol] :failure_code Failure response code (:unauthorized)
+              def self.should_allow_key_based_auth(http_method, url, parameters={}, options={})
+                success_code = options[:success_code] || :success
+                failure_code = options[:failure_code] || :unauthorized
                 context "should allow key based auth using key=X for #{http_method} #{url}" do
                   context "with a valid api token" do
                     setup do
                       @user = User.generate_with_protected!(:admin => true)
                       @token = Token.generate!(:user => @user, :action => 'api')
                       # Simple url parse to add on ?key= or &key=
                       request_url = if url.match(/\?/)
                                       url + "&key=#{@token.value}"
                                     else
                                       url + "?key=#{@token.value}"
                                     end
                       send(http_method, request_url, parameters)
                     end
-                    should_respond_with :success
+                    should_respond_with success_code
                     should_respond_with_content_type_based_on_url(url)
                     should_be_a_valid_response_string_based_on_url(url)
                     should "login as the user" do
                       assert_equal @user, User.current
                     end
                   end
                   context "with an invalid api token" do
                     setup do
                       @user = User.generate_with_protected!
                       @token = Token.generate!(:user => @user, :action => 'feeds')
-                      send(http_method, url + "?key=#{@token.value}")
+                      # Simple url parse to add on ?key= or &key=
+                      request_url = if url.match(/\?/)
+                                      url + "&key=#{@token.value}"
+                                    else
+                                      url + "?key=#{@token.value}"
+                                    end
+                      send(http_method, request_url, parameters)
                     end
-                    should_respond_with :unauthorized
+                    should_respond_with failure_code
                     should_respond_with_content_type_based_on_url(url)
                     should "not login as the user" do
                       assert_equal User.anonymous, User.current
                     end
                   end
                 end
               end
               # Uses should_respond_with_content_type based on what's in the url:
               #
               # '/project/issues.xml' => should_respond_with_content_type :xml
               # '/project/issues.json' => should_respond_with_content_type :json
               #
               # @param [String] url Request
               def self.should_respond_with_content_type_based_on_url(url)
                 case
                 when url.match(/xml/i)
                   should_respond_with_content_type :xml
                 when url.match(/json/i)
                   should_respond_with_content_type :json
                 else
                   raise "Unknown content type for should_respond_with_content_type_based_on_url: #{url}"
                 end
               end
               # Uses the url to assert which format the response should be in
               #
               # '/project/issues.xml' => should_be_a_valid_xml_string
               # '/project/issues.json' => should_be_a_valid_json_string
               #
               # @param [String] url Request
               def self.should_be_a_valid_response_string_based_on_url(url)
                 case
                 when url.match(/xml/i)
                   should_be_a_valid_xml_string
                 when url.match(/json/i)
                   should_be_a_valid_json_string
                 else
                   raise "Unknown content type for should_be_a_valid_response_based_on_url: #{url}"
                 end
               end
               # Checks that the response is a valid JSON string
               def self.should_be_a_valid_json_string
                 should "be a valid JSON string" do
                   assert ActiveSupport::JSON.decode(response.body)
                 end
               end
               # Checks that the response is a valid XML string
               def self.should_be_a_valid_xml_string
                 should "be a valid XML string" do
                   assert REXML::Document.new(response.body)
                 end
               end
             end
             # Simple module to "namespace" all of the API tests
             module ApiTest
             end

General Comments 0

Write
Preview

You need to be logged in to leave comments. Login now

No TODOs yet

	Site-wide shortcuts
/	Use quick search box
g h	Goto home page
g g	Goto my private gists page
g G	Goto my public gists page
g 0-9	Goto bookmarked items from 0-9
n r	New repository page
n g	New gist page

	Repositories
g s	Goto summary page
g c	Goto changelog page
g f	Goto files page
g F	Goto files page with file search activated
g p	Goto pull requests page
g o	Goto repository settings
g O	Goto repository access permissions settings
t s	Toggle sidebar on some pages