##// END OF EJS Templates
jro_apps » redmine
RSS
Backported r4357, r4358, r4360 and r4363 to r4367 from trunk....
Jean-Philippe Lang -
r4325:541a371b412a
parent child
Show More
Side by Side Unified
Context file:
r4325:541a371b412a Loading diff...:
Show file before | Show file after | Hide comments
@@ -0,0 +1,31
1 require "#{File.dirname(__FILE__)}/../../test_helper"
2
3 class ApiTest::HttpBasicLoginTest < ActionController::IntegrationTest
4 fixtures :all
5
6 def setup
7 Setting.rest_api_enabled = '1'
8 Setting.login_required = '1'
9 end
10
11 def teardown
12 Setting.rest_api_enabled = '0'
13 Setting.login_required = '0'
14 end
15
16 # Using the NewsController because it's a simple API.
17 context "get /news" do
18 setup do
19 project = Project.find('onlinestore')
20 EnabledModule.create(:project => project, :name => 'news')
21 end
22
23 context "in :xml format" do
24 should_allow_http_basic_auth_with_username_and_password(:get, "/projects/onlinestore/news.xml")
25 end
26
27 context "in :json format" do
28 should_allow_http_basic_auth_with_username_and_password(:get, "/projects/onlinestore/news.json")
29 end
30 end
31 end
Show file before | Show file after | Hide comments
@@ -0,0 +1,27
1 require "#{File.dirname(__FILE__)}/../../test_helper"
2
3 class ApiTest::HttpBasicLoginWithApiTokenTest < ActionController::IntegrationTest
4 fixtures :all
5
6 def setup
7 Setting.rest_api_enabled = '1'
8 Setting.login_required = '1'
9 end
10
11 def teardown
12 Setting.rest_api_enabled = '0'
13 Setting.login_required = '0'
14 end
15
16 # Using the NewsController because it's a simple API.
17 context "get /news" do
18
19 context "in :xml format" do
20 should_allow_http_basic_auth_with_key(:get, "/news.xml")
21 end
22
23 context "in :json format" do
24 should_allow_http_basic_auth_with_key(:get, "/news.json")
25 end
26 end
27 end
Show file before | Show file after | Hide comments
@@ -0,0 +1,336
1 # Redmine - project management software
2 # Copyright (C) 2006-2010 Jean-Philippe Lang
3 #
4 # This program is free software; you can redistribute it and/or
5 # modify it under the terms of the GNU General Public License
6 # as published by the Free Software Foundation; either version 2
7 # of the License, or (at your option) any later version.
8 #
9 # This program is distributed in the hope that it will be useful,
10 # but WITHOUT ANY WARRANTY; without even the implied warranty of
11 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
12 # GNU General Public License for more details.
13 #
14 # You should have received a copy of the GNU General Public License
15 # along with this program; if not, write to the Free Software
16 # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
17
18 require "#{File.dirname(__FILE__)}/../../test_helper"
19
20 class ApiTest::IssuesTest < ActionController::IntegrationTest
21 fixtures :projects,
22 :users,
23 :roles,
24 :members,
25 :member_roles,
26 :issues,
27 :issue_statuses,
28 :versions,
29 :trackers,
30 :projects_trackers,
31 :issue_categories,
32 :enabled_modules,
33 :enumerations,
34 :attachments,
35 :workflows,
36 :custom_fields,
37 :custom_values,
38 :custom_fields_projects,
39 :custom_fields_trackers,
40 :time_entries,
41 :journals,
42 :journal_details,
43 :queries
44
45 def setup
46 Setting.rest_api_enabled = '1'
47 end
48
49 # Use a private project to make sure auth is really working and not just
50 # only showing public issues.
51 context "/index.xml" do
52 should_allow_api_authentication(:get, "/projects/private-child/issues.xml")
53 end
54
55 context "/index.json" do
56 should_allow_api_authentication(:get, "/projects/private-child/issues.json")
57 end
58
59 context "/index.xml with filter" do
60 should_allow_api_authentication(:get, "/projects/private-child/issues.xml?status_id=5")
61
62 should "show only issues with the status_id" do
63 get '/issues.xml?status_id=5'
64 assert_tag :tag => 'issues',
65 :children => { :count => Issue.visible.count(:conditions => {:status_id => 5}),
66 :only => { :tag => 'issue' } }
67 end
68 end
69
70 context "/index.json with filter" do
71 should_allow_api_authentication(:get, "/projects/private-child/issues.json?status_id=5")
72
73 should "show only issues with the status_id" do
74 get '/issues.json?status_id=5'
75
76 json = ActiveSupport::JSON.decode(response.body)
77 status_ids_used = json.collect {|j| j['status_id'] }
78 assert_equal 3, status_ids_used.length
79 assert status_ids_used.all? {|id| id == 5 }
80 end
81
82 end
83
84 # Issue 6 is on a private project
85 context "/issues/6.xml" do
86 should_allow_api_authentication(:get, "/issues/6.xml")
87 end
88
89 context "/issues/6.json" do
90 should_allow_api_authentication(:get, "/issues/6.json")
91 end
92
93 context "POST /issues.xml" do
94 should_allow_api_authentication(:post,
95 '/issues.xml',
96 {:issue => {:project_id => 1, :subject => 'API test', :tracker_id => 2, :status_id => 3}},
97 {:success_code => :created})
98
99 should "create an issue with the attributes" do
100 assert_difference('Issue.count') do
101 post '/issues.xml', {:issue => {:project_id => 1, :subject => 'API test', :tracker_id => 2, :status_id => 3}}, :authorization => credentials('jsmith')
102 end
103
104 issue = Issue.first(:order => 'id DESC')
105 assert_equal 1, issue.project_id
106 assert_equal 2, issue.tracker_id
107 assert_equal 3, issue.status_id
108 assert_equal 'API test', issue.subject
109 end
110 end
111
112 context "POST /issues.xml with failure" do
113 should_allow_api_authentication(:post,
114 '/issues.xml',
115 {:issue => {:project_id => 1}},
116 {:success_code => :unprocessable_entity})
117
118 should "have an errors tag" do
119 assert_no_difference('Issue.count') do
120 post '/issues.xml', {:issue => {:project_id => 1}}, :authorization => credentials('jsmith')
121 end
122
123 assert_tag :errors, :child => {:tag => 'error', :content => "Subject can't be blank"}
124 end
125 end
126
127 context "POST /issues.json" do
128 should_allow_api_authentication(:post,
129 '/issues.json',
130 {:issue => {:project_id => 1, :subject => 'API test', :tracker_id => 2, :status_id => 3}},
131 {:success_code => :created})
132
133 should "create an issue with the attributes" do
134 assert_difference('Issue.count') do
135 post '/issues.json', {:issue => {:project_id => 1, :subject => 'API test', :tracker_id => 2, :status_id => 3}}, :authorization => credentials('jsmith')
136 end
137
138 issue = Issue.first(:order => 'id DESC')
139 assert_equal 1, issue.project_id
140 assert_equal 2, issue.tracker_id
141 assert_equal 3, issue.status_id
142 assert_equal 'API test', issue.subject
143 end
144
145 end
146
147 context "POST /issues.json with failure" do
148 should_allow_api_authentication(:post,
149 '/issues.json',
150 {:issue => {:project_id => 1}},
151 {:success_code => :unprocessable_entity})
152
153 should "have an errors element" do
154 assert_no_difference('Issue.count') do
155 post '/issues.json', {:issue => {:project_id => 1}}, :authorization => credentials('jsmith')
156 end
157
158 json = ActiveSupport::JSON.decode(response.body)
159 assert_equal "can't be blank", json.first['subject']
160 end
161 end
162
163 # Issue 6 is on a private project
164 context "PUT /issues/6.xml" do
165 setup do
166 @parameters = {:issue => {:subject => 'API update', :notes => 'A new note'}}
167 @headers = { :authorization => credentials('jsmith') }
168 end
169
170 should_allow_api_authentication(:put,
171 '/issues/6.xml',
172 {:issue => {:subject => 'API update', :notes => 'A new note'}},
173 {:success_code => :ok})
174
175 should "not create a new issue" do
176 assert_no_difference('Issue.count') do
177 put '/issues/6.xml', @parameters, @headers
178 end
179 end
180
181 should "create a new journal" do
182 assert_difference('Journal.count') do
183 put '/issues/6.xml', @parameters, @headers
184 end
185 end
186
187 should "add the note to the journal" do
188 put '/issues/6.xml', @parameters, @headers
189
190 journal = Journal.last
191 assert_equal "A new note", journal.notes
192 end
193
194 should "update the issue" do
195 put '/issues/6.xml', @parameters, @headers
196
197 issue = Issue.find(6)
198 assert_equal "API update", issue.subject
199 end
200
201 end
202
203 context "PUT /issues/6.xml with failed update" do
204 setup do
205 @parameters = {:issue => {:subject => ''}}
206 @headers = { :authorization => credentials('jsmith') }
207 end
208
209 should_allow_api_authentication(:put,
210 '/issues/6.xml',
211 {:issue => {:subject => ''}}, # Missing subject should fail
212 {:success_code => :unprocessable_entity})
213
214 should "not create a new issue" do
215 assert_no_difference('Issue.count') do
216 put '/issues/6.xml', @parameters, @headers
217 end
218 end
219
220 should "not create a new journal" do
221 assert_no_difference('Journal.count') do
222 put '/issues/6.xml', @parameters, @headers
223 end
224 end
225
226 should "have an errors tag" do
227 put '/issues/6.xml', @parameters, @headers
228
229 assert_tag :errors, :child => {:tag => 'error', :content => "Subject can't be blank"}
230 end
231 end
232
233 context "PUT /issues/6.json" do
234 setup do
235 @parameters = {:issue => {:subject => 'API update', :notes => 'A new note'}}
236 @headers = { :authorization => credentials('jsmith') }
237 end
238
239 should_allow_api_authentication(:put,
240 '/issues/6.json',
241 {:issue => {:subject => 'API update', :notes => 'A new note'}},
242 {:success_code => :ok})
243
244 should "not create a new issue" do
245 assert_no_difference('Issue.count') do
246 put '/issues/6.json', @parameters, @headers
247 end
248 end
249
250 should "create a new journal" do
251 assert_difference('Journal.count') do
252 put '/issues/6.json', @parameters, @headers
253 end
254 end
255
256 should "add the note to the journal" do
257 put '/issues/6.json', @parameters, @headers
258
259 journal = Journal.last
260 assert_equal "A new note", journal.notes
261 end
262
263 should "update the issue" do
264 put '/issues/6.json', @parameters, @headers
265
266 issue = Issue.find(6)
267 assert_equal "API update", issue.subject
268 end
269
270 end
271
272 context "PUT /issues/6.json with failed update" do
273 setup do
274 @parameters = {:issue => {:subject => ''}}
275 @headers = { :authorization => credentials('jsmith') }
276 end
277
278 should_allow_api_authentication(:put,
279 '/issues/6.json',
280 {:issue => {:subject => ''}}, # Missing subject should fail
281 {:success_code => :unprocessable_entity})
282
283 should "not create a new issue" do
284 assert_no_difference('Issue.count') do
285 put '/issues/6.json', @parameters, @headers
286 end
287 end
288
289 should "not create a new journal" do
290 assert_no_difference('Journal.count') do
291 put '/issues/6.json', @parameters, @headers
292 end
293 end
294
295 should "have an errors attribute" do
296 put '/issues/6.json', @parameters, @headers
297
298 json = ActiveSupport::JSON.decode(response.body)
299 assert_equal "can't be blank", json.first['subject']
300 end
301 end
302
303 context "DELETE /issues/1.xml" do
304 should_allow_api_authentication(:delete,
305 '/issues/6.xml',
306 {},
307 {:success_code => :ok})
308
309 should "delete the issue" do
310 assert_difference('Issue.count',-1) do
311 delete '/issues/6.xml', {}, :authorization => credentials('jsmith')
312 end
313
314 assert_nil Issue.find_by_id(6)
315 end
316 end
317
318 context "DELETE /issues/1.json" do
319 should_allow_api_authentication(:delete,
320 '/issues/6.json',
321 {},
322 {:success_code => :ok})
323
324 should "delete the issue" do
325 assert_difference('Issue.count',-1) do
326 delete '/issues/6.json', {}, :authorization => credentials('jsmith')
327 end
328
329 assert_nil Issue.find_by_id(6)
330 end
331 end
332
333 def credentials(user, password=nil)
334 ActionController::HttpAuthentication::Basic.encode_credentials(user, password || user)
335 end
336 end
Show file before | Show file after | Hide comments
@@ -0,0 +1,26
1 require "#{File.dirname(__FILE__)}/../../test_helper"
2
3 class ApiTest::TokenAuthenticationTest < ActionController::IntegrationTest
4 fixtures :all
5
6 def setup
7 Setting.rest_api_enabled = '1'
8 Setting.login_required = '1'
9 end
10
11 def teardown
12 Setting.rest_api_enabled = '0'
13 Setting.login_required = '0'
14 end
15
16 # Using the NewsController because it's a simple API.
17 context "get /news" do
18 context "in :xml format" do
19 should_allow_key_based_auth(:get, "/news.xml")
20 end
21
22 context "in :json format" do
23 should_allow_key_based_auth(:get, "/news.json")
24 end
25 end
26 end
Show file before | Show file after | Hide comments
@@ -26,7 +26,7 class IssuesController < ApplicationController
26 26 before_filter :find_optional_project, :only => [:index]
27 27 before_filter :check_for_default_issue_status, :only => [:new, :create]
28 28 before_filter :build_new_issue_from_params, :only => [:new, :create]
29 accept_key_auth :index, :show
29 accept_key_auth :index, :show, :create, :update, :destroy
30 30
31 31 rescue_from Query::StatementInvalid, :with => :query_statement_invalid
32 32
Show file before | Show file after | Hide comments
@@ -1,6 +1,6
1 require "#{File.dirname(__FILE__)}/../test_helper"
1 require "#{File.dirname(__FILE__)}/../../test_helper"
2 2
3 class DisabledRestApi < ActionController::IntegrationTest
3 class ApiTest::DisabledRestApiTest < ActionController::IntegrationTest
4 4 fixtures :all
5 5
6 6 def setup
Show file before | Show file after | Hide comments
@@ -15,9 +15,9
15 15 # along with this program; if not, write to the Free Software
16 16 # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
17 17
18 require "#{File.dirname(__FILE__)}/../test_helper"
18 require "#{File.dirname(__FILE__)}/../../test_helper"
19 19
20 class ProjectsApiTest < ActionController::IntegrationTest
20 class ApiTest::ProjectsTest < ActionController::IntegrationTest
21 21 fixtures :projects, :versions, :users, :roles, :members, :member_roles, :issues, :journals, :journal_details,
22 22 :trackers, :projects_trackers, :issue_statuses, :enabled_modules, :enumerations, :boards, :messages,
23 23 :attachments, :custom_fields, :custom_values, :time_entries
@@ -43,15 +43,12 class ProjectsApiTest < ActionController::IntegrationTest
43 43 assert_difference 'Project.count' do
44 44 post '/projects.xml', {:project => attributes}, :authorization => credentials('admin')
45 45 end
46
46 assert_response :created
47 assert_equal 'application/xml', @response.content_type
47 48 project = Project.first(:order => 'id DESC')
48 49 attributes.each do |attribute, value|
49 50 assert_equal value, project.send(attribute)
50 51 end
51
52 assert_response :created
53 assert_equal 'application/xml', @response.content_type
54 assert_tag 'project', :child => {:tag => 'id', :content => project.id.to_s}
55 52 end
56 53
57 54 def test_create_failure
Show file before | Show file after | Hide comments
@@ -181,4 +181,236 class ActiveSupport::TestCase
181 181 assert !user.new_record?
182 182 end
183 183 end
184
185 # Test that a request allows the three types of API authentication
186 #
187 # * HTTP Basic with username and password
188 # * HTTP Basic with an api key for the username
189 # * Key based with the key=X parameter
190 #
191 # @param [Symbol] http_method the HTTP method for request (:get, :post, :put, :delete)
192 # @param [String] url the request url
193 # @param [optional, Hash] parameters additional request parameters
194 # @param [optional, Hash] options additional options
195 # @option options [Symbol] :success_code Successful response code (:success)
196 # @option options [Symbol] :failure_code Failure response code (:unauthorized)
197 def self.should_allow_api_authentication(http_method, url, parameters={}, options={})
198 should_allow_http_basic_auth_with_username_and_password(http_method, url, parameters, options)
199 should_allow_http_basic_auth_with_key(http_method, url, parameters, options)
200 should_allow_key_based_auth(http_method, url, parameters, options)
201 end
202
203 # Test that a request allows the username and password for HTTP BASIC
204 #
205 # @param [Symbol] http_method the HTTP method for request (:get, :post, :put, :delete)
206 # @param [String] url the request url
207 # @param [optional, Hash] parameters additional request parameters
208 # @param [optional, Hash] options additional options
209 # @option options [Symbol] :success_code Successful response code (:success)
210 # @option options [Symbol] :failure_code Failure response code (:unauthorized)
211 def self.should_allow_http_basic_auth_with_username_and_password(http_method, url, parameters={}, options={})
212 success_code = options[:success_code] || :success
213 failure_code = options[:failure_code] || :unauthorized
214
215 context "should allow http basic auth using a username and password for #{http_method} #{url}" do
216 context "with a valid HTTP authentication" do
217 setup do
218 @user = User.generate_with_protected!(:password => 'my_password', :password_confirmation => 'my_password', :admin => true) # Admin so they can access the project
219 @authorization = ActionController::HttpAuthentication::Basic.encode_credentials(@user.login, 'my_password')
220 send(http_method, url, parameters, {:authorization => @authorization})
221 end
222
223 should_respond_with success_code
224 should_respond_with_content_type_based_on_url(url)
225 should "login as the user" do
226 assert_equal @user, User.current
227 end
228 end
229
230 context "with an invalid HTTP authentication" do
231 setup do
232 @user = User.generate_with_protected!
233 @authorization = ActionController::HttpAuthentication::Basic.encode_credentials(@user.login, 'wrong_password')
234 send(http_method, url, parameters, {:authorization => @authorization})
235 end
236
237 should_respond_with failure_code
238 should_respond_with_content_type_based_on_url(url)
239 should "not login as the user" do
240 assert_equal User.anonymous, User.current
241 end
242 end
243
244 context "without credentials" do
245 setup do
246 send(http_method, url, parameters, {:authorization => ''})
247 end
248
249 should_respond_with failure_code
250 should_respond_with_content_type_based_on_url(url)
251 should "include_www_authenticate_header" do
252 assert @controller.response.headers.has_key?('WWW-Authenticate')
253 end
254 end
255 end
256
257 end
258
259 # Test that a request allows the API key with HTTP BASIC
260 #
261 # @param [Symbol] http_method the HTTP method for request (:get, :post, :put, :delete)
262 # @param [String] url the request url
263 # @param [optional, Hash] parameters additional request parameters
264 # @param [optional, Hash] options additional options
265 # @option options [Symbol] :success_code Successful response code (:success)
266 # @option options [Symbol] :failure_code Failure response code (:unauthorized)
267 def self.should_allow_http_basic_auth_with_key(http_method, url, parameters={}, options={})
268 success_code = options[:success_code] || :success
269 failure_code = options[:failure_code] || :unauthorized
270
271 context "should allow http basic auth with a key for #{http_method} #{url}" do
272 context "with a valid HTTP authentication using the API token" do
273 setup do
274 @user = User.generate_with_protected!(:admin => true)
275 @token = Token.generate!(:user => @user, :action => 'api')
276 @authorization = ActionController::HttpAuthentication::Basic.encode_credentials(@token.value, 'X')
277 send(http_method, url, parameters, {:authorization => @authorization})
278 end
279
280 should_respond_with success_code
281 should_respond_with_content_type_based_on_url(url)
282 should_be_a_valid_response_string_based_on_url(url)
283 should "login as the user" do
284 assert_equal @user, User.current
285 end
286 end
287
288 context "with an invalid HTTP authentication" do
289 setup do
290 @user = User.generate_with_protected!
291 @token = Token.generate!(:user => @user, :action => 'feeds')
292 @authorization = ActionController::HttpAuthentication::Basic.encode_credentials(@token.value, 'X')
293 send(http_method, url, parameters, {:authorization => @authorization})
294 end
295
296 should_respond_with failure_code
297 should_respond_with_content_type_based_on_url(url)
298 should "not login as the user" do
299 assert_equal User.anonymous, User.current
300 end
301 end
302 end
303 end
304
305 # Test that a request allows full key authentication
306 #
307 # @param [Symbol] http_method the HTTP method for request (:get, :post, :put, :delete)
308 # @param [String] url the request url, without the key=ZXY parameter
309 # @param [optional, Hash] parameters additional request parameters
310 # @param [optional, Hash] options additional options
311 # @option options [Symbol] :success_code Successful response code (:success)
312 # @option options [Symbol] :failure_code Failure response code (:unauthorized)
313 def self.should_allow_key_based_auth(http_method, url, parameters={}, options={})
314 success_code = options[:success_code] || :success
315 failure_code = options[:failure_code] || :unauthorized
316
317 context "should allow key based auth using key=X for #{http_method} #{url}" do
318 context "with a valid api token" do
319 setup do
320 @user = User.generate_with_protected!(:admin => true)
321 @token = Token.generate!(:user => @user, :action => 'api')
322 # Simple url parse to add on ?key= or &key=
323 request_url = if url.match(/\?/)
324 url + "&key=#{@token.value}"
325 else
326 url + "?key=#{@token.value}"
327 end
328 send(http_method, request_url, parameters)
329 end
330
331 should_respond_with success_code
332 should_respond_with_content_type_based_on_url(url)
333 should_be_a_valid_response_string_based_on_url(url)
334 should "login as the user" do
335 assert_equal @user, User.current
336 end
337 end
338
339 context "with an invalid api token" do
340 setup do
341 @user = User.generate_with_protected!
342 @token = Token.generate!(:user => @user, :action => 'feeds')
343 # Simple url parse to add on ?key= or &key=
344 request_url = if url.match(/\?/)
345 url + "&key=#{@token.value}"
346 else
347 url + "?key=#{@token.value}"
348 end
349 send(http_method, request_url, parameters)
350 end
351
352 should_respond_with failure_code
353 should_respond_with_content_type_based_on_url(url)
354 should "not login as the user" do
355 assert_equal User.anonymous, User.current
356 end
357 end
358 end
359
360 end
361
362 # Uses should_respond_with_content_type based on what's in the url:
363 #
364 # '/project/issues.xml' => should_respond_with_content_type :xml
365 # '/project/issues.json' => should_respond_with_content_type :json
366 #
367 # @param [String] url Request
368 def self.should_respond_with_content_type_based_on_url(url)
369 case
370 when url.match(/xml/i)
371 should_respond_with_content_type :xml
372 when url.match(/json/i)
373 should_respond_with_content_type :json
374 else
375 raise "Unknown content type for should_respond_with_content_type_based_on_url: #{url}"
376 end
377
378 end
379
380 # Uses the url to assert which format the response should be in
381 #
382 # '/project/issues.xml' => should_be_a_valid_xml_string
383 # '/project/issues.json' => should_be_a_valid_json_string
384 #
385 # @param [String] url Request
386 def self.should_be_a_valid_response_string_based_on_url(url)
387 case
388 when url.match(/xml/i)
389 should_be_a_valid_xml_string
390 when url.match(/json/i)
391 should_be_a_valid_json_string
392 else
393 raise "Unknown content type for should_be_a_valid_response_based_on_url: #{url}"
394 end
395
396 end
397
398 # Checks that the response is a valid JSON string
399 def self.should_be_a_valid_json_string
400 should "be a valid JSON string (or empty)" do
401 assert (response.body.blank? || ActiveSupport::JSON.decode(response.body))
402 end
403 end
404
405 # Checks that the response is a valid XML string
406 def self.should_be_a_valid_xml_string
407 should "be a valid XML string" do
408 assert REXML::Document.new(response.body)
409 end
410 end
411
412 end
413
414 # Simple module to "namespace" all of the API tests
415 module ApiTest
184 416 end
Show file before | Show file after | Hide comments
1 NO CONTENT: file was removed
Show file before | Show file after | Hide comments
1 NO CONTENT: file was removed
Show file before | Show file after | Hide comments
1 NO CONTENT: file was removed
Show file before | Show file after | Hide comments
1 NO CONTENT: file was removed
General Comments 0
You need to be logged in to leave comments. Login now