| @@ -119,7 +119,7 class ApplicationController < ActionController::Base | |||||
| 119 | if (key = api_key_from_request) |
|
119 | if (key = api_key_from_request) | |
| 120 | # Use API key |
|
120 | # Use API key | |
| 121 | user = User.find_by_api_key(key) |
|
121 | user = User.find_by_api_key(key) | |
| 122 | else |
|
122 | elsif request.authorization.to_s =~ /\ABasic /i | |
| 123 | # HTTP Basic, either username/password or API key/random |
|
123 | # HTTP Basic, either username/password or API key/random | |
| 124 | authenticate_with_http_basic do |username, password| |
|
124 | authenticate_with_http_basic do |username, password| | |
| 125 | user = User.try_to_login(username, password) || User.find_by_api_key(username) |
|
125 | user = User.try_to_login(username, password) || User.find_by_api_key(username) | |
| @@ -28,6 +28,16 class Redmine::ApiTest::AuthenticationTest < Redmine::ApiTest::Base | |||||
| 28 | Setting.rest_api_enabled = '0' |
|
28 | Setting.rest_api_enabled = '0' | |
| 29 | end |
|
29 | end | |
| 30 |
|
30 | |||
|
|
31 | def test_api_should_trigger_basic_http_auth_with_basic_authorization_header | |||
|
|
32 | ApplicationController.any_instance.expects(:authenticate_with_http_basic).once | |||
|
|
33 | get '/users/current.xml', {}, credentials('admin') | |||
|
|
34 | end | |||
|
|
35 | ||||
|
|
36 | def test_api_should_not_trigger_basic_http_auth_with_non_basic_authorization_header | |||
|
|
37 | ApplicationController.any_instance.expects(:authenticate_with_http_basic).never | |||
|
|
38 | get '/users/current.xml', {}, 'HTTP_AUTHORIZATION' => 'Digest foo bar' | |||
|
|
39 | end | |||
|
|
40 | ||||
| 31 | def test_api_request_should_not_use_user_session |
|
41 | def test_api_request_should_not_use_user_session | |
| 32 | log_user('jsmith', 'jsmith') |
|
42 | log_user('jsmith', 'jsmith') | |
| 33 |
|
43 | |||
General Comments 0
You need to be logged in to leave comments.
Login now