| @@ -119,7 +119,7 class ApplicationController < ActionController::Base | |||
|
|
119 | 119 | if (key = api_key_from_request) |
|
|
120 | 120 | # Use API key |
|
|
121 | 121 | user = User.find_by_api_key(key) |
|
|
122 | else | |
|
|
122 | elsif request.authorization.to_s =~ /\ABasic /i | |
|
|
123 | 123 | # HTTP Basic, either username/password or API key/random |
|
|
124 | 124 | authenticate_with_http_basic do |username, password| |
|
|
125 | 125 | user = User.try_to_login(username, password) || User.find_by_api_key(username) |
| @@ -28,6 +28,16 class Redmine::ApiTest::AuthenticationTest < Redmine::ApiTest::Base | |||
|
|
28 | 28 | Setting.rest_api_enabled = '0' |
|
|
29 | 29 | end |
|
|
30 | 30 | |
|
|
31 | def test_api_should_trigger_basic_http_auth_with_basic_authorization_header | |
|
|
32 | ApplicationController.any_instance.expects(:authenticate_with_http_basic).once | |
|
|
33 | get '/users/current.xml', {}, credentials('admin') | |
|
|
34 | end | |
|
|
35 | ||
|
|
36 | def test_api_should_not_trigger_basic_http_auth_with_non_basic_authorization_header | |
|
|
37 | ApplicationController.any_instance.expects(:authenticate_with_http_basic).never | |
|
|
38 | get '/users/current.xml', {}, 'HTTP_AUTHORIZATION' => 'Digest foo bar' | |
|
|
39 | end | |
|
|
40 | ||
|
|
31 | 41 | def test_api_request_should_not_use_user_session |
|
|
32 | 42 | log_user('jsmith', 'jsmith') |
|
|
33 | 43 | |
General Comments 0
You need to be logged in to leave comments.
Login now