| @@ -20,94 +20,41 class ApiTest::DisabledRestApiTest < ActionController::IntegrationTest | |||||
| 20 | Setting.login_required = '0' |
|
20 | Setting.login_required = '0' | |
| 21 | end |
|
21 | end | |
| 22 |
|
22 | |||
| 23 | # Using the NewsController because it's a simple API. |
|
23 | def test_with_a_valid_api_token | |
| 24 | context "get /news with the API disabled" do |
|
24 | @user = User.generate_with_protected! | |
|
|
25 | @token = Token.generate!(:user => @user, :action => 'api') | |||
| 25 |
|
26 | |||
| 26 | context "in :xml format" do |
|
27 | get "/news.xml?key=#{@token.value}" | |
| 27 | context "with a valid api token" do |
|
28 | assert_response :unauthorized | |
| 28 | setup do |
|
29 | assert_equal User.anonymous, User.current | |
| 29 | @user = User.generate_with_protected! |
|
|||
| 30 | @token = Token.generate!(:user => @user, :action => 'api') |
|
|||
| 31 | get "/news.xml?key=#{@token.value}" |
|
|||
| 32 | end |
|
|||
| 33 |
|
30 | |||
| 34 | should_respond_with :unauthorized |
|
31 | get "/news.json?key=#{@token.value}" | |
| 35 | should_respond_with_content_type :xml |
|
32 | assert_response :unauthorized | |
| 36 | should "not login as the user" do |
|
33 | assert_equal User.anonymous, User.current | |
| 37 | assert_equal User.anonymous, User.current |
|
34 | end | |
| 38 | end |
|
|||
| 39 | end |
|
|||
| 40 |
|
||||
| 41 | context "with a valid HTTP authentication" do |
|
|||
| 42 | setup do |
|
|||
| 43 | @user = User.generate_with_protected!(:password => 'my_password', :password_confirmation => 'my_password') |
|
|||
| 44 | get "/news.xml", nil, credentials(@user.login, 'my_password') |
|
|||
| 45 | end |
|
|||
| 46 |
|
||||
| 47 | should_respond_with :unauthorized |
|
|||
| 48 | should_respond_with_content_type :xml |
|
|||
| 49 | should "not login as the user" do |
|
|||
| 50 | assert_equal User.anonymous, User.current |
|
|||
| 51 | end |
|
|||
| 52 | end |
|
|||
| 53 |
|
||||
| 54 | context "with a valid HTTP authentication using the API token" do |
|
|||
| 55 | setup do |
|
|||
| 56 | @user = User.generate_with_protected! |
|
|||
| 57 | @token = Token.generate!(:user => @user, :action => 'api') |
|
|||
| 58 | get "/news.xml", nil, credentials(@token.value, 'X') |
|
|||
| 59 | end |
|
|||
| 60 |
|
||||
| 61 | should_respond_with :unauthorized |
|
|||
| 62 | should_respond_with_content_type :xml |
|
|||
| 63 | should "not login as the user" do |
|
|||
| 64 | assert_equal User.anonymous, User.current |
|
|||
| 65 | end |
|
|||
| 66 | end |
|
|||
| 67 | end |
|
|||
| 68 |
|
||||
| 69 | context "in :json format" do |
|
|||
| 70 | context "with a valid api token" do |
|
|||
| 71 | setup do |
|
|||
| 72 | @user = User.generate_with_protected! |
|
|||
| 73 | @token = Token.generate!(:user => @user, :action => 'api') |
|
|||
| 74 | get "/news.json?key=#{@token.value}" |
|
|||
| 75 | end |
|
|||
| 76 |
|
35 | |||
| 77 | should_respond_with :unauthorized |
|
36 | def test_with_valid_username_password_http_authentication | |
| 78 | should_respond_with_content_type :json |
|
37 | @user = User.generate_with_protected!(:password => 'my_password', :password_confirmation => 'my_password') | |
| 79 | should "not login as the user" do |
|
|||
| 80 | assert_equal User.anonymous, User.current |
|
|||
| 81 | end |
|
|||
| 82 | end |
|
|||
| 83 |
|
38 | |||
| 84 | context "with a valid HTTP authentication" do |
|
39 | get "/news.xml", nil, credentials(@user.login, 'my_password') | |
| 85 | setup do |
|
40 | assert_response :unauthorized | |
| 86 | @user = User.generate_with_protected!(:password => 'my_password', :password_confirmation => 'my_password') |
|
41 | assert_equal User.anonymous, User.current | |
| 87 | get "/news.json", nil, credentials(@user.login, 'my_password') |
|
|||
| 88 | end |
|
|||
| 89 |
|
42 | |||
| 90 | should_respond_with :unauthorized |
|
43 | get "/news.json", nil, credentials(@user.login, 'my_password') | |
| 91 | should_respond_with_content_type :json |
|
44 | assert_response :unauthorized | |
| 92 | should "not login as the user" do |
|
45 | assert_equal User.anonymous, User.current | |
| 93 | assert_equal User.anonymous, User.current |
|
46 | end | |
| 94 | end |
|
|||
| 95 | end |
|
|||
| 96 |
|
47 | |||
| 97 | context "with a valid HTTP authentication using the API token" do |
|
48 | def test_with_valid_token_http_authentication | |
| 98 | setup do |
|
49 | @user = User.generate_with_protected! | |
| 99 | @user = User.generate_with_protected! |
|
50 | @token = Token.generate!(:user => @user, :action => 'api') | |
| 100 | @token = Token.generate!(:user => @user, :action => 'api') |
|
|||
| 101 | get "/news.json", nil, credentials(@token.value, 'DoesNotMatter') |
|
|||
| 102 | end |
|
|||
| 103 |
|
51 | |||
| 104 | should_respond_with :unauthorized |
|
52 | get "/news.xml", nil, credentials(@token.value, 'X') | |
| 105 | should_respond_with_content_type :json |
|
53 | assert_response :unauthorized | |
| 106 | should "not login as the user" do |
|
54 | assert_equal User.anonymous, User.current | |
| 107 | assert_equal User.anonymous, User.current |
|
|||
| 108 | end |
|
|||
| 109 | end |
|
|||
| 110 |
|
55 | |||
| 111 | end |
|
56 | get "/news.json", nil, credentials(@token.value, 'X') | |
|
|
57 | assert_response :unauthorized | |||
|
|
58 | assert_equal User.anonymous, User.current | |||
| 112 | end |
|
59 | end | |
| 113 | end |
|
60 | end | |
General Comments 0
You need to be logged in to leave comments.
Login now