| @@ -1,113 +1,60 | |||
|
|
1 | 1 | require File.expand_path('../../../test_helper', __FILE__) |
|
|
2 | 2 | |
|
|
3 | 3 | class ApiTest::DisabledRestApiTest < ActionController::IntegrationTest |
|
|
4 | 4 | fixtures :projects, :trackers, :issue_statuses, :issues, |
|
|
5 | 5 | :enumerations, :users, :issue_categories, |
|
|
6 | 6 | :projects_trackers, |
|
|
7 | 7 | :roles, |
|
|
8 | 8 | :member_roles, |
|
|
9 | 9 | :members, |
|
|
10 | 10 | :enabled_modules, |
|
|
11 | 11 | :workflows |
|
|
12 | 12 | |
|
|
13 | 13 | def setup |
|
|
14 | 14 | Setting.rest_api_enabled = '0' |
|
|
15 | 15 | Setting.login_required = '1' |
|
|
16 | 16 | end |
|
|
17 | 17 | |
|
|
18 | 18 | def teardown |
|
|
19 | 19 | Setting.rest_api_enabled = '1' |
|
|
20 | 20 | Setting.login_required = '0' |
|
|
21 | 21 | end |
|
|
22 | 22 | |
|
|
23 | # Using the NewsController because it's a simple API. | |
|
|
24 | context "get /news with the API disabled" do | |
|
|
23 | def test_with_a_valid_api_token | |
|
|
24 | @user = User.generate_with_protected! | |
|
|
25 | @token = Token.generate!(:user => @user, :action => 'api') | |
|
|
25 | 26 | |
|
|
26 | context "in :xml format" do | |
|
|
27 | context "with a valid api token" do | |
|
|
28 | setup do | |
|
|
29 | @user = User.generate_with_protected! | |
|
|
30 | @token = Token.generate!(:user => @user, :action => 'api') | |
|
|
31 | get "/news.xml?key=#{@token.value}" | |
|
|
32 | end | |
|
|
27 | get "/news.xml?key=#{@token.value}" | |
|
|
28 | assert_response :unauthorized | |
|
|
29 | assert_equal User.anonymous, User.current | |
|
|
33 | 30 | |
|
|
34 | should_respond_with :unauthorized | |
|
|
35 | should_respond_with_content_type :xml | |
|
|
36 | should "not login as the user" do | |
|
|
37 | assert_equal User.anonymous, User.current | |
|
|
38 | end | |
|
|
39 | end | |
|
|
40 | ||
|
|
41 | context "with a valid HTTP authentication" do | |
|
|
42 | setup do | |
|
|
43 | @user = User.generate_with_protected!(:password => 'my_password', :password_confirmation => 'my_password') | |
|
|
44 | get "/news.xml", nil, credentials(@user.login, 'my_password') | |
|
|
45 | end | |
|
|
46 | ||
|
|
47 | should_respond_with :unauthorized | |
|
|
48 | should_respond_with_content_type :xml | |
|
|
49 | should "not login as the user" do | |
|
|
50 | assert_equal User.anonymous, User.current | |
|
|
51 | end | |
|
|
52 | end | |
|
|
53 | ||
|
|
54 | context "with a valid HTTP authentication using the API token" do | |
|
|
55 | setup do | |
|
|
56 | @user = User.generate_with_protected! | |
|
|
57 | @token = Token.generate!(:user => @user, :action => 'api') | |
|
|
58 | get "/news.xml", nil, credentials(@token.value, 'X') | |
|
|
59 | end | |
|
|
60 | ||
|
|
61 | should_respond_with :unauthorized | |
|
|
62 | should_respond_with_content_type :xml | |
|
|
63 | should "not login as the user" do | |
|
|
64 | assert_equal User.anonymous, User.current | |
|
|
65 | end | |
|
|
66 | end | |
|
|
67 | end | |
|
|
68 | ||
|
|
69 | context "in :json format" do | |
|
|
70 | context "with a valid api token" do | |
|
|
71 | setup do | |
|
|
72 | @user = User.generate_with_protected! | |
|
|
73 | @token = Token.generate!(:user => @user, :action => 'api') | |
|
|
74 | get "/news.json?key=#{@token.value}" | |
|
|
75 | end | |
|
|
31 | get "/news.json?key=#{@token.value}" | |
|
|
32 | assert_response :unauthorized | |
|
|
33 | assert_equal User.anonymous, User.current | |
|
|
34 | end | |
|
|
76 | 35 | |
|
|
77 | should_respond_with :unauthorized | |
|
|
78 | should_respond_with_content_type :json | |
|
|
79 | should "not login as the user" do | |
|
|
80 | assert_equal User.anonymous, User.current | |
|
|
81 | end | |
|
|
82 | end | |
|
|
36 | def test_with_valid_username_password_http_authentication | |
|
|
37 | @user = User.generate_with_protected!(:password => 'my_password', :password_confirmation => 'my_password') | |
|
|
83 | 38 | |
|
|
84 | context "with a valid HTTP authentication" do | |
|
|
85 | setup do | |
|
|
86 | @user = User.generate_with_protected!(:password => 'my_password', :password_confirmation => 'my_password') | |
|
|
87 | get "/news.json", nil, credentials(@user.login, 'my_password') | |
|
|
88 | end | |
|
|
39 | get "/news.xml", nil, credentials(@user.login, 'my_password') | |
|
|
40 | assert_response :unauthorized | |
|
|
41 | assert_equal User.anonymous, User.current | |
|
|
89 | 42 | |
|
|
90 | should_respond_with :unauthorized | |
|
|
91 | should_respond_with_content_type :json | |
|
|
92 | should "not login as the user" do | |
|
|
93 | assert_equal User.anonymous, User.current | |
|
|
94 | end | |
|
|
95 | end | |
|
|
43 | get "/news.json", nil, credentials(@user.login, 'my_password') | |
|
|
44 | assert_response :unauthorized | |
|
|
45 | assert_equal User.anonymous, User.current | |
|
|
46 | end | |
|
|
96 | 47 | |
|
|
97 | context "with a valid HTTP authentication using the API token" do | |
|
|
98 | setup do | |
|
|
99 | @user = User.generate_with_protected! | |
|
|
100 | @token = Token.generate!(:user => @user, :action => 'api') | |
|
|
101 | get "/news.json", nil, credentials(@token.value, 'DoesNotMatter') | |
|
|
102 | end | |
|
|
48 | def test_with_valid_token_http_authentication | |
|
|
49 | @user = User.generate_with_protected! | |
|
|
50 | @token = Token.generate!(:user => @user, :action => 'api') | |
|
|
103 | 51 | |
|
|
104 | should_respond_with :unauthorized | |
|
|
105 | should_respond_with_content_type :json | |
|
|
106 | should "not login as the user" do | |
|
|
107 | assert_equal User.anonymous, User.current | |
|
|
108 | end | |
|
|
109 | end | |
|
|
52 | get "/news.xml", nil, credentials(@token.value, 'X') | |
|
|
53 | assert_response :unauthorized | |
|
|
54 | assert_equal User.anonymous, User.current | |
|
|
110 | 55 | |
|
|
111 | end | |
|
|
56 | get "/news.json", nil, credentials(@token.value, 'X') | |
|
|
57 | assert_response :unauthorized | |
|
|
58 | assert_equal User.anonymous, User.current | |
|
|
112 | 59 | end |
|
|
113 | 60 | end |
General Comments 0
You need to be logged in to leave comments.
Login now