| @@ -15,89 +15,17 class ApiTest::HttpBasicLoginTest < ActionController::IntegrationTest | |||||
| 15 |
|
15 | |||
| 16 | # Using the NewsController because it's a simple API. |
|
16 | # Using the NewsController because it's a simple API. | |
| 17 | context "get /news" do |
|
17 | context "get /news" do | |
|
|
18 | setup do | |||
|
|
19 | project = Project.find('onlinestore') | |||
|
|
20 | EnabledModule.create(:project => project, :name => 'news') | |||
|
|
21 | end | |||
| 18 |
|
22 | |||
| 19 | context "in :xml format" do |
|
23 | context "in :xml format" do | |
| 20 | context "with a valid HTTP authentication" do |
|
24 | should_allow_http_basic_auth_with_username_and_password(:get, "/projects/onlinestore/news.xml") | |
| 21 | setup do |
|
|||
| 22 | @user = User.generate_with_protected!(:password => 'my_password', :password_confirmation => 'my_password') |
|
|||
| 23 | @authorization = ActionController::HttpAuthentication::Basic.encode_credentials(@user.login, 'my_password') |
|
|||
| 24 | get "/news.xml", nil, :authorization => @authorization |
|
|||
| 25 | end |
|
|||
| 26 |
|
||||
| 27 | should_respond_with :success |
|
|||
| 28 | should_respond_with_content_type :xml |
|
|||
| 29 | should "login as the user" do |
|
|||
| 30 | assert_equal @user, User.current |
|
|||
| 31 | end |
|
|||
| 32 | end |
|
|||
| 33 |
|
||||
| 34 | context "with an invalid HTTP authentication" do |
|
|||
| 35 | setup do |
|
|||
| 36 | @user = User.generate_with_protected! |
|
|||
| 37 | @authorization = ActionController::HttpAuthentication::Basic.encode_credentials(@user.login, 'wrong_password') |
|
|||
| 38 | get "/news.xml", nil, :authorization => @authorization |
|
|||
| 39 | end |
|
|||
| 40 |
|
||||
| 41 | should_respond_with :unauthorized |
|
|||
| 42 | should_respond_with_content_type :xml |
|
|||
| 43 | should "not login as the user" do |
|
|||
| 44 | assert_equal User.anonymous, User.current |
|
|||
| 45 | end |
|
|||
| 46 | end |
|
|||
| 47 |
|
||||
| 48 | context "without credentials" do |
|
|||
| 49 | setup do |
|
|||
| 50 | get "/projects/onlinestore/news.xml" |
|
|||
| 51 | end |
|
|||
| 52 |
|
||||
| 53 | should_respond_with :unauthorized |
|
|||
| 54 | should_respond_with_content_type :xml |
|
|||
| 55 | should "include_www_authenticate_header" do |
|
|||
| 56 | assert @controller.response.headers.has_key?('WWW-Authenticate') |
|
|||
| 57 | end |
|
|||
| 58 | end |
|
|||
| 59 | end |
|
25 | end | |
| 60 |
|
26 | |||
| 61 | context "in :json format" do |
|
27 | context "in :json format" do | |
| 62 | context "with a valid HTTP authentication" do |
|
28 | should_allow_http_basic_auth_with_username_and_password(:get, "/projects/onlinestore/news.json") | |
| 63 | setup do |
|
|||
| 64 | @user = User.generate_with_protected!(:password => 'my_password', :password_confirmation => 'my_password') |
|
|||
| 65 | @authorization = ActionController::HttpAuthentication::Basic.encode_credentials(@user.login, 'my_password') |
|
|||
| 66 | get "/news.json", nil, :authorization => @authorization |
|
|||
| 67 | end |
|
|||
| 68 |
|
||||
| 69 | should_respond_with :success |
|
|||
| 70 | should_respond_with_content_type :json |
|
|||
| 71 | should "login as the user" do |
|
|||
| 72 | assert_equal @user, User.current |
|
|||
| 73 | end |
|
|||
| 74 | end |
|
|||
| 75 |
|
||||
| 76 | context "with an invalid HTTP authentication" do |
|
|||
| 77 | setup do |
|
|||
| 78 | @user = User.generate_with_protected! |
|
|||
| 79 | @authorization = ActionController::HttpAuthentication::Basic.encode_credentials(@user.login, 'wrong_password') |
|
|||
| 80 | get "/news.json", nil, :authorization => @authorization |
|
|||
| 81 | end |
|
|||
| 82 |
|
||||
| 83 | should_respond_with :unauthorized |
|
|||
| 84 | should_respond_with_content_type :json |
|
|||
| 85 | should "not login as the user" do |
|
|||
| 86 | assert_equal User.anonymous, User.current |
|
|||
| 87 | end |
|
|||
| 88 | end |
|
|||
| 89 | end |
|
|||
| 90 |
|
||||
| 91 | context "without credentials" do |
|
|||
| 92 | setup do |
|
|||
| 93 | get "/projects/onlinestore/news.json" |
|
|||
| 94 | end |
|
|||
| 95 |
|
||||
| 96 | should_respond_with :unauthorized |
|
|||
| 97 | should_respond_with_content_type :json |
|
|||
| 98 | should "include_www_authenticate_header" do |
|
|||
| 99 | assert @controller.response.headers.has_key?('WWW-Authenticate') |
|
|||
| 100 | end |
|
|||
| 101 | end |
|
29 | end | |
| 102 | end |
|
30 | end | |
| 103 | end |
|
31 | end | |
| @@ -186,12 +186,62 class ActiveSupport::TestCase | |||||
| 186 | end |
|
186 | end | |
| 187 | end |
|
187 | end | |
| 188 |
|
188 | |||
|
|
189 | # Test that a request allows the username and password for HTTP BASIC | |||
|
|
190 | # | |||
|
|
191 | # @param [Symbol] http_method the HTTP method for request (:get, :post, :put, :delete) | |||
|
|
192 | # @param [String] url the request url | |||
|
|
193 | # @param [optional, Hash] parameters additional request parameters | |||
|
|
194 | def self.should_allow_http_basic_auth_with_username_and_password(http_method, url, parameters={}) | |||
|
|
195 | context "should allow http basic auth using a username and password for #{http_method} #{url}" do | |||
|
|
196 | context "with a valid HTTP authentication" do | |||
|
|
197 | setup do | |||
|
|
198 | @user = User.generate_with_protected!(:password => 'my_password', :password_confirmation => 'my_password', :admin => true) # Admin so they can access the project | |||
|
|
199 | @authorization = ActionController::HttpAuthentication::Basic.encode_credentials(@user.login, 'my_password') | |||
|
|
200 | send(http_method, url, parameters, {:authorization => @authorization}) | |||
|
|
201 | end | |||
|
|
202 | ||||
|
|
203 | should_respond_with :success | |||
|
|
204 | should_respond_with_content_type_based_on_url(url) | |||
|
|
205 | should "login as the user" do | |||
|
|
206 | assert_equal @user, User.current | |||
|
|
207 | end | |||
|
|
208 | end | |||
|
|
209 | ||||
|
|
210 | context "with an invalid HTTP authentication" do | |||
|
|
211 | setup do | |||
|
|
212 | @user = User.generate_with_protected! | |||
|
|
213 | @authorization = ActionController::HttpAuthentication::Basic.encode_credentials(@user.login, 'wrong_password') | |||
|
|
214 | send(http_method, url, parameters, {:authorization => @authorization}) | |||
|
|
215 | end | |||
|
|
216 | ||||
|
|
217 | should_respond_with :unauthorized | |||
|
|
218 | should_respond_with_content_type_based_on_url(url) | |||
|
|
219 | should "not login as the user" do | |||
|
|
220 | assert_equal User.anonymous, User.current | |||
|
|
221 | end | |||
|
|
222 | end | |||
|
|
223 | ||||
|
|
224 | context "without credentials" do | |||
|
|
225 | setup do | |||
|
|
226 | send(http_method, url, parameters, {:authorization => ''}) | |||
|
|
227 | end | |||
|
|
228 | ||||
|
|
229 | should_respond_with :unauthorized | |||
|
|
230 | should_respond_with_content_type_based_on_url(url) | |||
|
|
231 | should "include_www_authenticate_header" do | |||
|
|
232 | assert @controller.response.headers.has_key?('WWW-Authenticate') | |||
|
|
233 | end | |||
|
|
234 | end | |||
|
|
235 | end | |||
|
|
236 | ||||
|
|
237 | end | |||
|
|
238 | ||||
| 189 | # Test that a request allows full key authentication |
|
239 | # Test that a request allows full key authentication | |
| 190 | # |
|
240 | # | |
| 191 | # @param [Symbol] http_method the HTTP method for request (:get, :post, :put, :delete) |
|
241 | # @param [Symbol] http_method the HTTP method for request (:get, :post, :put, :delete) | |
| 192 | # @param [String] url the request url, without the key=ZXY parameter |
|
242 | # @param [String] url the request url, without the key=ZXY parameter | |
| 193 | def self.should_allow_key_based_auth(http_method, url) |
|
243 | def self.should_allow_key_based_auth(http_method, url) | |
| 194 | context "should allow key based auth using key=X for #{url}" do |
|
244 | context "should allow key based auth using key=X for #{http_method} #{url}" do | |
| 195 | context "with a valid api token" do |
|
245 | context "with a valid api token" do | |
| 196 | setup do |
|
246 | setup do | |
| 197 | @user = User.generate_with_protected! |
|
247 | @user = User.generate_with_protected! | |
General Comments 0
You need to be logged in to leave comments.
Login now