| @@ -0,0 +1,73 | |||||
|
|
1 | require "#{File.dirname(__FILE__)}/../test_helper" | |||
|
|
2 | ||||
|
|
3 | class ApiTokenLoginTest < ActionController::IntegrationTest | |||
|
|
4 | fixtures :all | |||
|
|
5 | ||||
|
|
6 | # Using the NewsController because it's a simple API. | |||
|
|
7 | context "get /news.xml" do | |||
|
|
8 | ||||
|
|
9 | context "in :xml format" do | |||
|
|
10 | context "with a valid api token" do | |||
|
|
11 | setup do | |||
|
|
12 | @user = User.generate_with_protected! | |||
|
|
13 | @token = Token.generate!(:user => @user, :action => 'api') | |||
|
|
14 | get "/news.xml?key=#{@token.value}" | |||
|
|
15 | end | |||
|
|
16 | ||||
|
|
17 | should_respond_with :success | |||
|
|
18 | should_respond_with_content_type :xml | |||
|
|
19 | should "login as the user" do | |||
|
|
20 | assert_equal @user, User.current | |||
|
|
21 | end | |||
|
|
22 | end | |||
|
|
23 | ||||
|
|
24 | context "with an invalid api token (on a protected site)" do | |||
|
|
25 | setup do | |||
|
|
26 | Setting.login_required = '1' | |||
|
|
27 | @user = User.generate_with_protected! | |||
|
|
28 | @token = Token.generate!(:user => @user, :action => 'feeds') | |||
|
|
29 | get "/news.xml?key=#{@token.value}" | |||
|
|
30 | end | |||
|
|
31 | ||||
|
|
32 | should_respond_with :unauthorized | |||
|
|
33 | should_respond_with_content_type :xml | |||
|
|
34 | should "not login as the user" do | |||
|
|
35 | assert_equal User.anonymous, User.current | |||
|
|
36 | end | |||
|
|
37 | end | |||
|
|
38 | end | |||
|
|
39 | ||||
|
|
40 | context "in :json format" do | |||
|
|
41 | context "with a valid api token" do | |||
|
|
42 | setup do | |||
|
|
43 | @user = User.generate_with_protected! | |||
|
|
44 | @token = Token.generate!(:user => @user, :action => 'api') | |||
|
|
45 | get "/news.json?key=#{@token.value}" | |||
|
|
46 | end | |||
|
|
47 | ||||
|
|
48 | should_respond_with :success | |||
|
|
49 | should_respond_with_content_type :json | |||
|
|
50 | should "login as the user" do | |||
|
|
51 | assert_equal @user, User.current | |||
|
|
52 | end | |||
|
|
53 | end | |||
|
|
54 | ||||
|
|
55 | context "with an invalid api token (on a protected site)" do | |||
|
|
56 | setup do | |||
|
|
57 | Setting.login_required = '1' | |||
|
|
58 | @user = User.generate_with_protected! | |||
|
|
59 | @token = Token.generate!(:user => @user, :action => 'feeds') | |||
|
|
60 | get "/news.json?key=#{@token.value}" | |||
|
|
61 | end | |||
|
|
62 | ||||
|
|
63 | should_respond_with :unauthorized | |||
|
|
64 | should_respond_with_content_type :json | |||
|
|
65 | should "not login as the user" do | |||
|
|
66 | assert_equal User.anonymous, User.current | |||
|
|
67 | end | |||
|
|
68 | end | |||
|
|
69 | end | |||
|
|
70 | ||||
|
|
71 | end | |||
|
|
72 | ||||
|
|
73 | end | |||
| @@ -70,6 +70,8 class ApplicationController < ActionController::Base | |||||
| 70 | elsif params[:format] == 'atom' && params[:key] && accept_key_auth_actions.include?(params[:action]) |
|
70 | elsif params[:format] == 'atom' && params[:key] && accept_key_auth_actions.include?(params[:action]) | |
| 71 | # RSS key authentication does not start a session |
|
71 | # RSS key authentication does not start a session | |
| 72 | User.find_by_rss_key(params[:key]) |
|
72 | User.find_by_rss_key(params[:key]) | |
|
|
73 | elsif ['xml', 'json'].include?(params[:format]) && params[:key] && accept_key_auth_actions.include?(params[:action]) | |||
|
|
74 | User.find_by_api_key(params[:key]) | |||
| 73 | end |
|
75 | end | |
| 74 | end |
|
76 | end | |
| 75 |
|
77 | |||
| @@ -114,7 +116,11 class ApplicationController < ActionController::Base | |||||
| 114 | else |
|
116 | else | |
| 115 | url = url_for(:controller => params[:controller], :action => params[:action], :id => params[:id], :project_id => params[:project_id]) |
|
117 | url = url_for(:controller => params[:controller], :action => params[:action], :id => params[:id], :project_id => params[:project_id]) | |
| 116 | end |
|
118 | end | |
| 117 | redirect_to :controller => "account", :action => "login", :back_url => url |
|
119 | respond_to do |format| | |
|
|
120 | format.html { redirect_to :controller => "account", :action => "login", :back_url => url } | |||
|
|
121 | format.xml { head :unauthorized } | |||
|
|
122 | format.json { head :unauthorized } | |||
|
|
123 | end | |||
| 118 | return false |
|
124 | return false | |
| 119 | end |
|
125 | end | |
| 120 | true |
|
126 | true | |
| @@ -31,6 +31,8 class NewsController < ApplicationController | |||||
| 31 | :order => "#{News.table_name}.created_on DESC" |
|
31 | :order => "#{News.table_name}.created_on DESC" | |
| 32 | respond_to do |format| |
|
32 | respond_to do |format| | |
| 33 | format.html { render :layout => false if request.xhr? } |
|
33 | format.html { render :layout => false if request.xhr? } | |
|
|
34 | format.xml { render :xml => @newss.to_xml } | |||
|
|
35 | format.json { render :json => @newss.to_json } | |||
| 34 | format.atom { render_feed(@newss, :title => (@project ? @project.name : Setting.app_title) + ": #{l(:label_news_plural)}") } |
|
36 | format.atom { render_feed(@newss, :title => (@project ? @project.name : Setting.app_title) + ": #{l(:label_news_plural)}") } | |
| 35 | end |
|
37 | end | |
| 36 | end |
|
38 | end | |
General Comments 0
You need to be logged in to leave comments.
Login now