| @@ -15,66 +15,12 class ApiTest::TokenAuthenticationTest < ActionController::IntegrationTest | |||||
| 15 |
|
15 | |||
| 16 | # Using the NewsController because it's a simple API. |
|
16 | # Using the NewsController because it's a simple API. | |
| 17 | context "get /news" do |
|
17 | context "get /news" do | |
| 18 |
|
||||
| 19 | context "in :xml format" do |
|
18 | context "in :xml format" do | |
| 20 | context "with a valid api token" do |
|
19 | should_allow_key_based_auth(:get, "/news.xml") | |
| 21 | setup do |
|
|||
| 22 | @user = User.generate_with_protected! |
|
|||
| 23 | @token = Token.generate!(:user => @user, :action => 'api') |
|
|||
| 24 | get "/news.xml?key=#{@token.value}" |
|
|||
| 25 | end |
|
|||
| 26 |
|
||||
| 27 | should_respond_with :success |
|
|||
| 28 | should_respond_with_content_type :xml |
|
|||
| 29 | should "login as the user" do |
|
|||
| 30 | assert_equal @user, User.current |
|
|||
| 31 | end |
|
|||
| 32 | end |
|
|||
| 33 |
|
||||
| 34 | context "with an invalid api token" do |
|
|||
| 35 | setup do |
|
|||
| 36 | @user = User.generate_with_protected! |
|
|||
| 37 | @token = Token.generate!(:user => @user, :action => 'feeds') |
|
|||
| 38 | get "/news.xml?key=#{@token.value}" |
|
|||
| 39 | end |
|
|||
| 40 |
|
||||
| 41 | should_respond_with :unauthorized |
|
|||
| 42 | should_respond_with_content_type :xml |
|
|||
| 43 | should "not login as the user" do |
|
|||
| 44 | assert_equal User.anonymous, User.current |
|
|||
| 45 | end |
|
|||
| 46 | end |
|
|||
| 47 | end |
|
20 | end | |
| 48 |
|
21 | |||
| 49 | context "in :json format" do |
|
22 | context "in :json format" do | |
| 50 | context "with a valid api token" do |
|
23 | should_allow_key_based_auth(:get, "/news.json") | |
| 51 | setup do |
|
|||
| 52 | @user = User.generate_with_protected! |
|
|||
| 53 | @token = Token.generate!(:user => @user, :action => 'api') |
|
|||
| 54 | get "/news.json?key=#{@token.value}" |
|
|||
| 55 | end |
|
|||
| 56 |
|
||||
| 57 | should_respond_with :success |
|
|||
| 58 | should_respond_with_content_type :json |
|
|||
| 59 | should "login as the user" do |
|
|||
| 60 | assert_equal @user, User.current |
|
|||
| 61 | end |
|
|||
| 62 | end |
|
|||
| 63 |
|
||||
| 64 | context "with an invalid api token" do |
|
|||
| 65 | setup do |
|
|||
| 66 | @user = User.generate_with_protected! |
|
|||
| 67 | @token = Token.generate!(:user => @user, :action => 'feeds') |
|
|||
| 68 | get "/news.json?key=#{@token.value}" |
|
|||
| 69 | end |
|
|||
| 70 |
|
||||
| 71 | should_respond_with :unauthorized |
|
|||
| 72 | should_respond_with_content_type :json |
|
|||
| 73 | should "not login as the user" do |
|
|||
| 74 | assert_equal User.anonymous, User.current |
|
|||
| 75 | end |
|
|||
| 76 | end |
|
|||
| 77 | end |
|
24 | end | |
| 78 |
|
||||
| 79 | end |
|
25 | end | |
| 80 | end |
|
26 | end | |
| @@ -185,6 +185,61 class ActiveSupport::TestCase | |||||
| 185 | assert !user.new_record? |
|
185 | assert !user.new_record? | |
| 186 | end |
|
186 | end | |
| 187 | end |
|
187 | end | |
|
|
188 | ||||
|
|
189 | # Test that a request allows full key authentication | |||
|
|
190 | # | |||
|
|
191 | # @param [Symbol] http_method the HTTP method for request (:get, :post, :put, :delete) | |||
|
|
192 | # @param [String] url the request url, without the key=ZXY parameter | |||
|
|
193 | def self.should_allow_key_based_auth(http_method, url) | |||
|
|
194 | context "should allow key based auth using key=X for #{url}" do | |||
|
|
195 | context "with a valid api token" do | |||
|
|
196 | setup do | |||
|
|
197 | @user = User.generate_with_protected! | |||
|
|
198 | @token = Token.generate!(:user => @user, :action => 'api') | |||
|
|
199 | send(http_method, url + "?key=#{@token.value}") | |||
|
|
200 | end | |||
|
|
201 | ||||
|
|
202 | should_respond_with :success | |||
|
|
203 | should_respond_with_content_type_based_on_url(url) | |||
|
|
204 | should "login as the user" do | |||
|
|
205 | assert_equal @user, User.current | |||
|
|
206 | end | |||
|
|
207 | end | |||
|
|
208 | ||||
|
|
209 | context "with an invalid api token" do | |||
|
|
210 | setup do | |||
|
|
211 | @user = User.generate_with_protected! | |||
|
|
212 | @token = Token.generate!(:user => @user, :action => 'feeds') | |||
|
|
213 | send(http_method, url + "?key=#{@token.value}") | |||
|
|
214 | end | |||
|
|
215 | ||||
|
|
216 | should_respond_with :unauthorized | |||
|
|
217 | should_respond_with_content_type_based_on_url(url) | |||
|
|
218 | should "not login as the user" do | |||
|
|
219 | assert_equal User.anonymous, User.current | |||
|
|
220 | end | |||
|
|
221 | end | |||
|
|
222 | end | |||
|
|
223 | ||||
|
|
224 | end | |||
|
|
225 | ||||
|
|
226 | # Uses should_respond_with_content_type based on what's in the url: | |||
|
|
227 | # | |||
|
|
228 | # '/project/issues.xml' => should_respond_with_content_type :xml | |||
|
|
229 | # '/project/issues.json' => should_respond_with_content_type :json | |||
|
|
230 | # | |||
|
|
231 | # @param [String] url Request | |||
|
|
232 | def self.should_respond_with_content_type_based_on_url(url) | |||
|
|
233 | case | |||
|
|
234 | when url.match(/xml/i) | |||
|
|
235 | should_respond_with_content_type :xml | |||
|
|
236 | when url.match(/json/i) | |||
|
|
237 | should_respond_with_content_type :json | |||
|
|
238 | else | |||
|
|
239 | raise "Unknown content type for should_respond_with_content_type_based_on_url: #{url}" | |||
|
|
240 | end | |||
|
|
241 | ||||
|
|
242 | end | |||
| 188 | end |
|
243 | end | |
| 189 |
|
244 | |||
| 190 | # Simple module to "namespace" all of the API tests |
|
245 | # Simple module to "namespace" all of the API tests | |
General Comments 0
You need to be logged in to leave comments.
Login now