| @@ -15,66 +15,12 class ApiTest::TokenAuthenticationTest < ActionController::IntegrationTest | |||
|
|
15 | 15 | |
|
|
16 | 16 | # Using the NewsController because it's a simple API. |
|
|
17 | 17 | context "get /news" do |
|
|
18 | ||
|
|
19 | 18 | context "in :xml format" do |
|
|
20 | context "with a valid api token" do | |
|
|
21 | setup do | |
|
|
22 | @user = User.generate_with_protected! | |
|
|
23 | @token = Token.generate!(:user => @user, :action => 'api') | |
|
|
24 | get "/news.xml?key=#{@token.value}" | |
|
|
25 | end | |
|
|
26 | ||
|
|
27 | should_respond_with :success | |
|
|
28 | should_respond_with_content_type :xml | |
|
|
29 | should "login as the user" do | |
|
|
30 | assert_equal @user, User.current | |
|
|
31 | end | |
|
|
32 | end | |
|
|
33 | ||
|
|
34 | context "with an invalid api token" do | |
|
|
35 | setup do | |
|
|
36 | @user = User.generate_with_protected! | |
|
|
37 | @token = Token.generate!(:user => @user, :action => 'feeds') | |
|
|
38 | get "/news.xml?key=#{@token.value}" | |
|
|
39 | end | |
|
|
40 | ||
|
|
41 | should_respond_with :unauthorized | |
|
|
42 | should_respond_with_content_type :xml | |
|
|
43 | should "not login as the user" do | |
|
|
44 | assert_equal User.anonymous, User.current | |
|
|
45 | end | |
|
|
46 | end | |
|
|
19 | should_allow_key_based_auth(:get, "/news.xml") | |
|
|
47 | 20 | end |
|
|
48 | 21 | |
|
|
49 | 22 | context "in :json format" do |
|
|
50 | context "with a valid api token" do | |
|
|
51 | setup do | |
|
|
52 | @user = User.generate_with_protected! | |
|
|
53 | @token = Token.generate!(:user => @user, :action => 'api') | |
|
|
54 | get "/news.json?key=#{@token.value}" | |
|
|
55 | end | |
|
|
56 | ||
|
|
57 | should_respond_with :success | |
|
|
58 | should_respond_with_content_type :json | |
|
|
59 | should "login as the user" do | |
|
|
60 | assert_equal @user, User.current | |
|
|
61 | end | |
|
|
62 | end | |
|
|
63 | ||
|
|
64 | context "with an invalid api token" do | |
|
|
65 | setup do | |
|
|
66 | @user = User.generate_with_protected! | |
|
|
67 | @token = Token.generate!(:user => @user, :action => 'feeds') | |
|
|
68 | get "/news.json?key=#{@token.value}" | |
|
|
69 | end | |
|
|
70 | ||
|
|
71 | should_respond_with :unauthorized | |
|
|
72 | should_respond_with_content_type :json | |
|
|
73 | should "not login as the user" do | |
|
|
74 | assert_equal User.anonymous, User.current | |
|
|
75 | end | |
|
|
76 | end | |
|
|
23 | should_allow_key_based_auth(:get, "/news.json") | |
|
|
77 | 24 | end |
|
|
78 | ||
|
|
79 | 25 | end |
|
|
80 | 26 | end |
| @@ -185,6 +185,61 class ActiveSupport::TestCase | |||
|
|
185 | 185 | assert !user.new_record? |
|
|
186 | 186 | end |
|
|
187 | 187 | end |
|
|
188 | ||
|
|
189 | # Test that a request allows full key authentication | |
|
|
190 | # | |
|
|
191 | # @param [Symbol] http_method the HTTP method for request (:get, :post, :put, :delete) | |
|
|
192 | # @param [String] url the request url, without the key=ZXY parameter | |
|
|
193 | def self.should_allow_key_based_auth(http_method, url) | |
|
|
194 | context "should allow key based auth using key=X for #{url}" do | |
|
|
195 | context "with a valid api token" do | |
|
|
196 | setup do | |
|
|
197 | @user = User.generate_with_protected! | |
|
|
198 | @token = Token.generate!(:user => @user, :action => 'api') | |
|
|
199 | send(http_method, url + "?key=#{@token.value}") | |
|
|
200 | end | |
|
|
201 | ||
|
|
202 | should_respond_with :success | |
|
|
203 | should_respond_with_content_type_based_on_url(url) | |
|
|
204 | should "login as the user" do | |
|
|
205 | assert_equal @user, User.current | |
|
|
206 | end | |
|
|
207 | end | |
|
|
208 | ||
|
|
209 | context "with an invalid api token" do | |
|
|
210 | setup do | |
|
|
211 | @user = User.generate_with_protected! | |
|
|
212 | @token = Token.generate!(:user => @user, :action => 'feeds') | |
|
|
213 | send(http_method, url + "?key=#{@token.value}") | |
|
|
214 | end | |
|
|
215 | ||
|
|
216 | should_respond_with :unauthorized | |
|
|
217 | should_respond_with_content_type_based_on_url(url) | |
|
|
218 | should "not login as the user" do | |
|
|
219 | assert_equal User.anonymous, User.current | |
|
|
220 | end | |
|
|
221 | end | |
|
|
222 | end | |
|
|
223 | ||
|
|
224 | end | |
|
|
225 | ||
|
|
226 | # Uses should_respond_with_content_type based on what's in the url: | |
|
|
227 | # | |
|
|
228 | # '/project/issues.xml' => should_respond_with_content_type :xml | |
|
|
229 | # '/project/issues.json' => should_respond_with_content_type :json | |
|
|
230 | # | |
|
|
231 | # @param [String] url Request | |
|
|
232 | def self.should_respond_with_content_type_based_on_url(url) | |
|
|
233 | case | |
|
|
234 | when url.match(/xml/i) | |
|
|
235 | should_respond_with_content_type :xml | |
|
|
236 | when url.match(/json/i) | |
|
|
237 | should_respond_with_content_type :json | |
|
|
238 | else | |
|
|
239 | raise "Unknown content type for should_respond_with_content_type_based_on_url: #{url}" | |
|
|
240 | end | |
|
|
241 | ||
|
|
242 | end | |
|
|
188 | 243 | end |
|
|
189 | 244 | |
|
|
190 | 245 | # Simple module to "namespace" all of the API tests |
General Comments 0
You need to be logged in to leave comments.
Login now