jro_apps/redmine Commit - r3106:bfcd5039f288

Added an Admin setting to enable/disable the REST web service. (#3920)...

Eric Davis -

r3106:bfcd5039f288

parent child

Context file:

r3106:bfcd5039f288

Collapse all files

app/views/settings/_integration.html.erb created 644 +8 0

@@ -0,0 +1,8
	1	<% form_tag({:action => 'edit', :tab => 'integration'}) do %>
	2
	3	<div class="box tabular settings">
	4	<p><%= setting_check_box :rest_api_enabled %></p>
	5	</div>
	6
	7	<%= submit_tag l(:button_save) %>
	8	<% end %>

test/integration/disabled_rest_api_test.rb created 644 +110 0

@@ -0,0 +1,110
	1	require "#{File.dirname(__FILE__)}/../test_helper"
	2
	3	class DisabledRestApi < ActionController::IntegrationTest
	4	fixtures :all
	5
	6	def setup
	7	Setting.rest_api_enabled = '0'
	8	Setting.login_required = '1'
	9	end
	10
	11	def teardown
	12	Setting.rest_api_enabled = '1'
	13	Setting.login_required = '0'
	14	end
	15
	16	# Using the NewsController because it's a simple API.
	17	context "get /news with the API disabled" do
	18
	19	context "in :xml format" do
	20	context "with a valid api token" do
	21	setup do
	22	@user = User.generate_with_protected!
	23	@token = Token.generate!(:user => @user, :action => 'api')
	24	get "/news.xml?key=#{@token.value}"
	25	end
	26
	27	should_respond_with :unauthorized
	28	should_respond_with_content_type :xml
	29	should "not login as the user" do
	30	assert_equal User.anonymous, User.current
	31	end
	32	end
	33
	34	context "with a valid HTTP authentication" do
	35	setup do
	36	@user = User.generate_with_protected!(:password => 'my_password', :password_confirmation => 'my_password')
	37	@authorization = ActionController::HttpAuthentication::Basic.encode_credentials(@user.login, 'my_password')
	38	get "/news.xml", nil, :authorization => @authorization
	39	end
	40
	41	should_respond_with :unauthorized
	42	should_respond_with_content_type :xml
	43	should "not login as the user" do
	44	assert_equal User.anonymous, User.current
	45	end
	46	end
	47
	48	context "with a valid HTTP authentication using the API token" do
	49	setup do
	50	@user = User.generate_with_protected!
	51	@token = Token.generate!(:user => @user, :action => 'api')
	52	@authorization = ActionController::HttpAuthentication::Basic.encode_credentials(@token.value, 'X')
	53	get "/news.xml", nil, :authorization => @authorization
	54	end
	55
	56	should_respond_with :unauthorized
	57	should_respond_with_content_type :xml
	58	should "not login as the user" do
	59	assert_equal User.anonymous, User.current
	60	end
	61	end
	62	end
	63
	64	context "in :json format" do
	65	context "with a valid api token" do
	66	setup do
	67	@user = User.generate_with_protected!
	68	@token = Token.generate!(:user => @user, :action => 'api')
	69	get "/news.json?key=#{@token.value}"
	70	end
	71
	72	should_respond_with :unauthorized
	73	should_respond_with_content_type :json
	74	should "not login as the user" do
	75	assert_equal User.anonymous, User.current
	76	end
	77	end
	78
	79	context "with a valid HTTP authentication" do
	80	setup do
	81	@user = User.generate_with_protected!(:password => 'my_password', :password_confirmation => 'my_password')
	82	@authorization = ActionController::HttpAuthentication::Basic.encode_credentials(@user.login, 'my_password')
	83	get "/news.json", nil, :authorization => @authorization
	84	end
	85
	86	should_respond_with :unauthorized
	87	should_respond_with_content_type :json
	88	should "not login as the user" do
	89	assert_equal User.anonymous, User.current
	90	end
	91	end
	92
	93	context "with a valid HTTP authentication using the API token" do
	94	setup do
	95	@user = User.generate_with_protected!
	96	@token = Token.generate!(:user => @user, :action => 'api')
	97	@authorization = ActionController::HttpAuthentication::Basic.encode_credentials(@token.value, 'DoesNotMatter')
	98	get "/news.json", nil, :authorization => @authorization
	99	end
	100
	101	should_respond_with :unauthorized
	102	should_respond_with_content_type :json
	103	should "not login as the user" do
	104	assert_equal User.anonymous, User.current
	105	end
	106	end
	107
	108	end
	109	end
	110	end

app/controllers/application_controller.rb +1 -1

                 elsif params[:format] == 'atom' && params[:key] && accept_key_auth_actions.include?(params[:action])
                   # RSS key authentication does not start a session
                   User.find_by_rss_key(params[:key])
-                elsif ['xml', 'json'].include?(params[:format]) && accept_key_auth_actions.include?(params[:action])
+                elsif Setting.rest_api_enabled? && ['xml', 'json'].include?(params[:format]) && accept_key_auth_actions.include?(params[:action])
                   if params[:key].present?
                     # Use API key
                     User.find_by_api_key(params[:key])

app/helpers/settings_helper.rb +2 -1

                         {:name => 'issues', :partial => 'settings/issues', :label => :label_issue_tracking},
                         {:name => 'notifications', :partial => 'settings/notifications', :label => :field_mail_notification},
                         {:name => 'mail_handler', :partial => 'settings/mail_handler', :label => :label_incoming_emails},
-                        {:name => 'repositories', :partial => 'settings/repositories', :label => :label_repository_plural}
+                        {:name => 'repositories', :partial => 'settings/repositories', :label => :label_repository_plural},
+                        {:name => 'integration', :partial => 'settings/integration', :label => :label_integration}
                         ]
               end

config/locales/en.yml +2 0

               setting_issue_done_ratio_issue_field: Use the issue field
               setting_issue_done_ratio_issue_status: Use the issue status
               setting_start_of_week: Start calendars on
+              setting_rest_api_enabled: Enable REST web service
               permission_add_project: Create project
               permission_edit_project: Edit project
               label_api_access_key: API access key
               label_missing_api_access_key: Missing an API access key
               label_api_access_key_created_on: "API access key created {{value}} ago"
+              label_integration: Integration
               button_login: Login
               button_submit: Submit

config/settings.yml +2 0

               default: ''
             start_of_week:
               default: ''
+            rest_api_enabled:
+              default: 0

test/integration/api_token_login_test.rb +2 0

               fixtures :all
               def setup
+                Setting.rest_api_enabled = '1'
                 Setting.login_required = '1'
               end
               def teardown
+                Setting.rest_api_enabled = '0'
                 Setting.login_required = '0'
               end

test/integration/http_basic_login_test.rb +2 0

               fixtures :all
               def setup
+                Setting.rest_api_enabled = '1'
                 Setting.login_required = '1'
               end
               def teardown
+                Setting.rest_api_enabled = '0'
                 Setting.login_required = '0'
               end

test/integration/http_basic_login_with_api_token_test.rb +2 0

               fixtures :all
               def setup
+                Setting.rest_api_enabled = '1'
                 Setting.login_required = '1'
               end
               def teardown
+                Setting.rest_api_enabled = '0'
                 Setting.login_required = '0'
               end

General Comments 0

Write
Preview

You need to be logged in to leave comments. Login now

No TODOs yet

	Site-wide shortcuts
/	Use quick search box
g h	Goto home page
g g	Goto my private gists page
g G	Goto my public gists page
g 0-9	Goto bookmarked items from 0-9
n r	New repository page
n g	New gist page

	Repositories
g s	Goto summary page
g c	Goto changelog page
g f	Goto files page
g F	Goto files page with file search activated
g p	Goto pull requests page
g o	Goto repository settings
g O	Goto repository access permissions settings
t s	Toggle sidebar on some pages