| @@ -1,91 +1,96 | |||||
| 1 | # Redmine - project management software |
|
1 | # Redmine - project management software | |
| 2 | # Copyright (C) 2006-2014 Jean-Philippe Lang |
|
2 | # Copyright (C) 2006-2014 Jean-Philippe Lang | |
| 3 | # |
|
3 | # | |
| 4 | # This program is free software; you can redistribute it and/or |
|
4 | # This program is free software; you can redistribute it and/or | |
| 5 | # modify it under the terms of the GNU General Public License |
|
5 | # modify it under the terms of the GNU General Public License | |
| 6 | # as published by the Free Software Foundation; either version 2 |
|
6 | # as published by the Free Software Foundation; either version 2 | |
| 7 | # of the License, or (at your option) any later version. |
|
7 | # of the License, or (at your option) any later version. | |
| 8 | # |
|
8 | # | |
| 9 | # This program is distributed in the hope that it will be useful, |
|
9 | # This program is distributed in the hope that it will be useful, | |
| 10 | # but WITHOUT ANY WARRANTY; without even the implied warranty of |
|
10 | # but WITHOUT ANY WARRANTY; without even the implied warranty of | |
| 11 | # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the |
|
11 | # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the | |
| 12 | # GNU General Public License for more details. |
|
12 | # GNU General Public License for more details. | |
| 13 | # |
|
13 | # | |
| 14 | # You should have received a copy of the GNU General Public License |
|
14 | # You should have received a copy of the GNU General Public License | |
| 15 | # along with this program; if not, write to the Free Software |
|
15 | # along with this program; if not, write to the Free Software | |
| 16 | # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. |
|
16 | # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. | |
| 17 |
|
17 | |||
| 18 | require File.expand_path('../../../test_helper', __FILE__) |
|
18 | require File.expand_path('../../../test_helper', __FILE__) | |
| 19 |
|
19 | |||
| 20 | class Redmine::ApiTest::AuthenticationTest < Redmine::ApiTest::Base |
|
20 | class Redmine::ApiTest::AuthenticationTest < Redmine::ApiTest::Base | |
| 21 | fixtures :users |
|
21 | fixtures :users | |
| 22 |
|
22 | |||
| 23 | def setup |
|
23 | def setup | |
| 24 | Setting.rest_api_enabled = '1' |
|
24 | Setting.rest_api_enabled = '1' | |
| 25 | end |
|
25 | end | |
| 26 |
|
26 | |||
| 27 | def teardown |
|
27 | def teardown | |
| 28 | Setting.rest_api_enabled = '0' |
|
28 | Setting.rest_api_enabled = '0' | |
| 29 | end |
|
29 | end | |
| 30 |
|
30 | |||
| 31 | def test_api_should_trigger_basic_http_auth_with_basic_authorization_header |
|
31 | def test_api_should_trigger_basic_http_auth_with_basic_authorization_header | |
| 32 | ApplicationController.any_instance.expects(:authenticate_with_http_basic).once |
|
32 | ApplicationController.any_instance.expects(:authenticate_with_http_basic).once | |
| 33 | get '/users/current.xml', {}, credentials('jsmith') |
|
33 | get '/users/current.xml', {}, credentials('jsmith') | |
| 34 | assert_response 401 |
|
34 | assert_response 401 | |
| 35 | end |
|
35 | end | |
| 36 |
|
36 | |||
| 37 | def test_api_should_not_trigger_basic_http_auth_with_non_basic_authorization_header |
|
37 | def test_api_should_not_trigger_basic_http_auth_with_non_basic_authorization_header | |
| 38 | ApplicationController.any_instance.expects(:authenticate_with_http_basic).never |
|
38 | ApplicationController.any_instance.expects(:authenticate_with_http_basic).never | |
| 39 | get '/users/current.xml', {}, 'HTTP_AUTHORIZATION' => 'Digest foo bar' |
|
39 | get '/users/current.xml', {}, 'HTTP_AUTHORIZATION' => 'Digest foo bar' | |
| 40 | assert_response 401 |
|
40 | assert_response 401 | |
| 41 | end |
|
41 | end | |
| 42 |
|
42 | |||
| 43 | def test_invalid_utf8_credentials_should_not_trigger_an_error |
|
43 | def test_invalid_utf8_credentials_should_not_trigger_an_error | |
|
|
44 | invalid_utf8 = "\x82" | |||
|
|
45 | if invalid_utf8.respond_to?(:force_encoding) | |||
|
|
46 | invalid_utf8.force_encoding('UTF-8') | |||
|
|
47 | assert !invalid_utf8.valid_encoding? | |||
|
|
48 | end | |||
| 44 | assert_nothing_raised do |
|
49 | assert_nothing_raised do | |
| 45 |
get '/users/current.xml', {}, credentials( |
|
50 | get '/users/current.xml', {}, credentials(invalid_utf8, "foo") | |
| 46 | end |
|
51 | end | |
| 47 | end |
|
52 | end | |
| 48 |
|
53 | |||
| 49 | def test_api_request_should_not_use_user_session |
|
54 | def test_api_request_should_not_use_user_session | |
| 50 | log_user('jsmith', 'jsmith') |
|
55 | log_user('jsmith', 'jsmith') | |
| 51 |
|
56 | |||
| 52 | get '/users/current' |
|
57 | get '/users/current' | |
| 53 | assert_response :success |
|
58 | assert_response :success | |
| 54 |
|
59 | |||
| 55 | get '/users/current.json' |
|
60 | get '/users/current.json' | |
| 56 | assert_response 401 |
|
61 | assert_response 401 | |
| 57 | end |
|
62 | end | |
| 58 |
|
63 | |||
| 59 | def test_api_should_accept_switch_user_header_for_admin_user |
|
64 | def test_api_should_accept_switch_user_header_for_admin_user | |
| 60 | user = User.find(1) |
|
65 | user = User.find(1) | |
| 61 | su = User.find(4) |
|
66 | su = User.find(4) | |
| 62 |
|
67 | |||
| 63 | get '/users/current', {}, {'X-Redmine-API-Key' => user.api_key, 'X-Redmine-Switch-User' => su.login} |
|
68 | get '/users/current', {}, {'X-Redmine-API-Key' => user.api_key, 'X-Redmine-Switch-User' => su.login} | |
| 64 | assert_response :success |
|
69 | assert_response :success | |
| 65 | assert_equal su, assigns(:user) |
|
70 | assert_equal su, assigns(:user) | |
| 66 | assert_equal su, User.current |
|
71 | assert_equal su, User.current | |
| 67 | end |
|
72 | end | |
| 68 |
|
73 | |||
| 69 | def test_api_should_respond_with_412_when_trying_to_switch_to_a_invalid_user |
|
74 | def test_api_should_respond_with_412_when_trying_to_switch_to_a_invalid_user | |
| 70 | get '/users/current', {}, {'X-Redmine-API-Key' => User.find(1).api_key, 'X-Redmine-Switch-User' => 'foobar'} |
|
75 | get '/users/current', {}, {'X-Redmine-API-Key' => User.find(1).api_key, 'X-Redmine-Switch-User' => 'foobar'} | |
| 71 | assert_response 412 |
|
76 | assert_response 412 | |
| 72 | end |
|
77 | end | |
| 73 |
|
78 | |||
| 74 | def test_api_should_respond_with_412_when_trying_to_switch_to_a_locked_user |
|
79 | def test_api_should_respond_with_412_when_trying_to_switch_to_a_locked_user | |
| 75 | user = User.find(5) |
|
80 | user = User.find(5) | |
| 76 | assert user.locked? |
|
81 | assert user.locked? | |
| 77 |
|
82 | |||
| 78 | get '/users/current', {}, {'X-Redmine-API-Key' => User.find(1).api_key, 'X-Redmine-Switch-User' => user.login} |
|
83 | get '/users/current', {}, {'X-Redmine-API-Key' => User.find(1).api_key, 'X-Redmine-Switch-User' => user.login} | |
| 79 | assert_response 412 |
|
84 | assert_response 412 | |
| 80 | end |
|
85 | end | |
| 81 |
|
86 | |||
| 82 | def test_api_should_not_accept_switch_user_header_for_non_admin_user |
|
87 | def test_api_should_not_accept_switch_user_header_for_non_admin_user | |
| 83 | user = User.find(2) |
|
88 | user = User.find(2) | |
| 84 | su = User.find(4) |
|
89 | su = User.find(4) | |
| 85 |
|
90 | |||
| 86 | get '/users/current', {}, {'X-Redmine-API-Key' => user.api_key, 'X-Redmine-Switch-User' => su.login} |
|
91 | get '/users/current', {}, {'X-Redmine-API-Key' => user.api_key, 'X-Redmine-Switch-User' => su.login} | |
| 87 | assert_response :success |
|
92 | assert_response :success | |
| 88 | assert_equal user, assigns(:user) |
|
93 | assert_equal user, assigns(:user) | |
| 89 | assert_equal user, User.current |
|
94 | assert_equal user, User.current | |
| 90 | end |
|
95 | end | |
| 91 | end |
|
96 | end | |
General Comments 0
You need to be logged in to leave comments.
Login now