@@ -46,36 +46,21 class ApiTest::IssuesTest < ActionController::IntegrationTest | |||||
46 | Setting.rest_api_enabled = '1' |
|
46 | Setting.rest_api_enabled = '1' | |
47 | end |
|
47 | end | |
48 |
|
48 | |||
|
49 | # Use a private project to make sure auth is really working and not just | |||
|
50 | # only showing public issues. | |||
49 | context "/index.xml" do |
|
51 | context "/index.xml" do | |
50 | setup do |
|
52 | should_allow_api_authentication(:get, "/projects/private-child/issues.xml") | |
51 | get '/issues.xml' |
|
|||
52 | end |
|
|||
53 |
|
||||
54 | should_respond_with :success |
|
|||
55 | should_respond_with_content_type 'application/xml' |
|
|||
56 | end |
|
53 | end | |
57 |
|
54 | |||
58 | context "/index.json" do |
|
55 | context "/index.json" do | |
59 | setup do |
|
56 | should_allow_api_authentication(:get, "/projects/private-child/issues.json") | |
60 | get '/issues.json' |
|
|||
61 | end |
|
|||
62 |
|
||||
63 | should_respond_with :success |
|
|||
64 | should_respond_with_content_type 'application/json' |
|
|||
65 |
|
||||
66 | should 'return a valid JSON string' do |
|
|||
67 | assert ActiveSupport::JSON.decode(response.body) |
|
|||
68 | end |
|
|||
69 | end |
|
57 | end | |
70 |
|
58 | |||
71 | context "/index.xml with filter" do |
|
59 | context "/index.xml with filter" do | |
72 | setup do |
|
60 | should_allow_api_authentication(:get, "/projects/private-child/issues.xml?status_id=5") | |
73 | get '/issues.xml?status_id=5' |
|
61 | ||
74 | end |
|
|||
75 |
|
||||
76 | should_respond_with :success |
|
|||
77 | should_respond_with_content_type 'application/xml' |
|
|||
78 | should "show only issues with the status_id" do |
|
62 | should "show only issues with the status_id" do | |
|
63 | get '/issues.xml?status_id=5' | |||
79 | assert_tag :tag => 'issues', |
|
64 | assert_tag :tag => 'issues', | |
80 | :children => { :count => Issue.visible.count(:conditions => {:status_id => 5}), |
|
65 | :children => { :count => Issue.visible.count(:conditions => {:status_id => 5}), | |
81 | :only => { :tag => 'issue' } } |
|
66 | :only => { :tag => 'issue' } } | |
@@ -83,18 +68,11 class ApiTest::IssuesTest < ActionController::IntegrationTest | |||||
83 | end |
|
68 | end | |
84 |
|
69 | |||
85 | context "/index.json with filter" do |
|
70 | context "/index.json with filter" do | |
86 | setup do |
|
71 | should_allow_api_authentication(:get, "/projects/private-child/issues.json?status_id=5") | |
87 | get '/issues.json?status_id=5' |
|
|||
88 | end |
|
|||
89 |
|
||||
90 | should_respond_with :success |
|
|||
91 | should_respond_with_content_type 'application/json' |
|
|||
92 |
|
||||
93 | should 'return a valid JSON string' do |
|
|||
94 | assert ActiveSupport::JSON.decode(response.body) |
|
|||
95 | end |
|
|||
96 |
|
72 | |||
97 | should "show only issues with the status_id" do |
|
73 | should "show only issues with the status_id" do | |
|
74 | get '/issues.json?status_id=5' | |||
|
75 | ||||
98 | json = ActiveSupport::JSON.decode(response.body) |
|
76 | json = ActiveSupport::JSON.decode(response.body) | |
99 | status_ids_used = json.collect {|j| j['status_id'] } |
|
77 | status_ids_used = json.collect {|j| j['status_id'] } | |
100 | assert_equal 3, status_ids_used.length |
|
78 | assert_equal 3, status_ids_used.length | |
@@ -103,26 +81,13 class ApiTest::IssuesTest < ActionController::IntegrationTest | |||||
103 |
|
81 | |||
104 | end |
|
82 | end | |
105 |
|
83 | |||
106 | context "/issues/1.xml" do |
|
84 | # Issue 6 is on a private project | |
107 | setup do |
|
85 | context "/issues/6.xml" do | |
108 | get '/issues/1.xml' |
|
86 | should_allow_api_authentication(:get, "/issues/6.xml") | |
109 | end |
|
|||
110 |
|
||||
111 | should_respond_with :success |
|
|||
112 | should_respond_with_content_type 'application/xml' |
|
|||
113 | end |
|
87 | end | |
114 |
|
88 | |||
115 |
context "/issues/ |
|
89 | context "/issues/6.json" do | |
116 | setup do |
|
90 | should_allow_api_authentication(:get, "/issues/6.json") | |
117 | get '/issues/1.json' |
|
|||
118 | end |
|
|||
119 |
|
||||
120 | should_respond_with :success |
|
|||
121 | should_respond_with_content_type 'application/json' |
|
|||
122 |
|
||||
123 | should 'return a valid JSON string' do |
|
|||
124 | assert ActiveSupport::JSON.decode(response.body) |
|
|||
125 | end |
|
|||
126 | end |
|
91 | end | |
127 |
|
92 | |||
128 | context "POST /issues.xml" do |
|
93 | context "POST /issues.xml" do |
@@ -186,6 +186,21 class ActiveSupport::TestCase | |||||
186 | end |
|
186 | end | |
187 | end |
|
187 | end | |
188 |
|
188 | |||
|
189 | # Test that a request allows the three types of API authentication | |||
|
190 | # | |||
|
191 | # * HTTP Basic with username and password | |||
|
192 | # * HTTP Basic with an api key for the username | |||
|
193 | # * Key based with the key=X parameter | |||
|
194 | # | |||
|
195 | # @param [Symbol] http_method the HTTP method for request (:get, :post, :put, :delete) | |||
|
196 | # @param [String] url the request url | |||
|
197 | # @param [optional, Hash] parameters additional request parameters | |||
|
198 | def self.should_allow_api_authentication(http_method, url, parameters={}) | |||
|
199 | should_allow_http_basic_auth_with_username_and_password(http_method, url, parameters) | |||
|
200 | should_allow_http_basic_auth_with_key(http_method, url, parameters) | |||
|
201 | should_allow_key_based_auth(http_method, url, parameters) | |||
|
202 | end | |||
|
203 | ||||
189 | # Test that a request allows the username and password for HTTP BASIC |
|
204 | # Test that a request allows the username and password for HTTP BASIC | |
190 | # |
|
205 | # | |
191 | # @param [Symbol] http_method the HTTP method for request (:get, :post, :put, :delete) |
|
206 | # @param [Symbol] http_method the HTTP method for request (:get, :post, :put, :delete) | |
@@ -245,7 +260,7 class ActiveSupport::TestCase | |||||
245 | context "should allow http basic auth with a key for #{http_method} #{url}" do |
|
260 | context "should allow http basic auth with a key for #{http_method} #{url}" do | |
246 | context "with a valid HTTP authentication using the API token" do |
|
261 | context "with a valid HTTP authentication using the API token" do | |
247 | setup do |
|
262 | setup do | |
248 | @user = User.generate_with_protected! |
|
263 | @user = User.generate_with_protected!(:admin => true) | |
249 | @token = Token.generate!(:user => @user, :action => 'api') |
|
264 | @token = Token.generate!(:user => @user, :action => 'api') | |
250 | @authorization = ActionController::HttpAuthentication::Basic.encode_credentials(@token.value, 'X') |
|
265 | @authorization = ActionController::HttpAuthentication::Basic.encode_credentials(@token.value, 'X') | |
251 | send(http_method, url, parameters, {:authorization => @authorization}) |
|
266 | send(http_method, url, parameters, {:authorization => @authorization}) | |
@@ -253,6 +268,7 class ActiveSupport::TestCase | |||||
253 |
|
268 | |||
254 | should_respond_with :success |
|
269 | should_respond_with :success | |
255 | should_respond_with_content_type_based_on_url(url) |
|
270 | should_respond_with_content_type_based_on_url(url) | |
|
271 | should_be_a_valid_response_string_based_on_url(url) | |||
256 | should "login as the user" do |
|
272 | should "login as the user" do | |
257 | assert_equal @user, User.current |
|
273 | assert_equal @user, User.current | |
258 | end |
|
274 | end | |
@@ -279,17 +295,25 class ActiveSupport::TestCase | |||||
279 | # |
|
295 | # | |
280 | # @param [Symbol] http_method the HTTP method for request (:get, :post, :put, :delete) |
|
296 | # @param [Symbol] http_method the HTTP method for request (:get, :post, :put, :delete) | |
281 | # @param [String] url the request url, without the key=ZXY parameter |
|
297 | # @param [String] url the request url, without the key=ZXY parameter | |
282 | def self.should_allow_key_based_auth(http_method, url) |
|
298 | # @param [optional, Hash] parameters additional request parameters | |
|
299 | def self.should_allow_key_based_auth(http_method, url, parameters={}) | |||
283 | context "should allow key based auth using key=X for #{http_method} #{url}" do |
|
300 | context "should allow key based auth using key=X for #{http_method} #{url}" do | |
284 | context "with a valid api token" do |
|
301 | context "with a valid api token" do | |
285 | setup do |
|
302 | setup do | |
286 | @user = User.generate_with_protected! |
|
303 | @user = User.generate_with_protected!(:admin => true) | |
287 | @token = Token.generate!(:user => @user, :action => 'api') |
|
304 | @token = Token.generate!(:user => @user, :action => 'api') | |
288 | send(http_method, url + "?key=#{@token.value}") |
|
305 | # Simple url parse to add on ?key= or &key= | |
|
306 | request_url = if url.match(/\?/) | |||
|
307 | url + "&key=#{@token.value}" | |||
|
308 | else | |||
|
309 | url + "?key=#{@token.value}" | |||
|
310 | end | |||
|
311 | send(http_method, request_url, parameters) | |||
289 | end |
|
312 | end | |
290 |
|
313 | |||
291 | should_respond_with :success |
|
314 | should_respond_with :success | |
292 | should_respond_with_content_type_based_on_url(url) |
|
315 | should_respond_with_content_type_based_on_url(url) | |
|
316 | should_be_a_valid_response_string_based_on_url(url) | |||
293 | should "login as the user" do |
|
317 | should "login as the user" do | |
294 | assert_equal @user, User.current |
|
318 | assert_equal @user, User.current | |
295 | end |
|
319 | end | |
@@ -329,6 +353,39 class ActiveSupport::TestCase | |||||
329 | end |
|
353 | end | |
330 |
|
354 | |||
331 | end |
|
355 | end | |
|
356 | ||||
|
357 | # Uses the url to assert which format the response should be in | |||
|
358 | # | |||
|
359 | # '/project/issues.xml' => should_be_a_valid_xml_string | |||
|
360 | # '/project/issues.json' => should_be_a_valid_json_string | |||
|
361 | # | |||
|
362 | # @param [String] url Request | |||
|
363 | def self.should_be_a_valid_response_string_based_on_url(url) | |||
|
364 | case | |||
|
365 | when url.match(/xml/i) | |||
|
366 | should_be_a_valid_xml_string | |||
|
367 | when url.match(/json/i) | |||
|
368 | should_be_a_valid_json_string | |||
|
369 | else | |||
|
370 | raise "Unknown content type for should_be_a_valid_response_based_on_url: #{url}" | |||
|
371 | end | |||
|
372 | ||||
|
373 | end | |||
|
374 | ||||
|
375 | # Checks that the response is a valid JSON string | |||
|
376 | def self.should_be_a_valid_json_string | |||
|
377 | should "be a valid JSON string" do | |||
|
378 | assert ActiveSupport::JSON.decode(response.body) | |||
|
379 | end | |||
|
380 | end | |||
|
381 | ||||
|
382 | # Checks that the response is a valid XML string | |||
|
383 | def self.should_be_a_valid_xml_string | |||
|
384 | should "be a valid XML string" do | |||
|
385 | assert REXML::Document.new(response.body) | |||
|
386 | end | |||
|
387 | end | |||
|
388 | ||||
332 | end |
|
389 | end | |
333 |
|
390 | |||
334 | # Simple module to "namespace" all of the API tests |
|
391 | # Simple module to "namespace" all of the API tests |
General Comments 0
You need to be logged in to leave comments.
Login now