##// END OF EJS Templates
jro_apps » redmine
RSS
Added support for HTTP Basic access to the API. (#3920)...
Eric Davis -
r3105:e07e9d8bfed4
parent child
Show More
Side by Side Unified
Context file:
r3105:e07e9d8bfed4 Loading diff...:
Show file before | Show file after | Hide comments
@@ -0,0 +1,78
1 require "#{File.dirname(__FILE__)}/../test_helper"
2
3 class HttpBasicLoginTest < ActionController::IntegrationTest
4 fixtures :all
5
6 def setup
7 Setting.login_required = '1'
8 end
9
10 def teardown
11 Setting.login_required = '0'
12 end
13
14 # Using the NewsController because it's a simple API.
15 context "get /news" do
16
17 context "in :xml format" do
18 context "with a valid HTTP authentication" do
19 setup do
20 @user = User.generate_with_protected!(:password => 'my_password', :password_confirmation => 'my_password')
21 @authorization = ActionController::HttpAuthentication::Basic.encode_credentials(@user.login, 'my_password')
22 get "/news.xml", nil, :authorization => @authorization
23 end
24
25 should_respond_with :success
26 should_respond_with_content_type :xml
27 should "login as the user" do
28 assert_equal @user, User.current
29 end
30 end
31
32 context "with an invalid HTTP authentication" do
33 setup do
34 @user = User.generate_with_protected!
35 @authorization = ActionController::HttpAuthentication::Basic.encode_credentials(@user.login, 'wrong_password')
36 get "/news.xml", nil, :authorization => @authorization
37 end
38
39 should_respond_with :unauthorized
40 should_respond_with_content_type :xml
41 should "not login as the user" do
42 assert_equal User.anonymous, User.current
43 end
44 end
45 end
46
47 context "in :json format" do
48 context "with a valid HTTP authentication" do
49 setup do
50 @user = User.generate_with_protected!(:password => 'my_password', :password_confirmation => 'my_password')
51 @authorization = ActionController::HttpAuthentication::Basic.encode_credentials(@user.login, 'my_password')
52 get "/news.json", nil, :authorization => @authorization
53 end
54
55 should_respond_with :success
56 should_respond_with_content_type :json
57 should "login as the user" do
58 assert_equal @user, User.current
59 end
60 end
61
62 context "with an invalid HTTP authentication" do
63 setup do
64 @user = User.generate_with_protected!
65 @authorization = ActionController::HttpAuthentication::Basic.encode_credentials(@user.login, 'wrong_password')
66 get "/news.json", nil, :authorization => @authorization
67 end
68
69 should_respond_with :unauthorized
70 should_respond_with_content_type :json
71 should "not login as the user" do
72 assert_equal User.anonymous, User.current
73 end
74 end
75 end
76
77 end
78 end
Show file before | Show file after | Hide comments
@@ -0,0 +1,82
1 require "#{File.dirname(__FILE__)}/../test_helper"
2
3 class HttpBasicLoginWithApiTokenTest < ActionController::IntegrationTest
4 fixtures :all
5
6 def setup
7 Setting.login_required = '1'
8 end
9
10 def teardown
11 Setting.login_required = '0'
12 end
13
14 # Using the NewsController because it's a simple API.
15 context "get /news" do
16
17 context "in :xml format" do
18 context "with a valid HTTP authentication using the API token" do
19 setup do
20 @user = User.generate_with_protected!
21 @token = Token.generate!(:user => @user, :action => 'api')
22 @authorization = ActionController::HttpAuthentication::Basic.encode_credentials(@token.value, 'X')
23 get "/news.xml", nil, :authorization => @authorization
24 end
25
26 should_respond_with :success
27 should_respond_with_content_type :xml
28 should "login as the user" do
29 assert_equal @user, User.current
30 end
31 end
32
33 context "with an invalid HTTP authentication" do
34 setup do
35 @user = User.generate_with_protected!
36 @token = Token.generate!(:user => @user, :action => 'feeds')
37 @authorization = ActionController::HttpAuthentication::Basic.encode_credentials(@token.value, 'X')
38 get "/news.xml", nil, :authorization => @authorization
39 end
40
41 should_respond_with :unauthorized
42 should_respond_with_content_type :xml
43 should "not login as the user" do
44 assert_equal User.anonymous, User.current
45 end
46 end
47 end
48
49 context "in :json format" do
50 context "with a valid HTTP authentication" do
51 setup do
52 @user = User.generate_with_protected!
53 @token = Token.generate!(:user => @user, :action => 'api')
54 @authorization = ActionController::HttpAuthentication::Basic.encode_credentials(@token.value, 'DoesNotMatter')
55 get "/news.json", nil, :authorization => @authorization
56 end
57
58 should_respond_with :success
59 should_respond_with_content_type :json
60 should "login as the user" do
61 assert_equal @user, User.current
62 end
63 end
64
65 context "with an invalid HTTP authentication" do
66 setup do
67 @user = User.generate_with_protected!
68 @token = Token.generate!(:user => @user, :action => 'feeds')
69 @authorization = ActionController::HttpAuthentication::Basic.encode_credentials(@token.value, 'DoesNotMatter')
70 get "/news.json", nil, :authorization => @authorization
71 end
72
73 should_respond_with :unauthorized
74 should_respond_with_content_type :json
75 should "not login as the user" do
76 assert_equal User.anonymous, User.current
77 end
78 end
79 end
80
81 end
82 end
Show file before | Show file after | Hide comments
@@ -70,11 +70,19 class ApplicationController < ActionController::Base
70 elsif params[:format] == 'atom' && params[:key] && accept_key_auth_actions.include?(params[:action])
70 elsif params[:format] == 'atom' && params[:key] && accept_key_auth_actions.include?(params[:action])
71 # RSS key authentication does not start a session
71 # RSS key authentication does not start a session
72 User.find_by_rss_key(params[:key])
72 User.find_by_rss_key(params[:key])
73 elsif ['xml', 'json'].include?(params[:format]) && params[:key] && accept_key_auth_actions.include?(params[:action])
73 elsif ['xml', 'json'].include?(params[:format]) && accept_key_auth_actions.include?(params[:action])
74 User.find_by_api_key(params[:key])
74 if params[:key].present?
75 # Use API key
76 User.find_by_api_key(params[:key])
77 else
78 # HTTP Basic, either username/password or API key/random
79 authenticate_with_http_basic do |username, password|
80 User.try_to_login(username, password) || User.find_by_api_key(username)
81 end
82 end
75 end
83 end
76 end
84 end
77
85
78 # Sets the logged in user
86 # Sets the logged in user
79 def logged_user=(user)
87 def logged_user=(user)
80 reset_session
88 reset_session
@@ -118,6 +126,7 class ApplicationController < ActionController::Base
118 end
126 end
119 respond_to do |format|
127 respond_to do |format|
120 format.html { redirect_to :controller => "account", :action => "login", :back_url => url }
128 format.html { redirect_to :controller => "account", :action => "login", :back_url => url }
129 format.atom { redirect_to :controller => "account", :action => "login", :back_url => url }
121 format.xml { head :unauthorized }
130 format.xml { head :unauthorized }
122 format.json { head :unauthorized }
131 format.json { head :unauthorized }
123 end
132 end
Show file before | Show file after | Hide comments
@@ -3,8 +3,16 require "#{File.dirname(__FILE__)}/../test_helper"
3 class ApiTokenLoginTest < ActionController::IntegrationTest
3 class ApiTokenLoginTest < ActionController::IntegrationTest
4 fixtures :all
4 fixtures :all
5
5
6 def setup
7 Setting.login_required = '1'
8 end
9
10 def teardown
11 Setting.login_required = '0'
12 end
13
6 # Using the NewsController because it's a simple API.
14 # Using the NewsController because it's a simple API.
7 context "get /news.xml" do
15 context "get /news" do
8
16
9 context "in :xml format" do
17 context "in :xml format" do
10 context "with a valid api token" do
18 context "with a valid api token" do
@@ -21,9 +29,8 class ApiTokenLoginTest < ActionController::IntegrationTest
21 end
29 end
22 end
30 end
23
31
24 context "with an invalid api token (on a protected site)" do
32 context "with an invalid api token" do
25 setup do
33 setup do
26 Setting.login_required = '1'
27 @user = User.generate_with_protected!
34 @user = User.generate_with_protected!
28 @token = Token.generate!(:user => @user, :action => 'feeds')
35 @token = Token.generate!(:user => @user, :action => 'feeds')
29 get "/news.xml?key=#{@token.value}"
36 get "/news.xml?key=#{@token.value}"
@@ -52,9 +59,8 class ApiTokenLoginTest < ActionController::IntegrationTest
52 end
59 end
53 end
60 end
54
61
55 context "with an invalid api token (on a protected site)" do
62 context "with an invalid api token" do
56 setup do
63 setup do
57 Setting.login_required = '1'
58 @user = User.generate_with_protected!
64 @user = User.generate_with_protected!
59 @token = Token.generate!(:user => @user, :action => 'feeds')
65 @token = Token.generate!(:user => @user, :action => 'feeds')
60 get "/news.json?key=#{@token.value}"
66 get "/news.json?key=#{@token.value}"
@@ -69,5 +75,4 class ApiTokenLoginTest < ActionController::IntegrationTest
69 end
75 end
70
76
71 end
77 end
72
73 end
78 end
General Comments 0
You need to be logged in to leave comments. Login now