| @@ -0,0 +1,32 | |||||
|
|
1 | # Redmine - project management software | |||
|
|
2 | # Copyright (C) 2006-2012 Jean-Philippe Lang | |||
|
|
3 | # | |||
|
|
4 | # This program is free software; you can redistribute it and/or | |||
|
|
5 | # modify it under the terms of the GNU General Public License | |||
|
|
6 | # as published by the Free Software Foundation; either version 2 | |||
|
|
7 | # of the License, or (at your option) any later version. | |||
|
|
8 | # | |||
|
|
9 | # This program is distributed in the hope that it will be useful, | |||
|
|
10 | # but WITHOUT ANY WARRANTY; without even the implied warranty of | |||
|
|
11 | # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the | |||
|
|
12 | # GNU General Public License for more details. | |||
|
|
13 | # | |||
|
|
14 | # You should have received a copy of the GNU General Public License | |||
|
|
15 | # along with this program; if not, write to the Free Software | |||
|
|
16 | # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. | |||
|
|
17 | ||||
|
|
18 | require File.expand_path('../../../test_helper', __FILE__) | |||
|
|
19 | ||||
|
|
20 | class ApiTest::AuthenticationTest < ActionController::IntegrationTest | |||
|
|
21 | fixtures :users | |||
|
|
22 | ||||
|
|
23 | def test_api_request_should_not_use_user_session | |||
|
|
24 | log_user('jsmith', 'jsmith') | |||
|
|
25 | ||||
|
|
26 | get '/users/current' | |||
|
|
27 | assert_response :success | |||
|
|
28 | ||||
|
|
29 | get '/users/current.json' | |||
|
|
30 | assert_response 401 | |||
|
|
31 | end | |||
|
|
32 | end | |||
| @@ -86,25 +86,30 class ApplicationController < ActionController::Base | |||||
| 86 | # Returns the current user or nil if no user is logged in |
|
86 | # Returns the current user or nil if no user is logged in | |
| 87 | # and starts a session if needed |
|
87 | # and starts a session if needed | |
| 88 | def find_current_user |
|
88 | def find_current_user | |
| 89 | if session[:user_id] |
|
89 | user = nil | |
| 90 | # existing session |
|
90 | unless api_request? | |
| 91 |
|
|
91 | if session[:user_id] | |
| 92 | elsif user = try_to_autologin |
|
92 | # existing session | |
| 93 | user |
|
93 | user = (User.active.find(session[:user_id]) rescue nil) | |
| 94 | elsif params[:format] == 'atom' && params[:key] && request.get? && accept_rss_auth? |
|
94 | elsif autologin_user = try_to_autologin | |
| 95 | # RSS key authentication does not start a session |
|
95 | user = autologin_user | |
| 96 | User.find_by_rss_key(params[:key]) |
|
96 | elsif params[:format] == 'atom' && params[:key] && request.get? && accept_rss_auth? | |
| 97 | elsif Setting.rest_api_enabled? && accept_api_auth? |
|
97 | # RSS key authentication does not start a session | |
|
|
98 | user = User.find_by_rss_key(params[:key]) | |||
|
|
99 | end | |||
|
|
100 | end | |||
|
|
101 | if user.nil? && Setting.rest_api_enabled? && accept_api_auth? | |||
| 98 | if (key = api_key_from_request) |
|
102 | if (key = api_key_from_request) | |
| 99 | # Use API key |
|
103 | # Use API key | |
| 100 | User.find_by_api_key(key) |
|
104 | user = User.find_by_api_key(key) | |
| 101 | else |
|
105 | else | |
| 102 | # HTTP Basic, either username/password or API key/random |
|
106 | # HTTP Basic, either username/password or API key/random | |
| 103 | authenticate_with_http_basic do |username, password| |
|
107 | authenticate_with_http_basic do |username, password| | |
| 104 | User.try_to_login(username, password) || User.find_by_api_key(username) |
|
108 | user = User.try_to_login(username, password) || User.find_by_api_key(username) | |
| 105 | end |
|
109 | end | |
| 106 | end |
|
110 | end | |
| 107 | end |
|
111 | end | |
|
|
112 | user | |||
| 108 | end |
|
113 | end | |
| 109 |
|
114 | |||
| 110 | def try_to_autologin |
|
115 | def try_to_autologin | |
General Comments 0
You need to be logged in to leave comments.
Login now