| @@ -1,110 +1,117 | |||
|
|
1 | 1 | require File.expand_path('../../../test_helper', __FILE__) |
|
|
2 | 2 | |
|
|
3 | 3 | class ApiTest::DisabledRestApiTest < ActionController::IntegrationTest |
|
|
4 | fixtures :all | |
|
|
4 | fixtures :projects, :trackers, :issue_statuses, :issues, | |
|
|
5 | :enumerations, :users, :issue_categories, | |
|
|
6 | :projects_trackers, | |
|
|
7 | :roles, | |
|
|
8 | :member_roles, | |
|
|
9 | :members, | |
|
|
10 | :enabled_modules, | |
|
|
11 | :workflows | |
|
|
5 | 12 | |
|
|
6 | 13 | def setup |
|
|
7 | 14 | Setting.rest_api_enabled = '0' |
|
|
8 | 15 | Setting.login_required = '1' |
|
|
9 | 16 | end |
|
|
10 | 17 | |
|
|
11 | 18 | def teardown |
|
|
12 | 19 | Setting.rest_api_enabled = '1' |
|
|
13 | 20 | Setting.login_required = '0' |
|
|
14 | 21 | end |
|
|
15 | 22 | |
|
|
16 | 23 | # Using the NewsController because it's a simple API. |
|
|
17 | 24 | context "get /news with the API disabled" do |
|
|
18 | 25 | |
|
|
19 | 26 | context "in :xml format" do |
|
|
20 | 27 | context "with a valid api token" do |
|
|
21 | 28 | setup do |
|
|
22 | 29 | @user = User.generate_with_protected! |
|
|
23 | 30 | @token = Token.generate!(:user => @user, :action => 'api') |
|
|
24 | 31 | get "/news.xml?key=#{@token.value}" |
|
|
25 | 32 | end |
|
|
26 | 33 | |
|
|
27 | 34 | should_respond_with :unauthorized |
|
|
28 | 35 | should_respond_with_content_type :xml |
|
|
29 | 36 | should "not login as the user" do |
|
|
30 | 37 | assert_equal User.anonymous, User.current |
|
|
31 | 38 | end |
|
|
32 | 39 | end |
|
|
33 | 40 | |
|
|
34 | 41 | context "with a valid HTTP authentication" do |
|
|
35 | 42 | setup do |
|
|
36 | 43 | @user = User.generate_with_protected!(:password => 'my_password', :password_confirmation => 'my_password') |
|
|
37 | 44 | @authorization = ActionController::HttpAuthentication::Basic.encode_credentials(@user.login, 'my_password') |
|
|
38 | 45 | get "/news.xml", nil, :authorization => @authorization |
|
|
39 | 46 | end |
|
|
40 | 47 | |
|
|
41 | 48 | should_respond_with :unauthorized |
|
|
42 | 49 | should_respond_with_content_type :xml |
|
|
43 | 50 | should "not login as the user" do |
|
|
44 | 51 | assert_equal User.anonymous, User.current |
|
|
45 | 52 | end |
|
|
46 | 53 | end |
|
|
47 | 54 | |
|
|
48 | 55 | context "with a valid HTTP authentication using the API token" do |
|
|
49 | 56 | setup do |
|
|
50 | 57 | @user = User.generate_with_protected! |
|
|
51 | 58 | @token = Token.generate!(:user => @user, :action => 'api') |
|
|
52 | 59 | @authorization = ActionController::HttpAuthentication::Basic.encode_credentials(@token.value, 'X') |
|
|
53 | 60 | get "/news.xml", nil, :authorization => @authorization |
|
|
54 | 61 | end |
|
|
55 | 62 | |
|
|
56 | 63 | should_respond_with :unauthorized |
|
|
57 | 64 | should_respond_with_content_type :xml |
|
|
58 | 65 | should "not login as the user" do |
|
|
59 | 66 | assert_equal User.anonymous, User.current |
|
|
60 | 67 | end |
|
|
61 | 68 | end |
|
|
62 | 69 | end |
|
|
63 | 70 | |
|
|
64 | 71 | context "in :json format" do |
|
|
65 | 72 | context "with a valid api token" do |
|
|
66 | 73 | setup do |
|
|
67 | 74 | @user = User.generate_with_protected! |
|
|
68 | 75 | @token = Token.generate!(:user => @user, :action => 'api') |
|
|
69 | 76 | get "/news.json?key=#{@token.value}" |
|
|
70 | 77 | end |
|
|
71 | 78 | |
|
|
72 | 79 | should_respond_with :unauthorized |
|
|
73 | 80 | should_respond_with_content_type :json |
|
|
74 | 81 | should "not login as the user" do |
|
|
75 | 82 | assert_equal User.anonymous, User.current |
|
|
76 | 83 | end |
|
|
77 | 84 | end |
|
|
78 | 85 | |
|
|
79 | 86 | context "with a valid HTTP authentication" do |
|
|
80 | 87 | setup do |
|
|
81 | 88 | @user = User.generate_with_protected!(:password => 'my_password', :password_confirmation => 'my_password') |
|
|
82 | 89 | @authorization = ActionController::HttpAuthentication::Basic.encode_credentials(@user.login, 'my_password') |
|
|
83 | 90 | get "/news.json", nil, :authorization => @authorization |
|
|
84 | 91 | end |
|
|
85 | 92 | |
|
|
86 | 93 | should_respond_with :unauthorized |
|
|
87 | 94 | should_respond_with_content_type :json |
|
|
88 | 95 | should "not login as the user" do |
|
|
89 | 96 | assert_equal User.anonymous, User.current |
|
|
90 | 97 | end |
|
|
91 | 98 | end |
|
|
92 | 99 | |
|
|
93 | 100 | context "with a valid HTTP authentication using the API token" do |
|
|
94 | 101 | setup do |
|
|
95 | 102 | @user = User.generate_with_protected! |
|
|
96 | 103 | @token = Token.generate!(:user => @user, :action => 'api') |
|
|
97 | 104 | @authorization = ActionController::HttpAuthentication::Basic.encode_credentials(@token.value, 'DoesNotMatter') |
|
|
98 | 105 | get "/news.json", nil, :authorization => @authorization |
|
|
99 | 106 | end |
|
|
100 | 107 | |
|
|
101 | 108 | should_respond_with :unauthorized |
|
|
102 | 109 | should_respond_with_content_type :json |
|
|
103 | 110 | should "not login as the user" do |
|
|
104 | 111 | assert_equal User.anonymous, User.current |
|
|
105 | 112 | end |
|
|
106 | 113 | end |
|
|
107 | 114 | |
|
|
108 | 115 | end |
|
|
109 | 116 | end |
|
|
110 | 117 | end |
General Comments 0
You need to be logged in to leave comments.
Login now