Mercurial > hg > soundsoftware-site

annotate test/integration/api_test/authentication_test.rb @ 1533:59e13100ea95 cannam

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
Fix to user lookup
author Chris Cannam
date Wed, 11 Feb 2015 14:17:38 +0000
parents dffacf8a6908
children
rev   line source
Chris@1115 1 # Redmine - project management software
Chris@1494 2 # Copyright (C) 2006-2014 Jean-Philippe Lang
Chris@1115 3 #
Chris@1115 4 # This program is free software; you can redistribute it and/or
Chris@1115 5 # modify it under the terms of the GNU General Public License
Chris@1115 6 # as published by the Free Software Foundation; either version 2
Chris@1115 7 # of the License, or (at your option) any later version.
Chris@1115 8 #
Chris@1115 9 # This program is distributed in the hope that it will be useful,
Chris@1115 10 # but WITHOUT ANY WARRANTY; without even the implied warranty of
Chris@1115 11 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
Chris@1115 12 # GNU General Public License for more details.
Chris@1115 13 #
Chris@1115 14 # You should have received a copy of the GNU General Public License
Chris@1115 15 # along with this program; if not, write to the Free Software
Chris@1115 16 # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
Chris@1115 17
Chris@1115 18 require File.expand_path('../../../test_helper', __FILE__)
Chris@1115 19
Chris@1464 20 class Redmine::ApiTest::AuthenticationTest < Redmine::ApiTest::Base
Chris@1115 21 fixtures :users
Chris@1115 22
Chris@1115 23 def setup
Chris@1115 24 Setting.rest_api_enabled = '1'
Chris@1115 25 end
Chris@1115 26
Chris@1115 27 def teardown
Chris@1115 28 Setting.rest_api_enabled = '0'
Chris@1115 29 end
Chris@1115 30
Chris@1517 31 def test_api_should_trigger_basic_http_auth_with_basic_authorization_header
Chris@1517 32 ApplicationController.any_instance.expects(:authenticate_with_http_basic).once
Chris@1517 33 get '/users/current.xml', {}, credentials('jsmith')
Chris@1517 34 assert_response 401
Chris@1517 35 end
Chris@1517 36
Chris@1517 37 def test_api_should_not_trigger_basic_http_auth_with_non_basic_authorization_header
Chris@1517 38 ApplicationController.any_instance.expects(:authenticate_with_http_basic).never
Chris@1517 39 get '/users/current.xml', {}, 'HTTP_AUTHORIZATION' => 'Digest foo bar'
Chris@1517 40 assert_response 401
Chris@1517 41 end
Chris@1517 42
Chris@1517 43 def test_invalid_utf8_credentials_should_not_trigger_an_error
Chris@1517 44 invalid_utf8 = "\x82"
Chris@1517 45 if invalid_utf8.respond_to?(:force_encoding)
Chris@1517 46 invalid_utf8.force_encoding('UTF-8')
Chris@1517 47 assert !invalid_utf8.valid_encoding?
Chris@1517 48 end
Chris@1517 49 assert_nothing_raised do
Chris@1517 50 get '/users/current.xml', {}, credentials(invalid_utf8, "foo")
Chris@1517 51 end
Chris@1517 52 end
Chris@1517 53
Chris@1115 54 def test_api_request_should_not_use_user_session
Chris@1115 55 log_user('jsmith', 'jsmith')
Chris@1115 56
Chris@1115 57 get '/users/current'
Chris@1115 58 assert_response :success
Chris@1115 59
Chris@1115 60 get '/users/current.json'
Chris@1115 61 assert_response 401
Chris@1115 62 end
Chris@1115 63
Chris@1115 64 def test_api_should_accept_switch_user_header_for_admin_user
Chris@1115 65 user = User.find(1)
Chris@1115 66 su = User.find(4)
Chris@1115 67
Chris@1115 68 get '/users/current', {}, {'X-Redmine-API-Key' => user.api_key, 'X-Redmine-Switch-User' => su.login}
Chris@1115 69 assert_response :success
Chris@1115 70 assert_equal su, assigns(:user)
Chris@1115 71 assert_equal su, User.current
Chris@1115 72 end
Chris@1115 73
Chris@1115 74 def test_api_should_respond_with_412_when_trying_to_switch_to_a_invalid_user
Chris@1115 75 get '/users/current', {}, {'X-Redmine-API-Key' => User.find(1).api_key, 'X-Redmine-Switch-User' => 'foobar'}
Chris@1115 76 assert_response 412
Chris@1115 77 end
Chris@1115 78
Chris@1115 79 def test_api_should_respond_with_412_when_trying_to_switch_to_a_locked_user
Chris@1115 80 user = User.find(5)
Chris@1115 81 assert user.locked?
Chris@1115 82
Chris@1115 83 get '/users/current', {}, {'X-Redmine-API-Key' => User.find(1).api_key, 'X-Redmine-Switch-User' => user.login}
Chris@1115 84 assert_response 412
Chris@1115 85 end
Chris@1115 86
Chris@1115 87 def test_api_should_not_accept_switch_user_header_for_non_admin_user
Chris@1115 88 user = User.find(2)
Chris@1115 89 su = User.find(4)
Chris@1115 90
Chris@1115 91 get '/users/current', {}, {'X-Redmine-API-Key' => user.api_key, 'X-Redmine-Switch-User' => su.login}
Chris@1115 92 assert_response :success
Chris@1115 93 assert_equal user, assigns(:user)
Chris@1115 94 assert_equal user, User.current
Chris@1115 95 end
Chris@1115 96 end