chris@37
|
1 require "#{File.dirname(__FILE__)}/../../test_helper"
|
chris@37
|
2
|
chris@37
|
3 class ApiTest::DisabledRestApiTest < ActionController::IntegrationTest
|
chris@37
|
4 fixtures :all
|
chris@37
|
5
|
chris@37
|
6 def setup
|
chris@37
|
7 Setting.rest_api_enabled = '0'
|
chris@37
|
8 Setting.login_required = '1'
|
chris@37
|
9 end
|
chris@37
|
10
|
chris@37
|
11 def teardown
|
chris@37
|
12 Setting.rest_api_enabled = '1'
|
chris@37
|
13 Setting.login_required = '0'
|
chris@37
|
14 end
|
chris@37
|
15
|
chris@37
|
16 # Using the NewsController because it's a simple API.
|
chris@37
|
17 context "get /news with the API disabled" do
|
chris@37
|
18
|
chris@37
|
19 context "in :xml format" do
|
chris@37
|
20 context "with a valid api token" do
|
chris@37
|
21 setup do
|
chris@37
|
22 @user = User.generate_with_protected!
|
chris@37
|
23 @token = Token.generate!(:user => @user, :action => 'api')
|
chris@37
|
24 get "/news.xml?key=#{@token.value}"
|
chris@37
|
25 end
|
chris@37
|
26
|
chris@37
|
27 should_respond_with :unauthorized
|
chris@37
|
28 should_respond_with_content_type :xml
|
chris@37
|
29 should "not login as the user" do
|
chris@37
|
30 assert_equal User.anonymous, User.current
|
chris@37
|
31 end
|
chris@37
|
32 end
|
chris@37
|
33
|
chris@37
|
34 context "with a valid HTTP authentication" do
|
chris@37
|
35 setup do
|
chris@37
|
36 @user = User.generate_with_protected!(:password => 'my_password', :password_confirmation => 'my_password')
|
chris@37
|
37 @authorization = ActionController::HttpAuthentication::Basic.encode_credentials(@user.login, 'my_password')
|
chris@37
|
38 get "/news.xml", nil, :authorization => @authorization
|
chris@37
|
39 end
|
chris@37
|
40
|
chris@37
|
41 should_respond_with :unauthorized
|
chris@37
|
42 should_respond_with_content_type :xml
|
chris@37
|
43 should "not login as the user" do
|
chris@37
|
44 assert_equal User.anonymous, User.current
|
chris@37
|
45 end
|
chris@37
|
46 end
|
chris@37
|
47
|
chris@37
|
48 context "with a valid HTTP authentication using the API token" do
|
chris@37
|
49 setup do
|
chris@37
|
50 @user = User.generate_with_protected!
|
chris@37
|
51 @token = Token.generate!(:user => @user, :action => 'api')
|
chris@37
|
52 @authorization = ActionController::HttpAuthentication::Basic.encode_credentials(@token.value, 'X')
|
chris@37
|
53 get "/news.xml", nil, :authorization => @authorization
|
chris@37
|
54 end
|
chris@37
|
55
|
chris@37
|
56 should_respond_with :unauthorized
|
chris@37
|
57 should_respond_with_content_type :xml
|
chris@37
|
58 should "not login as the user" do
|
chris@37
|
59 assert_equal User.anonymous, User.current
|
chris@37
|
60 end
|
chris@37
|
61 end
|
chris@37
|
62 end
|
chris@37
|
63
|
chris@37
|
64 context "in :json format" do
|
chris@37
|
65 context "with a valid api token" do
|
chris@37
|
66 setup do
|
chris@37
|
67 @user = User.generate_with_protected!
|
chris@37
|
68 @token = Token.generate!(:user => @user, :action => 'api')
|
chris@37
|
69 get "/news.json?key=#{@token.value}"
|
chris@37
|
70 end
|
chris@37
|
71
|
chris@37
|
72 should_respond_with :unauthorized
|
chris@37
|
73 should_respond_with_content_type :json
|
chris@37
|
74 should "not login as the user" do
|
chris@37
|
75 assert_equal User.anonymous, User.current
|
chris@37
|
76 end
|
chris@37
|
77 end
|
chris@37
|
78
|
chris@37
|
79 context "with a valid HTTP authentication" do
|
chris@37
|
80 setup do
|
chris@37
|
81 @user = User.generate_with_protected!(:password => 'my_password', :password_confirmation => 'my_password')
|
chris@37
|
82 @authorization = ActionController::HttpAuthentication::Basic.encode_credentials(@user.login, 'my_password')
|
chris@37
|
83 get "/news.json", nil, :authorization => @authorization
|
chris@37
|
84 end
|
chris@37
|
85
|
chris@37
|
86 should_respond_with :unauthorized
|
chris@37
|
87 should_respond_with_content_type :json
|
chris@37
|
88 should "not login as the user" do
|
chris@37
|
89 assert_equal User.anonymous, User.current
|
chris@37
|
90 end
|
chris@37
|
91 end
|
chris@37
|
92
|
chris@37
|
93 context "with a valid HTTP authentication using the API token" do
|
chris@37
|
94 setup do
|
chris@37
|
95 @user = User.generate_with_protected!
|
chris@37
|
96 @token = Token.generate!(:user => @user, :action => 'api')
|
chris@37
|
97 @authorization = ActionController::HttpAuthentication::Basic.encode_credentials(@token.value, 'DoesNotMatter')
|
chris@37
|
98 get "/news.json", nil, :authorization => @authorization
|
chris@37
|
99 end
|
chris@37
|
100
|
chris@37
|
101 should_respond_with :unauthorized
|
chris@37
|
102 should_respond_with_content_type :json
|
chris@37
|
103 should "not login as the user" do
|
chris@37
|
104 assert_equal User.anonymous, User.current
|
chris@37
|
105 end
|
chris@37
|
106 end
|
chris@37
|
107
|
chris@37
|
108 end
|
chris@37
|
109 end
|
chris@37
|
110 end
|