Chris@119
|
1 require File.expand_path('../../../test_helper', __FILE__)
|
chris@37
|
2
|
chris@37
|
3 class ApiTest::DisabledRestApiTest < ActionController::IntegrationTest
|
Chris@909
|
4 fixtures :projects, :trackers, :issue_statuses, :issues,
|
Chris@909
|
5 :enumerations, :users, :issue_categories,
|
Chris@909
|
6 :projects_trackers,
|
Chris@909
|
7 :roles,
|
Chris@909
|
8 :member_roles,
|
Chris@909
|
9 :members,
|
Chris@909
|
10 :enabled_modules,
|
Chris@909
|
11 :workflows
|
chris@37
|
12
|
chris@37
|
13 def setup
|
chris@37
|
14 Setting.rest_api_enabled = '0'
|
chris@37
|
15 Setting.login_required = '1'
|
chris@37
|
16 end
|
chris@37
|
17
|
chris@37
|
18 def teardown
|
chris@37
|
19 Setting.rest_api_enabled = '1'
|
chris@37
|
20 Setting.login_required = '0'
|
chris@37
|
21 end
|
Chris@909
|
22
|
chris@37
|
23 # Using the NewsController because it's a simple API.
|
chris@37
|
24 context "get /news with the API disabled" do
|
chris@37
|
25
|
chris@37
|
26 context "in :xml format" do
|
chris@37
|
27 context "with a valid api token" do
|
chris@37
|
28 setup do
|
chris@37
|
29 @user = User.generate_with_protected!
|
chris@37
|
30 @token = Token.generate!(:user => @user, :action => 'api')
|
chris@37
|
31 get "/news.xml?key=#{@token.value}"
|
chris@37
|
32 end
|
Chris@909
|
33
|
chris@37
|
34 should_respond_with :unauthorized
|
chris@37
|
35 should_respond_with_content_type :xml
|
chris@37
|
36 should "not login as the user" do
|
chris@37
|
37 assert_equal User.anonymous, User.current
|
chris@37
|
38 end
|
chris@37
|
39 end
|
chris@37
|
40
|
chris@37
|
41 context "with a valid HTTP authentication" do
|
chris@37
|
42 setup do
|
chris@37
|
43 @user = User.generate_with_protected!(:password => 'my_password', :password_confirmation => 'my_password')
|
chris@37
|
44 @authorization = ActionController::HttpAuthentication::Basic.encode_credentials(@user.login, 'my_password')
|
chris@37
|
45 get "/news.xml", nil, :authorization => @authorization
|
chris@37
|
46 end
|
Chris@909
|
47
|
chris@37
|
48 should_respond_with :unauthorized
|
chris@37
|
49 should_respond_with_content_type :xml
|
chris@37
|
50 should "not login as the user" do
|
chris@37
|
51 assert_equal User.anonymous, User.current
|
chris@37
|
52 end
|
chris@37
|
53 end
|
chris@37
|
54
|
chris@37
|
55 context "with a valid HTTP authentication using the API token" do
|
chris@37
|
56 setup do
|
chris@37
|
57 @user = User.generate_with_protected!
|
chris@37
|
58 @token = Token.generate!(:user => @user, :action => 'api')
|
chris@37
|
59 @authorization = ActionController::HttpAuthentication::Basic.encode_credentials(@token.value, 'X')
|
chris@37
|
60 get "/news.xml", nil, :authorization => @authorization
|
chris@37
|
61 end
|
Chris@909
|
62
|
chris@37
|
63 should_respond_with :unauthorized
|
chris@37
|
64 should_respond_with_content_type :xml
|
chris@37
|
65 should "not login as the user" do
|
chris@37
|
66 assert_equal User.anonymous, User.current
|
chris@37
|
67 end
|
chris@37
|
68 end
|
chris@37
|
69 end
|
chris@37
|
70
|
chris@37
|
71 context "in :json format" do
|
chris@37
|
72 context "with a valid api token" do
|
chris@37
|
73 setup do
|
chris@37
|
74 @user = User.generate_with_protected!
|
chris@37
|
75 @token = Token.generate!(:user => @user, :action => 'api')
|
chris@37
|
76 get "/news.json?key=#{@token.value}"
|
chris@37
|
77 end
|
Chris@909
|
78
|
chris@37
|
79 should_respond_with :unauthorized
|
chris@37
|
80 should_respond_with_content_type :json
|
chris@37
|
81 should "not login as the user" do
|
chris@37
|
82 assert_equal User.anonymous, User.current
|
chris@37
|
83 end
|
chris@37
|
84 end
|
chris@37
|
85
|
chris@37
|
86 context "with a valid HTTP authentication" do
|
chris@37
|
87 setup do
|
chris@37
|
88 @user = User.generate_with_protected!(:password => 'my_password', :password_confirmation => 'my_password')
|
chris@37
|
89 @authorization = ActionController::HttpAuthentication::Basic.encode_credentials(@user.login, 'my_password')
|
chris@37
|
90 get "/news.json", nil, :authorization => @authorization
|
chris@37
|
91 end
|
Chris@909
|
92
|
chris@37
|
93 should_respond_with :unauthorized
|
chris@37
|
94 should_respond_with_content_type :json
|
chris@37
|
95 should "not login as the user" do
|
chris@37
|
96 assert_equal User.anonymous, User.current
|
chris@37
|
97 end
|
chris@37
|
98 end
|
chris@37
|
99
|
chris@37
|
100 context "with a valid HTTP authentication using the API token" do
|
chris@37
|
101 setup do
|
chris@37
|
102 @user = User.generate_with_protected!
|
chris@37
|
103 @token = Token.generate!(:user => @user, :action => 'api')
|
chris@37
|
104 @authorization = ActionController::HttpAuthentication::Basic.encode_credentials(@token.value, 'DoesNotMatter')
|
chris@37
|
105 get "/news.json", nil, :authorization => @authorization
|
chris@37
|
106 end
|
chris@37
|
107
|
chris@37
|
108 should_respond_with :unauthorized
|
chris@37
|
109 should_respond_with_content_type :json
|
chris@37
|
110 should "not login as the user" do
|
chris@37
|
111 assert_equal User.anonymous, User.current
|
chris@37
|
112 end
|
chris@37
|
113 end
|
Chris@909
|
114
|
Chris@909
|
115 end
|
chris@37
|
116 end
|
chris@37
|
117 end
|