annotate .svn/pristine/46/46e3d11ed51124c8ae5b1a6038af5fe818c3c711.svn-base @ 1517:dffacf8a6908 redmine-2.5

Update to Redmine SVN revision 13367 on 2.5-stable branch
author Chris Cannam
date Tue, 09 Sep 2014 09:29:00 +0100
parents
children
rev   line source
Chris@1517 1 # Redmine - project management software
Chris@1517 2 # Copyright (C) 2006-2014 Jean-Philippe Lang
Chris@1517 3 #
Chris@1517 4 # This program is free software; you can redistribute it and/or
Chris@1517 5 # modify it under the terms of the GNU General Public License
Chris@1517 6 # as published by the Free Software Foundation; either version 2
Chris@1517 7 # of the License, or (at your option) any later version.
Chris@1517 8 #
Chris@1517 9 # This program is distributed in the hope that it will be useful,
Chris@1517 10 # but WITHOUT ANY WARRANTY; without even the implied warranty of
Chris@1517 11 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
Chris@1517 12 # GNU General Public License for more details.
Chris@1517 13 #
Chris@1517 14 # You should have received a copy of the GNU General Public License
Chris@1517 15 # along with this program; if not, write to the Free Software
Chris@1517 16 # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
Chris@1517 17
Chris@1517 18 require File.expand_path('../../../test_helper', __FILE__)
Chris@1517 19
Chris@1517 20 class Redmine::ApiTest::AuthenticationTest < Redmine::ApiTest::Base
Chris@1517 21 fixtures :users
Chris@1517 22
Chris@1517 23 def setup
Chris@1517 24 Setting.rest_api_enabled = '1'
Chris@1517 25 end
Chris@1517 26
Chris@1517 27 def teardown
Chris@1517 28 Setting.rest_api_enabled = '0'
Chris@1517 29 end
Chris@1517 30
Chris@1517 31 def test_api_should_trigger_basic_http_auth_with_basic_authorization_header
Chris@1517 32 ApplicationController.any_instance.expects(:authenticate_with_http_basic).once
Chris@1517 33 get '/users/current.xml', {}, credentials('jsmith')
Chris@1517 34 assert_response 401
Chris@1517 35 end
Chris@1517 36
Chris@1517 37 def test_api_should_not_trigger_basic_http_auth_with_non_basic_authorization_header
Chris@1517 38 ApplicationController.any_instance.expects(:authenticate_with_http_basic).never
Chris@1517 39 get '/users/current.xml', {}, 'HTTP_AUTHORIZATION' => 'Digest foo bar'
Chris@1517 40 assert_response 401
Chris@1517 41 end
Chris@1517 42
Chris@1517 43 def test_invalid_utf8_credentials_should_not_trigger_an_error
Chris@1517 44 invalid_utf8 = "\x82"
Chris@1517 45 if invalid_utf8.respond_to?(:force_encoding)
Chris@1517 46 invalid_utf8.force_encoding('UTF-8')
Chris@1517 47 assert !invalid_utf8.valid_encoding?
Chris@1517 48 end
Chris@1517 49 assert_nothing_raised do
Chris@1517 50 get '/users/current.xml', {}, credentials(invalid_utf8, "foo")
Chris@1517 51 end
Chris@1517 52 end
Chris@1517 53
Chris@1517 54 def test_api_request_should_not_use_user_session
Chris@1517 55 log_user('jsmith', 'jsmith')
Chris@1517 56
Chris@1517 57 get '/users/current'
Chris@1517 58 assert_response :success
Chris@1517 59
Chris@1517 60 get '/users/current.json'
Chris@1517 61 assert_response 401
Chris@1517 62 end
Chris@1517 63
Chris@1517 64 def test_api_should_accept_switch_user_header_for_admin_user
Chris@1517 65 user = User.find(1)
Chris@1517 66 su = User.find(4)
Chris@1517 67
Chris@1517 68 get '/users/current', {}, {'X-Redmine-API-Key' => user.api_key, 'X-Redmine-Switch-User' => su.login}
Chris@1517 69 assert_response :success
Chris@1517 70 assert_equal su, assigns(:user)
Chris@1517 71 assert_equal su, User.current
Chris@1517 72 end
Chris@1517 73
Chris@1517 74 def test_api_should_respond_with_412_when_trying_to_switch_to_a_invalid_user
Chris@1517 75 get '/users/current', {}, {'X-Redmine-API-Key' => User.find(1).api_key, 'X-Redmine-Switch-User' => 'foobar'}
Chris@1517 76 assert_response 412
Chris@1517 77 end
Chris@1517 78
Chris@1517 79 def test_api_should_respond_with_412_when_trying_to_switch_to_a_locked_user
Chris@1517 80 user = User.find(5)
Chris@1517 81 assert user.locked?
Chris@1517 82
Chris@1517 83 get '/users/current', {}, {'X-Redmine-API-Key' => User.find(1).api_key, 'X-Redmine-Switch-User' => user.login}
Chris@1517 84 assert_response 412
Chris@1517 85 end
Chris@1517 86
Chris@1517 87 def test_api_should_not_accept_switch_user_header_for_non_admin_user
Chris@1517 88 user = User.find(2)
Chris@1517 89 su = User.find(4)
Chris@1517 90
Chris@1517 91 get '/users/current', {}, {'X-Redmine-API-Key' => user.api_key, 'X-Redmine-Switch-User' => su.login}
Chris@1517 92 assert_response :success
Chris@1517 93 assert_equal user, assigns(:user)
Chris@1517 94 assert_equal user, User.current
Chris@1517 95 end
Chris@1517 96 end