Mercurial > hg > soundsoftware-site

annotate test/integration/api_test/authentication_test.rb @ 1517:dffacf8a6908 redmine-2.5

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
Update to Redmine SVN revision 13367 on 2.5-stable branch
author Chris Cannam
date Tue, 09 Sep 2014 09:29:00 +0100
parents e248c7af89ec
children
rev   line source
Chris@1115 1 # Redmine - project management software
Chris@1494 2 # Copyright (C) 2006-2014 Jean-Philippe Lang
Chris@1115 3 #
Chris@1115 4 # This program is free software; you can redistribute it and/or
Chris@1115 5 # modify it under the terms of the GNU General Public License
Chris@1115 6 # as published by the Free Software Foundation; either version 2
Chris@1115 7 # of the License, or (at your option) any later version.
Chris@1115 8 #
Chris@1115 9 # This program is distributed in the hope that it will be useful,
Chris@1115 10 # but WITHOUT ANY WARRANTY; without even the implied warranty of
Chris@1115 11 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
Chris@1115 12 # GNU General Public License for more details.
Chris@1115 13 #
Chris@1115 14 # You should have received a copy of the GNU General Public License
Chris@1115 15 # along with this program; if not, write to the Free Software
Chris@1115 16 # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
Chris@1115 17
Chris@1115 18 require File.expand_path('../../../test_helper', __FILE__)
Chris@1115 19
Chris@1464 20 class Redmine::ApiTest::AuthenticationTest < Redmine::ApiTest::Base
Chris@1115 21 fixtures :users
Chris@1115 22
Chris@1115 23 def setup
Chris@1115 24 Setting.rest_api_enabled = '1'
Chris@1115 25 end
Chris@1115 26
Chris@1115 27 def teardown
Chris@1115 28 Setting.rest_api_enabled = '0'
Chris@1115 29 end
Chris@1115 30
Chris@1517 31 def test_api_should_trigger_basic_http_auth_with_basic_authorization_header
Chris@1517 32 ApplicationController.any_instance.expects(:authenticate_with_http_basic).once
Chris@1517 33 get '/users/current.xml', {}, credentials('jsmith')
Chris@1517 34 assert_response 401
Chris@1517 35 end
Chris@1517 36
Chris@1517 37 def test_api_should_not_trigger_basic_http_auth_with_non_basic_authorization_header
Chris@1517 38 ApplicationController.any_instance.expects(:authenticate_with_http_basic).never
Chris@1517 39 get '/users/current.xml', {}, 'HTTP_AUTHORIZATION' => 'Digest foo bar'
Chris@1517 40 assert_response 401
Chris@1517 41 end
Chris@1517 42
Chris@1517 43 def test_invalid_utf8_credentials_should_not_trigger_an_error
Chris@1517 44 invalid_utf8 = "\x82"
Chris@1517 45 if invalid_utf8.respond_to?(:force_encoding)
Chris@1517 46 invalid_utf8.force_encoding('UTF-8')
Chris@1517 47 assert !invalid_utf8.valid_encoding?
Chris@1517 48 end
Chris@1517 49 assert_nothing_raised do
Chris@1517 50 get '/users/current.xml', {}, credentials(invalid_utf8, "foo")
Chris@1517 51 end
Chris@1517 52 end
Chris@1517 53
Chris@1115 54 def test_api_request_should_not_use_user_session
Chris@1115 55 log_user('jsmith', 'jsmith')
Chris@1115 56
Chris@1115 57 get '/users/current'
Chris@1115 58 assert_response :success
Chris@1115 59
Chris@1115 60 get '/users/current.json'
Chris@1115 61 assert_response 401
Chris@1115 62 end
Chris@1115 63
Chris@1115 64 def test_api_should_accept_switch_user_header_for_admin_user
Chris@1115 65 user = User.find(1)
Chris@1115 66 su = User.find(4)
Chris@1115 67
Chris@1115 68 get '/users/current', {}, {'X-Redmine-API-Key' => user.api_key, 'X-Redmine-Switch-User' => su.login}
Chris@1115 69 assert_response :success
Chris@1115 70 assert_equal su, assigns(:user)
Chris@1115 71 assert_equal su, User.current
Chris@1115 72 end
Chris@1115 73
Chris@1115 74 def test_api_should_respond_with_412_when_trying_to_switch_to_a_invalid_user
Chris@1115 75 get '/users/current', {}, {'X-Redmine-API-Key' => User.find(1).api_key, 'X-Redmine-Switch-User' => 'foobar'}
Chris@1115 76 assert_response 412
Chris@1115 77 end
Chris@1115 78
Chris@1115 79 def test_api_should_respond_with_412_when_trying_to_switch_to_a_locked_user
Chris@1115 80 user = User.find(5)
Chris@1115 81 assert user.locked?
Chris@1115 82
Chris@1115 83 get '/users/current', {}, {'X-Redmine-API-Key' => User.find(1).api_key, 'X-Redmine-Switch-User' => user.login}
Chris@1115 84 assert_response 412
Chris@1115 85 end
Chris@1115 86
Chris@1115 87 def test_api_should_not_accept_switch_user_header_for_non_admin_user
Chris@1115 88 user = User.find(2)
Chris@1115 89 su = User.find(4)
Chris@1115 90
Chris@1115 91 get '/users/current', {}, {'X-Redmine-API-Key' => user.api_key, 'X-Redmine-Switch-User' => su.login}
Chris@1115 92 assert_response :success
Chris@1115 93 assert_equal user, assigns(:user)
Chris@1115 94 assert_equal user, User.current
Chris@1115 95 end
Chris@1115 96 end