Mercurial > hg > soundsoftware-site

comparison .svn/pristine/46/46e3d11ed51124c8ae5b1a6038af5fe818c3c711.svn-base @ 1517:dffacf8a6908 redmine-2.5

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
Update to Redmine SVN revision 13367 on 2.5-stable branch
author Chris Cannam
date Tue, 09 Sep 2014 09:29:00 +0100
parents
children
comparison
equal deleted inserted replaced
1516:b450a9d58aed 1517:dffacf8a6908
1 # Redmine - project management software
2 # Copyright (C) 2006-2014 Jean-Philippe Lang
3 #
4 # This program is free software; you can redistribute it and/or
5 # modify it under the terms of the GNU General Public License
6 # as published by the Free Software Foundation; either version 2
7 # of the License, or (at your option) any later version.
8 #
9 # This program is distributed in the hope that it will be useful,
10 # but WITHOUT ANY WARRANTY; without even the implied warranty of
11 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
12 # GNU General Public License for more details.
13 #
14 # You should have received a copy of the GNU General Public License
15 # along with this program; if not, write to the Free Software
16 # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
17
18 require File.expand_path('../../../test_helper', __FILE__)
19
20 class Redmine::ApiTest::AuthenticationTest < Redmine::ApiTest::Base
21 fixtures :users
22
23 def setup
24 Setting.rest_api_enabled = '1'
25 end
26
27 def teardown
28 Setting.rest_api_enabled = '0'
29 end
30
31 def test_api_should_trigger_basic_http_auth_with_basic_authorization_header
32 ApplicationController.any_instance.expects(:authenticate_with_http_basic).once
33 get '/users/current.xml', {}, credentials('jsmith')
34 assert_response 401
35 end
36
37 def test_api_should_not_trigger_basic_http_auth_with_non_basic_authorization_header
38 ApplicationController.any_instance.expects(:authenticate_with_http_basic).never
39 get '/users/current.xml', {}, 'HTTP_AUTHORIZATION' => 'Digest foo bar'
40 assert_response 401
41 end
42
43 def test_invalid_utf8_credentials_should_not_trigger_an_error
44 invalid_utf8 = "\x82"
45 if invalid_utf8.respond_to?(:force_encoding)
46 invalid_utf8.force_encoding('UTF-8')
47 assert !invalid_utf8.valid_encoding?
48 end
49 assert_nothing_raised do
50 get '/users/current.xml', {}, credentials(invalid_utf8, "foo")
51 end
52 end
53
54 def test_api_request_should_not_use_user_session
55 log_user('jsmith', 'jsmith')
56
57 get '/users/current'
58 assert_response :success
59
60 get '/users/current.json'
61 assert_response 401
62 end
63
64 def test_api_should_accept_switch_user_header_for_admin_user
65 user = User.find(1)
66 su = User.find(4)
67
68 get '/users/current', {}, {'X-Redmine-API-Key' => user.api_key, 'X-Redmine-Switch-User' => su.login}
69 assert_response :success
70 assert_equal su, assigns(:user)
71 assert_equal su, User.current
72 end
73
74 def test_api_should_respond_with_412_when_trying_to_switch_to_a_invalid_user
75 get '/users/current', {}, {'X-Redmine-API-Key' => User.find(1).api_key, 'X-Redmine-Switch-User' => 'foobar'}
76 assert_response 412
77 end
78
79 def test_api_should_respond_with_412_when_trying_to_switch_to_a_locked_user
80 user = User.find(5)
81 assert user.locked?
82
83 get '/users/current', {}, {'X-Redmine-API-Key' => User.find(1).api_key, 'X-Redmine-Switch-User' => user.login}
84 assert_response 412
85 end
86
87 def test_api_should_not_accept_switch_user_header_for_non_admin_user
88 user = User.find(2)
89 su = User.find(4)
90
91 get '/users/current', {}, {'X-Redmine-API-Key' => user.api_key, 'X-Redmine-Switch-User' => su.login}
92 assert_response :success
93 assert_equal user, assigns(:user)
94 assert_equal user, User.current
95 end
96 end