Mercurial > hg > soundsoftware-site
diff test/integration/disabled_rest_api_test.rb @ 0:513646585e45
* Import Redmine trunk SVN rev 3859
| author | Chris Cannam |
|---|---|
| date | Fri, 23 Jul 2010 15:52:44 +0100 |
| parents | |
| children |
line wrap: on
line diff
--- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/test/integration/disabled_rest_api_test.rb Fri Jul 23 15:52:44 2010 +0100 @@ -0,0 +1,110 @@ +require "#{File.dirname(__FILE__)}/../test_helper" + +class DisabledRestApi < ActionController::IntegrationTest + fixtures :all + + def setup + Setting.rest_api_enabled = '0' + Setting.login_required = '1' + end + + def teardown + Setting.rest_api_enabled = '1' + Setting.login_required = '0' + end + + # Using the NewsController because it's a simple API. + context "get /news with the API disabled" do + + context "in :xml format" do + context "with a valid api token" do + setup do + @user = User.generate_with_protected! + @token = Token.generate!(:user => @user, :action => 'api') + get "/news.xml?key=#{@token.value}" + end + + should_respond_with :unauthorized + should_respond_with_content_type :xml + should "not login as the user" do + assert_equal User.anonymous, User.current + end + end + + context "with a valid HTTP authentication" do + setup do + @user = User.generate_with_protected!(:password => 'my_password', :password_confirmation => 'my_password') + @authorization = ActionController::HttpAuthentication::Basic.encode_credentials(@user.login, 'my_password') + get "/news.xml", nil, :authorization => @authorization + end + + should_respond_with :unauthorized + should_respond_with_content_type :xml + should "not login as the user" do + assert_equal User.anonymous, User.current + end + end + + context "with a valid HTTP authentication using the API token" do + setup do + @user = User.generate_with_protected! + @token = Token.generate!(:user => @user, :action => 'api') + @authorization = ActionController::HttpAuthentication::Basic.encode_credentials(@token.value, 'X') + get "/news.xml", nil, :authorization => @authorization + end + + should_respond_with :unauthorized + should_respond_with_content_type :xml + should "not login as the user" do + assert_equal User.anonymous, User.current + end + end + end + + context "in :json format" do + context "with a valid api token" do + setup do + @user = User.generate_with_protected! + @token = Token.generate!(:user => @user, :action => 'api') + get "/news.json?key=#{@token.value}" + end + + should_respond_with :unauthorized + should_respond_with_content_type :json + should "not login as the user" do + assert_equal User.anonymous, User.current + end + end + + context "with a valid HTTP authentication" do + setup do + @user = User.generate_with_protected!(:password => 'my_password', :password_confirmation => 'my_password') + @authorization = ActionController::HttpAuthentication::Basic.encode_credentials(@user.login, 'my_password') + get "/news.json", nil, :authorization => @authorization + end + + should_respond_with :unauthorized + should_respond_with_content_type :json + should "not login as the user" do + assert_equal User.anonymous, User.current + end + end + + context "with a valid HTTP authentication using the API token" do + setup do + @user = User.generate_with_protected! + @token = Token.generate!(:user => @user, :action => 'api') + @authorization = ActionController::HttpAuthentication::Basic.encode_credentials(@token.value, 'DoesNotMatter') + get "/news.json", nil, :authorization => @authorization + end + + should_respond_with :unauthorized + should_respond_with_content_type :json + should "not login as the user" do + assert_equal User.anonymous, User.current + end + end + + end + end +end