Mercurial > hg > soundsoftware-site
diff .svn/pristine/43/431e564a1e03f4cc7d0102d7d18816df7d2cc0e3.svn-base @ 909:cbb26bc654de redmine-1.3
Update to Redmine 1.3-stable branch (Redmine SVN rev 8964)
| author | Chris Cannam |
|---|---|
| date | Fri, 24 Feb 2012 19:09:32 +0000 |
| parents | |
| children |
line wrap: on
line diff
--- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/.svn/pristine/43/431e564a1e03f4cc7d0102d7d18816df7d2cc0e3.svn-base Fri Feb 24 19:09:32 2012 +0000 @@ -0,0 +1,117 @@ +require File.expand_path('../../../test_helper', __FILE__) + +class ApiTest::DisabledRestApiTest < ActionController::IntegrationTest + fixtures :projects, :trackers, :issue_statuses, :issues, + :enumerations, :users, :issue_categories, + :projects_trackers, + :roles, + :member_roles, + :members, + :enabled_modules, + :workflows + + def setup + Setting.rest_api_enabled = '0' + Setting.login_required = '1' + end + + def teardown + Setting.rest_api_enabled = '1' + Setting.login_required = '0' + end + + # Using the NewsController because it's a simple API. + context "get /news with the API disabled" do + + context "in :xml format" do + context "with a valid api token" do + setup do + @user = User.generate_with_protected! + @token = Token.generate!(:user => @user, :action => 'api') + get "/news.xml?key=#{@token.value}" + end + + should_respond_with :unauthorized + should_respond_with_content_type :xml + should "not login as the user" do + assert_equal User.anonymous, User.current + end + end + + context "with a valid HTTP authentication" do + setup do + @user = User.generate_with_protected!(:password => 'my_password', :password_confirmation => 'my_password') + @authorization = ActionController::HttpAuthentication::Basic.encode_credentials(@user.login, 'my_password') + get "/news.xml", nil, :authorization => @authorization + end + + should_respond_with :unauthorized + should_respond_with_content_type :xml + should "not login as the user" do + assert_equal User.anonymous, User.current + end + end + + context "with a valid HTTP authentication using the API token" do + setup do + @user = User.generate_with_protected! + @token = Token.generate!(:user => @user, :action => 'api') + @authorization = ActionController::HttpAuthentication::Basic.encode_credentials(@token.value, 'X') + get "/news.xml", nil, :authorization => @authorization + end + + should_respond_with :unauthorized + should_respond_with_content_type :xml + should "not login as the user" do + assert_equal User.anonymous, User.current + end + end + end + + context "in :json format" do + context "with a valid api token" do + setup do + @user = User.generate_with_protected! + @token = Token.generate!(:user => @user, :action => 'api') + get "/news.json?key=#{@token.value}" + end + + should_respond_with :unauthorized + should_respond_with_content_type :json + should "not login as the user" do + assert_equal User.anonymous, User.current + end + end + + context "with a valid HTTP authentication" do + setup do + @user = User.generate_with_protected!(:password => 'my_password', :password_confirmation => 'my_password') + @authorization = ActionController::HttpAuthentication::Basic.encode_credentials(@user.login, 'my_password') + get "/news.json", nil, :authorization => @authorization + end + + should_respond_with :unauthorized + should_respond_with_content_type :json + should "not login as the user" do + assert_equal User.anonymous, User.current + end + end + + context "with a valid HTTP authentication using the API token" do + setup do + @user = User.generate_with_protected! + @token = Token.generate!(:user => @user, :action => 'api') + @authorization = ActionController::HttpAuthentication::Basic.encode_credentials(@token.value, 'DoesNotMatter') + get "/news.json", nil, :authorization => @authorization + end + + should_respond_with :unauthorized + should_respond_with_content_type :json + should "not login as the user" do + assert_equal User.anonymous, User.current + end + end + + end + end +end