Chris@119: require File.expand_path('../../../test_helper', __FILE__) chris@37: chris@37: class ApiTest::DisabledRestApiTest < ActionController::IntegrationTest Chris@909: fixtures :projects, :trackers, :issue_statuses, :issues, Chris@909: :enumerations, :users, :issue_categories, Chris@909: :projects_trackers, Chris@909: :roles, Chris@909: :member_roles, Chris@909: :members, Chris@909: :enabled_modules, Chris@909: :workflows chris@37: chris@37: def setup chris@37: Setting.rest_api_enabled = '0' chris@37: Setting.login_required = '1' chris@37: end chris@37: chris@37: def teardown chris@37: Setting.rest_api_enabled = '1' chris@37: Setting.login_required = '0' chris@37: end Chris@909: chris@37: # Using the NewsController because it's a simple API. chris@37: context "get /news with the API disabled" do chris@37: chris@37: context "in :xml format" do chris@37: context "with a valid api token" do chris@37: setup do chris@37: @user = User.generate_with_protected! chris@37: @token = Token.generate!(:user => @user, :action => 'api') chris@37: get "/news.xml?key=#{@token.value}" chris@37: end Chris@909: chris@37: should_respond_with :unauthorized chris@37: should_respond_with_content_type :xml chris@37: should "not login as the user" do chris@37: assert_equal User.anonymous, User.current chris@37: end chris@37: end chris@37: chris@37: context "with a valid HTTP authentication" do chris@37: setup do chris@37: @user = User.generate_with_protected!(:password => 'my_password', :password_confirmation => 'my_password') chris@37: @authorization = ActionController::HttpAuthentication::Basic.encode_credentials(@user.login, 'my_password') chris@37: get "/news.xml", nil, :authorization => @authorization chris@37: end Chris@909: chris@37: should_respond_with :unauthorized chris@37: should_respond_with_content_type :xml chris@37: should "not login as the user" do chris@37: assert_equal User.anonymous, User.current chris@37: end chris@37: end chris@37: chris@37: context "with a valid HTTP authentication using the API token" do chris@37: setup do chris@37: @user = User.generate_with_protected! chris@37: @token = Token.generate!(:user => @user, :action => 'api') chris@37: @authorization = ActionController::HttpAuthentication::Basic.encode_credentials(@token.value, 'X') chris@37: get "/news.xml", nil, :authorization => @authorization chris@37: end Chris@909: chris@37: should_respond_with :unauthorized chris@37: should_respond_with_content_type :xml chris@37: should "not login as the user" do chris@37: assert_equal User.anonymous, User.current chris@37: end chris@37: end chris@37: end chris@37: chris@37: context "in :json format" do chris@37: context "with a valid api token" do chris@37: setup do chris@37: @user = User.generate_with_protected! chris@37: @token = Token.generate!(:user => @user, :action => 'api') chris@37: get "/news.json?key=#{@token.value}" chris@37: end Chris@909: chris@37: should_respond_with :unauthorized chris@37: should_respond_with_content_type :json chris@37: should "not login as the user" do chris@37: assert_equal User.anonymous, User.current chris@37: end chris@37: end chris@37: chris@37: context "with a valid HTTP authentication" do chris@37: setup do chris@37: @user = User.generate_with_protected!(:password => 'my_password', :password_confirmation => 'my_password') chris@37: @authorization = ActionController::HttpAuthentication::Basic.encode_credentials(@user.login, 'my_password') chris@37: get "/news.json", nil, :authorization => @authorization chris@37: end Chris@909: chris@37: should_respond_with :unauthorized chris@37: should_respond_with_content_type :json chris@37: should "not login as the user" do chris@37: assert_equal User.anonymous, User.current chris@37: end chris@37: end chris@37: chris@37: context "with a valid HTTP authentication using the API token" do chris@37: setup do chris@37: @user = User.generate_with_protected! chris@37: @token = Token.generate!(:user => @user, :action => 'api') chris@37: @authorization = ActionController::HttpAuthentication::Basic.encode_credentials(@token.value, 'DoesNotMatter') chris@37: get "/news.json", nil, :authorization => @authorization chris@37: end chris@37: chris@37: should_respond_with :unauthorized chris@37: should_respond_with_content_type :json chris@37: should "not login as the user" do chris@37: assert_equal User.anonymous, User.current chris@37: end chris@37: end Chris@909: Chris@909: end chris@37: end chris@37: end