Chris@119: require File.expand_path('../../../test_helper', __FILE__) chris@37: chris@37: class ApiTest::DisabledRestApiTest < ActionController::IntegrationTest chris@37: fixtures :all chris@37: chris@37: def setup chris@37: Setting.rest_api_enabled = '0' chris@37: Setting.login_required = '1' chris@37: end chris@37: chris@37: def teardown chris@37: Setting.rest_api_enabled = '1' chris@37: Setting.login_required = '0' chris@37: end chris@37: chris@37: # Using the NewsController because it's a simple API. chris@37: context "get /news with the API disabled" do chris@37: chris@37: context "in :xml format" do chris@37: context "with a valid api token" do chris@37: setup do chris@37: @user = User.generate_with_protected! chris@37: @token = Token.generate!(:user => @user, :action => 'api') chris@37: get "/news.xml?key=#{@token.value}" chris@37: end chris@37: chris@37: should_respond_with :unauthorized chris@37: should_respond_with_content_type :xml chris@37: should "not login as the user" do chris@37: assert_equal User.anonymous, User.current chris@37: end chris@37: end chris@37: chris@37: context "with a valid HTTP authentication" do chris@37: setup do chris@37: @user = User.generate_with_protected!(:password => 'my_password', :password_confirmation => 'my_password') chris@37: @authorization = ActionController::HttpAuthentication::Basic.encode_credentials(@user.login, 'my_password') chris@37: get "/news.xml", nil, :authorization => @authorization chris@37: end chris@37: chris@37: should_respond_with :unauthorized chris@37: should_respond_with_content_type :xml chris@37: should "not login as the user" do chris@37: assert_equal User.anonymous, User.current chris@37: end chris@37: end chris@37: chris@37: context "with a valid HTTP authentication using the API token" do chris@37: setup do chris@37: @user = User.generate_with_protected! chris@37: @token = Token.generate!(:user => @user, :action => 'api') chris@37: @authorization = ActionController::HttpAuthentication::Basic.encode_credentials(@token.value, 'X') chris@37: get "/news.xml", nil, :authorization => @authorization chris@37: end chris@37: chris@37: should_respond_with :unauthorized chris@37: should_respond_with_content_type :xml chris@37: should "not login as the user" do chris@37: assert_equal User.anonymous, User.current chris@37: end chris@37: end chris@37: end chris@37: chris@37: context "in :json format" do chris@37: context "with a valid api token" do chris@37: setup do chris@37: @user = User.generate_with_protected! chris@37: @token = Token.generate!(:user => @user, :action => 'api') chris@37: get "/news.json?key=#{@token.value}" chris@37: end chris@37: chris@37: should_respond_with :unauthorized chris@37: should_respond_with_content_type :json chris@37: should "not login as the user" do chris@37: assert_equal User.anonymous, User.current chris@37: end chris@37: end chris@37: chris@37: context "with a valid HTTP authentication" do chris@37: setup do chris@37: @user = User.generate_with_protected!(:password => 'my_password', :password_confirmation => 'my_password') chris@37: @authorization = ActionController::HttpAuthentication::Basic.encode_credentials(@user.login, 'my_password') chris@37: get "/news.json", nil, :authorization => @authorization chris@37: end chris@37: chris@37: should_respond_with :unauthorized chris@37: should_respond_with_content_type :json chris@37: should "not login as the user" do chris@37: assert_equal User.anonymous, User.current chris@37: end chris@37: end chris@37: chris@37: context "with a valid HTTP authentication using the API token" do chris@37: setup do chris@37: @user = User.generate_with_protected! chris@37: @token = Token.generate!(:user => @user, :action => 'api') chris@37: @authorization = ActionController::HttpAuthentication::Basic.encode_credentials(@token.value, 'DoesNotMatter') chris@37: get "/news.json", nil, :authorization => @authorization chris@37: end chris@37: chris@37: should_respond_with :unauthorized chris@37: should_respond_with_content_type :json chris@37: should "not login as the user" do chris@37: assert_equal User.anonymous, User.current chris@37: end chris@37: end chris@37: chris@37: end chris@37: end chris@37: end