Chris@1115: # Redmine - project management software Chris@1494: # Copyright (C) 2006-2014 Jean-Philippe Lang Chris@1115: # Chris@1115: # This program is free software; you can redistribute it and/or Chris@1115: # modify it under the terms of the GNU General Public License Chris@1115: # as published by the Free Software Foundation; either version 2 Chris@1115: # of the License, or (at your option) any later version. Chris@1115: # Chris@1115: # This program is distributed in the hope that it will be useful, Chris@1115: # but WITHOUT ANY WARRANTY; without even the implied warranty of Chris@1115: # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the Chris@1115: # GNU General Public License for more details. Chris@1115: # Chris@1115: # You should have received a copy of the GNU General Public License Chris@1115: # along with this program; if not, write to the Free Software Chris@1115: # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. Chris@1115: Chris@1115: require File.expand_path('../../../test_helper', __FILE__) Chris@1115: Chris@1464: class Redmine::ApiTest::AuthenticationTest < Redmine::ApiTest::Base Chris@1115: fixtures :users Chris@1115: Chris@1115: def setup Chris@1115: Setting.rest_api_enabled = '1' Chris@1115: end Chris@1115: Chris@1115: def teardown Chris@1115: Setting.rest_api_enabled = '0' Chris@1115: end Chris@1115: Chris@1115: def test_api_request_should_not_use_user_session Chris@1115: log_user('jsmith', 'jsmith') Chris@1115: Chris@1115: get '/users/current' Chris@1115: assert_response :success Chris@1115: Chris@1115: get '/users/current.json' Chris@1115: assert_response 401 Chris@1115: end Chris@1115: Chris@1115: def test_api_should_accept_switch_user_header_for_admin_user Chris@1115: user = User.find(1) Chris@1115: su = User.find(4) Chris@1115: Chris@1115: get '/users/current', {}, {'X-Redmine-API-Key' => user.api_key, 'X-Redmine-Switch-User' => su.login} Chris@1115: assert_response :success Chris@1115: assert_equal su, assigns(:user) Chris@1115: assert_equal su, User.current Chris@1115: end Chris@1115: Chris@1115: def test_api_should_respond_with_412_when_trying_to_switch_to_a_invalid_user Chris@1115: get '/users/current', {}, {'X-Redmine-API-Key' => User.find(1).api_key, 'X-Redmine-Switch-User' => 'foobar'} Chris@1115: assert_response 412 Chris@1115: end Chris@1115: Chris@1115: def test_api_should_respond_with_412_when_trying_to_switch_to_a_locked_user Chris@1115: user = User.find(5) Chris@1115: assert user.locked? Chris@1115: Chris@1115: get '/users/current', {}, {'X-Redmine-API-Key' => User.find(1).api_key, 'X-Redmine-Switch-User' => user.login} Chris@1115: assert_response 412 Chris@1115: end Chris@1115: Chris@1115: def test_api_should_not_accept_switch_user_header_for_non_admin_user Chris@1115: user = User.find(2) Chris@1115: su = User.find(4) Chris@1115: Chris@1115: get '/users/current', {}, {'X-Redmine-API-Key' => user.api_key, 'X-Redmine-Switch-User' => su.login} Chris@1115: assert_response :success Chris@1115: assert_equal user, assigns(:user) Chris@1115: assert_equal user, User.current Chris@1115: end Chris@1115: end