Chris@909: require File.expand_path('../../../test_helper', __FILE__) Chris@909: Chris@909: class ApiTest::DisabledRestApiTest < ActionController::IntegrationTest Chris@909: fixtures :projects, :trackers, :issue_statuses, :issues, Chris@909: :enumerations, :users, :issue_categories, Chris@909: :projects_trackers, Chris@909: :roles, Chris@909: :member_roles, Chris@909: :members, Chris@909: :enabled_modules, Chris@909: :workflows Chris@909: Chris@909: def setup Chris@909: Setting.rest_api_enabled = '0' Chris@909: Setting.login_required = '1' Chris@909: end Chris@909: Chris@909: def teardown Chris@909: Setting.rest_api_enabled = '1' Chris@909: Setting.login_required = '0' Chris@909: end Chris@909: Chris@909: # Using the NewsController because it's a simple API. Chris@909: context "get /news with the API disabled" do Chris@909: Chris@909: context "in :xml format" do Chris@909: context "with a valid api token" do Chris@909: setup do Chris@909: @user = User.generate_with_protected! Chris@909: @token = Token.generate!(:user => @user, :action => 'api') Chris@909: get "/news.xml?key=#{@token.value}" Chris@909: end Chris@909: Chris@909: should_respond_with :unauthorized Chris@909: should_respond_with_content_type :xml Chris@909: should "not login as the user" do Chris@909: assert_equal User.anonymous, User.current Chris@909: end Chris@909: end Chris@909: Chris@909: context "with a valid HTTP authentication" do Chris@909: setup do Chris@909: @user = User.generate_with_protected!(:password => 'my_password', :password_confirmation => 'my_password') Chris@909: @authorization = ActionController::HttpAuthentication::Basic.encode_credentials(@user.login, 'my_password') Chris@909: get "/news.xml", nil, :authorization => @authorization Chris@909: end Chris@909: Chris@909: should_respond_with :unauthorized Chris@909: should_respond_with_content_type :xml Chris@909: should "not login as the user" do Chris@909: assert_equal User.anonymous, User.current Chris@909: end Chris@909: end Chris@909: Chris@909: context "with a valid HTTP authentication using the API token" do Chris@909: setup do Chris@909: @user = User.generate_with_protected! Chris@909: @token = Token.generate!(:user => @user, :action => 'api') Chris@909: @authorization = ActionController::HttpAuthentication::Basic.encode_credentials(@token.value, 'X') Chris@909: get "/news.xml", nil, :authorization => @authorization Chris@909: end Chris@909: Chris@909: should_respond_with :unauthorized Chris@909: should_respond_with_content_type :xml Chris@909: should "not login as the user" do Chris@909: assert_equal User.anonymous, User.current Chris@909: end Chris@909: end Chris@909: end Chris@909: Chris@909: context "in :json format" do Chris@909: context "with a valid api token" do Chris@909: setup do Chris@909: @user = User.generate_with_protected! Chris@909: @token = Token.generate!(:user => @user, :action => 'api') Chris@909: get "/news.json?key=#{@token.value}" Chris@909: end Chris@909: Chris@909: should_respond_with :unauthorized Chris@909: should_respond_with_content_type :json Chris@909: should "not login as the user" do Chris@909: assert_equal User.anonymous, User.current Chris@909: end Chris@909: end Chris@909: Chris@909: context "with a valid HTTP authentication" do Chris@909: setup do Chris@909: @user = User.generate_with_protected!(:password => 'my_password', :password_confirmation => 'my_password') Chris@909: @authorization = ActionController::HttpAuthentication::Basic.encode_credentials(@user.login, 'my_password') Chris@909: get "/news.json", nil, :authorization => @authorization Chris@909: end Chris@909: Chris@909: should_respond_with :unauthorized Chris@909: should_respond_with_content_type :json Chris@909: should "not login as the user" do Chris@909: assert_equal User.anonymous, User.current Chris@909: end Chris@909: end Chris@909: Chris@909: context "with a valid HTTP authentication using the API token" do Chris@909: setup do Chris@909: @user = User.generate_with_protected! Chris@909: @token = Token.generate!(:user => @user, :action => 'api') Chris@909: @authorization = ActionController::HttpAuthentication::Basic.encode_credentials(@token.value, 'DoesNotMatter') Chris@909: get "/news.json", nil, :authorization => @authorization Chris@909: end Chris@909: Chris@909: should_respond_with :unauthorized Chris@909: should_respond_with_content_type :json Chris@909: should "not login as the user" do Chris@909: assert_equal User.anonymous, User.current Chris@909: end Chris@909: end Chris@909: Chris@909: end Chris@909: end Chris@909: end