Chris@1494: # Redmine - project management software Chris@1494: # Copyright (C) 2006-2014 Jean-Philippe Lang Chris@1494: # Chris@1494: # This program is free software; you can redistribute it and/or Chris@1494: # modify it under the terms of the GNU General Public License Chris@1494: # as published by the Free Software Foundation; either version 2 Chris@1494: # of the License, or (at your option) any later version. Chris@1494: # Chris@1494: # This program is distributed in the hope that it will be useful, Chris@1494: # but WITHOUT ANY WARRANTY; without even the implied warranty of Chris@1494: # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the Chris@1494: # GNU General Public License for more details. Chris@1494: # Chris@1494: # You should have received a copy of the GNU General Public License Chris@1494: # along with this program; if not, write to the Free Software Chris@1494: # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. Chris@1494: Chris@1494: require File.expand_path('../../../test_helper', __FILE__) Chris@1494: Chris@1494: class Redmine::ApiTest::DisabledRestApiTest < Redmine::ApiTest::Base Chris@1494: fixtures :projects, :trackers, :issue_statuses, :issues, Chris@1494: :enumerations, :users, :issue_categories, Chris@1494: :projects_trackers, Chris@1494: :roles, Chris@1494: :member_roles, Chris@1494: :members, Chris@1494: :enabled_modules Chris@1494: Chris@1494: def setup Chris@1494: Setting.rest_api_enabled = '0' Chris@1494: Setting.login_required = '1' Chris@1494: end Chris@1494: Chris@1494: def teardown Chris@1494: Setting.rest_api_enabled = '1' Chris@1494: Setting.login_required = '0' Chris@1494: end Chris@1494: Chris@1494: def test_with_a_valid_api_token Chris@1494: @user = User.generate! Chris@1494: @token = Token.create!(:user => @user, :action => 'api') Chris@1494: Chris@1494: get "/news.xml?key=#{@token.value}" Chris@1494: assert_response :unauthorized Chris@1494: assert_equal User.anonymous, User.current Chris@1494: Chris@1494: get "/news.json?key=#{@token.value}" Chris@1494: assert_response :unauthorized Chris@1494: assert_equal User.anonymous, User.current Chris@1494: end Chris@1494: Chris@1494: def test_with_valid_username_password_http_authentication Chris@1494: @user = User.generate! do |user| Chris@1494: user.password = 'my_password' Chris@1494: end Chris@1494: Chris@1494: get "/news.xml", nil, credentials(@user.login, 'my_password') Chris@1494: assert_response :unauthorized Chris@1494: assert_equal User.anonymous, User.current Chris@1494: Chris@1494: get "/news.json", nil, credentials(@user.login, 'my_password') Chris@1494: assert_response :unauthorized Chris@1494: assert_equal User.anonymous, User.current Chris@1494: end Chris@1494: Chris@1494: def test_with_valid_token_http_authentication Chris@1494: @user = User.generate! Chris@1494: @token = Token.create!(:user => @user, :action => 'api') Chris@1494: Chris@1494: get "/news.xml", nil, credentials(@token.value, 'X') Chris@1494: assert_response :unauthorized Chris@1494: assert_equal User.anonymous, User.current Chris@1494: Chris@1494: get "/news.json", nil, credentials(@token.value, 'X') Chris@1494: assert_response :unauthorized Chris@1494: assert_equal User.anonymous, User.current Chris@1494: end Chris@1494: end