Chris@1295: # Redmine - project management software Chris@1295: # Copyright (C) 2006-2013 Jean-Philippe Lang Chris@1295: # Chris@1295: # This program is free software; you can redistribute it and/or Chris@1295: # modify it under the terms of the GNU General Public License Chris@1295: # as published by the Free Software Foundation; either version 2 Chris@1295: # of the License, or (at your option) any later version. Chris@1295: # Chris@1295: # This program is distributed in the hope that it will be useful, Chris@1295: # but WITHOUT ANY WARRANTY; without even the implied warranty of Chris@1295: # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the Chris@1295: # GNU General Public License for more details. Chris@1295: # Chris@1295: # You should have received a copy of the GNU General Public License Chris@1295: # along with this program; if not, write to the Free Software Chris@1295: # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. Chris@1295: Chris@119: require File.expand_path('../../../test_helper', __FILE__) chris@37: Chris@1295: class Redmine::ApiTest::DisabledRestApiTest < Redmine::ApiTest::Base Chris@909: fixtures :projects, :trackers, :issue_statuses, :issues, Chris@909: :enumerations, :users, :issue_categories, Chris@909: :projects_trackers, Chris@909: :roles, Chris@909: :member_roles, Chris@909: :members, Chris@1295: :enabled_modules chris@37: chris@37: def setup chris@37: Setting.rest_api_enabled = '0' chris@37: Setting.login_required = '1' chris@37: end chris@37: chris@37: def teardown chris@37: Setting.rest_api_enabled = '1' chris@37: Setting.login_required = '0' chris@37: end Chris@909: Chris@1115: def test_with_a_valid_api_token Chris@1115: @user = User.generate! Chris@1115: @token = Token.create!(:user => @user, :action => 'api') chris@37: Chris@1115: get "/news.xml?key=#{@token.value}" Chris@1115: assert_response :unauthorized Chris@1115: assert_equal User.anonymous, User.current Chris@909: Chris@1115: get "/news.json?key=#{@token.value}" Chris@1115: assert_response :unauthorized Chris@1115: assert_equal User.anonymous, User.current Chris@1115: end chris@37: Chris@1115: def test_with_valid_username_password_http_authentication Chris@1115: @user = User.generate! do |user| Chris@1115: user.password = 'my_password' chris@37: end chris@37: Chris@1115: get "/news.xml", nil, credentials(@user.login, 'my_password') Chris@1115: assert_response :unauthorized Chris@1115: assert_equal User.anonymous, User.current Chris@909: Chris@1115: get "/news.json", nil, credentials(@user.login, 'my_password') Chris@1115: assert_response :unauthorized Chris@1115: assert_equal User.anonymous, User.current Chris@1115: end chris@37: Chris@1115: def test_with_valid_token_http_authentication Chris@1115: @user = User.generate! Chris@1115: @token = Token.create!(:user => @user, :action => 'api') Chris@909: Chris@1115: get "/news.xml", nil, credentials(@token.value, 'X') Chris@1115: assert_response :unauthorized Chris@1115: assert_equal User.anonymous, User.current chris@37: Chris@1115: get "/news.json", nil, credentials(@token.value, 'X') Chris@1115: assert_response :unauthorized Chris@1115: assert_equal User.anonymous, User.current chris@37: end chris@37: end