Setting.rest_api_enabled = '1'
Setting.login_required = '0'
end
-
+
# Using the NewsController because it's a simple API.
context "get /news with the API disabled" do
@token = Token.generate!(:user => @user, :action => 'api')
get "/news.xml?key=#{@token.value}"
end
-
+
should_respond_with :unauthorized
should_respond_with_content_type :xml
should "not login as the user" do
@authorization = ActionController::HttpAuthentication::Basic.encode_credentials(@user.login, 'my_password')
get "/news.xml", nil, :authorization => @authorization
end
-
+
should_respond_with :unauthorized
should_respond_with_content_type :xml
should "not login as the user" do
@authorization = ActionController::HttpAuthentication::Basic.encode_credentials(@token.value, 'X')
get "/news.xml", nil, :authorization => @authorization
end
-
+
should_respond_with :unauthorized
should_respond_with_content_type :xml
should "not login as the user" do
@token = Token.generate!(:user => @user, :action => 'api')
get "/news.json?key=#{@token.value}"
end
-
+
should_respond_with :unauthorized
should_respond_with_content_type :json
should "not login as the user" do
@authorization = ActionController::HttpAuthentication::Basic.encode_credentials(@user.login, 'my_password')
get "/news.json", nil, :authorization => @authorization
end
-
+
should_respond_with :unauthorized
should_respond_with_content_type :json
should "not login as the user" do
assert_equal User.anonymous, User.current
end
end
-
- end
+
+ end
end
end