def test_api_should_deny_without_credentials
get '/users/current.xml'
assert_response 401
- assert_equal User.anonymous, User.current
assert response.headers.has_key?('WWW-Authenticate')
end
end
get '/users/current.xml', :headers => credentials(user.login, 'my_password')
assert_response 200
- assert_equal user, User.current
end
def test_api_should_deny_http_basic_auth_using_username_and_wrong_password
end
get '/users/current.xml', :headers => credentials(user.login, 'wrong_password')
assert_response 401
- assert_equal User.anonymous, User.current
end
def test_api_should_accept_http_basic_auth_using_api_key
token = Token.create!(:user => user, :action => 'api')
get '/users/current.xml', :headers => credentials(token.value, 'X')
assert_response 200
- assert_equal user, User.current
end
def test_api_should_deny_http_basic_auth_using_wrong_api_key
token = Token.create!(:user => user, :action => 'feeds') # not the API key
get '/users/current.xml', :headers => credentials(token.value, 'X')
assert_response 401
- assert_equal User.anonymous, User.current
end
def test_api_should_accept_auth_using_api_key_as_parameter
token = Token.create!(:user => user, :action => 'api')
get "/users/current.xml?key=#{token.value}"
assert_response 200
- assert_equal user, User.current
end
def test_api_should_deny_auth_using_wrong_api_key_as_parameter
token = Token.create!(:user => user, :action => 'feeds') # not the API key
get "/users/current.xml?key=#{token.value}"
assert_response 401
- assert_equal User.anonymous, User.current
end
def test_api_should_accept_auth_using_api_key_as_request_header
token = Token.create!(:user => user, :action => 'api')
get "/users/current.xml", :headers => {'X-Redmine-API-Key' => token.value.to_s}
assert_response 200
- assert_equal user, User.current
end
def test_api_should_deny_auth_using_wrong_api_key_as_request_header
token = Token.create!(:user => user, :action => 'feeds') # not the API key
get "/users/current.xml", :headers => {'X-Redmine-API-Key' => token.value.to_s}
assert_response 401
- assert_equal User.anonymous, User.current
end
def test_api_should_trigger_basic_http_auth_with_basic_authorization_header
get '/users/current', :headers => {'X-Redmine-API-Key' => user.api_key, 'X-Redmine-Switch-User' => su.login}
assert_response :success
assert_select 'h2', :text => su.name
- assert_equal su, User.current
end
def test_api_should_respond_with_412_when_trying_to_switch_to_a_invalid_user
get '/users/current', :headers => {'X-Redmine-API-Key' => user.api_key, 'X-Redmine-Switch-User' => su.login}
assert_response :success
assert_select 'h2', :text => user.name
- assert_equal user, User.current
end
end
get "/news.xml?key=#{@token.value}"
assert_response :forbidden
- assert_equal User.anonymous, User.current
get "/news.json?key=#{@token.value}"
assert_response :forbidden
- assert_equal User.anonymous, User.current
end
def test_with_valid_username_password_http_authentication
get "/news.xml", :headers => credentials(@user.login, 'my_password')
assert_response :forbidden
- assert_equal User.anonymous, User.current
get "/news.json", :headers => credentials(@user.login, 'my_password')
assert_response :forbidden
- assert_equal User.anonymous, User.current
end
def test_with_valid_token_http_authentication
get "/news.xml", :headers => credentials(@token.value, 'X')
assert_response :forbidden
- assert_equal User.anonymous, User.current
get "/news.json", :headers => credentials(@token.value, 'X')
assert_response :forbidden
- assert_equal User.anonymous, User.current
end
end
projects / redmine.git / commitdiff