# Using the NewsController because it's a simple API.
context "get /news" do
-
context "in :xml format" do
- context "with a valid api token" do
- setup do
- @user = User.generate_with_protected!
- @token = Token.generate!(:user => @user, :action => 'api')
- get "/news.xml?key=#{@token.value}"
- end
-
- should_respond_with :success
- should_respond_with_content_type :xml
- should "login as the user" do
- assert_equal @user, User.current
- end
- end
-
- context "with an invalid api token" do
- setup do
- @user = User.generate_with_protected!
- @token = Token.generate!(:user => @user, :action => 'feeds')
- get "/news.xml?key=#{@token.value}"
- end
-
- should_respond_with :unauthorized
- should_respond_with_content_type :xml
- should "not login as the user" do
- assert_equal User.anonymous, User.current
- end
- end
+ should_allow_key_based_auth(:get, "/news.xml")
end
context "in :json format" do
- context "with a valid api token" do
- setup do
- @user = User.generate_with_protected!
- @token = Token.generate!(:user => @user, :action => 'api')
- get "/news.json?key=#{@token.value}"
- end
-
- should_respond_with :success
- should_respond_with_content_type :json
- should "login as the user" do
- assert_equal @user, User.current
- end
- end
-
- context "with an invalid api token" do
- setup do
- @user = User.generate_with_protected!
- @token = Token.generate!(:user => @user, :action => 'feeds')
- get "/news.json?key=#{@token.value}"
- end
-
- should_respond_with :unauthorized
- should_respond_with_content_type :json
- should "not login as the user" do
- assert_equal User.anonymous, User.current
- end
- end
+ should_allow_key_based_auth(:get, "/news.json")
end
-
end
end
assert !user.new_record?
end
end
+
+ # Test that a request allows full key authentication
+ #
+ # @param [Symbol] http_method the HTTP method for request (:get, :post, :put, :delete)
+ # @param [String] url the request url, without the key=ZXY parameter
+ def self.should_allow_key_based_auth(http_method, url)
+ context "should allow key based auth using key=X for #{url}" do
+ context "with a valid api token" do
+ setup do
+ @user = User.generate_with_protected!
+ @token = Token.generate!(:user => @user, :action => 'api')
+ send(http_method, url + "?key=#{@token.value}")
+ end
+
+ should_respond_with :success
+ should_respond_with_content_type_based_on_url(url)
+ should "login as the user" do
+ assert_equal @user, User.current
+ end
+ end
+
+ context "with an invalid api token" do
+ setup do
+ @user = User.generate_with_protected!
+ @token = Token.generate!(:user => @user, :action => 'feeds')
+ send(http_method, url + "?key=#{@token.value}")
+ end
+
+ should_respond_with :unauthorized
+ should_respond_with_content_type_based_on_url(url)
+ should "not login as the user" do
+ assert_equal User.anonymous, User.current
+ end
+ end
+ end
+
+ end
+
+ # Uses should_respond_with_content_type based on what's in the url:
+ #
+ # '/project/issues.xml' => should_respond_with_content_type :xml
+ # '/project/issues.json' => should_respond_with_content_type :json
+ #
+ # @param [String] url Request
+ def self.should_respond_with_content_type_based_on_url(url)
+ case
+ when url.match(/xml/i)
+ should_respond_with_content_type :xml
+ when url.match(/json/i)
+ should_respond_with_content_type :json
+ else
+ raise "Unknown content type for should_respond_with_content_type_based_on_url: #{url}"
+ end
+
+ end
end
# Simple module to "namespace" all of the API tests
projects / redmine.git / commitdiff