--- /dev/null
+require "#{File.dirname(__FILE__)}/../../test_helper"
+
+class ApiTest::DisabledRestApiTest < ActionController::IntegrationTest
+ fixtures :all
+
+ def setup
+ Setting.rest_api_enabled = '0'
+ Setting.login_required = '1'
+ end
+
+ def teardown
+ Setting.rest_api_enabled = '1'
+ Setting.login_required = '0'
+ end
+
+ # Using the NewsController because it's a simple API.
+ context "get /news with the API disabled" do
+
+ context "in :xml format" do
+ context "with a valid api token" do
+ setup do
+ @user = User.generate_with_protected!
+ @token = Token.generate!(:user => @user, :action => 'api')
+ get "/news.xml?key=#{@token.value}"
+ end
+
+ should_respond_with :unauthorized
+ should_respond_with_content_type :xml
+ should "not login as the user" do
+ assert_equal User.anonymous, User.current
+ end
+ end
+
+ context "with a valid HTTP authentication" do
+ setup do
+ @user = User.generate_with_protected!(:password => 'my_password', :password_confirmation => 'my_password')
+ @authorization = ActionController::HttpAuthentication::Basic.encode_credentials(@user.login, 'my_password')
+ get "/news.xml", nil, :authorization => @authorization
+ end
+
+ should_respond_with :unauthorized
+ should_respond_with_content_type :xml
+ should "not login as the user" do
+ assert_equal User.anonymous, User.current
+ end
+ end
+
+ context "with a valid HTTP authentication using the API token" do
+ setup do
+ @user = User.generate_with_protected!
+ @token = Token.generate!(:user => @user, :action => 'api')
+ @authorization = ActionController::HttpAuthentication::Basic.encode_credentials(@token.value, 'X')
+ get "/news.xml", nil, :authorization => @authorization
+ end
+
+ should_respond_with :unauthorized
+ should_respond_with_content_type :xml
+ should "not login as the user" do
+ assert_equal User.anonymous, User.current
+ end
+ end
+ end
+
+ context "in :json format" do
+ context "with a valid api token" do
+ setup do
+ @user = User.generate_with_protected!
+ @token = Token.generate!(:user => @user, :action => 'api')
+ get "/news.json?key=#{@token.value}"
+ end
+
+ should_respond_with :unauthorized
+ should_respond_with_content_type :json
+ should "not login as the user" do
+ assert_equal User.anonymous, User.current
+ end
+ end
+
+ context "with a valid HTTP authentication" do
+ setup do
+ @user = User.generate_with_protected!(:password => 'my_password', :password_confirmation => 'my_password')
+ @authorization = ActionController::HttpAuthentication::Basic.encode_credentials(@user.login, 'my_password')
+ get "/news.json", nil, :authorization => @authorization
+ end
+
+ should_respond_with :unauthorized
+ should_respond_with_content_type :json
+ should "not login as the user" do
+ assert_equal User.anonymous, User.current
+ end
+ end
+
+ context "with a valid HTTP authentication using the API token" do
+ setup do
+ @user = User.generate_with_protected!
+ @token = Token.generate!(:user => @user, :action => 'api')
+ @authorization = ActionController::HttpAuthentication::Basic.encode_credentials(@token.value, 'DoesNotMatter')
+ get "/news.json", nil, :authorization => @authorization
+ end
+
+ should_respond_with :unauthorized
+ should_respond_with_content_type :json
+ should "not login as the user" do
+ assert_equal User.anonymous, User.current
+ end
+ end
+
+ end
+ end
+end
--- /dev/null
+require "#{File.dirname(__FILE__)}/../../test_helper"
+
+class ApiTest::HttpBasicLoginTest < ActionController::IntegrationTest
+ fixtures :all
+
+ def setup
+ Setting.rest_api_enabled = '1'
+ Setting.login_required = '1'
+ end
+
+ def teardown
+ Setting.rest_api_enabled = '0'
+ Setting.login_required = '0'
+ end
+
+ # Using the NewsController because it's a simple API.
+ context "get /news" do
+
+ context "in :xml format" do
+ context "with a valid HTTP authentication" do
+ setup do
+ @user = User.generate_with_protected!(:password => 'my_password', :password_confirmation => 'my_password')
+ @authorization = ActionController::HttpAuthentication::Basic.encode_credentials(@user.login, 'my_password')
+ get "/news.xml", nil, :authorization => @authorization
+ end
+
+ should_respond_with :success
+ should_respond_with_content_type :xml
+ should "login as the user" do
+ assert_equal @user, User.current
+ end
+ end
+
+ context "with an invalid HTTP authentication" do
+ setup do
+ @user = User.generate_with_protected!
+ @authorization = ActionController::HttpAuthentication::Basic.encode_credentials(@user.login, 'wrong_password')
+ get "/news.xml", nil, :authorization => @authorization
+ end
+
+ should_respond_with :unauthorized
+ should_respond_with_content_type :xml
+ should "not login as the user" do
+ assert_equal User.anonymous, User.current
+ end
+ end
+
+ context "without credentials" do
+ setup do
+ get "/projects/onlinestore/news.xml"
+ end
+
+ should_respond_with :unauthorized
+ should_respond_with_content_type :xml
+ should "include_www_authenticate_header" do
+ assert @controller.response.headers.has_key?('WWW-Authenticate')
+ end
+ end
+ end
+
+ context "in :json format" do
+ context "with a valid HTTP authentication" do
+ setup do
+ @user = User.generate_with_protected!(:password => 'my_password', :password_confirmation => 'my_password')
+ @authorization = ActionController::HttpAuthentication::Basic.encode_credentials(@user.login, 'my_password')
+ get "/news.json", nil, :authorization => @authorization
+ end
+
+ should_respond_with :success
+ should_respond_with_content_type :json
+ should "login as the user" do
+ assert_equal @user, User.current
+ end
+ end
+
+ context "with an invalid HTTP authentication" do
+ setup do
+ @user = User.generate_with_protected!
+ @authorization = ActionController::HttpAuthentication::Basic.encode_credentials(@user.login, 'wrong_password')
+ get "/news.json", nil, :authorization => @authorization
+ end
+
+ should_respond_with :unauthorized
+ should_respond_with_content_type :json
+ should "not login as the user" do
+ assert_equal User.anonymous, User.current
+ end
+ end
+ end
+
+ context "without credentials" do
+ setup do
+ get "/projects/onlinestore/news.json"
+ end
+
+ should_respond_with :unauthorized
+ should_respond_with_content_type :json
+ should "include_www_authenticate_header" do
+ assert @controller.response.headers.has_key?('WWW-Authenticate')
+ end
+ end
+ end
+end
--- /dev/null
+require "#{File.dirname(__FILE__)}/../../test_helper"
+
+class ApiTest::HttpBasicLoginWithApiTokenTest < ActionController::IntegrationTest
+ fixtures :all
+
+ def setup
+ Setting.rest_api_enabled = '1'
+ Setting.login_required = '1'
+ end
+
+ def teardown
+ Setting.rest_api_enabled = '0'
+ Setting.login_required = '0'
+ end
+
+ # Using the NewsController because it's a simple API.
+ context "get /news" do
+
+ context "in :xml format" do
+ context "with a valid HTTP authentication using the API token" do
+ setup do
+ @user = User.generate_with_protected!
+ @token = Token.generate!(:user => @user, :action => 'api')
+ @authorization = ActionController::HttpAuthentication::Basic.encode_credentials(@token.value, 'X')
+ get "/news.xml", nil, :authorization => @authorization
+ end
+
+ should_respond_with :success
+ should_respond_with_content_type :xml
+ should "login as the user" do
+ assert_equal @user, User.current
+ end
+ end
+
+ context "with an invalid HTTP authentication" do
+ setup do
+ @user = User.generate_with_protected!
+ @token = Token.generate!(:user => @user, :action => 'feeds')
+ @authorization = ActionController::HttpAuthentication::Basic.encode_credentials(@token.value, 'X')
+ get "/news.xml", nil, :authorization => @authorization
+ end
+
+ should_respond_with :unauthorized
+ should_respond_with_content_type :xml
+ should "not login as the user" do
+ assert_equal User.anonymous, User.current
+ end
+ end
+ end
+
+ context "in :json format" do
+ context "with a valid HTTP authentication" do
+ setup do
+ @user = User.generate_with_protected!
+ @token = Token.generate!(:user => @user, :action => 'api')
+ @authorization = ActionController::HttpAuthentication::Basic.encode_credentials(@token.value, 'DoesNotMatter')
+ get "/news.json", nil, :authorization => @authorization
+ end
+
+ should_respond_with :success
+ should_respond_with_content_type :json
+ should "login as the user" do
+ assert_equal @user, User.current
+ end
+ end
+
+ context "with an invalid HTTP authentication" do
+ setup do
+ @user = User.generate_with_protected!
+ @token = Token.generate!(:user => @user, :action => 'feeds')
+ @authorization = ActionController::HttpAuthentication::Basic.encode_credentials(@token.value, 'DoesNotMatter')
+ get "/news.json", nil, :authorization => @authorization
+ end
+
+ should_respond_with :unauthorized
+ should_respond_with_content_type :json
+ should "not login as the user" do
+ assert_equal User.anonymous, User.current
+ end
+ end
+ end
+
+ end
+end
--- /dev/null
+# Redmine - project management software
+# Copyright (C) 2006-2010 Jean-Philippe Lang
+#
+# This program is free software; you can redistribute it and/or
+# modify it under the terms of the GNU General Public License
+# as published by the Free Software Foundation; either version 2
+# of the License, or (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
+
+require "#{File.dirname(__FILE__)}/../../test_helper"
+
+class ApiTest::IssuesTest < ActionController::IntegrationTest
+ fixtures :projects,
+ :users,
+ :roles,
+ :members,
+ :member_roles,
+ :issues,
+ :issue_statuses,
+ :versions,
+ :trackers,
+ :projects_trackers,
+ :issue_categories,
+ :enabled_modules,
+ :enumerations,
+ :attachments,
+ :workflows,
+ :custom_fields,
+ :custom_values,
+ :custom_fields_projects,
+ :custom_fields_trackers,
+ :time_entries,
+ :journals,
+ :journal_details,
+ :queries
+
+ def setup
+ Setting.rest_api_enabled = '1'
+ end
+
+ context "/index.xml" do
+ setup do
+ get '/issues.xml'
+ end
+
+ should_respond_with :success
+ should_respond_with_content_type 'application/xml'
+ end
+
+ context "/index.json" do
+ setup do
+ get '/issues.json'
+ end
+
+ should_respond_with :success
+ should_respond_with_content_type 'application/json'
+
+ should 'return a valid JSON string' do
+ assert ActiveSupport::JSON.decode(response.body)
+ end
+ end
+
+ context "/index.xml with filter" do
+ setup do
+ get '/issues.xml?status_id=5'
+ end
+
+ should_respond_with :success
+ should_respond_with_content_type 'application/xml'
+ should "show only issues with the status_id" do
+ assert_tag :tag => 'issues',
+ :children => { :count => Issue.visible.count(:conditions => {:status_id => 5}),
+ :only => { :tag => 'issue' } }
+ end
+ end
+
+ context "/index.json with filter" do
+ setup do
+ get '/issues.json?status_id=5'
+ end
+
+ should_respond_with :success
+ should_respond_with_content_type 'application/json'
+
+ should 'return a valid JSON string' do
+ assert ActiveSupport::JSON.decode(response.body)
+ end
+
+ should "show only issues with the status_id" do
+ json = ActiveSupport::JSON.decode(response.body)
+ status_ids_used = json.collect {|j| j['status_id'] }
+ assert_equal 3, status_ids_used.length
+ assert status_ids_used.all? {|id| id == 5 }
+ end
+
+ end
+
+ context "/issues/1.xml" do
+ setup do
+ get '/issues/1.xml'
+ end
+
+ should_respond_with :success
+ should_respond_with_content_type 'application/xml'
+ end
+
+ context "/issues/1.json" do
+ setup do
+ get '/issues/1.json'
+ end
+
+ should_respond_with :success
+ should_respond_with_content_type 'application/json'
+
+ should 'return a valid JSON string' do
+ assert ActiveSupport::JSON.decode(response.body)
+ end
+ end
+
+ context "POST /issues.xml" do
+ setup do
+ @issue_count = Issue.count
+ @attributes = {:project_id => 1, :subject => 'API test', :tracker_id => 2, :status_id => 3}
+ post '/issues.xml', {:issue => @attributes}, :authorization => credentials('jsmith')
+ end
+
+ should_respond_with :created
+ should_respond_with_content_type 'application/xml'
+
+ should "create an issue with the attributes" do
+ assert_equal Issue.count, @issue_count + 1
+
+ issue = Issue.first(:order => 'id DESC')
+ @attributes.each do |attribute, value|
+ assert_equal value, issue.send(attribute)
+ end
+ end
+ end
+
+ context "POST /issues.xml with failure" do
+ setup do
+ @attributes = {:project_id => 1}
+ post '/issues.xml', {:issue => @attributes}, :authorization => credentials('jsmith')
+ end
+
+ should_respond_with :unprocessable_entity
+ should_respond_with_content_type 'application/xml'
+
+ should "have an errors tag" do
+ assert_tag :errors, :child => {:tag => 'error', :content => "Subject can't be blank"}
+ end
+ end
+
+ context "POST /issues.json" do
+ setup do
+ @issue_count = Issue.count
+ @attributes = {:project_id => 1, :subject => 'API test', :tracker_id => 2, :status_id => 3}
+ post '/issues.json', {:issue => @attributes}, :authorization => credentials('jsmith')
+ end
+
+ should_respond_with :created
+ should_respond_with_content_type 'application/json'
+
+ should "create an issue with the attributes" do
+ assert_equal Issue.count, @issue_count + 1
+
+ issue = Issue.first(:order => 'id DESC')
+ @attributes.each do |attribute, value|
+ assert_equal value, issue.send(attribute)
+ end
+ end
+ end
+
+ context "POST /issues.json with failure" do
+ setup do
+ @attributes = {:project_id => 1}
+ post '/issues.json', {:issue => @attributes}, :authorization => credentials('jsmith')
+ end
+
+ should_respond_with :unprocessable_entity
+ should_respond_with_content_type 'application/json'
+
+ should "have an errors element" do
+ json = ActiveSupport::JSON.decode(response.body)
+ assert_equal "can't be blank", json.first['subject']
+ end
+ end
+
+ context "PUT /issues/1.xml" do
+ setup do
+ @issue_count = Issue.count
+ @journal_count = Journal.count
+ @attributes = {:subject => 'API update', :notes => 'A new note'}
+
+ put '/issues/1.xml', {:issue => @attributes}, :authorization => credentials('jsmith')
+ end
+
+ should_respond_with :ok
+ should_respond_with_content_type 'application/xml'
+
+ should "not create a new issue" do
+ assert_equal Issue.count, @issue_count
+ end
+
+ should "create a new journal" do
+ assert_equal Journal.count, @journal_count + 1
+ end
+
+ should "add the note to the journal" do
+ journal = Journal.last
+ assert_equal "A new note", journal.notes
+ end
+
+ should "update the issue" do
+ issue = Issue.find(1)
+ @attributes.each do |attribute, value|
+ assert_equal value, issue.send(attribute) unless attribute == :notes
+ end
+ end
+
+ end
+
+ context "PUT /issues/1.xml with failed update" do
+ setup do
+ @attributes = {:subject => ''}
+ @issue_count = Issue.count
+ @journal_count = Journal.count
+
+ put '/issues/1.xml', {:issue => @attributes}, :authorization => credentials('jsmith')
+ end
+
+ should_respond_with :unprocessable_entity
+ should_respond_with_content_type 'application/xml'
+
+ should "not create a new issue" do
+ assert_equal Issue.count, @issue_count
+ end
+
+ should "not create a new journal" do
+ assert_equal Journal.count, @journal_count
+ end
+
+ should "have an errors tag" do
+ assert_tag :errors, :child => {:tag => 'error', :content => "Subject can't be blank"}
+ end
+ end
+
+ context "PUT /issues/1.json" do
+ setup do
+ @issue_count = Issue.count
+ @journal_count = Journal.count
+ @attributes = {:subject => 'API update', :notes => 'A new note'}
+
+ put '/issues/1.json', {:issue => @attributes}, :authorization => credentials('jsmith')
+ end
+
+ should_respond_with :ok
+ should_respond_with_content_type 'application/json'
+
+ should "not create a new issue" do
+ assert_equal Issue.count, @issue_count
+ end
+
+ should "create a new journal" do
+ assert_equal Journal.count, @journal_count + 1
+ end
+
+ should "add the note to the journal" do
+ journal = Journal.last
+ assert_equal "A new note", journal.notes
+ end
+
+ should "update the issue" do
+ issue = Issue.find(1)
+ @attributes.each do |attribute, value|
+ assert_equal value, issue.send(attribute) unless attribute == :notes
+ end
+ end
+
+ end
+
+ context "PUT /issues/1.json with failed update" do
+ setup do
+ @attributes = {:subject => ''}
+ @issue_count = Issue.count
+ @journal_count = Journal.count
+
+ put '/issues/1.json', {:issue => @attributes}, :authorization => credentials('jsmith')
+ end
+
+ should_respond_with :unprocessable_entity
+ should_respond_with_content_type 'application/json'
+
+ should "not create a new issue" do
+ assert_equal Issue.count, @issue_count
+ end
+
+ should "not create a new journal" do
+ assert_equal Journal.count, @journal_count
+ end
+
+ should "have an errors attribute" do
+ json = ActiveSupport::JSON.decode(response.body)
+ assert_equal "can't be blank", json.first['subject']
+ end
+ end
+
+ context "DELETE /issues/1.xml" do
+ setup do
+ @issue_count = Issue.count
+ delete '/issues/1.xml', {}, :authorization => credentials('jsmith')
+ end
+
+ should_respond_with :ok
+ should_respond_with_content_type 'application/xml'
+
+ should "delete the issue" do
+ assert_equal Issue.count, @issue_count -1
+ assert_nil Issue.find_by_id(1)
+ end
+ end
+
+ context "DELETE /issues/1.json" do
+ setup do
+ @issue_count = Issue.count
+ delete '/issues/1.json', {}, :authorization => credentials('jsmith')
+ end
+
+ should_respond_with :ok
+ should_respond_with_content_type 'application/json'
+
+ should "delete the issue" do
+ assert_equal Issue.count, @issue_count -1
+ assert_nil Issue.find_by_id(1)
+ end
+ end
+
+ def credentials(user, password=nil)
+ ActionController::HttpAuthentication::Basic.encode_credentials(user, password || user)
+ end
+end
--- /dev/null
+# Redmine - project management software
+# Copyright (C) 2006-2010 Jean-Philippe Lang
+#
+# This program is free software; you can redistribute it and/or
+# modify it under the terms of the GNU General Public License
+# as published by the Free Software Foundation; either version 2
+# of the License, or (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
+
+require "#{File.dirname(__FILE__)}/../../test_helper"
+
+class ApiTest::ProjectsTest < ActionController::IntegrationTest
+ fixtures :projects, :versions, :users, :roles, :members, :member_roles, :issues, :journals, :journal_details,
+ :trackers, :projects_trackers, :issue_statuses, :enabled_modules, :enumerations, :boards, :messages,
+ :attachments, :custom_fields, :custom_values, :time_entries
+
+ def setup
+ Setting.rest_api_enabled = '1'
+ end
+
+ def test_index
+ get '/projects.xml'
+ assert_response :success
+ assert_equal 'application/xml', @response.content_type
+ end
+
+ def test_show
+ get '/projects/1.xml'
+ assert_response :success
+ assert_equal 'application/xml', @response.content_type
+ end
+
+ def test_create
+ attributes = {:name => 'API test', :identifier => 'api-test'}
+ assert_difference 'Project.count' do
+ post '/projects.xml', {:project => attributes}, :authorization => credentials('admin')
+ end
+ assert_response :created
+ assert_equal 'application/xml', @response.content_type
+ project = Project.first(:order => 'id DESC')
+ attributes.each do |attribute, value|
+ assert_equal value, project.send(attribute)
+ end
+ end
+
+ def test_create_failure
+ attributes = {:name => 'API test'}
+ assert_no_difference 'Project.count' do
+ post '/projects.xml', {:project => attributes}, :authorization => credentials('admin')
+ end
+ assert_response :unprocessable_entity
+ assert_equal 'application/xml', @response.content_type
+ assert_tag :errors, :child => {:tag => 'error', :content => "Identifier can't be blank"}
+ end
+
+ def test_update
+ attributes = {:name => 'API update'}
+ assert_no_difference 'Project.count' do
+ put '/projects/1.xml', {:project => attributes}, :authorization => credentials('jsmith')
+ end
+ assert_response :ok
+ assert_equal 'application/xml', @response.content_type
+ project = Project.find(1)
+ attributes.each do |attribute, value|
+ assert_equal value, project.send(attribute)
+ end
+ end
+
+ def test_update_failure
+ attributes = {:name => ''}
+ assert_no_difference 'Project.count' do
+ put '/projects/1.xml', {:project => attributes}, :authorization => credentials('jsmith')
+ end
+ assert_response :unprocessable_entity
+ assert_equal 'application/xml', @response.content_type
+ assert_tag :errors, :child => {:tag => 'error', :content => "Name can't be blank"}
+ end
+
+ def test_destroy
+ assert_difference 'Project.count', -1 do
+ delete '/projects/2.xml', {}, :authorization => credentials('admin')
+ end
+ assert_response :ok
+ assert_equal 'application/xml', @response.content_type
+ assert_nil Project.find_by_id(2)
+ end
+
+ def credentials(user, password=nil)
+ ActionController::HttpAuthentication::Basic.encode_credentials(user, password || user)
+ end
+end
--- /dev/null
+require "#{File.dirname(__FILE__)}/../../test_helper"
+
+class ApiTest::TokenAuthenticationTest < ActionController::IntegrationTest
+ fixtures :all
+
+ def setup
+ Setting.rest_api_enabled = '1'
+ Setting.login_required = '1'
+ end
+
+ def teardown
+ Setting.rest_api_enabled = '0'
+ Setting.login_required = '0'
+ end
+
+ # Using the NewsController because it's a simple API.
+ context "get /news" do
+
+ context "in :xml format" do
+ context "with a valid api token" do
+ setup do
+ @user = User.generate_with_protected!
+ @token = Token.generate!(:user => @user, :action => 'api')
+ get "/news.xml?key=#{@token.value}"
+ end
+
+ should_respond_with :success
+ should_respond_with_content_type :xml
+ should "login as the user" do
+ assert_equal @user, User.current
+ end
+ end
+
+ context "with an invalid api token" do
+ setup do
+ @user = User.generate_with_protected!
+ @token = Token.generate!(:user => @user, :action => 'feeds')
+ get "/news.xml?key=#{@token.value}"
+ end
+
+ should_respond_with :unauthorized
+ should_respond_with_content_type :xml
+ should "not login as the user" do
+ assert_equal User.anonymous, User.current
+ end
+ end
+ end
+
+ context "in :json format" do
+ context "with a valid api token" do
+ setup do
+ @user = User.generate_with_protected!
+ @token = Token.generate!(:user => @user, :action => 'api')
+ get "/news.json?key=#{@token.value}"
+ end
+
+ should_respond_with :success
+ should_respond_with_content_type :json
+ should "login as the user" do
+ assert_equal @user, User.current
+ end
+ end
+
+ context "with an invalid api token" do
+ setup do
+ @user = User.generate_with_protected!
+ @token = Token.generate!(:user => @user, :action => 'feeds')
+ get "/news.json?key=#{@token.value}"
+ end
+
+ should_respond_with :unauthorized
+ should_respond_with_content_type :json
+ should "not login as the user" do
+ assert_equal User.anonymous, User.current
+ end
+ end
+ end
+
+ end
+end
+++ /dev/null
-require "#{File.dirname(__FILE__)}/../test_helper"
-
-class ApiTokenLoginTest < ActionController::IntegrationTest
- fixtures :all
-
- def setup
- Setting.rest_api_enabled = '1'
- Setting.login_required = '1'
- end
-
- def teardown
- Setting.rest_api_enabled = '0'
- Setting.login_required = '0'
- end
-
- # Using the NewsController because it's a simple API.
- context "get /news" do
-
- context "in :xml format" do
- context "with a valid api token" do
- setup do
- @user = User.generate_with_protected!
- @token = Token.generate!(:user => @user, :action => 'api')
- get "/news.xml?key=#{@token.value}"
- end
-
- should_respond_with :success
- should_respond_with_content_type :xml
- should "login as the user" do
- assert_equal @user, User.current
- end
- end
-
- context "with an invalid api token" do
- setup do
- @user = User.generate_with_protected!
- @token = Token.generate!(:user => @user, :action => 'feeds')
- get "/news.xml?key=#{@token.value}"
- end
-
- should_respond_with :unauthorized
- should_respond_with_content_type :xml
- should "not login as the user" do
- assert_equal User.anonymous, User.current
- end
- end
- end
-
- context "in :json format" do
- context "with a valid api token" do
- setup do
- @user = User.generate_with_protected!
- @token = Token.generate!(:user => @user, :action => 'api')
- get "/news.json?key=#{@token.value}"
- end
-
- should_respond_with :success
- should_respond_with_content_type :json
- should "login as the user" do
- assert_equal @user, User.current
- end
- end
-
- context "with an invalid api token" do
- setup do
- @user = User.generate_with_protected!
- @token = Token.generate!(:user => @user, :action => 'feeds')
- get "/news.json?key=#{@token.value}"
- end
-
- should_respond_with :unauthorized
- should_respond_with_content_type :json
- should "not login as the user" do
- assert_equal User.anonymous, User.current
- end
- end
- end
-
- end
-end
+++ /dev/null
-require "#{File.dirname(__FILE__)}/../test_helper"
-
-class DisabledRestApi < ActionController::IntegrationTest
- fixtures :all
-
- def setup
- Setting.rest_api_enabled = '0'
- Setting.login_required = '1'
- end
-
- def teardown
- Setting.rest_api_enabled = '1'
- Setting.login_required = '0'
- end
-
- # Using the NewsController because it's a simple API.
- context "get /news with the API disabled" do
-
- context "in :xml format" do
- context "with a valid api token" do
- setup do
- @user = User.generate_with_protected!
- @token = Token.generate!(:user => @user, :action => 'api')
- get "/news.xml?key=#{@token.value}"
- end
-
- should_respond_with :unauthorized
- should_respond_with_content_type :xml
- should "not login as the user" do
- assert_equal User.anonymous, User.current
- end
- end
-
- context "with a valid HTTP authentication" do
- setup do
- @user = User.generate_with_protected!(:password => 'my_password', :password_confirmation => 'my_password')
- @authorization = ActionController::HttpAuthentication::Basic.encode_credentials(@user.login, 'my_password')
- get "/news.xml", nil, :authorization => @authorization
- end
-
- should_respond_with :unauthorized
- should_respond_with_content_type :xml
- should "not login as the user" do
- assert_equal User.anonymous, User.current
- end
- end
-
- context "with a valid HTTP authentication using the API token" do
- setup do
- @user = User.generate_with_protected!
- @token = Token.generate!(:user => @user, :action => 'api')
- @authorization = ActionController::HttpAuthentication::Basic.encode_credentials(@token.value, 'X')
- get "/news.xml", nil, :authorization => @authorization
- end
-
- should_respond_with :unauthorized
- should_respond_with_content_type :xml
- should "not login as the user" do
- assert_equal User.anonymous, User.current
- end
- end
- end
-
- context "in :json format" do
- context "with a valid api token" do
- setup do
- @user = User.generate_with_protected!
- @token = Token.generate!(:user => @user, :action => 'api')
- get "/news.json?key=#{@token.value}"
- end
-
- should_respond_with :unauthorized
- should_respond_with_content_type :json
- should "not login as the user" do
- assert_equal User.anonymous, User.current
- end
- end
-
- context "with a valid HTTP authentication" do
- setup do
- @user = User.generate_with_protected!(:password => 'my_password', :password_confirmation => 'my_password')
- @authorization = ActionController::HttpAuthentication::Basic.encode_credentials(@user.login, 'my_password')
- get "/news.json", nil, :authorization => @authorization
- end
-
- should_respond_with :unauthorized
- should_respond_with_content_type :json
- should "not login as the user" do
- assert_equal User.anonymous, User.current
- end
- end
-
- context "with a valid HTTP authentication using the API token" do
- setup do
- @user = User.generate_with_protected!
- @token = Token.generate!(:user => @user, :action => 'api')
- @authorization = ActionController::HttpAuthentication::Basic.encode_credentials(@token.value, 'DoesNotMatter')
- get "/news.json", nil, :authorization => @authorization
- end
-
- should_respond_with :unauthorized
- should_respond_with_content_type :json
- should "not login as the user" do
- assert_equal User.anonymous, User.current
- end
- end
-
- end
- end
-end
+++ /dev/null
-require "#{File.dirname(__FILE__)}/../test_helper"
-
-class HttpBasicLoginTest < ActionController::IntegrationTest
- fixtures :all
-
- def setup
- Setting.rest_api_enabled = '1'
- Setting.login_required = '1'
- end
-
- def teardown
- Setting.rest_api_enabled = '0'
- Setting.login_required = '0'
- end
-
- # Using the NewsController because it's a simple API.
- context "get /news" do
-
- context "in :xml format" do
- context "with a valid HTTP authentication" do
- setup do
- @user = User.generate_with_protected!(:password => 'my_password', :password_confirmation => 'my_password')
- @authorization = ActionController::HttpAuthentication::Basic.encode_credentials(@user.login, 'my_password')
- get "/news.xml", nil, :authorization => @authorization
- end
-
- should_respond_with :success
- should_respond_with_content_type :xml
- should "login as the user" do
- assert_equal @user, User.current
- end
- end
-
- context "with an invalid HTTP authentication" do
- setup do
- @user = User.generate_with_protected!
- @authorization = ActionController::HttpAuthentication::Basic.encode_credentials(@user.login, 'wrong_password')
- get "/news.xml", nil, :authorization => @authorization
- end
-
- should_respond_with :unauthorized
- should_respond_with_content_type :xml
- should "not login as the user" do
- assert_equal User.anonymous, User.current
- end
- end
-
- context "without credentials" do
- setup do
- get "/projects/onlinestore/news.xml"
- end
-
- should_respond_with :unauthorized
- should_respond_with_content_type :xml
- should "include_www_authenticate_header" do
- assert @controller.response.headers.has_key?('WWW-Authenticate')
- end
- end
- end
-
- context "in :json format" do
- context "with a valid HTTP authentication" do
- setup do
- @user = User.generate_with_protected!(:password => 'my_password', :password_confirmation => 'my_password')
- @authorization = ActionController::HttpAuthentication::Basic.encode_credentials(@user.login, 'my_password')
- get "/news.json", nil, :authorization => @authorization
- end
-
- should_respond_with :success
- should_respond_with_content_type :json
- should "login as the user" do
- assert_equal @user, User.current
- end
- end
-
- context "with an invalid HTTP authentication" do
- setup do
- @user = User.generate_with_protected!
- @authorization = ActionController::HttpAuthentication::Basic.encode_credentials(@user.login, 'wrong_password')
- get "/news.json", nil, :authorization => @authorization
- end
-
- should_respond_with :unauthorized
- should_respond_with_content_type :json
- should "not login as the user" do
- assert_equal User.anonymous, User.current
- end
- end
- end
-
- context "without credentials" do
- setup do
- get "/projects/onlinestore/news.json"
- end
-
- should_respond_with :unauthorized
- should_respond_with_content_type :json
- should "include_www_authenticate_header" do
- assert @controller.response.headers.has_key?('WWW-Authenticate')
- end
- end
- end
-end
+++ /dev/null
-require "#{File.dirname(__FILE__)}/../test_helper"
-
-class HttpBasicLoginWithApiTokenTest < ActionController::IntegrationTest
- fixtures :all
-
- def setup
- Setting.rest_api_enabled = '1'
- Setting.login_required = '1'
- end
-
- def teardown
- Setting.rest_api_enabled = '0'
- Setting.login_required = '0'
- end
-
- # Using the NewsController because it's a simple API.
- context "get /news" do
-
- context "in :xml format" do
- context "with a valid HTTP authentication using the API token" do
- setup do
- @user = User.generate_with_protected!
- @token = Token.generate!(:user => @user, :action => 'api')
- @authorization = ActionController::HttpAuthentication::Basic.encode_credentials(@token.value, 'X')
- get "/news.xml", nil, :authorization => @authorization
- end
-
- should_respond_with :success
- should_respond_with_content_type :xml
- should "login as the user" do
- assert_equal @user, User.current
- end
- end
-
- context "with an invalid HTTP authentication" do
- setup do
- @user = User.generate_with_protected!
- @token = Token.generate!(:user => @user, :action => 'feeds')
- @authorization = ActionController::HttpAuthentication::Basic.encode_credentials(@token.value, 'X')
- get "/news.xml", nil, :authorization => @authorization
- end
-
- should_respond_with :unauthorized
- should_respond_with_content_type :xml
- should "not login as the user" do
- assert_equal User.anonymous, User.current
- end
- end
- end
-
- context "in :json format" do
- context "with a valid HTTP authentication" do
- setup do
- @user = User.generate_with_protected!
- @token = Token.generate!(:user => @user, :action => 'api')
- @authorization = ActionController::HttpAuthentication::Basic.encode_credentials(@token.value, 'DoesNotMatter')
- get "/news.json", nil, :authorization => @authorization
- end
-
- should_respond_with :success
- should_respond_with_content_type :json
- should "login as the user" do
- assert_equal @user, User.current
- end
- end
-
- context "with an invalid HTTP authentication" do
- setup do
- @user = User.generate_with_protected!
- @token = Token.generate!(:user => @user, :action => 'feeds')
- @authorization = ActionController::HttpAuthentication::Basic.encode_credentials(@token.value, 'DoesNotMatter')
- get "/news.json", nil, :authorization => @authorization
- end
-
- should_respond_with :unauthorized
- should_respond_with_content_type :json
- should "not login as the user" do
- assert_equal User.anonymous, User.current
- end
- end
- end
-
- end
-end
+++ /dev/null
-# Redmine - project management software
-# Copyright (C) 2006-2010 Jean-Philippe Lang
-#
-# This program is free software; you can redistribute it and/or
-# modify it under the terms of the GNU General Public License
-# as published by the Free Software Foundation; either version 2
-# of the License, or (at your option) any later version.
-#
-# This program is distributed in the hope that it will be useful,
-# but WITHOUT ANY WARRANTY; without even the implied warranty of
-# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
-# GNU General Public License for more details.
-#
-# You should have received a copy of the GNU General Public License
-# along with this program; if not, write to the Free Software
-# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
-
-require "#{File.dirname(__FILE__)}/../test_helper"
-
-class IssuesApiTest < ActionController::IntegrationTest
- fixtures :projects,
- :users,
- :roles,
- :members,
- :member_roles,
- :issues,
- :issue_statuses,
- :versions,
- :trackers,
- :projects_trackers,
- :issue_categories,
- :enabled_modules,
- :enumerations,
- :attachments,
- :workflows,
- :custom_fields,
- :custom_values,
- :custom_fields_projects,
- :custom_fields_trackers,
- :time_entries,
- :journals,
- :journal_details,
- :queries
-
- def setup
- Setting.rest_api_enabled = '1'
- end
-
- context "/index.xml" do
- setup do
- get '/issues.xml'
- end
-
- should_respond_with :success
- should_respond_with_content_type 'application/xml'
- end
-
- context "/index.json" do
- setup do
- get '/issues.json'
- end
-
- should_respond_with :success
- should_respond_with_content_type 'application/json'
-
- should 'return a valid JSON string' do
- assert ActiveSupport::JSON.decode(response.body)
- end
- end
-
- context "/index.xml with filter" do
- setup do
- get '/issues.xml?status_id=5'
- end
-
- should_respond_with :success
- should_respond_with_content_type 'application/xml'
- should "show only issues with the status_id" do
- assert_tag :tag => 'issues',
- :children => { :count => Issue.visible.count(:conditions => {:status_id => 5}),
- :only => { :tag => 'issue' } }
- end
- end
-
- context "/index.json with filter" do
- setup do
- get '/issues.json?status_id=5'
- end
-
- should_respond_with :success
- should_respond_with_content_type 'application/json'
-
- should 'return a valid JSON string' do
- assert ActiveSupport::JSON.decode(response.body)
- end
-
- should "show only issues with the status_id" do
- json = ActiveSupport::JSON.decode(response.body)
- status_ids_used = json.collect {|j| j['status_id'] }
- assert_equal 3, status_ids_used.length
- assert status_ids_used.all? {|id| id == 5 }
- end
-
- end
-
- context "/issues/1.xml" do
- setup do
- get '/issues/1.xml'
- end
-
- should_respond_with :success
- should_respond_with_content_type 'application/xml'
- end
-
- context "/issues/1.json" do
- setup do
- get '/issues/1.json'
- end
-
- should_respond_with :success
- should_respond_with_content_type 'application/json'
-
- should 'return a valid JSON string' do
- assert ActiveSupport::JSON.decode(response.body)
- end
- end
-
- context "POST /issues.xml" do
- setup do
- @issue_count = Issue.count
- @attributes = {:project_id => 1, :subject => 'API test', :tracker_id => 2, :status_id => 3}
- post '/issues.xml', {:issue => @attributes}, :authorization => credentials('jsmith')
- end
-
- should_respond_with :created
- should_respond_with_content_type 'application/xml'
-
- should "create an issue with the attributes" do
- assert_equal Issue.count, @issue_count + 1
-
- issue = Issue.first(:order => 'id DESC')
- @attributes.each do |attribute, value|
- assert_equal value, issue.send(attribute)
- end
- end
- end
-
- context "POST /issues.xml with failure" do
- setup do
- @attributes = {:project_id => 1}
- post '/issues.xml', {:issue => @attributes}, :authorization => credentials('jsmith')
- end
-
- should_respond_with :unprocessable_entity
- should_respond_with_content_type 'application/xml'
-
- should "have an errors tag" do
- assert_tag :errors, :child => {:tag => 'error', :content => "Subject can't be blank"}
- end
- end
-
- context "POST /issues.json" do
- setup do
- @issue_count = Issue.count
- @attributes = {:project_id => 1, :subject => 'API test', :tracker_id => 2, :status_id => 3}
- post '/issues.json', {:issue => @attributes}, :authorization => credentials('jsmith')
- end
-
- should_respond_with :created
- should_respond_with_content_type 'application/json'
-
- should "create an issue with the attributes" do
- assert_equal Issue.count, @issue_count + 1
-
- issue = Issue.first(:order => 'id DESC')
- @attributes.each do |attribute, value|
- assert_equal value, issue.send(attribute)
- end
- end
- end
-
- context "POST /issues.json with failure" do
- setup do
- @attributes = {:project_id => 1}
- post '/issues.json', {:issue => @attributes}, :authorization => credentials('jsmith')
- end
-
- should_respond_with :unprocessable_entity
- should_respond_with_content_type 'application/json'
-
- should "have an errors element" do
- json = ActiveSupport::JSON.decode(response.body)
- assert_equal "can't be blank", json.first['subject']
- end
- end
-
- context "PUT /issues/1.xml" do
- setup do
- @issue_count = Issue.count
- @journal_count = Journal.count
- @attributes = {:subject => 'API update', :notes => 'A new note'}
-
- put '/issues/1.xml', {:issue => @attributes}, :authorization => credentials('jsmith')
- end
-
- should_respond_with :ok
- should_respond_with_content_type 'application/xml'
-
- should "not create a new issue" do
- assert_equal Issue.count, @issue_count
- end
-
- should "create a new journal" do
- assert_equal Journal.count, @journal_count + 1
- end
-
- should "add the note to the journal" do
- journal = Journal.last
- assert_equal "A new note", journal.notes
- end
-
- should "update the issue" do
- issue = Issue.find(1)
- @attributes.each do |attribute, value|
- assert_equal value, issue.send(attribute) unless attribute == :notes
- end
- end
-
- end
-
- context "PUT /issues/1.xml with failed update" do
- setup do
- @attributes = {:subject => ''}
- @issue_count = Issue.count
- @journal_count = Journal.count
-
- put '/issues/1.xml', {:issue => @attributes}, :authorization => credentials('jsmith')
- end
-
- should_respond_with :unprocessable_entity
- should_respond_with_content_type 'application/xml'
-
- should "not create a new issue" do
- assert_equal Issue.count, @issue_count
- end
-
- should "not create a new journal" do
- assert_equal Journal.count, @journal_count
- end
-
- should "have an errors tag" do
- assert_tag :errors, :child => {:tag => 'error', :content => "Subject can't be blank"}
- end
- end
-
- context "PUT /issues/1.json" do
- setup do
- @issue_count = Issue.count
- @journal_count = Journal.count
- @attributes = {:subject => 'API update', :notes => 'A new note'}
-
- put '/issues/1.json', {:issue => @attributes}, :authorization => credentials('jsmith')
- end
-
- should_respond_with :ok
- should_respond_with_content_type 'application/json'
-
- should "not create a new issue" do
- assert_equal Issue.count, @issue_count
- end
-
- should "create a new journal" do
- assert_equal Journal.count, @journal_count + 1
- end
-
- should "add the note to the journal" do
- journal = Journal.last
- assert_equal "A new note", journal.notes
- end
-
- should "update the issue" do
- issue = Issue.find(1)
- @attributes.each do |attribute, value|
- assert_equal value, issue.send(attribute) unless attribute == :notes
- end
- end
-
- end
-
- context "PUT /issues/1.json with failed update" do
- setup do
- @attributes = {:subject => ''}
- @issue_count = Issue.count
- @journal_count = Journal.count
-
- put '/issues/1.json', {:issue => @attributes}, :authorization => credentials('jsmith')
- end
-
- should_respond_with :unprocessable_entity
- should_respond_with_content_type 'application/json'
-
- should "not create a new issue" do
- assert_equal Issue.count, @issue_count
- end
-
- should "not create a new journal" do
- assert_equal Journal.count, @journal_count
- end
-
- should "have an errors attribute" do
- json = ActiveSupport::JSON.decode(response.body)
- assert_equal "can't be blank", json.first['subject']
- end
- end
-
- context "DELETE /issues/1.xml" do
- setup do
- @issue_count = Issue.count
- delete '/issues/1.xml', {}, :authorization => credentials('jsmith')
- end
-
- should_respond_with :ok
- should_respond_with_content_type 'application/xml'
-
- should "delete the issue" do
- assert_equal Issue.count, @issue_count -1
- assert_nil Issue.find_by_id(1)
- end
- end
-
- context "DELETE /issues/1.json" do
- setup do
- @issue_count = Issue.count
- delete '/issues/1.json', {}, :authorization => credentials('jsmith')
- end
-
- should_respond_with :ok
- should_respond_with_content_type 'application/json'
-
- should "delete the issue" do
- assert_equal Issue.count, @issue_count -1
- assert_nil Issue.find_by_id(1)
- end
- end
-
- def credentials(user, password=nil)
- ActionController::HttpAuthentication::Basic.encode_credentials(user, password || user)
- end
-end
+++ /dev/null
-# Redmine - project management software
-# Copyright (C) 2006-2010 Jean-Philippe Lang
-#
-# This program is free software; you can redistribute it and/or
-# modify it under the terms of the GNU General Public License
-# as published by the Free Software Foundation; either version 2
-# of the License, or (at your option) any later version.
-#
-# This program is distributed in the hope that it will be useful,
-# but WITHOUT ANY WARRANTY; without even the implied warranty of
-# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
-# GNU General Public License for more details.
-#
-# You should have received a copy of the GNU General Public License
-# along with this program; if not, write to the Free Software
-# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
-
-require "#{File.dirname(__FILE__)}/../test_helper"
-
-class ProjectsApiTest < ActionController::IntegrationTest
- fixtures :projects, :versions, :users, :roles, :members, :member_roles, :issues, :journals, :journal_details,
- :trackers, :projects_trackers, :issue_statuses, :enabled_modules, :enumerations, :boards, :messages,
- :attachments, :custom_fields, :custom_values, :time_entries
-
- def setup
- Setting.rest_api_enabled = '1'
- end
-
- def test_index
- get '/projects.xml'
- assert_response :success
- assert_equal 'application/xml', @response.content_type
- end
-
- def test_show
- get '/projects/1.xml'
- assert_response :success
- assert_equal 'application/xml', @response.content_type
- end
-
- def test_create
- attributes = {:name => 'API test', :identifier => 'api-test'}
- assert_difference 'Project.count' do
- post '/projects.xml', {:project => attributes}, :authorization => credentials('admin')
- end
- assert_response :created
- assert_equal 'application/xml', @response.content_type
- project = Project.first(:order => 'id DESC')
- attributes.each do |attribute, value|
- assert_equal value, project.send(attribute)
- end
- end
-
- def test_create_failure
- attributes = {:name => 'API test'}
- assert_no_difference 'Project.count' do
- post '/projects.xml', {:project => attributes}, :authorization => credentials('admin')
- end
- assert_response :unprocessable_entity
- assert_equal 'application/xml', @response.content_type
- assert_tag :errors, :child => {:tag => 'error', :content => "Identifier can't be blank"}
- end
-
- def test_update
- attributes = {:name => 'API update'}
- assert_no_difference 'Project.count' do
- put '/projects/1.xml', {:project => attributes}, :authorization => credentials('jsmith')
- end
- assert_response :ok
- assert_equal 'application/xml', @response.content_type
- project = Project.find(1)
- attributes.each do |attribute, value|
- assert_equal value, project.send(attribute)
- end
- end
-
- def test_update_failure
- attributes = {:name => ''}
- assert_no_difference 'Project.count' do
- put '/projects/1.xml', {:project => attributes}, :authorization => credentials('jsmith')
- end
- assert_response :unprocessable_entity
- assert_equal 'application/xml', @response.content_type
- assert_tag :errors, :child => {:tag => 'error', :content => "Name can't be blank"}
- end
-
- def test_destroy
- assert_difference 'Project.count', -1 do
- delete '/projects/2.xml', {}, :authorization => credentials('admin')
- end
- assert_response :ok
- assert_equal 'application/xml', @response.content_type
- assert_nil Project.find_by_id(2)
- end
-
- def credentials(user, password=nil)
- ActionController::HttpAuthentication::Basic.encode_credentials(user, password || user)
- end
-end
end
end
end
+
+# Simple module to "namespace" all of the API tests
+module ApiTest
+end