From: Jean-Philippe Lang Date: Fri, 20 Dec 2019 07:59:11 +0000 (+0000) Subject: Merged r19373 to 4.1-stable (#31911). X-Git-Tag: 4.1.0~9 X-Git-Url: https://source.dussan.org/?a=commitdiff_plain;h=96cba5ddd181b05c6b0913b402a6f681f9939b28;p=redmine.git Merged r19373 to 4.1-stable (#31911). git-svn-id: http://svn.redmine.org/redmine/branches/4.1-stable@19380 e93f8b46-1217-0410-a6f0-8f06a7374b81 --- diff --git a/Gemfile b/Gemfile index 030c5d95a..155265dbb 100644 --- a/Gemfile +++ b/Gemfile @@ -4,7 +4,7 @@ gem "bundler", ">= 1.5.0" gem "rails", "5.2.4.1" gem "rouge", "~> 3.12.0" -gem "request_store", "1.0.5" +gem "request_store", "~> 1.4.1" gem "mini_mime", "~> 1.0.1" gem "actionpack-xml_parser" gem "roadie-rails", (RUBY_VERSION < "2.5" ? "~> 1.3.0" : "~> 2.1.0") diff --git a/test/integration/api_test/authentication_test.rb b/test/integration/api_test/authentication_test.rb index 30fc4b351..0a4c12e00 100644 --- a/test/integration/api_test/authentication_test.rb +++ b/test/integration/api_test/authentication_test.rb @@ -29,7 +29,6 @@ class Redmine::ApiTest::AuthenticationTest < Redmine::ApiTest::Base def test_api_should_deny_without_credentials get '/users/current.xml' assert_response 401 - assert_equal User.anonymous, User.current assert response.headers.has_key?('WWW-Authenticate') end @@ -39,7 +38,6 @@ class Redmine::ApiTest::AuthenticationTest < Redmine::ApiTest::Base end get '/users/current.xml', :headers => credentials(user.login, 'my_password') assert_response 200 - assert_equal user, User.current end def test_api_should_deny_http_basic_auth_using_username_and_wrong_password @@ -48,7 +46,6 @@ class Redmine::ApiTest::AuthenticationTest < Redmine::ApiTest::Base end get '/users/current.xml', :headers => credentials(user.login, 'wrong_password') assert_response 401 - assert_equal User.anonymous, User.current end def test_api_should_accept_http_basic_auth_using_api_key @@ -56,7 +53,6 @@ class Redmine::ApiTest::AuthenticationTest < Redmine::ApiTest::Base token = Token.create!(:user => user, :action => 'api') get '/users/current.xml', :headers => credentials(token.value, 'X') assert_response 200 - assert_equal user, User.current end def test_api_should_deny_http_basic_auth_using_wrong_api_key @@ -64,7 +60,6 @@ class Redmine::ApiTest::AuthenticationTest < Redmine::ApiTest::Base token = Token.create!(:user => user, :action => 'feeds') # not the API key get '/users/current.xml', :headers => credentials(token.value, 'X') assert_response 401 - assert_equal User.anonymous, User.current end def test_api_should_accept_auth_using_api_key_as_parameter @@ -72,7 +67,6 @@ class Redmine::ApiTest::AuthenticationTest < Redmine::ApiTest::Base token = Token.create!(:user => user, :action => 'api') get "/users/current.xml?key=#{token.value}" assert_response 200 - assert_equal user, User.current end def test_api_should_deny_auth_using_wrong_api_key_as_parameter @@ -80,7 +74,6 @@ class Redmine::ApiTest::AuthenticationTest < Redmine::ApiTest::Base token = Token.create!(:user => user, :action => 'feeds') # not the API key get "/users/current.xml?key=#{token.value}" assert_response 401 - assert_equal User.anonymous, User.current end def test_api_should_accept_auth_using_api_key_as_request_header @@ -88,7 +81,6 @@ class Redmine::ApiTest::AuthenticationTest < Redmine::ApiTest::Base token = Token.create!(:user => user, :action => 'api') get "/users/current.xml", :headers => {'X-Redmine-API-Key' => token.value.to_s} assert_response 200 - assert_equal user, User.current end def test_api_should_deny_auth_using_wrong_api_key_as_request_header @@ -96,7 +88,6 @@ class Redmine::ApiTest::AuthenticationTest < Redmine::ApiTest::Base token = Token.create!(:user => user, :action => 'feeds') # not the API key get "/users/current.xml", :headers => {'X-Redmine-API-Key' => token.value.to_s} assert_response 401 - assert_equal User.anonymous, User.current end def test_api_should_trigger_basic_http_auth_with_basic_authorization_header @@ -136,7 +127,6 @@ class Redmine::ApiTest::AuthenticationTest < Redmine::ApiTest::Base get '/users/current', :headers => {'X-Redmine-API-Key' => user.api_key, 'X-Redmine-Switch-User' => su.login} assert_response :success assert_select 'h2', :text => su.name - assert_equal su, User.current end def test_api_should_respond_with_412_when_trying_to_switch_to_a_invalid_user @@ -159,6 +149,5 @@ class Redmine::ApiTest::AuthenticationTest < Redmine::ApiTest::Base get '/users/current', :headers => {'X-Redmine-API-Key' => user.api_key, 'X-Redmine-Switch-User' => su.login} assert_response :success assert_select 'h2', :text => user.name - assert_equal user, User.current end end diff --git a/test/integration/api_test/disabled_rest_api_test.rb b/test/integration/api_test/disabled_rest_api_test.rb index 5eaedd978..a8a1139a8 100644 --- a/test/integration/api_test/disabled_rest_api_test.rb +++ b/test/integration/api_test/disabled_rest_api_test.rb @@ -44,11 +44,9 @@ class Redmine::ApiTest::DisabledRestApiTest < Redmine::ApiTest::Base get "/news.xml?key=#{@token.value}" assert_response :forbidden - assert_equal User.anonymous, User.current get "/news.json?key=#{@token.value}" assert_response :forbidden - assert_equal User.anonymous, User.current end def test_with_valid_username_password_http_authentication @@ -58,11 +56,9 @@ class Redmine::ApiTest::DisabledRestApiTest < Redmine::ApiTest::Base get "/news.xml", :headers => credentials(@user.login, 'my_password') assert_response :forbidden - assert_equal User.anonymous, User.current get "/news.json", :headers => credentials(@user.login, 'my_password') assert_response :forbidden - assert_equal User.anonymous, User.current end def test_with_valid_token_http_authentication @@ -71,10 +67,8 @@ class Redmine::ApiTest::DisabledRestApiTest < Redmine::ApiTest::Base get "/news.xml", :headers => credentials(@token.value, 'X') assert_response :forbidden - assert_equal User.anonymous, User.current get "/news.json", :headers => credentials(@token.value, 'X') assert_response :forbidden - assert_equal User.anonymous, User.current end end