From a04d64881cca1f741437cb57e44f3434bd8a7eb1 Mon Sep 17 00:00:00 2001 From: Eric Davis Date: Tue, 2 Nov 2010 15:52:06 +0000 Subject: [PATCH] Refactor: convert username/password http basic auth api tests to shoulda macros #6447 git-svn-id: svn+ssh://rubyforge.org/var/svn/redmine/trunk@4360 e93f8b46-1217-0410-a6f0-8f06a7374b81 --- .../api_test/http_basic_login_test.rb | 84 ++----------------- test/test_helper.rb | 52 +++++++++++- 2 files changed, 57 insertions(+), 79 deletions(-) diff --git a/test/integration/api_test/http_basic_login_test.rb b/test/integration/api_test/http_basic_login_test.rb index aa879f64a..21b584c79 100644 --- a/test/integration/api_test/http_basic_login_test.rb +++ b/test/integration/api_test/http_basic_login_test.rb @@ -15,89 +15,17 @@ class ApiTest::HttpBasicLoginTest < ActionController::IntegrationTest # Using the NewsController because it's a simple API. context "get /news" do + setup do + project = Project.find('onlinestore') + EnabledModule.create(:project => project, :name => 'news') + end context "in :xml format" do - context "with a valid HTTP authentication" do - setup do - @user = User.generate_with_protected!(:password => 'my_password', :password_confirmation => 'my_password') - @authorization = ActionController::HttpAuthentication::Basic.encode_credentials(@user.login, 'my_password') - get "/news.xml", nil, :authorization => @authorization - end - - should_respond_with :success - should_respond_with_content_type :xml - should "login as the user" do - assert_equal @user, User.current - end - end - - context "with an invalid HTTP authentication" do - setup do - @user = User.generate_with_protected! - @authorization = ActionController::HttpAuthentication::Basic.encode_credentials(@user.login, 'wrong_password') - get "/news.xml", nil, :authorization => @authorization - end - - should_respond_with :unauthorized - should_respond_with_content_type :xml - should "not login as the user" do - assert_equal User.anonymous, User.current - end - end - - context "without credentials" do - setup do - get "/projects/onlinestore/news.xml" - end - - should_respond_with :unauthorized - should_respond_with_content_type :xml - should "include_www_authenticate_header" do - assert @controller.response.headers.has_key?('WWW-Authenticate') - end - end + should_allow_http_basic_auth_with_username_and_password(:get, "/projects/onlinestore/news.xml") end context "in :json format" do - context "with a valid HTTP authentication" do - setup do - @user = User.generate_with_protected!(:password => 'my_password', :password_confirmation => 'my_password') - @authorization = ActionController::HttpAuthentication::Basic.encode_credentials(@user.login, 'my_password') - get "/news.json", nil, :authorization => @authorization - end - - should_respond_with :success - should_respond_with_content_type :json - should "login as the user" do - assert_equal @user, User.current - end - end - - context "with an invalid HTTP authentication" do - setup do - @user = User.generate_with_protected! - @authorization = ActionController::HttpAuthentication::Basic.encode_credentials(@user.login, 'wrong_password') - get "/news.json", nil, :authorization => @authorization - end - - should_respond_with :unauthorized - should_respond_with_content_type :json - should "not login as the user" do - assert_equal User.anonymous, User.current - end - end - end - - context "without credentials" do - setup do - get "/projects/onlinestore/news.json" - end - - should_respond_with :unauthorized - should_respond_with_content_type :json - should "include_www_authenticate_header" do - assert @controller.response.headers.has_key?('WWW-Authenticate') - end + should_allow_http_basic_auth_with_username_and_password(:get, "/projects/onlinestore/news.json") end end end diff --git a/test/test_helper.rb b/test/test_helper.rb index 001638754..285ef2fd9 100644 --- a/test/test_helper.rb +++ b/test/test_helper.rb @@ -186,12 +186,62 @@ class ActiveSupport::TestCase end end + # Test that a request allows the username and password for HTTP BASIC + # + # @param [Symbol] http_method the HTTP method for request (:get, :post, :put, :delete) + # @param [String] url the request url + # @param [optional, Hash] parameters additional request parameters + def self.should_allow_http_basic_auth_with_username_and_password(http_method, url, parameters={}) + context "should allow http basic auth using a username and password for #{http_method} #{url}" do + context "with a valid HTTP authentication" do + setup do + @user = User.generate_with_protected!(:password => 'my_password', :password_confirmation => 'my_password', :admin => true) # Admin so they can access the project + @authorization = ActionController::HttpAuthentication::Basic.encode_credentials(@user.login, 'my_password') + send(http_method, url, parameters, {:authorization => @authorization}) + end + + should_respond_with :success + should_respond_with_content_type_based_on_url(url) + should "login as the user" do + assert_equal @user, User.current + end + end + + context "with an invalid HTTP authentication" do + setup do + @user = User.generate_with_protected! + @authorization = ActionController::HttpAuthentication::Basic.encode_credentials(@user.login, 'wrong_password') + send(http_method, url, parameters, {:authorization => @authorization}) + end + + should_respond_with :unauthorized + should_respond_with_content_type_based_on_url(url) + should "not login as the user" do + assert_equal User.anonymous, User.current + end + end + + context "without credentials" do + setup do + send(http_method, url, parameters, {:authorization => ''}) + end + + should_respond_with :unauthorized + should_respond_with_content_type_based_on_url(url) + should "include_www_authenticate_header" do + assert @controller.response.headers.has_key?('WWW-Authenticate') + end + end + end + + end + # Test that a request allows full key authentication # # @param [Symbol] http_method the HTTP method for request (:get, :post, :put, :delete) # @param [String] url the request url, without the key=ZXY parameter def self.should_allow_key_based_auth(http_method, url) - context "should allow key based auth using key=X for #{url}" do + context "should allow key based auth using key=X for #{http_method} #{url}" do context "with a valid api token" do setup do @user = User.generate_with_protected! -- 2.39.5