mirrors
/
redmine
mirror of https://github.com/redmine/redmine.git
Watch 1
Star 0
Fork 0
Code Issues 0 Releases 201 Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
3456 Commits
33 Branches
Tree: d5fde17bf5
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from 'd5fde17bf5'
${ noResults }
redmine/test/integration/api_test/disabled_rest_api_test.rb

disabled_rest_api_test.rb 3.7KB
Raw Blame History

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110 
  1. require "#{File.dirname(__FILE__)}/../../test_helper"

  2. 

  3. class ApiTest::DisabledRestApiTest < ActionController::IntegrationTest

  4.   fixtures :all

  5. 

  6.   def setup

  7.     Setting.rest_api_enabled = '0'

  8.     Setting.login_required = '1'

  9.   end

  10. 

  11.   def teardown

  12.     Setting.rest_api_enabled = '1'

  13.     Setting.login_required = '0'

  14.   end

  15.   

  16.   # Using the NewsController because it's a simple API.

  17.   context "get /news with the API disabled" do

  18. 

  19.     context "in :xml format" do

  20.       context "with a valid api token" do

  21.         setup do

  22.           @user = User.generate_with_protected!

  23.           @token = Token.generate!(:user => @user, :action => 'api')

  24.           get "/news.xml?key=#{@token.value}"

  25.         end

  26.         

  27.         should_respond_with :unauthorized

  28.         should_respond_with_content_type :xml

  29.         should "not login as the user" do

  30.           assert_equal User.anonymous, User.current

  31.         end

  32.       end

  33. 

  34.       context "with a valid HTTP authentication" do

  35.         setup do

  36.           @user = User.generate_with_protected!(:password => 'my_password', :password_confirmation => 'my_password')

  37.           @authorization = ActionController::HttpAuthentication::Basic.encode_credentials(@user.login, 'my_password')

  38.           get "/news.xml", nil, :authorization => @authorization

  39.         end

  40.         

  41.         should_respond_with :unauthorized

  42.         should_respond_with_content_type :xml

  43.         should "not login as the user" do

  44.           assert_equal User.anonymous, User.current

  45.         end

  46.       end

  47. 

  48.       context "with a valid HTTP authentication using the API token" do

  49.         setup do

  50.           @user = User.generate_with_protected!

  51.           @token = Token.generate!(:user => @user, :action => 'api')

  52.           @authorization = ActionController::HttpAuthentication::Basic.encode_credentials(@token.value, 'X')

  53.           get "/news.xml", nil, :authorization => @authorization

  54.         end

  55.         

  56.         should_respond_with :unauthorized

  57.         should_respond_with_content_type :xml

  58.         should "not login as the user" do

  59.           assert_equal User.anonymous, User.current

  60.         end

  61.       end

  62.     end

  63. 

  64.     context "in :json format" do

  65.       context "with a valid api token" do

  66.         setup do

  67.           @user = User.generate_with_protected!

  68.           @token = Token.generate!(:user => @user, :action => 'api')

  69.           get "/news.json?key=#{@token.value}"

  70.         end

  71.         

  72.         should_respond_with :unauthorized

  73.         should_respond_with_content_type :json

  74.         should "not login as the user" do

  75.           assert_equal User.anonymous, User.current

  76.         end

  77.       end

  78. 

  79.       context "with a valid HTTP authentication" do

  80.         setup do

  81.           @user = User.generate_with_protected!(:password => 'my_password', :password_confirmation => 'my_password')

  82.           @authorization = ActionController::HttpAuthentication::Basic.encode_credentials(@user.login, 'my_password')

  83.           get "/news.json", nil, :authorization => @authorization

  84.         end

  85.         

  86.         should_respond_with :unauthorized

  87.         should_respond_with_content_type :json

  88.         should "not login as the user" do

  89.           assert_equal User.anonymous, User.current

  90.         end

  91.       end

  92. 

  93.       context "with a valid HTTP authentication using the API token" do

  94.         setup do

  95.           @user = User.generate_with_protected!

  96.           @token = Token.generate!(:user => @user, :action => 'api')

  97.           @authorization = ActionController::HttpAuthentication::Basic.encode_credentials(@token.value, 'DoesNotMatter')

  98.           get "/news.json", nil, :authorization => @authorization

  99.         end

  100. 

  101.         should_respond_with :unauthorized

  102.         should_respond_with_content_type :json

  103.         should "not login as the user" do

  104.           assert_equal User.anonymous, User.current

  105.         end

  106.       end

  107.       

  108.     end    

  109.   end

  110. end