diff options
| author | Jean-Philippe Lang <jp_lang@yahoo.fr> | 2010-12-23 14:49:14 +0000 |
|---|---|---|
| committer | Jean-Philippe Lang <jp_lang@yahoo.fr> | 2010-12-23 14:49:14 +0000 |
| commit | 07fe46e9dfc1567d24de4ff8799a1e1c048b2adc (patch) | |
| tree | ed2102b2d574b90dc423b73765ff036d36ea28bd | |
| parent | 283d25d82334c00f2cf70770f50ae5649e6d791f (diff) | |
| download | redmine-07fe46e9dfc1567d24de4ff8799a1e1c048b2adc.tar.gz redmine-07fe46e9dfc1567d24de4ff8799a1e1c048b2adc.zip | |
Makes the API accepts the X-Redmine-API-Key header to hold the API key.
git-svn-id: svn+ssh://rubyforge.org/var/svn/redmine/trunk@4573 e93f8b46-1217-0410-a6f0-8f06a7374b81
| -rw-r--r-- | app/controllers/application_controller.rb | 15 | ||||
| -rw-r--r-- | test/test_helper.rb | 14 |
2 files changed, 26 insertions, 3 deletions
diff --git a/app/controllers/application_controller.rb b/app/controllers/application_controller.rb index 7c84b99f6..803eb5f2e 100644 --- a/app/controllers/application_controller.rb +++ b/app/controllers/application_controller.rb @@ -71,10 +71,10 @@ class ApplicationController < ActionController::Base elsif params[:format] == 'atom' && params[:key] && accept_key_auth_actions.include?(params[:action]) # RSS key authentication does not start a session User.find_by_rss_key(params[:key]) - elsif Setting.rest_api_enabled? && ['xml', 'json'].include?(params[:format]) - if params[:key].present? && accept_key_auth_actions.include?(params[:action]) + elsif Setting.rest_api_enabled? && api_request? + if (key = api_key_from_request) && accept_key_auth_actions.include?(params[:action]) # Use API key - User.find_by_api_key(params[:key]) + User.find_by_api_key(key) else # HTTP Basic, either username/password or API key/random authenticate_with_http_basic do |username, password| @@ -402,6 +402,15 @@ class ApplicationController < ActionController::Base def api_request? %w(xml json).include? params[:format] end + + # Returns the API key present in the request + def api_key_from_request + if params[:key].present? + params[:key] + elsif request.headers["X-Redmine-API-Key"].present? + request.headers["X-Redmine-API-Key"] + end + end # Renders a warning flash if obj has unsaved attachments def render_attachment_warning_if_needed(obj) diff --git a/test/test_helper.rb b/test/test_helper.rb index 54681526a..be87c63f5 100644 --- a/test/test_helper.rb +++ b/test/test_helper.rb @@ -361,6 +361,20 @@ class ActiveSupport::TestCase end end + context "should allow key based auth using X-Redmine-API-Key header for #{http_method} #{url}" do + setup do + @user = User.generate_with_protected!(:admin => true) + @token = Token.generate!(:user => @user, :action => 'api') + send(http_method, url, parameters, {'X-Redmine-API-Key' => @token.value.to_s}) + end + + should_respond_with success_code + should_respond_with_content_type_based_on_url(url) + should_be_a_valid_response_string_based_on_url(url) + should "login as the user" do + assert_equal @user, User.current + end + end end # Uses should_respond_with_content_type based on what's in the url: |