Move all API tests into the ApiTest module to make management easier

git-svn-id: svn+ssh://rubyforge.org/var/svn/redmine/trunk@4357 e93f8b46-1217-0410-a6f0-8f06a7374b81

6 files changed, 825 insertions, 0 deletions

diff --git a/test/integration/api_test/disabled_rest_api_test.rb b/test/integration/api_test/disabled_rest_api_test.rb
new file mode 100644
index 000000000..d94d14b6e
--- /dev/null
+++ b/test/integration/api_test/disabled_rest_api_test.rb
@@ -0,0 +1,110 @@
+require "#{File.dirname(__FILE__)}/../../test_helper"
+
+class ApiTest::DisabledRestApiTest < ActionController::IntegrationTest
+  fixtures :all
+
+  def setup
+    Setting.rest_api_enabled = '0'
+    Setting.login_required = '1'
+  end
+
+  def teardown
+    Setting.rest_api_enabled = '1'
+    Setting.login_required = '0'
+  end
+  
+  # Using the NewsController because it's a simple API.
+  context "get /news with the API disabled" do
+
+    context "in :xml format" do
+      context "with a valid api token" do
+        setup do
+          @user = User.generate_with_protected!
+          @token = Token.generate!(:user => @user, :action => 'api')
+          get "/news.xml?key=#{@token.value}"
+        end
+        
+        should_respond_with :unauthorized
+        should_respond_with_content_type :xml
+        should "not login as the user" do
+          assert_equal User.anonymous, User.current
+        end
+      end
+
+      context "with a valid HTTP authentication" do
+        setup do
+          @user = User.generate_with_protected!(:password => 'my_password', :password_confirmation => 'my_password')
+          @authorization = ActionController::HttpAuthentication::Basic.encode_credentials(@user.login, 'my_password')
+          get "/news.xml", nil, :authorization => @authorization
+        end
+        
+        should_respond_with :unauthorized
+        should_respond_with_content_type :xml
+        should "not login as the user" do
+          assert_equal User.anonymous, User.current
+        end
+      end
+
+      context "with a valid HTTP authentication using the API token" do
+        setup do
+          @user = User.generate_with_protected!
+          @token = Token.generate!(:user => @user, :action => 'api')
+          @authorization = ActionController::HttpAuthentication::Basic.encode_credentials(@token.value, 'X')
+          get "/news.xml", nil, :authorization => @authorization
+        end
+        
+        should_respond_with :unauthorized
+        should_respond_with_content_type :xml
+        should "not login as the user" do
+          assert_equal User.anonymous, User.current
+        end
+      end
+    end
+
+    context "in :json format" do
+      context "with a valid api token" do
+        setup do
+          @user = User.generate_with_protected!
+          @token = Token.generate!(:user => @user, :action => 'api')
+          get "/news.json?key=#{@token.value}"
+        end
+        
+        should_respond_with :unauthorized
+        should_respond_with_content_type :json
+        should "not login as the user" do
+          assert_equal User.anonymous, User.current
+        end
+      end
+
+      context "with a valid HTTP authentication" do
+        setup do
+          @user = User.generate_with_protected!(:password => 'my_password', :password_confirmation => 'my_password')
+          @authorization = ActionController::HttpAuthentication::Basic.encode_credentials(@user.login, 'my_password')
+          get "/news.json", nil, :authorization => @authorization
+        end
+        
+        should_respond_with :unauthorized
+        should_respond_with_content_type :json
+        should "not login as the user" do
+          assert_equal User.anonymous, User.current
+        end
+      end
+
+      context "with a valid HTTP authentication using the API token" do
+        setup do
+          @user = User.generate_with_protected!
+          @token = Token.generate!(:user => @user, :action => 'api')
+          @authorization = ActionController::HttpAuthentication::Basic.encode_credentials(@token.value, 'DoesNotMatter')
+          get "/news.json", nil, :authorization => @authorization
+        end
+
+        should_respond_with :unauthorized
+        should_respond_with_content_type :json
+        should "not login as the user" do
+          assert_equal User.anonymous, User.current
+        end
+      end
+      
+    end    
+  end
+end
diff --git a/test/integration/api_test/http_basic_login_test.rb b/test/integration/api_test/http_basic_login_test.rb
new file mode 100644
index 000000000..aa879f64a
--- /dev/null
+++ b/test/integration/api_test/http_basic_login_test.rb
@@ -0,0 +1,103 @@
+require "#{File.dirname(__FILE__)}/../../test_helper"
+
+class ApiTest::HttpBasicLoginTest < ActionController::IntegrationTest
+  fixtures :all
+
+  def setup
+    Setting.rest_api_enabled = '1'
+    Setting.login_required = '1'
+  end
+
+  def teardown
+    Setting.rest_api_enabled = '0'
+    Setting.login_required = '0'
+  end
+  
+  # Using the NewsController because it's a simple API.
+  context "get /news" do
+
+    context "in :xml format" do
+      context "with a valid HTTP authentication" do
+        setup do
+          @user = User.generate_with_protected!(:password => 'my_password', :password_confirmation => 'my_password')
+          @authorization = ActionController::HttpAuthentication::Basic.encode_credentials(@user.login, 'my_password')
+          get "/news.xml", nil, :authorization => @authorization
+        end
+        
+        should_respond_with :success
+        should_respond_with_content_type :xml
+        should "login as the user" do
+          assert_equal @user, User.current
+        end
+      end
+
+      context "with an invalid HTTP authentication" do
+        setup do
+          @user = User.generate_with_protected!
+          @authorization = ActionController::HttpAuthentication::Basic.encode_credentials(@user.login, 'wrong_password')
+          get "/news.xml", nil, :authorization => @authorization
+        end
+        
+        should_respond_with :unauthorized
+        should_respond_with_content_type :xml
+        should "not login as the user" do
+          assert_equal User.anonymous, User.current
+        end
+      end
+      
+      context "without credentials" do
+        setup do
+          get "/projects/onlinestore/news.xml"
+        end
+
+        should_respond_with :unauthorized
+        should_respond_with_content_type :xml
+        should "include_www_authenticate_header" do
+          assert @controller.response.headers.has_key?('WWW-Authenticate')
+        end
+      end
+    end
+
+    context "in :json format" do
+      context "with a valid HTTP authentication" do
+        setup do
+          @user = User.generate_with_protected!(:password => 'my_password', :password_confirmation => 'my_password')
+          @authorization = ActionController::HttpAuthentication::Basic.encode_credentials(@user.login, 'my_password')
+          get "/news.json", nil, :authorization => @authorization
+        end
+        
+        should_respond_with :success
+        should_respond_with_content_type :json
+        should "login as the user" do
+          assert_equal @user, User.current
+        end
+      end
+
+      context "with an invalid HTTP authentication" do
+        setup do
+          @user = User.generate_with_protected!
+          @authorization = ActionController::HttpAuthentication::Basic.encode_credentials(@user.login, 'wrong_password')
+          get "/news.json", nil, :authorization => @authorization
+        end
+        
+        should_respond_with :unauthorized
+        should_respond_with_content_type :json
+        should "not login as the user" do
+          assert_equal User.anonymous, User.current
+        end
+      end
+    end
+    
+    context "without credentials" do
+      setup do
+        get "/projects/onlinestore/news.json"
+      end
+
+      should_respond_with :unauthorized
+      should_respond_with_content_type :json
+      should "include_www_authenticate_header" do
+        assert @controller.response.headers.has_key?('WWW-Authenticate')
+      end
+    end
+  end
+end
diff --git a/test/integration/api_test/http_basic_login_with_api_token_test.rb b/test/integration/api_test/http_basic_login_with_api_token_test.rb
new file mode 100644
index 000000000..0d0d5bd0c
--- /dev/null
+++ b/test/integration/api_test/http_basic_login_with_api_token_test.rb
@@ -0,0 +1,84 @@
+require "#{File.dirname(__FILE__)}/../../test_helper"
+
+class ApiTest::HttpBasicLoginWithApiTokenTest < ActionController::IntegrationTest
+  fixtures :all
+
+  def setup
+    Setting.rest_api_enabled = '1'
+    Setting.login_required = '1'
+  end
+
+  def teardown
+    Setting.rest_api_enabled = '0'
+    Setting.login_required = '0'
+  end
+  
+  # Using the NewsController because it's a simple API.
+  context "get /news" do
+
+    context "in :xml format" do
+      context "with a valid HTTP authentication using the API token" do
+        setup do
+          @user = User.generate_with_protected!
+          @token = Token.generate!(:user => @user, :action => 'api')
+          @authorization = ActionController::HttpAuthentication::Basic.encode_credentials(@token.value, 'X')
+          get "/news.xml", nil, :authorization => @authorization
+        end
+        
+        should_respond_with :success
+        should_respond_with_content_type :xml
+        should "login as the user" do
+          assert_equal @user, User.current
+        end
+      end
+
+      context "with an invalid HTTP authentication" do
+        setup do
+          @user = User.generate_with_protected!
+          @token = Token.generate!(:user => @user, :action => 'feeds')
+          @authorization = ActionController::HttpAuthentication::Basic.encode_credentials(@token.value, 'X')
+          get "/news.xml", nil, :authorization => @authorization
+        end
+
+        should_respond_with :unauthorized
+        should_respond_with_content_type :xml
+        should "not login as the user" do
+          assert_equal User.anonymous, User.current
+        end
+      end
+    end
+
+    context "in :json format" do
+      context "with a valid HTTP authentication" do
+        setup do
+          @user = User.generate_with_protected!
+          @token = Token.generate!(:user => @user, :action => 'api')
+          @authorization = ActionController::HttpAuthentication::Basic.encode_credentials(@token.value, 'DoesNotMatter')
+          get "/news.json", nil, :authorization => @authorization
+        end
+        
+        should_respond_with :success
+        should_respond_with_content_type :json
+        should "login as the user" do
+          assert_equal @user, User.current
+        end
+      end
+
+      context "with an invalid HTTP authentication" do
+        setup do
+          @user = User.generate_with_protected!
+          @token = Token.generate!(:user => @user, :action => 'feeds')
+          @authorization = ActionController::HttpAuthentication::Basic.encode_credentials(@token.value, 'DoesNotMatter')
+          get "/news.json", nil, :authorization => @authorization
+        end
+        
+        should_respond_with :unauthorized
+        should_respond_with_content_type :json
+        should "not login as the user" do
+          assert_equal User.anonymous, User.current
+        end
+      end
+    end
+    
+  end
+end
diff --git a/test/integration/api_test/issues_test.rb b/test/integration/api_test/issues_test.rb
new file mode 100644
index 000000000..c51438bba
--- /dev/null
+++ b/test/integration/api_test/issues_test.rb
@@ -0,0 +1,349 @@
+# Redmine - project management software
+# Copyright (C) 2006-2010  Jean-Philippe Lang
+#
+# This program is free software; you can redistribute it and/or
+# modify it under the terms of the GNU General Public License
+# as published by the Free Software Foundation; either version 2
+# of the License, or (at your option) any later version.
+# 
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+# 
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301, USA.
+
+require "#{File.dirname(__FILE__)}/../../test_helper"
+
+class ApiTest::IssuesTest < ActionController::IntegrationTest
+  fixtures :projects,
+    :users,
+    :roles,
+    :members,
+    :member_roles,
+    :issues,
+    :issue_statuses,
+    :versions,
+    :trackers,
+    :projects_trackers,
+    :issue_categories,
+    :enabled_modules,
+    :enumerations,
+    :attachments,
+    :workflows,
+    :custom_fields,
+    :custom_values,
+    :custom_fields_projects,
+    :custom_fields_trackers,
+    :time_entries,
+    :journals,
+    :journal_details,
+    :queries
+
+  def setup
+    Setting.rest_api_enabled = '1'
+  end
+
+  context "/index.xml" do
+    setup do
+      get '/issues.xml'
+    end
+
+    should_respond_with :success
+    should_respond_with_content_type 'application/xml'
+  end
+
+  context "/index.json" do
+    setup do
+      get '/issues.json'
+    end
+
+    should_respond_with :success
+    should_respond_with_content_type 'application/json'
+
+    should 'return a valid JSON string' do
+      assert ActiveSupport::JSON.decode(response.body)
+    end
+  end
+
+  context "/index.xml with filter" do
+    setup do
+      get '/issues.xml?status_id=5'
+    end
+    
+    should_respond_with :success
+    should_respond_with_content_type 'application/xml'
+    should "show only issues with the status_id" do
+      assert_tag :tag => 'issues',
+                 :children => { :count => Issue.visible.count(:conditions => {:status_id => 5}), 
+                                :only => { :tag => 'issue' } }
+    end
+  end
+
+  context "/index.json with filter" do
+    setup do
+      get '/issues.json?status_id=5'
+    end
+
+    should_respond_with :success
+    should_respond_with_content_type 'application/json'
+
+    should 'return a valid JSON string' do
+      assert ActiveSupport::JSON.decode(response.body)
+    end
+
+    should "show only issues with the status_id" do
+      json = ActiveSupport::JSON.decode(response.body)
+      status_ids_used = json.collect {|j| j['status_id'] }
+      assert_equal 3, status_ids_used.length
+      assert status_ids_used.all? {|id| id == 5 }
+    end
+
+  end
+
+  context "/issues/1.xml" do
+    setup do
+      get '/issues/1.xml'
+    end
+    
+    should_respond_with :success
+    should_respond_with_content_type 'application/xml'
+  end
+
+  context "/issues/1.json" do
+    setup do
+      get '/issues/1.json'
+    end
+    
+    should_respond_with :success
+    should_respond_with_content_type 'application/json'
+
+    should 'return a valid JSON string' do
+      assert ActiveSupport::JSON.decode(response.body)
+    end
+  end
+
+  context "POST /issues.xml" do
+    setup do
+      @issue_count = Issue.count
+      @attributes = {:project_id => 1, :subject => 'API test', :tracker_id => 2, :status_id => 3}
+      post '/issues.xml', {:issue => @attributes}, :authorization => credentials('jsmith')
+    end
+
+    should_respond_with :created
+    should_respond_with_content_type 'application/xml'
+
+    should "create an issue with the attributes" do
+      assert_equal Issue.count, @issue_count + 1
+
+      issue = Issue.first(:order => 'id DESC')
+      @attributes.each do |attribute, value|
+        assert_equal value, issue.send(attribute)
+      end
+    end
+  end
+  
+  context "POST /issues.xml with failure" do
+    setup do
+      @attributes = {:project_id => 1}
+      post '/issues.xml', {:issue => @attributes}, :authorization => credentials('jsmith')
+    end
+
+    should_respond_with :unprocessable_entity
+    should_respond_with_content_type 'application/xml'
+
+    should "have an errors tag" do
+      assert_tag :errors, :child => {:tag => 'error', :content => "Subject can't be blank"}
+    end
+  end
+
+  context "POST /issues.json" do
+    setup do
+      @issue_count = Issue.count
+      @attributes = {:project_id => 1, :subject => 'API test', :tracker_id => 2, :status_id => 3}
+      post '/issues.json', {:issue => @attributes}, :authorization => credentials('jsmith')
+    end
+
+    should_respond_with :created
+    should_respond_with_content_type 'application/json'
+
+    should "create an issue with the attributes" do
+      assert_equal Issue.count, @issue_count + 1
+
+      issue = Issue.first(:order => 'id DESC')
+      @attributes.each do |attribute, value|
+        assert_equal value, issue.send(attribute)
+      end
+    end
+  end
+  
+  context "POST /issues.json with failure" do
+    setup do
+      @attributes = {:project_id => 1}
+      post '/issues.json', {:issue => @attributes}, :authorization => credentials('jsmith')
+    end
+
+    should_respond_with :unprocessable_entity
+    should_respond_with_content_type 'application/json'
+
+    should "have an errors element" do
+      json = ActiveSupport::JSON.decode(response.body)
+      assert_equal "can't be blank", json.first['subject']
+    end
+  end
+
+  context "PUT /issues/1.xml" do
+    setup do
+      @issue_count = Issue.count
+      @journal_count = Journal.count
+      @attributes = {:subject => 'API update', :notes => 'A new note'}
+
+      put '/issues/1.xml', {:issue => @attributes}, :authorization => credentials('jsmith')
+    end
+    
+    should_respond_with :ok
+    should_respond_with_content_type 'application/xml'
+
+    should "not create a new issue" do
+      assert_equal Issue.count, @issue_count
+    end
+
+    should "create a new journal" do
+      assert_equal Journal.count, @journal_count + 1
+    end
+
+    should "add the note to the journal" do
+      journal = Journal.last
+      assert_equal "A new note", journal.notes
+    end
+
+    should "update the issue" do
+      issue = Issue.find(1)
+      @attributes.each do |attribute, value|
+        assert_equal value, issue.send(attribute) unless attribute == :notes
+      end
+    end
+    
+  end
+  
+  context "PUT /issues/1.xml with failed update" do
+    setup do
+      @attributes = {:subject => ''}
+      @issue_count = Issue.count
+      @journal_count = Journal.count
+
+      put '/issues/1.xml', {:issue => @attributes}, :authorization => credentials('jsmith')
+    end
+    
+    should_respond_with :unprocessable_entity
+    should_respond_with_content_type 'application/xml'
+  
+    should "not create a new issue" do
+      assert_equal Issue.count, @issue_count
+    end
+
+    should "not create a new journal" do
+      assert_equal Journal.count, @journal_count
+    end
+
+    should "have an errors tag" do
+      assert_tag :errors, :child => {:tag => 'error', :content => "Subject can't be blank"}
+    end
+  end
+
+  context "PUT /issues/1.json" do
+    setup do
+      @issue_count = Issue.count
+      @journal_count = Journal.count
+      @attributes = {:subject => 'API update', :notes => 'A new note'}
+
+      put '/issues/1.json', {:issue => @attributes}, :authorization => credentials('jsmith')
+    end
+    
+    should_respond_with :ok
+    should_respond_with_content_type 'application/json'
+
+    should "not create a new issue" do
+      assert_equal Issue.count, @issue_count
+    end
+
+    should "create a new journal" do
+      assert_equal Journal.count, @journal_count + 1
+    end
+
+    should "add the note to the journal" do
+      journal = Journal.last
+      assert_equal "A new note", journal.notes
+    end
+
+    should "update the issue" do
+      issue = Issue.find(1)
+      @attributes.each do |attribute, value|
+        assert_equal value, issue.send(attribute) unless attribute == :notes
+      end
+    end
+
+  end
+  
+  context "PUT /issues/1.json with failed update" do
+    setup do
+      @attributes = {:subject => ''}
+      @issue_count = Issue.count
+      @journal_count = Journal.count
+
+      put '/issues/1.json', {:issue => @attributes}, :authorization => credentials('jsmith')
+    end
+    
+    should_respond_with :unprocessable_entity
+    should_respond_with_content_type 'application/json'
+  
+    should "not create a new issue" do
+      assert_equal Issue.count, @issue_count
+    end
+
+    should "not create a new journal" do
+      assert_equal Journal.count, @journal_count
+    end
+
+    should "have an errors attribute" do
+      json = ActiveSupport::JSON.decode(response.body)
+      assert_equal "can't be blank", json.first['subject']
+    end
+  end
+
+  context "DELETE /issues/1.xml" do
+    setup do
+      @issue_count = Issue.count
+      delete '/issues/1.xml', {}, :authorization => credentials('jsmith')
+    end
+
+    should_respond_with :ok
+    should_respond_with_content_type 'application/xml'
+
+    should "delete the issue" do
+      assert_equal Issue.count, @issue_count -1
+      assert_nil Issue.find_by_id(1)
+    end
+  end
+
+  context "DELETE /issues/1.json" do
+    setup do
+      @issue_count = Issue.count
+      delete '/issues/1.json', {}, :authorization => credentials('jsmith')
+    end
+
+    should_respond_with :ok
+    should_respond_with_content_type 'application/json'
+
+    should "delete the issue" do
+      assert_equal Issue.count, @issue_count -1
+      assert_nil Issue.find_by_id(1)
+    end
+  end
+
+  def credentials(user, password=nil)
+    ActionController::HttpAuthentication::Basic.encode_credentials(user, password || user)
+  end
+end
diff --git a/test/integration/api_test/projects_test.rb b/test/integration/api_test/projects_test.rb
new file mode 100644
index 000000000..7c090a925
--- /dev/null
+++ b/test/integration/api_test/projects_test.rb
@@ -0,0 +1,99 @@
+# Redmine - project management software
+# Copyright (C) 2006-2010  Jean-Philippe Lang
+#
+# This program is free software; you can redistribute it and/or
+# modify it under the terms of the GNU General Public License
+# as published by the Free Software Foundation; either version 2
+# of the License, or (at your option) any later version.
+# 
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+# 
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301, USA.
+
+require "#{File.dirname(__FILE__)}/../../test_helper"
+
+class ApiTest::ProjectsTest < ActionController::IntegrationTest
+  fixtures :projects, :versions, :users, :roles, :members, :member_roles, :issues, :journals, :journal_details,
+           :trackers, :projects_trackers, :issue_statuses, :enabled_modules, :enumerations, :boards, :messages,
+           :attachments, :custom_fields, :custom_values, :time_entries
+
+  def setup
+    Setting.rest_api_enabled = '1'
+  end
+    
+  def test_index
+    get '/projects.xml'
+    assert_response :success
+    assert_equal 'application/xml', @response.content_type
+  end
+    
+  def test_show
+    get '/projects/1.xml'
+    assert_response :success
+    assert_equal 'application/xml', @response.content_type
+  end
+    
+  def test_create
+    attributes = {:name => 'API test', :identifier => 'api-test'}
+    assert_difference 'Project.count' do
+      post '/projects.xml', {:project => attributes}, :authorization => credentials('admin')
+    end
+    assert_response :created
+    assert_equal 'application/xml', @response.content_type
+    project = Project.first(:order => 'id DESC')
+    attributes.each do |attribute, value|
+      assert_equal value, project.send(attribute)
+    end
+  end
+  
+  def test_create_failure
+    attributes = {:name => 'API test'}
+    assert_no_difference 'Project.count' do
+      post '/projects.xml', {:project => attributes}, :authorization => credentials('admin')
+    end
+    assert_response :unprocessable_entity
+    assert_equal 'application/xml', @response.content_type
+    assert_tag :errors, :child => {:tag => 'error', :content => "Identifier can't be blank"}
+  end
+    
+  def test_update
+    attributes = {:name => 'API update'}
+    assert_no_difference 'Project.count' do
+      put '/projects/1.xml', {:project => attributes}, :authorization => credentials('jsmith')
+    end
+    assert_response :ok
+    assert_equal 'application/xml', @response.content_type
+    project = Project.find(1)
+    attributes.each do |attribute, value|
+      assert_equal value, project.send(attribute)
+    end
+  end
+  
+  def test_update_failure
+    attributes = {:name => ''}
+    assert_no_difference 'Project.count' do
+      put '/projects/1.xml', {:project => attributes}, :authorization => credentials('jsmith')
+    end
+    assert_response :unprocessable_entity
+    assert_equal 'application/xml', @response.content_type
+    assert_tag :errors, :child => {:tag => 'error', :content => "Name can't be blank"}
+  end
+    
+  def test_destroy
+    assert_difference 'Project.count', -1 do
+      delete '/projects/2.xml', {}, :authorization => credentials('admin')
+    end
+    assert_response :ok
+    assert_equal 'application/xml', @response.content_type
+    assert_nil Project.find_by_id(2)
+  end
+  
+  def credentials(user, password=nil)
+    ActionController::HttpAuthentication::Basic.encode_credentials(user, password || user)
+  end
+end
diff --git a/test/integration/api_test/token_authentication_test.rb b/test/integration/api_test/token_authentication_test.rb
new file mode 100644
index 000000000..7d6cb2e1d
--- /dev/null
+++ b/test/integration/api_test/token_authentication_test.rb
@@ -0,0 +1,80 @@
+require "#{File.dirname(__FILE__)}/../../test_helper"
+
+class ApiTest::TokenAuthenticationTest < ActionController::IntegrationTest
+  fixtures :all
+
+  def setup
+    Setting.rest_api_enabled = '1'
+    Setting.login_required = '1'
+  end
+
+  def teardown
+    Setting.rest_api_enabled = '0'
+    Setting.login_required = '0'
+  end
+  
+  # Using the NewsController because it's a simple API.
+  context "get /news" do
+
+    context "in :xml format" do
+      context "with a valid api token" do
+        setup do
+          @user = User.generate_with_protected!
+          @token = Token.generate!(:user => @user, :action => 'api')
+          get "/news.xml?key=#{@token.value}"
+        end
+        
+        should_respond_with :success
+        should_respond_with_content_type :xml
+        should "login as the user" do
+          assert_equal @user, User.current
+        end
+      end
+
+      context "with an invalid api token" do
+        setup do
+          @user = User.generate_with_protected!
+          @token = Token.generate!(:user => @user, :action => 'feeds')
+          get "/news.xml?key=#{@token.value}"
+        end
+        
+        should_respond_with :unauthorized
+        should_respond_with_content_type :xml
+        should "not login as the user" do
+          assert_equal User.anonymous, User.current
+        end
+      end
+    end
+
+    context "in :json format" do
+      context "with a valid api token" do
+        setup do
+          @user = User.generate_with_protected!
+          @token = Token.generate!(:user => @user, :action => 'api')
+          get "/news.json?key=#{@token.value}"
+        end
+        
+        should_respond_with :success
+        should_respond_with_content_type :json
+        should "login as the user" do
+          assert_equal @user, User.current
+        end
+      end
+
+      context "with an invalid api token" do
+        setup do
+          @user = User.generate_with_protected!
+          @token = Token.generate!(:user => @user, :action => 'feeds')
+          get "/news.json?key=#{@token.value}"
+        end
+        
+        should_respond_with :unauthorized
+        should_respond_with_content_type :json
+        should "not login as the user" do
+          assert_equal User.anonymous, User.current
+        end
+      end
+    end
+    
+  end
+end