Added an API token for each User to use when making API requests. (#3920)

The API key will be displayed on My Account page with a link to reset or
generate a new one.  All existing users will have a token generated by the
migration.

git-svn-id: svn+ssh://rubyforge.org/var/svn/redmine/trunk@3217 e93f8b46-1217-0410-a6f0-8f06a7374b81

2 files changed, 85 insertions, 1 deletions

diff --git a/test/functional/my_controller_test.rb b/test/functional/my_controller_test.rb
index b87180745..877095dfb 100644
--- a/test/functional/my_controller_test.rb
+++ b/test/functional/my_controller_test.rb
@@ -163,4 +163,38 @@ class MyControllerTest < ActionController::TestCase
       should_redirect_to('my account') {'/my/account' }
     end
   end
+
+  context "POST to reset_api_key" do
+    context "with an existing api_token" do
+      setup do
+        @previous_token_value = User.find(2).api_key # Will generate one if it's missing
+        post :reset_api_key
+      end
+
+      should "destroy the existing token" do
+        assert_not_equal @previous_token_value, User.find(2).api_key
+      end
+
+      should "create a new token" do
+        assert User.find(2).api_token
+      end
+
+      should_set_the_flash_to /reset/
+      should_redirect_to('my account') {'/my/account' }
+    end
+    
+    context "with no api_token" do
+      setup do
+        assert_nil User.find(2).api_token
+        post :reset_api_key
+      end
+
+      should "create a new token" do
+        assert User.find(2).api_token
+      end
+
+      should_set_the_flash_to /reset/
+      should_redirect_to('my account') {'/my/account' }
+    end
+  end
 end
diff --git a/test/unit/user_test.rb b/test/unit/user_test.rb
index 2a4996539..a94870dbc 100644
--- a/test/unit/user_test.rb
+++ b/test/unit/user_test.rb
@@ -126,7 +126,9 @@ class UserTest < ActiveSupport::TestCase
     assert !anon.new_record?
     assert_kind_of AnonymousUser, anon
   end
-  
+
+  should_have_one :rss_token
+
   def test_rss_key
     assert_nil @jsmith.rss_token
     key = @jsmith.rss_key
@@ -135,7 +137,55 @@ class UserTest < ActiveSupport::TestCase
     @jsmith.reload
     assert_equal key, @jsmith.rss_key
   end
+
   
+  should_have_one :api_token
+
+  context "User#api_key" do
+    should "generate a new one if the user doesn't have one" do
+      user = User.generate_with_protected!(:api_token => nil)
+      assert_nil user.api_token
+
+      key = user.api_key
+      assert_equal 40, key.length
+      user.reload
+      assert_equal key, user.api_key
+    end
+
+    should "return the existing api token value" do
+      user = User.generate_with_protected!
+      token = Token.generate!(:action => 'api')
+      user.api_token = token
+      assert user.save
+      
+      assert_equal token.value, user.api_key
+    end
+  end
+
+  context "User#find_by_api_key" do
+    should "return nil if no matching key is found" do
+      assert_nil User.find_by_api_key('zzzzzzzzz')
+    end
+
+    should "return nil if the key is found for an inactive user" do
+      user = User.generate_with_protected!(:status => User::STATUS_LOCKED)
+      token = Token.generate!(:action => 'api')
+      user.api_token = token
+      user.save
+
+      assert_nil User.find_by_api_key(token.value)
+    end
+
+    should "return the user if the key is found for an active user" do
+      user = User.generate_with_protected!(:status => User::STATUS_ACTIVE)
+      token = Token.generate!(:action => 'api')
+      user.api_token = token
+      user.save
+      
+      assert_equal user, User.find_by_api_key(token.value)
+    end
+  end
+
   def test_roles_for_project
     # user with a role
     roles = @jsmith.roles_for_project(Project.find(1))