summaryrefslogtreecommitdiffstats
path: root/test
diff options
context:
space:
mode:
authorMarius Balteanu <marius.balteanu@zitec.com>2022-02-24 19:10:35 +0000
committerMarius Balteanu <marius.balteanu@zitec.com>2022-02-24 19:10:35 +0000
commit1db2566ff95c72c6e86e2c406b2bc7827a85dc46 (patch)
tree66a0ba4b2c79ce0380ee0c4edeb9ea3452e2a406 /test
parentba74ba1c702e7a122328094341e659c2baf9fd3d (diff)
downloadredmine-1db2566ff95c72c6e86e2c406b2bc7827a85dc46.tar.gz
redmine-1db2566ff95c72c6e86e2c406b2bc7827a85dc46.zip
Disable API authentication with username and password when two-factor authentication is enabled for the user (#35001).
Patch by Go MAEDA. git-svn-id: http://svn.redmine.org/redmine/trunk@21436 e93f8b46-1217-0410-a6f0-8f06a7374b81
Diffstat (limited to 'test')
-rw-r--r--test/integration/api_test/authentication_test.rb9
1 files changed, 9 insertions, 0 deletions
diff --git a/test/integration/api_test/authentication_test.rb b/test/integration/api_test/authentication_test.rb
index 60d787ea8..18838487c 100644
--- a/test/integration/api_test/authentication_test.rb
+++ b/test/integration/api_test/authentication_test.rb
@@ -48,6 +48,15 @@ class Redmine::ApiTest::AuthenticationTest < Redmine::ApiTest::Base
assert_response 401
end
+ def test_api_should_deny_http_basic_auth_if_twofa_is_active
+ user = User.generate! do |user|
+ user.password = 'my_password'
+ user.update(twofa_scheme: 'totp')
+ end
+ get '/users/current.xml', :headers => credentials(user.login, 'my_password')
+ assert_response 401
+ end
+
def test_api_should_accept_http_basic_auth_using_api_key
user = User.generate!
token = Token.create!(:user => user, :action => 'api')