diff options
| -rw-r--r-- | app/controllers/application_controller.rb | 2 | ||||
| -rw-r--r-- | app/helpers/settings_helper.rb | 3 | ||||
| -rw-r--r-- | app/views/settings/_integration.html.erb | 8 | ||||
| -rw-r--r-- | config/locales/en.yml | 2 | ||||
| -rw-r--r-- | config/settings.yml | 2 | ||||
| -rw-r--r-- | test/integration/api_token_login_test.rb | 2 | ||||
| -rw-r--r-- | test/integration/disabled_rest_api_test.rb | 110 | ||||
| -rw-r--r-- | test/integration/http_basic_login_test.rb | 2 | ||||
| -rw-r--r-- | test/integration/http_basic_login_with_api_token_test.rb | 2 |
9 files changed, 131 insertions, 2 deletions
diff --git a/app/controllers/application_controller.rb b/app/controllers/application_controller.rb index 45aeb9955..20a8e5760 100644 --- a/app/controllers/application_controller.rb +++ b/app/controllers/application_controller.rb @@ -70,7 +70,7 @@ class ApplicationController < ActionController::Base elsif params[:format] == 'atom' && params[:key] && accept_key_auth_actions.include?(params[:action]) # RSS key authentication does not start a session User.find_by_rss_key(params[:key]) - elsif ['xml', 'json'].include?(params[:format]) && accept_key_auth_actions.include?(params[:action]) + elsif Setting.rest_api_enabled? && ['xml', 'json'].include?(params[:format]) && accept_key_auth_actions.include?(params[:action]) if params[:key].present? # Use API key User.find_by_api_key(params[:key]) diff --git a/app/helpers/settings_helper.rb b/app/helpers/settings_helper.rb index e57b75fcc..18212683d 100644 --- a/app/helpers/settings_helper.rb +++ b/app/helpers/settings_helper.rb @@ -24,7 +24,8 @@ module SettingsHelper {:name => 'issues', :partial => 'settings/issues', :label => :label_issue_tracking}, {:name => 'notifications', :partial => 'settings/notifications', :label => :field_mail_notification}, {:name => 'mail_handler', :partial => 'settings/mail_handler', :label => :label_incoming_emails}, - {:name => 'repositories', :partial => 'settings/repositories', :label => :label_repository_plural} + {:name => 'repositories', :partial => 'settings/repositories', :label => :label_repository_plural}, + {:name => 'integration', :partial => 'settings/integration', :label => :label_integration} ] end diff --git a/app/views/settings/_integration.html.erb b/app/views/settings/_integration.html.erb new file mode 100644 index 000000000..23a612e56 --- /dev/null +++ b/app/views/settings/_integration.html.erb @@ -0,0 +1,8 @@ +<% form_tag({:action => 'edit', :tab => 'integration'}) do %> + +<div class="box tabular settings"> +<p><%= setting_check_box :rest_api_enabled %></p> +</div> + +<%= submit_tag l(:button_save) %> +<% end %> diff --git a/config/locales/en.yml b/config/locales/en.yml index d75897bef..0195f3523 100644 --- a/config/locales/en.yml +++ b/config/locales/en.yml @@ -324,6 +324,7 @@ en: setting_issue_done_ratio_issue_field: Use the issue field setting_issue_done_ratio_issue_status: Use the issue status setting_start_of_week: Start calendars on + setting_rest_api_enabled: Enable REST web service permission_add_project: Create project permission_edit_project: Edit project @@ -735,6 +736,7 @@ en: label_api_access_key: API access key label_missing_api_access_key: Missing an API access key label_api_access_key_created_on: "API access key created {{value}} ago" + label_integration: Integration button_login: Login button_submit: Submit diff --git a/config/settings.yml b/config/settings.yml index d5943ebdb..09bce1f20 100644 --- a/config/settings.yml +++ b/config/settings.yml @@ -176,3 +176,5 @@ gravatar_default: default: '' start_of_week: default: '' +rest_api_enabled: + default: 0 diff --git a/test/integration/api_token_login_test.rb b/test/integration/api_token_login_test.rb index 9017ab7be..43f6eb01f 100644 --- a/test/integration/api_token_login_test.rb +++ b/test/integration/api_token_login_test.rb @@ -4,10 +4,12 @@ class ApiTokenLoginTest < ActionController::IntegrationTest fixtures :all def setup + Setting.rest_api_enabled = '1' Setting.login_required = '1' end def teardown + Setting.rest_api_enabled = '0' Setting.login_required = '0' end diff --git a/test/integration/disabled_rest_api_test.rb b/test/integration/disabled_rest_api_test.rb new file mode 100644 index 000000000..5ebf91c3f --- /dev/null +++ b/test/integration/disabled_rest_api_test.rb @@ -0,0 +1,110 @@ +require "#{File.dirname(__FILE__)}/../test_helper" + +class DisabledRestApi < ActionController::IntegrationTest + fixtures :all + + def setup + Setting.rest_api_enabled = '0' + Setting.login_required = '1' + end + + def teardown + Setting.rest_api_enabled = '1' + Setting.login_required = '0' + end + + # Using the NewsController because it's a simple API. + context "get /news with the API disabled" do + + context "in :xml format" do + context "with a valid api token" do + setup do + @user = User.generate_with_protected! + @token = Token.generate!(:user => @user, :action => 'api') + get "/news.xml?key=#{@token.value}" + end + + should_respond_with :unauthorized + should_respond_with_content_type :xml + should "not login as the user" do + assert_equal User.anonymous, User.current + end + end + + context "with a valid HTTP authentication" do + setup do + @user = User.generate_with_protected!(:password => 'my_password', :password_confirmation => 'my_password') + @authorization = ActionController::HttpAuthentication::Basic.encode_credentials(@user.login, 'my_password') + get "/news.xml", nil, :authorization => @authorization + end + + should_respond_with :unauthorized + should_respond_with_content_type :xml + should "not login as the user" do + assert_equal User.anonymous, User.current + end + end + + context "with a valid HTTP authentication using the API token" do + setup do + @user = User.generate_with_protected! + @token = Token.generate!(:user => @user, :action => 'api') + @authorization = ActionController::HttpAuthentication::Basic.encode_credentials(@token.value, 'X') + get "/news.xml", nil, :authorization => @authorization + end + + should_respond_with :unauthorized + should_respond_with_content_type :xml + should "not login as the user" do + assert_equal User.anonymous, User.current + end + end + end + + context "in :json format" do + context "with a valid api token" do + setup do + @user = User.generate_with_protected! + @token = Token.generate!(:user => @user, :action => 'api') + get "/news.json?key=#{@token.value}" + end + + should_respond_with :unauthorized + should_respond_with_content_type :json + should "not login as the user" do + assert_equal User.anonymous, User.current + end + end + + context "with a valid HTTP authentication" do + setup do + @user = User.generate_with_protected!(:password => 'my_password', :password_confirmation => 'my_password') + @authorization = ActionController::HttpAuthentication::Basic.encode_credentials(@user.login, 'my_password') + get "/news.json", nil, :authorization => @authorization + end + + should_respond_with :unauthorized + should_respond_with_content_type :json + should "not login as the user" do + assert_equal User.anonymous, User.current + end + end + + context "with a valid HTTP authentication using the API token" do + setup do + @user = User.generate_with_protected! + @token = Token.generate!(:user => @user, :action => 'api') + @authorization = ActionController::HttpAuthentication::Basic.encode_credentials(@token.value, 'DoesNotMatter') + get "/news.json", nil, :authorization => @authorization + end + + should_respond_with :unauthorized + should_respond_with_content_type :json + should "not login as the user" do + assert_equal User.anonymous, User.current + end + end + + end + end +end diff --git a/test/integration/http_basic_login_test.rb b/test/integration/http_basic_login_test.rb index e18359dfc..7f5c15c7d 100644 --- a/test/integration/http_basic_login_test.rb +++ b/test/integration/http_basic_login_test.rb @@ -4,10 +4,12 @@ class HttpBasicLoginTest < ActionController::IntegrationTest fixtures :all def setup + Setting.rest_api_enabled = '1' Setting.login_required = '1' end def teardown + Setting.rest_api_enabled = '0' Setting.login_required = '0' end diff --git a/test/integration/http_basic_login_with_api_token_test.rb b/test/integration/http_basic_login_with_api_token_test.rb index 2aefb8b0e..fe3df3130 100644 --- a/test/integration/http_basic_login_with_api_token_test.rb +++ b/test/integration/http_basic_login_with_api_token_test.rb @@ -4,10 +4,12 @@ class HttpBasicLoginWithApiTokenTest < ActionController::IntegrationTest fixtures :all def setup + Setting.rest_api_enabled = '1' Setting.login_required = '1' end def teardown + Setting.rest_api_enabled = '0' Setting.login_required = '0' end |