diff options
| -rw-r--r-- | test/integration/api_test/token_authentication_test.rb | 58 | ||||
| -rw-r--r-- | test/test_helper.rb | 55 |
2 files changed, 57 insertions, 56 deletions
diff --git a/test/integration/api_test/token_authentication_test.rb b/test/integration/api_test/token_authentication_test.rb index 7d6cb2e1d..5c116c161 100644 --- a/test/integration/api_test/token_authentication_test.rb +++ b/test/integration/api_test/token_authentication_test.rb @@ -15,66 +15,12 @@ class ApiTest::TokenAuthenticationTest < ActionController::IntegrationTest # Using the NewsController because it's a simple API. context "get /news" do - context "in :xml format" do - context "with a valid api token" do - setup do - @user = User.generate_with_protected! - @token = Token.generate!(:user => @user, :action => 'api') - get "/news.xml?key=#{@token.value}" - end - - should_respond_with :success - should_respond_with_content_type :xml - should "login as the user" do - assert_equal @user, User.current - end - end - - context "with an invalid api token" do - setup do - @user = User.generate_with_protected! - @token = Token.generate!(:user => @user, :action => 'feeds') - get "/news.xml?key=#{@token.value}" - end - - should_respond_with :unauthorized - should_respond_with_content_type :xml - should "not login as the user" do - assert_equal User.anonymous, User.current - end - end + should_allow_key_based_auth(:get, "/news.xml") end context "in :json format" do - context "with a valid api token" do - setup do - @user = User.generate_with_protected! - @token = Token.generate!(:user => @user, :action => 'api') - get "/news.json?key=#{@token.value}" - end - - should_respond_with :success - should_respond_with_content_type :json - should "login as the user" do - assert_equal @user, User.current - end - end - - context "with an invalid api token" do - setup do - @user = User.generate_with_protected! - @token = Token.generate!(:user => @user, :action => 'feeds') - get "/news.json?key=#{@token.value}" - end - - should_respond_with :unauthorized - should_respond_with_content_type :json - should "not login as the user" do - assert_equal User.anonymous, User.current - end - end + should_allow_key_based_auth(:get, "/news.json") end - end end diff --git a/test/test_helper.rb b/test/test_helper.rb index db44bb9b8..001638754 100644 --- a/test/test_helper.rb +++ b/test/test_helper.rb @@ -185,6 +185,61 @@ class ActiveSupport::TestCase assert !user.new_record? end end + + # Test that a request allows full key authentication + # + # @param [Symbol] http_method the HTTP method for request (:get, :post, :put, :delete) + # @param [String] url the request url, without the key=ZXY parameter + def self.should_allow_key_based_auth(http_method, url) + context "should allow key based auth using key=X for #{url}" do + context "with a valid api token" do + setup do + @user = User.generate_with_protected! + @token = Token.generate!(:user => @user, :action => 'api') + send(http_method, url + "?key=#{@token.value}") + end + + should_respond_with :success + should_respond_with_content_type_based_on_url(url) + should "login as the user" do + assert_equal @user, User.current + end + end + + context "with an invalid api token" do + setup do + @user = User.generate_with_protected! + @token = Token.generate!(:user => @user, :action => 'feeds') + send(http_method, url + "?key=#{@token.value}") + end + + should_respond_with :unauthorized + should_respond_with_content_type_based_on_url(url) + should "not login as the user" do + assert_equal User.anonymous, User.current + end + end + end + + end + + # Uses should_respond_with_content_type based on what's in the url: + # + # '/project/issues.xml' => should_respond_with_content_type :xml + # '/project/issues.json' => should_respond_with_content_type :json + # + # @param [String] url Request + def self.should_respond_with_content_type_based_on_url(url) + case + when url.match(/xml/i) + should_respond_with_content_type :xml + when url.match(/json/i) + should_respond_with_content_type :json + else + raise "Unknown content type for should_respond_with_content_type_based_on_url: #{url}" + end + + end end # Simple module to "namespace" all of the API tests |