From baa1ad42560fb9bfd6f99cd3374c4b5c1e7ae668 Mon Sep 17 00:00:00 2001
From: Eric Davis <edavis@littlestreamsoftware.com>
Date: Wed, 23 Dec 2009 06:27:33 +0000
Subject: Allow authenticating with an API token via XML or JSON. (#3920)

git-svn-id: svn+ssh://rubyforge.org/var/svn/redmine/trunk@3218 e93f8b46-1217-0410-a6f0-8f06a7374b81
---
 test/integration/api_token_login_test.rb | 73 ++++++++++++++++++++++++++++++++
 1 file changed, 73 insertions(+)
 create mode 100644 test/integration/api_token_login_test.rb

(limited to 'test/integration')

diff --git a/test/integration/api_token_login_test.rb b/test/integration/api_token_login_test.rb
new file mode 100644
index 000000000..4077403e6
--- /dev/null
+++ b/test/integration/api_token_login_test.rb
@@ -0,0 +1,73 @@
+require "#{File.dirname(__FILE__)}/../test_helper"
+
+class ApiTokenLoginTest < ActionController::IntegrationTest
+  fixtures :all
+
+  # Using the NewsController because it's a simple API.
+  context "get /news.xml" do
+
+    context "in :xml format" do
+      context "with a valid api token" do
+        setup do
+          @user = User.generate_with_protected!
+          @token = Token.generate!(:user => @user, :action => 'api')
+          get "/news.xml?key=#{@token.value}"
+        end
+        
+        should_respond_with :success
+        should_respond_with_content_type :xml
+        should "login as the user" do
+          assert_equal @user, User.current
+        end
+      end
+
+      context "with an invalid api token (on a protected site)" do
+        setup do
+          Setting.login_required = '1'
+          @user = User.generate_with_protected!
+          @token = Token.generate!(:user => @user, :action => 'feeds')
+          get "/news.xml?key=#{@token.value}"
+        end
+        
+        should_respond_with :unauthorized
+        should_respond_with_content_type :xml
+        should "not login as the user" do
+          assert_equal User.anonymous, User.current
+        end
+      end
+    end
+
+    context "in :json format" do
+      context "with a valid api token" do
+        setup do
+          @user = User.generate_with_protected!
+          @token = Token.generate!(:user => @user, :action => 'api')
+          get "/news.json?key=#{@token.value}"
+        end
+        
+        should_respond_with :success
+        should_respond_with_content_type :json
+        should "login as the user" do
+          assert_equal @user, User.current
+        end
+      end
+
+      context "with an invalid api token (on a protected site)" do
+        setup do
+          Setting.login_required = '1'
+          @user = User.generate_with_protected!
+          @token = Token.generate!(:user => @user, :action => 'feeds')
+          get "/news.json?key=#{@token.value}"
+        end
+        
+        should_respond_with :unauthorized
+        should_respond_with_content_type :json
+        should "not login as the user" do
+          assert_equal User.anonymous, User.current
+        end
+      end
+    end
+    
+  end
+
+end
-- 
cgit v1.2.3