From aa9951b38b27c7465a313fc72b73b819b292e9b2 Mon Sep 17 00:00:00 2001 From: Eric Davis Date: Wed, 23 Dec 2009 06:27:28 +0000 Subject: Added an API token for each User to use when making API requests. (#3920) The API key will be displayed on My Account page with a link to reset or generate a new one. All existing users will have a token generated by the migration. git-svn-id: svn+ssh://rubyforge.org/var/svn/redmine/trunk@3217 e93f8b46-1217-0410-a6f0-8f06a7374b81 --- test/functional/my_controller_test.rb | 34 +++++++++++++++++++++++ test/unit/user_test.rb | 52 ++++++++++++++++++++++++++++++++++- 2 files changed, 85 insertions(+), 1 deletion(-) (limited to 'test') diff --git a/test/functional/my_controller_test.rb b/test/functional/my_controller_test.rb index b87180745..877095dfb 100644 --- a/test/functional/my_controller_test.rb +++ b/test/functional/my_controller_test.rb @@ -163,4 +163,38 @@ class MyControllerTest < ActionController::TestCase should_redirect_to('my account') {'/my/account' } end end + + context "POST to reset_api_key" do + context "with an existing api_token" do + setup do + @previous_token_value = User.find(2).api_key # Will generate one if it's missing + post :reset_api_key + end + + should "destroy the existing token" do + assert_not_equal @previous_token_value, User.find(2).api_key + end + + should "create a new token" do + assert User.find(2).api_token + end + + should_set_the_flash_to /reset/ + should_redirect_to('my account') {'/my/account' } + end + + context "with no api_token" do + setup do + assert_nil User.find(2).api_token + post :reset_api_key + end + + should "create a new token" do + assert User.find(2).api_token + end + + should_set_the_flash_to /reset/ + should_redirect_to('my account') {'/my/account' } + end + end end diff --git a/test/unit/user_test.rb b/test/unit/user_test.rb index 2a4996539..a94870dbc 100644 --- a/test/unit/user_test.rb +++ b/test/unit/user_test.rb @@ -126,7 +126,9 @@ class UserTest < ActiveSupport::TestCase assert !anon.new_record? assert_kind_of AnonymousUser, anon end - + + should_have_one :rss_token + def test_rss_key assert_nil @jsmith.rss_token key = @jsmith.rss_key @@ -135,7 +137,55 @@ class UserTest < ActiveSupport::TestCase @jsmith.reload assert_equal key, @jsmith.rss_key end + + should_have_one :api_token + + context "User#api_key" do + should "generate a new one if the user doesn't have one" do + user = User.generate_with_protected!(:api_token => nil) + assert_nil user.api_token + + key = user.api_key + assert_equal 40, key.length + user.reload + assert_equal key, user.api_key + end + + should "return the existing api token value" do + user = User.generate_with_protected! + token = Token.generate!(:action => 'api') + user.api_token = token + assert user.save + + assert_equal token.value, user.api_key + end + end + + context "User#find_by_api_key" do + should "return nil if no matching key is found" do + assert_nil User.find_by_api_key('zzzzzzzzz') + end + + should "return nil if the key is found for an inactive user" do + user = User.generate_with_protected!(:status => User::STATUS_LOCKED) + token = Token.generate!(:action => 'api') + user.api_token = token + user.save + + assert_nil User.find_by_api_key(token.value) + end + + should "return the user if the key is found for an active user" do + user = User.generate_with_protected!(:status => User::STATUS_ACTIVE) + token = Token.generate!(:action => 'api') + user.api_token = token + user.save + + assert_equal user, User.find_by_api_key(token.value) + end + end + def test_roles_for_project # user with a role roles = @jsmith.roles_for_project(Project.find(1)) -- cgit v1.2.3