From bfcd5039f2884cb35f96ad6e64258c8a653c5348 Mon Sep 17 00:00:00 2001 From: Eric Davis Date: Wed, 23 Dec 2009 06:27:44 +0000 Subject: Added an Admin setting to enable/disable the REST web service. (#3920) git-svn-id: svn+ssh://rubyforge.org/var/svn/redmine/trunk@3220 e93f8b46-1217-0410-a6f0-8f06a7374b81 --- test/integration/api_token_login_test.rb | 2 + test/integration/disabled_rest_api_test.rb | 110 +++++++++++++++++++++ test/integration/http_basic_login_test.rb | 2 + .../http_basic_login_with_api_token_test.rb | 2 + 4 files changed, 116 insertions(+) create mode 100644 test/integration/disabled_rest_api_test.rb (limited to 'test') diff --git a/test/integration/api_token_login_test.rb b/test/integration/api_token_login_test.rb index 9017ab7be..43f6eb01f 100644 --- a/test/integration/api_token_login_test.rb +++ b/test/integration/api_token_login_test.rb @@ -4,10 +4,12 @@ class ApiTokenLoginTest < ActionController::IntegrationTest fixtures :all def setup + Setting.rest_api_enabled = '1' Setting.login_required = '1' end def teardown + Setting.rest_api_enabled = '0' Setting.login_required = '0' end diff --git a/test/integration/disabled_rest_api_test.rb b/test/integration/disabled_rest_api_test.rb new file mode 100644 index 000000000..5ebf91c3f --- /dev/null +++ b/test/integration/disabled_rest_api_test.rb @@ -0,0 +1,110 @@ +require "#{File.dirname(__FILE__)}/../test_helper" + +class DisabledRestApi < ActionController::IntegrationTest + fixtures :all + + def setup + Setting.rest_api_enabled = '0' + Setting.login_required = '1' + end + + def teardown + Setting.rest_api_enabled = '1' + Setting.login_required = '0' + end + + # Using the NewsController because it's a simple API. + context "get /news with the API disabled" do + + context "in :xml format" do + context "with a valid api token" do + setup do + @user = User.generate_with_protected! + @token = Token.generate!(:user => @user, :action => 'api') + get "/news.xml?key=#{@token.value}" + end + + should_respond_with :unauthorized + should_respond_with_content_type :xml + should "not login as the user" do + assert_equal User.anonymous, User.current + end + end + + context "with a valid HTTP authentication" do + setup do + @user = User.generate_with_protected!(:password => 'my_password', :password_confirmation => 'my_password') + @authorization = ActionController::HttpAuthentication::Basic.encode_credentials(@user.login, 'my_password') + get "/news.xml", nil, :authorization => @authorization + end + + should_respond_with :unauthorized + should_respond_with_content_type :xml + should "not login as the user" do + assert_equal User.anonymous, User.current + end + end + + context "with a valid HTTP authentication using the API token" do + setup do + @user = User.generate_with_protected! + @token = Token.generate!(:user => @user, :action => 'api') + @authorization = ActionController::HttpAuthentication::Basic.encode_credentials(@token.value, 'X') + get "/news.xml", nil, :authorization => @authorization + end + + should_respond_with :unauthorized + should_respond_with_content_type :xml + should "not login as the user" do + assert_equal User.anonymous, User.current + end + end + end + + context "in :json format" do + context "with a valid api token" do + setup do + @user = User.generate_with_protected! + @token = Token.generate!(:user => @user, :action => 'api') + get "/news.json?key=#{@token.value}" + end + + should_respond_with :unauthorized + should_respond_with_content_type :json + should "not login as the user" do + assert_equal User.anonymous, User.current + end + end + + context "with a valid HTTP authentication" do + setup do + @user = User.generate_with_protected!(:password => 'my_password', :password_confirmation => 'my_password') + @authorization = ActionController::HttpAuthentication::Basic.encode_credentials(@user.login, 'my_password') + get "/news.json", nil, :authorization => @authorization + end + + should_respond_with :unauthorized + should_respond_with_content_type :json + should "not login as the user" do + assert_equal User.anonymous, User.current + end + end + + context "with a valid HTTP authentication using the API token" do + setup do + @user = User.generate_with_protected! + @token = Token.generate!(:user => @user, :action => 'api') + @authorization = ActionController::HttpAuthentication::Basic.encode_credentials(@token.value, 'DoesNotMatter') + get "/news.json", nil, :authorization => @authorization + end + + should_respond_with :unauthorized + should_respond_with_content_type :json + should "not login as the user" do + assert_equal User.anonymous, User.current + end + end + + end + end +end diff --git a/test/integration/http_basic_login_test.rb b/test/integration/http_basic_login_test.rb index e18359dfc..7f5c15c7d 100644 --- a/test/integration/http_basic_login_test.rb +++ b/test/integration/http_basic_login_test.rb @@ -4,10 +4,12 @@ class HttpBasicLoginTest < ActionController::IntegrationTest fixtures :all def setup + Setting.rest_api_enabled = '1' Setting.login_required = '1' end def teardown + Setting.rest_api_enabled = '0' Setting.login_required = '0' end diff --git a/test/integration/http_basic_login_with_api_token_test.rb b/test/integration/http_basic_login_with_api_token_test.rb index 2aefb8b0e..fe3df3130 100644 --- a/test/integration/http_basic_login_with_api_token_test.rb +++ b/test/integration/http_basic_login_with_api_token_test.rb @@ -4,10 +4,12 @@ class HttpBasicLoginWithApiTokenTest < ActionController::IntegrationTest fixtures :all def setup + Setting.rest_api_enabled = '1' Setting.login_required = '1' end def teardown + Setting.rest_api_enabled = '0' Setting.login_required = '0' end -- cgit v1.2.3