| 29 |
29 |
def test_api_should_deny_without_credentials
|
| 30 |
30 |
get '/users/current.xml'
|
| 31 |
31 |
assert_response 401
|
| 32 |
|
assert_equal User.anonymous, User.current
|
| 33 |
32 |
assert response.headers.has_key?('WWW-Authenticate')
|
| 34 |
33 |
end
|
| 35 |
34 |
|
| ... | ... | |
| 39 |
38 |
end
|
| 40 |
39 |
get '/users/current.xml', :headers => credentials(user.login, 'my_password')
|
| 41 |
40 |
assert_response 200
|
| 42 |
|
assert_equal user, User.current
|
| 43 |
41 |
end
|
| 44 |
42 |
|
| 45 |
43 |
def test_api_should_deny_http_basic_auth_using_username_and_wrong_password
|
| ... | ... | |
| 48 |
46 |
end
|
| 49 |
47 |
get '/users/current.xml', :headers => credentials(user.login, 'wrong_password')
|
| 50 |
48 |
assert_response 401
|
| 51 |
|
assert_equal User.anonymous, User.current
|
| 52 |
49 |
end
|
| 53 |
50 |
|
| 54 |
51 |
def test_api_should_accept_http_basic_auth_using_api_key
|
| ... | ... | |
| 56 |
53 |
token = Token.create!(:user => user, :action => 'api')
|
| 57 |
54 |
get '/users/current.xml', :headers => credentials(token.value, 'X')
|
| 58 |
55 |
assert_response 200
|
| 59 |
|
assert_equal user, User.current
|
| 60 |
56 |
end
|
| 61 |
57 |
|
| 62 |
58 |
def test_api_should_deny_http_basic_auth_using_wrong_api_key
|
| ... | ... | |
| 64 |
60 |
token = Token.create!(:user => user, :action => 'feeds') # not the API key
|
| 65 |
61 |
get '/users/current.xml', :headers => credentials(token.value, 'X')
|
| 66 |
62 |
assert_response 401
|
| 67 |
|
assert_equal User.anonymous, User.current
|
| 68 |
63 |
end
|
| 69 |
64 |
|
| 70 |
65 |
def test_api_should_accept_auth_using_api_key_as_parameter
|
| ... | ... | |
| 72 |
67 |
token = Token.create!(:user => user, :action => 'api')
|
| 73 |
68 |
get "/users/current.xml?key=#{token.value}"
|
| 74 |
69 |
assert_response 200
|
| 75 |
|
assert_equal user, User.current
|
| 76 |
70 |
end
|
| 77 |
71 |
|
| 78 |
72 |
def test_api_should_deny_auth_using_wrong_api_key_as_parameter
|
| ... | ... | |
| 80 |
74 |
token = Token.create!(:user => user, :action => 'feeds') # not the API key
|
| 81 |
75 |
get "/users/current.xml?key=#{token.value}"
|
| 82 |
76 |
assert_response 401
|
| 83 |
|
assert_equal User.anonymous, User.current
|
| 84 |
77 |
end
|
| 85 |
78 |
|
| 86 |
79 |
def test_api_should_accept_auth_using_api_key_as_request_header
|
| ... | ... | |
| 88 |
81 |
token = Token.create!(:user => user, :action => 'api')
|
| 89 |
82 |
get "/users/current.xml", :headers => {'X-Redmine-API-Key' => token.value.to_s}
|
| 90 |
83 |
assert_response 200
|
| 91 |
|
assert_equal user, User.current
|
| 92 |
84 |
end
|
| 93 |
85 |
|
| 94 |
86 |
def test_api_should_deny_auth_using_wrong_api_key_as_request_header
|
| ... | ... | |
| 96 |
88 |
token = Token.create!(:user => user, :action => 'feeds') # not the API key
|
| 97 |
89 |
get "/users/current.xml", :headers => {'X-Redmine-API-Key' => token.value.to_s}
|
| 98 |
90 |
assert_response 401
|
| 99 |
|
assert_equal User.anonymous, User.current
|
| 100 |
91 |
end
|
| 101 |
92 |
|
| 102 |
93 |
def test_api_should_trigger_basic_http_auth_with_basic_authorization_header
|
| ... | ... | |
| 136 |
127 |
get '/users/current', :headers => {'X-Redmine-API-Key' => user.api_key, 'X-Redmine-Switch-User' => su.login}
|
| 137 |
128 |
assert_response :success
|
| 138 |
129 |
assert_select 'h2', :text => su.name
|
| 139 |
|
assert_equal su, User.current
|
| 140 |
130 |
end
|
| 141 |
131 |
|
| 142 |
132 |
def test_api_should_respond_with_412_when_trying_to_switch_to_a_invalid_user
|
| ... | ... | |
| 159 |
149 |
get '/users/current', :headers => {'X-Redmine-API-Key' => user.api_key, 'X-Redmine-Switch-User' => su.login}
|
| 160 |
150 |
assert_response :success
|
| 161 |
151 |
assert_select 'h2', :text => user.name
|
| 162 |
|
assert_equal user, User.current
|
| 163 |
152 |
end
|
| 164 |
153 |
end
|