31911.patch

Patch by Yuichi HARADA (#31911#note-2) - Go MAEDA, 2019-12-14 08:54

Download (5.9 KB)

View differences:

Gemfile
4 4

  
5 5
gem "rails", "5.2.4"
6 6
gem "rouge", "~> 3.14.0"
7
gem "request_store", "1.0.5"
7
gem "request_store", "~> 1.4.1"
8 8
gem "mini_mime", "~> 1.0.1"
9 9
gem "actionpack-xml_parser"
10 10
gem "roadie-rails", (RUBY_VERSION < "2.5" ? "~> 1.3.0" : "~> 2.1.0")
test/integration/api_test/authentication_test.rb
29 29
  def test_api_should_deny_without_credentials
30 30
    get '/users/current.xml'
31 31
    assert_response 401
32
    assert_equal User.anonymous, User.current
33 32
    assert response.headers.has_key?('WWW-Authenticate')
34 33
  end
35 34

  
......
39 38
    end
40 39
    get '/users/current.xml', :headers => credentials(user.login, 'my_password')
41 40
    assert_response 200
42
    assert_equal user, User.current
43 41
  end
44 42

  
45 43
  def test_api_should_deny_http_basic_auth_using_username_and_wrong_password
......
48 46
    end
49 47
    get '/users/current.xml', :headers => credentials(user.login, 'wrong_password')
50 48
    assert_response 401
51
    assert_equal User.anonymous, User.current
52 49
  end
53 50

  
54 51
  def test_api_should_accept_http_basic_auth_using_api_key
......
56 53
    token = Token.create!(:user => user, :action => 'api')
57 54
    get '/users/current.xml', :headers => credentials(token.value, 'X')
58 55
    assert_response 200
59
    assert_equal user, User.current
60 56
  end
61 57

  
62 58
  def test_api_should_deny_http_basic_auth_using_wrong_api_key
......
64 60
    token = Token.create!(:user => user, :action => 'feeds') # not the API key
65 61
    get '/users/current.xml', :headers => credentials(token.value, 'X')
66 62
    assert_response 401
67
    assert_equal User.anonymous, User.current
68 63
  end
69 64

  
70 65
  def test_api_should_accept_auth_using_api_key_as_parameter
......
72 67
    token = Token.create!(:user => user, :action => 'api')
73 68
    get "/users/current.xml?key=#{token.value}"
74 69
    assert_response 200
75
    assert_equal user, User.current
76 70
  end
77 71

  
78 72
  def test_api_should_deny_auth_using_wrong_api_key_as_parameter
......
80 74
    token = Token.create!(:user => user, :action => 'feeds') # not the API key
81 75
    get "/users/current.xml?key=#{token.value}"
82 76
    assert_response 401
83
    assert_equal User.anonymous, User.current
84 77
  end
85 78

  
86 79
  def test_api_should_accept_auth_using_api_key_as_request_header
......
88 81
    token = Token.create!(:user => user, :action => 'api')
89 82
    get "/users/current.xml", :headers => {'X-Redmine-API-Key' => token.value.to_s}
90 83
    assert_response 200
91
    assert_equal user, User.current
92 84
  end
93 85

  
94 86
  def test_api_should_deny_auth_using_wrong_api_key_as_request_header
......
96 88
    token = Token.create!(:user => user, :action => 'feeds') # not the API key
97 89
    get "/users/current.xml", :headers => {'X-Redmine-API-Key' => token.value.to_s}
98 90
    assert_response 401
99
    assert_equal User.anonymous, User.current
100 91
  end
101 92

  
102 93
  def test_api_should_trigger_basic_http_auth_with_basic_authorization_header
......
136 127
    get '/users/current', :headers => {'X-Redmine-API-Key' => user.api_key, 'X-Redmine-Switch-User' => su.login}
137 128
    assert_response :success
138 129
    assert_select 'h2', :text => su.name
139
    assert_equal su, User.current
140 130
  end
141 131

  
142 132
  def test_api_should_respond_with_412_when_trying_to_switch_to_a_invalid_user
......
159 149
    get '/users/current', :headers => {'X-Redmine-API-Key' => user.api_key, 'X-Redmine-Switch-User' => su.login}
160 150
    assert_response :success
161 151
    assert_select 'h2', :text => user.name
162
    assert_equal user, User.current
163 152
  end
164 153
end
test/integration/api_test/disabled_rest_api_test.rb
44 44

  
45 45
    get "/news.xml?key=#{@token.value}"
46 46
    assert_response :forbidden
47
    assert_equal User.anonymous, User.current
48 47

  
49 48
    get "/news.json?key=#{@token.value}"
50 49
    assert_response :forbidden
51
    assert_equal User.anonymous, User.current
52 50
  end
53 51

  
54 52
  def test_with_valid_username_password_http_authentication
......
58 56

  
59 57
    get "/news.xml", :headers => credentials(@user.login, 'my_password')
60 58
    assert_response :forbidden
61
    assert_equal User.anonymous, User.current
62 59

  
63 60
    get "/news.json", :headers => credentials(@user.login, 'my_password')
64 61
    assert_response :forbidden
65
    assert_equal User.anonymous, User.current
66 62
  end
67 63

  
68 64
  def test_with_valid_token_http_authentication
......
71 67

  
72 68
    get "/news.xml", :headers => credentials(@token.value, 'X')
73 69
    assert_response :forbidden
74
    assert_equal User.anonymous, User.current
75 70

  
76 71
    get "/news.json", :headers => credentials(@token.value, 'X')
77 72
    assert_response :forbidden
78
    assert_equal User.anonymous, User.current
79 73
  end
80 74
end