diff --git a/test/integration/api_test/attachments_test.rb b/test/integration/api_test/attachments_test.rb index 61bbb9308..1b73fa300 100644 --- a/test/integration/api_test/attachments_test.rb +++ b/test/integration/api_test/attachments_test.rb @@ -17,7 +17,7 @@ require File.expand_path('../../../test_helper', __FILE__) -class ApiTest::AttachmentsTest < ActionController::IntegrationTest +class Redmine::ApiTest::AttachmentsTest < Redmine::ApiTest::Base fixtures :projects, :trackers, :issue_statuses, :issues, :enumerations, :users, :issue_categories, :projects_trackers, diff --git a/test/integration/api_test/authentication_test.rb b/test/integration/api_test/authentication_test.rb index 0fed3b0bd..4dc5c092f 100644 --- a/test/integration/api_test/authentication_test.rb +++ b/test/integration/api_test/authentication_test.rb @@ -17,7 +17,7 @@ require File.expand_path('../../../test_helper', __FILE__) -class ApiTest::AuthenticationTest < ActionController::IntegrationTest +class Redmine::ApiTest::AuthenticationTest < Redmine::ApiTest::Base fixtures :users def setup diff --git a/test/integration/api_test/disabled_rest_api_test.rb b/test/integration/api_test/disabled_rest_api_test.rb index ab177015b..4e6b9fe65 100644 --- a/test/integration/api_test/disabled_rest_api_test.rb +++ b/test/integration/api_test/disabled_rest_api_test.rb @@ -1,6 +1,6 @@ require File.expand_path('../../../test_helper', __FILE__) -class ApiTest::DisabledRestApiTest < ActionController::IntegrationTest +class Redmine::ApiTest::DisabledRestApiTest < Redmine::ApiTest::Base fixtures :projects, :trackers, :issue_statuses, :issues, :enumerations, :users, :issue_categories, :projects_trackers, diff --git a/test/integration/api_test/enumerations_test.rb b/test/integration/api_test/enumerations_test.rb index 500b09f41..f1000ffe4 100644 --- a/test/integration/api_test/enumerations_test.rb +++ b/test/integration/api_test/enumerations_test.rb @@ -17,7 +17,7 @@ require File.expand_path('../../../test_helper', __FILE__) -class ApiTest::EnumerationsTest < ActionController::IntegrationTest +class Redmine::ApiTest::EnumerationsTest < Redmine::ApiTest::Base fixtures :enumerations def setup diff --git a/test/integration/api_test/groups_test.rb b/test/integration/api_test/groups_test.rb index 5b70f8553..e155b8d7c 100644 --- a/test/integration/api_test/groups_test.rb +++ b/test/integration/api_test/groups_test.rb @@ -17,7 +17,7 @@ require File.expand_path('../../../test_helper', __FILE__) -class ApiTest::GroupsTest < ActionController::IntegrationTest +class Redmine::ApiTest::GroupsTest < Redmine::ApiTest::Base fixtures :users, :groups_users def setup diff --git a/test/integration/api_test/http_basic_login_test.rb b/test/integration/api_test/http_basic_login_test.rb index f93d94306..7c48ba264 100644 --- a/test/integration/api_test/http_basic_login_test.rb +++ b/test/integration/api_test/http_basic_login_test.rb @@ -1,6 +1,6 @@ require File.expand_path('../../../test_helper', __FILE__) -class ApiTest::HttpBasicLoginTest < ActionController::IntegrationTest +class Redmine::ApiTest::HttpBasicLoginTest < Redmine::ApiTest::Base fixtures :projects, :trackers, :issue_statuses, :issues, :enumerations, :users, :issue_categories, :projects_trackers, diff --git a/test/integration/api_test/http_basic_login_with_api_token_test.rb b/test/integration/api_test/http_basic_login_with_api_token_test.rb index 3f00641e0..44bc7d7c0 100644 --- a/test/integration/api_test/http_basic_login_with_api_token_test.rb +++ b/test/integration/api_test/http_basic_login_with_api_token_test.rb @@ -1,6 +1,6 @@ require File.expand_path('../../../test_helper', __FILE__) -class ApiTest::HttpBasicLoginWithApiTokenTest < ActionController::IntegrationTest +class Redmine::ApiTest::HttpBasicLoginWithApiTokenTest < Redmine::ApiTest::Base fixtures :projects, :trackers, :issue_statuses, :issues, :enumerations, :users, :issue_categories, :projects_trackers, diff --git a/test/integration/api_test/issue_categories_test.rb b/test/integration/api_test/issue_categories_test.rb index a0493cfac..9e5448414 100644 --- a/test/integration/api_test/issue_categories_test.rb +++ b/test/integration/api_test/issue_categories_test.rb @@ -17,7 +17,7 @@ require File.expand_path('../../../test_helper', __FILE__) -class ApiTest::IssueCategoriesTest < ActionController::IntegrationTest +class Redmine::ApiTest::IssueCategoriesTest < Redmine::ApiTest::Base fixtures :projects, :users, :issue_categories, :issues, :roles, :member_roles, diff --git a/test/integration/api_test/issue_relations_test.rb b/test/integration/api_test/issue_relations_test.rb index 703797403..5a0873ca1 100644 --- a/test/integration/api_test/issue_relations_test.rb +++ b/test/integration/api_test/issue_relations_test.rb @@ -17,7 +17,7 @@ require File.expand_path('../../../test_helper', __FILE__) -class ApiTest::IssueRelationsTest < ActionController::IntegrationTest +class Redmine::ApiTest::IssueRelationsTest < Redmine::ApiTest::Base fixtures :projects, :trackers, :issue_statuses, :issues, :enumerations, :users, :issue_categories, :projects_trackers, diff --git a/test/integration/api_test/issue_statuses_test.rb b/test/integration/api_test/issue_statuses_test.rb index 73439394f..db8859b13 100644 --- a/test/integration/api_test/issue_statuses_test.rb +++ b/test/integration/api_test/issue_statuses_test.rb @@ -17,7 +17,7 @@ require File.expand_path('../../../test_helper', __FILE__) -class ApiTest::IssueStatusesTest < ActionController::IntegrationTest +class Redmine::ApiTest::IssueStatusesTest < Redmine::ApiTest::Base fixtures :issue_statuses def setup diff --git a/test/integration/api_test/issues_test.rb b/test/integration/api_test/issues_test.rb index 3e9f3607c..3917f8618 100644 --- a/test/integration/api_test/issues_test.rb +++ b/test/integration/api_test/issues_test.rb @@ -17,7 +17,7 @@ require File.expand_path('../../../test_helper', __FILE__) -class ApiTest::IssuesTest < ActionController::IntegrationTest +class Redmine::ApiTest::IssuesTest < Redmine::ApiTest::Base fixtures :projects, :users, :roles, diff --git a/test/integration/api_test/jsonp_test.rb b/test/integration/api_test/jsonp_test.rb index 405dc2d8e..3007a2db8 100644 --- a/test/integration/api_test/jsonp_test.rb +++ b/test/integration/api_test/jsonp_test.rb @@ -17,7 +17,7 @@ require File.expand_path('../../../test_helper', __FILE__) -class ApiTest::JsonpTest < ActionController::IntegrationTest +class Redmine::ApiTest::JsonpTest < Redmine::ApiTest::Base fixtures :trackers def test_jsonp_should_accept_callback_param diff --git a/test/integration/api_test/memberships_test.rb b/test/integration/api_test/memberships_test.rb index ce6b4f616..12b7de7ef 100644 --- a/test/integration/api_test/memberships_test.rb +++ b/test/integration/api_test/memberships_test.rb @@ -17,7 +17,7 @@ require File.expand_path('../../../test_helper', __FILE__) -class ApiTest::MembershipsTest < ActionController::IntegrationTest +class Redmine::ApiTest::MembershipsTest < Redmine::ApiTest::Base fixtures :projects, :users, :roles, :members, :member_roles def setup diff --git a/test/integration/api_test/news_test.rb b/test/integration/api_test/news_test.rb index 86df4f084..fda274e00 100644 --- a/test/integration/api_test/news_test.rb +++ b/test/integration/api_test/news_test.rb @@ -16,8 +16,8 @@ # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. require File.expand_path('../../../test_helper', __FILE__) -require 'pp' -class ApiTest::NewsTest < ActionController::IntegrationTest + +class Redmine::ApiTest::NewsTest < Redmine::ApiTest::Base fixtures :projects, :trackers, :issue_statuses, :issues, :enumerations, :users, :issue_categories, :projects_trackers, diff --git a/test/integration/api_test/projects_test.rb b/test/integration/api_test/projects_test.rb index 5eff16398..a37af3d37 100644 --- a/test/integration/api_test/projects_test.rb +++ b/test/integration/api_test/projects_test.rb @@ -17,7 +17,7 @@ require File.expand_path('../../../test_helper', __FILE__) -class ApiTest::ProjectsTest < ActionController::IntegrationTest +class Redmine::ApiTest::ProjectsTest < Redmine::ApiTest::Base fixtures :projects, :versions, :users, :roles, :members, :member_roles, :issues, :journals, :journal_details, :trackers, :projects_trackers, :issue_statuses, :enabled_modules, :enumerations, :boards, :messages, :attachments, :custom_fields, :custom_values, :time_entries, :issue_categories diff --git a/test/integration/api_test/queries_test.rb b/test/integration/api_test/queries_test.rb index 39bbb1587..06d9f189d 100644 --- a/test/integration/api_test/queries_test.rb +++ b/test/integration/api_test/queries_test.rb @@ -17,7 +17,7 @@ require File.expand_path('../../../test_helper', __FILE__) -class ApiTest::QueriesTest < ActionController::IntegrationTest +class Redmine::ApiTest::QueriesTest < Redmine::ApiTest::Base fixtures :projects, :trackers, :issue_statuses, :issues, :enumerations, :users, :issue_categories, :projects_trackers, diff --git a/test/integration/api_test/roles_test.rb b/test/integration/api_test/roles_test.rb index 0d5638886..87c4a9a18 100644 --- a/test/integration/api_test/roles_test.rb +++ b/test/integration/api_test/roles_test.rb @@ -17,7 +17,7 @@ require File.expand_path('../../../test_helper', __FILE__) -class ApiTest::RolesTest < ActionController::IntegrationTest +class Redmine::ApiTest::RolesTest < Redmine::ApiTest::Base fixtures :roles def setup diff --git a/test/integration/api_test/time_entries_test.rb b/test/integration/api_test/time_entries_test.rb index 70058fb32..c47d8dea4 100644 --- a/test/integration/api_test/time_entries_test.rb +++ b/test/integration/api_test/time_entries_test.rb @@ -17,7 +17,7 @@ require File.expand_path('../../../test_helper', __FILE__) -class ApiTest::TimeEntriesTest < ActionController::IntegrationTest +class Redmine::ApiTest::TimeEntriesTest < Redmine::ApiTest::Base fixtures :projects, :trackers, :issue_statuses, :issues, :enumerations, :users, :issue_categories, :projects_trackers, diff --git a/test/integration/api_test/token_authentication_test.rb b/test/integration/api_test/token_authentication_test.rb index 3026dd9e1..c04ccf63c 100644 --- a/test/integration/api_test/token_authentication_test.rb +++ b/test/integration/api_test/token_authentication_test.rb @@ -1,6 +1,6 @@ require File.expand_path('../../../test_helper', __FILE__) -class ApiTest::TokenAuthenticationTest < ActionController::IntegrationTest +class Redmine::ApiTest::TokenAuthenticationTest < Redmine::ApiTest::Base fixtures :projects, :trackers, :issue_statuses, :issues, :enumerations, :users, :issue_categories, :projects_trackers, diff --git a/test/integration/api_test/trackers_test.rb b/test/integration/api_test/trackers_test.rb index 5349e6762..8141c952e 100644 --- a/test/integration/api_test/trackers_test.rb +++ b/test/integration/api_test/trackers_test.rb @@ -17,7 +17,7 @@ require File.expand_path('../../../test_helper', __FILE__) -class ApiTest::TrackersTest < ActionController::IntegrationTest +class Redmine::ApiTest::TrackersTest < Redmine::ApiTest::Base fixtures :trackers def setup diff --git a/test/integration/api_test/users_test.rb b/test/integration/api_test/users_test.rb index cba127a7d..5726bbd22 100644 --- a/test/integration/api_test/users_test.rb +++ b/test/integration/api_test/users_test.rb @@ -16,8 +16,8 @@ # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. require File.expand_path('../../../test_helper', __FILE__) -require 'pp' -class ApiTest::UsersTest < ActionController::IntegrationTest + +class Redmine::ApiTest::UsersTest < Redmine::ApiTest::Base fixtures :users, :members, :member_roles, :roles, :projects def setup diff --git a/test/integration/api_test/versions_test.rb b/test/integration/api_test/versions_test.rb index 3aa69496e..a34ca89df 100644 --- a/test/integration/api_test/versions_test.rb +++ b/test/integration/api_test/versions_test.rb @@ -17,7 +17,7 @@ require File.expand_path('../../../test_helper', __FILE__) -class ApiTest::VersionsTest < ActionController::IntegrationTest +class Redmine::ApiTest::VersionsTest < Redmine::ApiTest::Base fixtures :projects, :trackers, :issue_statuses, :issues, :enumerations, :users, :issue_categories, :projects_trackers, diff --git a/test/integration/api_test/wiki_pages_test.rb b/test/integration/api_test/wiki_pages_test.rb index 68df78752..02c764fa7 100644 --- a/test/integration/api_test/wiki_pages_test.rb +++ b/test/integration/api_test/wiki_pages_test.rb @@ -17,7 +17,7 @@ require File.expand_path('../../../test_helper', __FILE__) -class ApiTest::WikiPagesTest < ActionController::IntegrationTest +class Redmine::ApiTest::WikiPagesTest < Redmine::ApiTest::Base fixtures :projects, :users, :roles, :members, :member_roles, :enabled_modules, :wikis, :wiki_pages, :wiki_contents, :wiki_content_versions, :attachments diff --git a/test/test_helper.rb b/test/test_helper.rb index 915134364..792b8e904 100644 --- a/test/test_helper.rb +++ b/test/test_helper.rb @@ -237,260 +237,263 @@ class ActiveSupport::TestCase }.size end end - - # Test that a request allows the three types of API authentication - # - # * HTTP Basic with username and password - # * HTTP Basic with an api key for the username - # * Key based with the key=X parameter - # - # @param [Symbol] http_method the HTTP method for request (:get, :post, :put, :delete) - # @param [String] url the request url - # @param [optional, Hash] parameters additional request parameters - # @param [optional, Hash] options additional options - # @option options [Symbol] :success_code Successful response code (:success) - # @option options [Symbol] :failure_code Failure response code (:unauthorized) - def self.should_allow_api_authentication(http_method, url, parameters={}, options={}) - should_allow_http_basic_auth_with_username_and_password(http_method, url, parameters, options) - should_allow_http_basic_auth_with_key(http_method, url, parameters, options) - should_allow_key_based_auth(http_method, url, parameters, options) - end - - # Test that a request allows the username and password for HTTP BASIC - # - # @param [Symbol] http_method the HTTP method for request (:get, :post, :put, :delete) - # @param [String] url the request url - # @param [optional, Hash] parameters additional request parameters - # @param [optional, Hash] options additional options - # @option options [Symbol] :success_code Successful response code (:success) - # @option options [Symbol] :failure_code Failure response code (:unauthorized) - def self.should_allow_http_basic_auth_with_username_and_password(http_method, url, parameters={}, options={}) - success_code = options[:success_code] || :success - failure_code = options[:failure_code] || :unauthorized - - context "should allow http basic auth using a username and password for #{http_method} #{url}" do - context "with a valid HTTP authentication" do - setup do - @user = User.generate! do |user| - user.admin = true - user.password = 'my_password' - end - send(http_method, url, parameters, credentials(@user.login, 'my_password')) - end - - should_respond_with success_code - should_respond_with_content_type_based_on_url(url) - should "login as the user" do - assert_equal @user, User.current - end - end - - context "with an invalid HTTP authentication" do - setup do - @user = User.generate! - send(http_method, url, parameters, credentials(@user.login, 'wrong_password')) - end - - should_respond_with failure_code - should_respond_with_content_type_based_on_url(url) - should "not login as the user" do - assert_equal User.anonymous, User.current - end - end - - context "without credentials" do - setup do - send(http_method, url, parameters) - end - - should_respond_with failure_code - should_respond_with_content_type_based_on_url(url) - should "include_www_authenticate_header" do - assert @controller.response.headers.has_key?('WWW-Authenticate') - end - end - end - end - - # Test that a request allows the API key with HTTP BASIC - # - # @param [Symbol] http_method the HTTP method for request (:get, :post, :put, :delete) - # @param [String] url the request url - # @param [optional, Hash] parameters additional request parameters - # @param [optional, Hash] options additional options - # @option options [Symbol] :success_code Successful response code (:success) - # @option options [Symbol] :failure_code Failure response code (:unauthorized) - def self.should_allow_http_basic_auth_with_key(http_method, url, parameters={}, options={}) - success_code = options[:success_code] || :success - failure_code = options[:failure_code] || :unauthorized - - context "should allow http basic auth with a key for #{http_method} #{url}" do - context "with a valid HTTP authentication using the API token" do - setup do - @user = User.generate! do |user| - user.admin = true - end - @token = Token.create!(:user => @user, :action => 'api') - send(http_method, url, parameters, credentials(@token.value, 'X')) - end - should_respond_with success_code - should_respond_with_content_type_based_on_url(url) - should_be_a_valid_response_string_based_on_url(url) - should "login as the user" do - assert_equal @user, User.current - end - end - - context "with an invalid HTTP authentication" do - setup do - @user = User.generate! - @token = Token.create!(:user => @user, :action => 'feeds') - send(http_method, url, parameters, credentials(@token.value, 'X')) - end - should_respond_with failure_code - should_respond_with_content_type_based_on_url(url) - should "not login as the user" do - assert_equal User.anonymous, User.current - end - end - end - end - - # Test that a request allows full key authentication - # - # @param [Symbol] http_method the HTTP method for request (:get, :post, :put, :delete) - # @param [String] url the request url, without the key=ZXY parameter - # @param [optional, Hash] parameters additional request parameters - # @param [optional, Hash] options additional options - # @option options [Symbol] :success_code Successful response code (:success) - # @option options [Symbol] :failure_code Failure response code (:unauthorized) - def self.should_allow_key_based_auth(http_method, url, parameters={}, options={}) - success_code = options[:success_code] || :success - failure_code = options[:failure_code] || :unauthorized - - context "should allow key based auth using key=X for #{http_method} #{url}" do - context "with a valid api token" do - setup do - @user = User.generate! do |user| - user.admin = true - end - @token = Token.create!(:user => @user, :action => 'api') - # Simple url parse to add on ?key= or &key= - request_url = if url.match(/\?/) - url + "&key=#{@token.value}" - else - url + "?key=#{@token.value}" - end - send(http_method, request_url, parameters) - end - should_respond_with success_code - should_respond_with_content_type_based_on_url(url) - should_be_a_valid_response_string_based_on_url(url) - should "login as the user" do - assert_equal @user, User.current - end - end - - context "with an invalid api token" do - setup do - @user = User.generate! do |user| - user.admin = true - end - @token = Token.create!(:user => @user, :action => 'feeds') - # Simple url parse to add on ?key= or &key= - request_url = if url.match(/\?/) - url + "&key=#{@token.value}" - else - url + "?key=#{@token.value}" - end - send(http_method, request_url, parameters) - end - should_respond_with failure_code - should_respond_with_content_type_based_on_url(url) - should "not login as the user" do - assert_equal User.anonymous, User.current - end - end - end - - context "should allow key based auth using X-Redmine-API-Key header for #{http_method} #{url}" do - setup do - @user = User.generate! do |user| - user.admin = true - end - @token = Token.create!(:user => @user, :action => 'api') - send(http_method, url, parameters, {'X-Redmine-API-Key' => @token.value.to_s}) - end - should_respond_with success_code - should_respond_with_content_type_based_on_url(url) - should_be_a_valid_response_string_based_on_url(url) - should "login as the user" do - assert_equal @user, User.current - end - end - end - - # Uses should_respond_with_content_type based on what's in the url: - # - # '/project/issues.xml' => should_respond_with_content_type :xml - # '/project/issues.json' => should_respond_with_content_type :json - # - # @param [String] url Request - def self.should_respond_with_content_type_based_on_url(url) - case - when url.match(/xml/i) - should "respond with XML" do - assert_equal 'application/xml', @response.content_type - end - when url.match(/json/i) - should "respond with JSON" do - assert_equal 'application/json', @response.content_type - end - else - raise "Unknown content type for should_respond_with_content_type_based_on_url: #{url}" - end - end - - # Uses the url to assert which format the response should be in - # - # '/project/issues.xml' => should_be_a_valid_xml_string - # '/project/issues.json' => should_be_a_valid_json_string - # - # @param [String] url Request - def self.should_be_a_valid_response_string_based_on_url(url) - case - when url.match(/xml/i) - should_be_a_valid_xml_string - when url.match(/json/i) - should_be_a_valid_json_string - else - raise "Unknown content type for should_be_a_valid_response_based_on_url: #{url}" - end - end - - # Checks that the response is a valid JSON string - def self.should_be_a_valid_json_string - should "be a valid JSON string (or empty)" do - assert(response.body.blank? || ActiveSupport::JSON.decode(response.body)) - end - end - - # Checks that the response is a valid XML string - def self.should_be_a_valid_xml_string - should "be a valid XML string" do - assert REXML::Document.new(response.body) - end - end - - def self.should_respond_with(status) - should "respond with #{status}" do - assert_response status - end - end end -# Simple module to "namespace" all of the API tests -module ApiTest +module Redmine + module ApiTest + # Base class for API tests + class Base < ActionDispatch::IntegrationTest + # Test that a request allows the three types of API authentication + # + # * HTTP Basic with username and password + # * HTTP Basic with an api key for the username + # * Key based with the key=X parameter + # + # @param [Symbol] http_method the HTTP method for request (:get, :post, :put, :delete) + # @param [String] url the request url + # @param [optional, Hash] parameters additional request parameters + # @param [optional, Hash] options additional options + # @option options [Symbol] :success_code Successful response code (:success) + # @option options [Symbol] :failure_code Failure response code (:unauthorized) + def self.should_allow_api_authentication(http_method, url, parameters={}, options={}) + should_allow_http_basic_auth_with_username_and_password(http_method, url, parameters, options) + should_allow_http_basic_auth_with_key(http_method, url, parameters, options) + should_allow_key_based_auth(http_method, url, parameters, options) + end + + # Test that a request allows the username and password for HTTP BASIC + # + # @param [Symbol] http_method the HTTP method for request (:get, :post, :put, :delete) + # @param [String] url the request url + # @param [optional, Hash] parameters additional request parameters + # @param [optional, Hash] options additional options + # @option options [Symbol] :success_code Successful response code (:success) + # @option options [Symbol] :failure_code Failure response code (:unauthorized) + def self.should_allow_http_basic_auth_with_username_and_password(http_method, url, parameters={}, options={}) + success_code = options[:success_code] || :success + failure_code = options[:failure_code] || :unauthorized + + context "should allow http basic auth using a username and password for #{http_method} #{url}" do + context "with a valid HTTP authentication" do + setup do + @user = User.generate! do |user| + user.admin = true + user.password = 'my_password' + end + send(http_method, url, parameters, credentials(@user.login, 'my_password')) + end + + should_respond_with success_code + should_respond_with_content_type_based_on_url(url) + should "login as the user" do + assert_equal @user, User.current + end + end + + context "with an invalid HTTP authentication" do + setup do + @user = User.generate! + send(http_method, url, parameters, credentials(@user.login, 'wrong_password')) + end + + should_respond_with failure_code + should_respond_with_content_type_based_on_url(url) + should "not login as the user" do + assert_equal User.anonymous, User.current + end + end + + context "without credentials" do + setup do + send(http_method, url, parameters) + end + + should_respond_with failure_code + should_respond_with_content_type_based_on_url(url) + should "include_www_authenticate_header" do + assert @controller.response.headers.has_key?('WWW-Authenticate') + end + end + end + end + + # Test that a request allows the API key with HTTP BASIC + # + # @param [Symbol] http_method the HTTP method for request (:get, :post, :put, :delete) + # @param [String] url the request url + # @param [optional, Hash] parameters additional request parameters + # @param [optional, Hash] options additional options + # @option options [Symbol] :success_code Successful response code (:success) + # @option options [Symbol] :failure_code Failure response code (:unauthorized) + def self.should_allow_http_basic_auth_with_key(http_method, url, parameters={}, options={}) + success_code = options[:success_code] || :success + failure_code = options[:failure_code] || :unauthorized + + context "should allow http basic auth with a key for #{http_method} #{url}" do + context "with a valid HTTP authentication using the API token" do + setup do + @user = User.generate! do |user| + user.admin = true + end + @token = Token.create!(:user => @user, :action => 'api') + send(http_method, url, parameters, credentials(@token.value, 'X')) + end + should_respond_with success_code + should_respond_with_content_type_based_on_url(url) + should_be_a_valid_response_string_based_on_url(url) + should "login as the user" do + assert_equal @user, User.current + end + end + + context "with an invalid HTTP authentication" do + setup do + @user = User.generate! + @token = Token.create!(:user => @user, :action => 'feeds') + send(http_method, url, parameters, credentials(@token.value, 'X')) + end + should_respond_with failure_code + should_respond_with_content_type_based_on_url(url) + should "not login as the user" do + assert_equal User.anonymous, User.current + end + end + end + end + + # Test that a request allows full key authentication + # + # @param [Symbol] http_method the HTTP method for request (:get, :post, :put, :delete) + # @param [String] url the request url, without the key=ZXY parameter + # @param [optional, Hash] parameters additional request parameters + # @param [optional, Hash] options additional options + # @option options [Symbol] :success_code Successful response code (:success) + # @option options [Symbol] :failure_code Failure response code (:unauthorized) + def self.should_allow_key_based_auth(http_method, url, parameters={}, options={}) + success_code = options[:success_code] || :success + failure_code = options[:failure_code] || :unauthorized + + context "should allow key based auth using key=X for #{http_method} #{url}" do + context "with a valid api token" do + setup do + @user = User.generate! do |user| + user.admin = true + end + @token = Token.create!(:user => @user, :action => 'api') + # Simple url parse to add on ?key= or &key= + request_url = if url.match(/\?/) + url + "&key=#{@token.value}" + else + url + "?key=#{@token.value}" + end + send(http_method, request_url, parameters) + end + should_respond_with success_code + should_respond_with_content_type_based_on_url(url) + should_be_a_valid_response_string_based_on_url(url) + should "login as the user" do + assert_equal @user, User.current + end + end + + context "with an invalid api token" do + setup do + @user = User.generate! do |user| + user.admin = true + end + @token = Token.create!(:user => @user, :action => 'feeds') + # Simple url parse to add on ?key= or &key= + request_url = if url.match(/\?/) + url + "&key=#{@token.value}" + else + url + "?key=#{@token.value}" + end + send(http_method, request_url, parameters) + end + should_respond_with failure_code + should_respond_with_content_type_based_on_url(url) + should "not login as the user" do + assert_equal User.anonymous, User.current + end + end + end + + context "should allow key based auth using X-Redmine-API-Key header for #{http_method} #{url}" do + setup do + @user = User.generate! do |user| + user.admin = true + end + @token = Token.create!(:user => @user, :action => 'api') + send(http_method, url, parameters, {'X-Redmine-API-Key' => @token.value.to_s}) + end + should_respond_with success_code + should_respond_with_content_type_based_on_url(url) + should_be_a_valid_response_string_based_on_url(url) + should "login as the user" do + assert_equal @user, User.current + end + end + end + + # Uses should_respond_with_content_type based on what's in the url: + # + # '/project/issues.xml' => should_respond_with_content_type :xml + # '/project/issues.json' => should_respond_with_content_type :json + # + # @param [String] url Request + def self.should_respond_with_content_type_based_on_url(url) + case + when url.match(/xml/i) + should "respond with XML" do + assert_equal 'application/xml', @response.content_type + end + when url.match(/json/i) + should "respond with JSON" do + assert_equal 'application/json', @response.content_type + end + else + raise "Unknown content type for should_respond_with_content_type_based_on_url: #{url}" + end + end + + # Uses the url to assert which format the response should be in + # + # '/project/issues.xml' => should_be_a_valid_xml_string + # '/project/issues.json' => should_be_a_valid_json_string + # + # @param [String] url Request + def self.should_be_a_valid_response_string_based_on_url(url) + case + when url.match(/xml/i) + should_be_a_valid_xml_string + when url.match(/json/i) + should_be_a_valid_json_string + else + raise "Unknown content type for should_be_a_valid_response_based_on_url: #{url}" + end + end + + # Checks that the response is a valid JSON string + def self.should_be_a_valid_json_string + should "be a valid JSON string (or empty)" do + assert(response.body.blank? || ActiveSupport::JSON.decode(response.body)) + end + end + + # Checks that the response is a valid XML string + def self.should_be_a_valid_xml_string + should "be a valid XML string" do + assert REXML::Document.new(response.body) + end + end + + def self.should_respond_with(status) + should "respond with #{status}" do + assert_response status + end + end + end + end end # URL helpers do not work with config.threadsafe!