Adds a subclass of ActionDispatch::IntegrationTest for API tests.
git-svn-id: svn+ssh://rubyforge.org/var/svn/redmine/trunk@11253 e93f8b46-1217-0410-a6f0-8f06a7374b81
This commit is contained in:
parent
eb5675f4bc
commit
55a994cb29
|
@ -17,7 +17,7 @@
|
||||||
|
|
||||||
require File.expand_path('../../../test_helper', __FILE__)
|
require File.expand_path('../../../test_helper', __FILE__)
|
||||||
|
|
||||||
class ApiTest::AttachmentsTest < ActionController::IntegrationTest
|
class Redmine::ApiTest::AttachmentsTest < Redmine::ApiTest::Base
|
||||||
fixtures :projects, :trackers, :issue_statuses, :issues,
|
fixtures :projects, :trackers, :issue_statuses, :issues,
|
||||||
:enumerations, :users, :issue_categories,
|
:enumerations, :users, :issue_categories,
|
||||||
:projects_trackers,
|
:projects_trackers,
|
||||||
|
|
|
@ -17,7 +17,7 @@
|
||||||
|
|
||||||
require File.expand_path('../../../test_helper', __FILE__)
|
require File.expand_path('../../../test_helper', __FILE__)
|
||||||
|
|
||||||
class ApiTest::AuthenticationTest < ActionController::IntegrationTest
|
class Redmine::ApiTest::AuthenticationTest < Redmine::ApiTest::Base
|
||||||
fixtures :users
|
fixtures :users
|
||||||
|
|
||||||
def setup
|
def setup
|
||||||
|
|
|
@ -1,6 +1,6 @@
|
||||||
require File.expand_path('../../../test_helper', __FILE__)
|
require File.expand_path('../../../test_helper', __FILE__)
|
||||||
|
|
||||||
class ApiTest::DisabledRestApiTest < ActionController::IntegrationTest
|
class Redmine::ApiTest::DisabledRestApiTest < Redmine::ApiTest::Base
|
||||||
fixtures :projects, :trackers, :issue_statuses, :issues,
|
fixtures :projects, :trackers, :issue_statuses, :issues,
|
||||||
:enumerations, :users, :issue_categories,
|
:enumerations, :users, :issue_categories,
|
||||||
:projects_trackers,
|
:projects_trackers,
|
||||||
|
|
|
@ -17,7 +17,7 @@
|
||||||
|
|
||||||
require File.expand_path('../../../test_helper', __FILE__)
|
require File.expand_path('../../../test_helper', __FILE__)
|
||||||
|
|
||||||
class ApiTest::EnumerationsTest < ActionController::IntegrationTest
|
class Redmine::ApiTest::EnumerationsTest < Redmine::ApiTest::Base
|
||||||
fixtures :enumerations
|
fixtures :enumerations
|
||||||
|
|
||||||
def setup
|
def setup
|
||||||
|
|
|
@ -17,7 +17,7 @@
|
||||||
|
|
||||||
require File.expand_path('../../../test_helper', __FILE__)
|
require File.expand_path('../../../test_helper', __FILE__)
|
||||||
|
|
||||||
class ApiTest::GroupsTest < ActionController::IntegrationTest
|
class Redmine::ApiTest::GroupsTest < Redmine::ApiTest::Base
|
||||||
fixtures :users, :groups_users
|
fixtures :users, :groups_users
|
||||||
|
|
||||||
def setup
|
def setup
|
||||||
|
|
|
@ -1,6 +1,6 @@
|
||||||
require File.expand_path('../../../test_helper', __FILE__)
|
require File.expand_path('../../../test_helper', __FILE__)
|
||||||
|
|
||||||
class ApiTest::HttpBasicLoginTest < ActionController::IntegrationTest
|
class Redmine::ApiTest::HttpBasicLoginTest < Redmine::ApiTest::Base
|
||||||
fixtures :projects, :trackers, :issue_statuses, :issues,
|
fixtures :projects, :trackers, :issue_statuses, :issues,
|
||||||
:enumerations, :users, :issue_categories,
|
:enumerations, :users, :issue_categories,
|
||||||
:projects_trackers,
|
:projects_trackers,
|
||||||
|
|
|
@ -1,6 +1,6 @@
|
||||||
require File.expand_path('../../../test_helper', __FILE__)
|
require File.expand_path('../../../test_helper', __FILE__)
|
||||||
|
|
||||||
class ApiTest::HttpBasicLoginWithApiTokenTest < ActionController::IntegrationTest
|
class Redmine::ApiTest::HttpBasicLoginWithApiTokenTest < Redmine::ApiTest::Base
|
||||||
fixtures :projects, :trackers, :issue_statuses, :issues,
|
fixtures :projects, :trackers, :issue_statuses, :issues,
|
||||||
:enumerations, :users, :issue_categories,
|
:enumerations, :users, :issue_categories,
|
||||||
:projects_trackers,
|
:projects_trackers,
|
||||||
|
|
|
@ -17,7 +17,7 @@
|
||||||
|
|
||||||
require File.expand_path('../../../test_helper', __FILE__)
|
require File.expand_path('../../../test_helper', __FILE__)
|
||||||
|
|
||||||
class ApiTest::IssueCategoriesTest < ActionController::IntegrationTest
|
class Redmine::ApiTest::IssueCategoriesTest < Redmine::ApiTest::Base
|
||||||
fixtures :projects, :users, :issue_categories, :issues,
|
fixtures :projects, :users, :issue_categories, :issues,
|
||||||
:roles,
|
:roles,
|
||||||
:member_roles,
|
:member_roles,
|
||||||
|
|
|
@ -17,7 +17,7 @@
|
||||||
|
|
||||||
require File.expand_path('../../../test_helper', __FILE__)
|
require File.expand_path('../../../test_helper', __FILE__)
|
||||||
|
|
||||||
class ApiTest::IssueRelationsTest < ActionController::IntegrationTest
|
class Redmine::ApiTest::IssueRelationsTest < Redmine::ApiTest::Base
|
||||||
fixtures :projects, :trackers, :issue_statuses, :issues,
|
fixtures :projects, :trackers, :issue_statuses, :issues,
|
||||||
:enumerations, :users, :issue_categories,
|
:enumerations, :users, :issue_categories,
|
||||||
:projects_trackers,
|
:projects_trackers,
|
||||||
|
|
|
@ -17,7 +17,7 @@
|
||||||
|
|
||||||
require File.expand_path('../../../test_helper', __FILE__)
|
require File.expand_path('../../../test_helper', __FILE__)
|
||||||
|
|
||||||
class ApiTest::IssueStatusesTest < ActionController::IntegrationTest
|
class Redmine::ApiTest::IssueStatusesTest < Redmine::ApiTest::Base
|
||||||
fixtures :issue_statuses
|
fixtures :issue_statuses
|
||||||
|
|
||||||
def setup
|
def setup
|
||||||
|
|
|
@ -17,7 +17,7 @@
|
||||||
|
|
||||||
require File.expand_path('../../../test_helper', __FILE__)
|
require File.expand_path('../../../test_helper', __FILE__)
|
||||||
|
|
||||||
class ApiTest::IssuesTest < ActionController::IntegrationTest
|
class Redmine::ApiTest::IssuesTest < Redmine::ApiTest::Base
|
||||||
fixtures :projects,
|
fixtures :projects,
|
||||||
:users,
|
:users,
|
||||||
:roles,
|
:roles,
|
||||||
|
|
|
@ -17,7 +17,7 @@
|
||||||
|
|
||||||
require File.expand_path('../../../test_helper', __FILE__)
|
require File.expand_path('../../../test_helper', __FILE__)
|
||||||
|
|
||||||
class ApiTest::JsonpTest < ActionController::IntegrationTest
|
class Redmine::ApiTest::JsonpTest < Redmine::ApiTest::Base
|
||||||
fixtures :trackers
|
fixtures :trackers
|
||||||
|
|
||||||
def test_jsonp_should_accept_callback_param
|
def test_jsonp_should_accept_callback_param
|
||||||
|
|
|
@ -17,7 +17,7 @@
|
||||||
|
|
||||||
require File.expand_path('../../../test_helper', __FILE__)
|
require File.expand_path('../../../test_helper', __FILE__)
|
||||||
|
|
||||||
class ApiTest::MembershipsTest < ActionController::IntegrationTest
|
class Redmine::ApiTest::MembershipsTest < Redmine::ApiTest::Base
|
||||||
fixtures :projects, :users, :roles, :members, :member_roles
|
fixtures :projects, :users, :roles, :members, :member_roles
|
||||||
|
|
||||||
def setup
|
def setup
|
||||||
|
|
|
@ -16,8 +16,8 @@
|
||||||
# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
|
# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
|
||||||
|
|
||||||
require File.expand_path('../../../test_helper', __FILE__)
|
require File.expand_path('../../../test_helper', __FILE__)
|
||||||
require 'pp'
|
|
||||||
class ApiTest::NewsTest < ActionController::IntegrationTest
|
class Redmine::ApiTest::NewsTest < Redmine::ApiTest::Base
|
||||||
fixtures :projects, :trackers, :issue_statuses, :issues,
|
fixtures :projects, :trackers, :issue_statuses, :issues,
|
||||||
:enumerations, :users, :issue_categories,
|
:enumerations, :users, :issue_categories,
|
||||||
:projects_trackers,
|
:projects_trackers,
|
||||||
|
|
|
@ -17,7 +17,7 @@
|
||||||
|
|
||||||
require File.expand_path('../../../test_helper', __FILE__)
|
require File.expand_path('../../../test_helper', __FILE__)
|
||||||
|
|
||||||
class ApiTest::ProjectsTest < ActionController::IntegrationTest
|
class Redmine::ApiTest::ProjectsTest < Redmine::ApiTest::Base
|
||||||
fixtures :projects, :versions, :users, :roles, :members, :member_roles, :issues, :journals, :journal_details,
|
fixtures :projects, :versions, :users, :roles, :members, :member_roles, :issues, :journals, :journal_details,
|
||||||
:trackers, :projects_trackers, :issue_statuses, :enabled_modules, :enumerations, :boards, :messages,
|
:trackers, :projects_trackers, :issue_statuses, :enabled_modules, :enumerations, :boards, :messages,
|
||||||
:attachments, :custom_fields, :custom_values, :time_entries, :issue_categories
|
:attachments, :custom_fields, :custom_values, :time_entries, :issue_categories
|
||||||
|
|
|
@ -17,7 +17,7 @@
|
||||||
|
|
||||||
require File.expand_path('../../../test_helper', __FILE__)
|
require File.expand_path('../../../test_helper', __FILE__)
|
||||||
|
|
||||||
class ApiTest::QueriesTest < ActionController::IntegrationTest
|
class Redmine::ApiTest::QueriesTest < Redmine::ApiTest::Base
|
||||||
fixtures :projects, :trackers, :issue_statuses, :issues,
|
fixtures :projects, :trackers, :issue_statuses, :issues,
|
||||||
:enumerations, :users, :issue_categories,
|
:enumerations, :users, :issue_categories,
|
||||||
:projects_trackers,
|
:projects_trackers,
|
||||||
|
|
|
@ -17,7 +17,7 @@
|
||||||
|
|
||||||
require File.expand_path('../../../test_helper', __FILE__)
|
require File.expand_path('../../../test_helper', __FILE__)
|
||||||
|
|
||||||
class ApiTest::RolesTest < ActionController::IntegrationTest
|
class Redmine::ApiTest::RolesTest < Redmine::ApiTest::Base
|
||||||
fixtures :roles
|
fixtures :roles
|
||||||
|
|
||||||
def setup
|
def setup
|
||||||
|
|
|
@ -17,7 +17,7 @@
|
||||||
|
|
||||||
require File.expand_path('../../../test_helper', __FILE__)
|
require File.expand_path('../../../test_helper', __FILE__)
|
||||||
|
|
||||||
class ApiTest::TimeEntriesTest < ActionController::IntegrationTest
|
class Redmine::ApiTest::TimeEntriesTest < Redmine::ApiTest::Base
|
||||||
fixtures :projects, :trackers, :issue_statuses, :issues,
|
fixtures :projects, :trackers, :issue_statuses, :issues,
|
||||||
:enumerations, :users, :issue_categories,
|
:enumerations, :users, :issue_categories,
|
||||||
:projects_trackers,
|
:projects_trackers,
|
||||||
|
|
|
@ -1,6 +1,6 @@
|
||||||
require File.expand_path('../../../test_helper', __FILE__)
|
require File.expand_path('../../../test_helper', __FILE__)
|
||||||
|
|
||||||
class ApiTest::TokenAuthenticationTest < ActionController::IntegrationTest
|
class Redmine::ApiTest::TokenAuthenticationTest < Redmine::ApiTest::Base
|
||||||
fixtures :projects, :trackers, :issue_statuses, :issues,
|
fixtures :projects, :trackers, :issue_statuses, :issues,
|
||||||
:enumerations, :users, :issue_categories,
|
:enumerations, :users, :issue_categories,
|
||||||
:projects_trackers,
|
:projects_trackers,
|
||||||
|
|
|
@ -17,7 +17,7 @@
|
||||||
|
|
||||||
require File.expand_path('../../../test_helper', __FILE__)
|
require File.expand_path('../../../test_helper', __FILE__)
|
||||||
|
|
||||||
class ApiTest::TrackersTest < ActionController::IntegrationTest
|
class Redmine::ApiTest::TrackersTest < Redmine::ApiTest::Base
|
||||||
fixtures :trackers
|
fixtures :trackers
|
||||||
|
|
||||||
def setup
|
def setup
|
||||||
|
|
|
@ -16,8 +16,8 @@
|
||||||
# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
|
# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
|
||||||
|
|
||||||
require File.expand_path('../../../test_helper', __FILE__)
|
require File.expand_path('../../../test_helper', __FILE__)
|
||||||
require 'pp'
|
|
||||||
class ApiTest::UsersTest < ActionController::IntegrationTest
|
class Redmine::ApiTest::UsersTest < Redmine::ApiTest::Base
|
||||||
fixtures :users, :members, :member_roles, :roles, :projects
|
fixtures :users, :members, :member_roles, :roles, :projects
|
||||||
|
|
||||||
def setup
|
def setup
|
||||||
|
|
|
@ -17,7 +17,7 @@
|
||||||
|
|
||||||
require File.expand_path('../../../test_helper', __FILE__)
|
require File.expand_path('../../../test_helper', __FILE__)
|
||||||
|
|
||||||
class ApiTest::VersionsTest < ActionController::IntegrationTest
|
class Redmine::ApiTest::VersionsTest < Redmine::ApiTest::Base
|
||||||
fixtures :projects, :trackers, :issue_statuses, :issues,
|
fixtures :projects, :trackers, :issue_statuses, :issues,
|
||||||
:enumerations, :users, :issue_categories,
|
:enumerations, :users, :issue_categories,
|
||||||
:projects_trackers,
|
:projects_trackers,
|
||||||
|
|
|
@ -17,7 +17,7 @@
|
||||||
|
|
||||||
require File.expand_path('../../../test_helper', __FILE__)
|
require File.expand_path('../../../test_helper', __FILE__)
|
||||||
|
|
||||||
class ApiTest::WikiPagesTest < ActionController::IntegrationTest
|
class Redmine::ApiTest::WikiPagesTest < Redmine::ApiTest::Base
|
||||||
fixtures :projects, :users, :roles, :members, :member_roles,
|
fixtures :projects, :users, :roles, :members, :member_roles,
|
||||||
:enabled_modules, :wikis, :wiki_pages, :wiki_contents,
|
:enabled_modules, :wikis, :wiki_pages, :wiki_contents,
|
||||||
:wiki_content_versions, :attachments
|
:wiki_content_versions, :attachments
|
||||||
|
|
|
@ -237,260 +237,263 @@ class ActiveSupport::TestCase
|
||||||
}.size
|
}.size
|
||||||
end
|
end
|
||||||
end
|
end
|
||||||
|
|
||||||
# Test that a request allows the three types of API authentication
|
|
||||||
#
|
|
||||||
# * HTTP Basic with username and password
|
|
||||||
# * HTTP Basic with an api key for the username
|
|
||||||
# * Key based with the key=X parameter
|
|
||||||
#
|
|
||||||
# @param [Symbol] http_method the HTTP method for request (:get, :post, :put, :delete)
|
|
||||||
# @param [String] url the request url
|
|
||||||
# @param [optional, Hash] parameters additional request parameters
|
|
||||||
# @param [optional, Hash] options additional options
|
|
||||||
# @option options [Symbol] :success_code Successful response code (:success)
|
|
||||||
# @option options [Symbol] :failure_code Failure response code (:unauthorized)
|
|
||||||
def self.should_allow_api_authentication(http_method, url, parameters={}, options={})
|
|
||||||
should_allow_http_basic_auth_with_username_and_password(http_method, url, parameters, options)
|
|
||||||
should_allow_http_basic_auth_with_key(http_method, url, parameters, options)
|
|
||||||
should_allow_key_based_auth(http_method, url, parameters, options)
|
|
||||||
end
|
|
||||||
|
|
||||||
# Test that a request allows the username and password for HTTP BASIC
|
|
||||||
#
|
|
||||||
# @param [Symbol] http_method the HTTP method for request (:get, :post, :put, :delete)
|
|
||||||
# @param [String] url the request url
|
|
||||||
# @param [optional, Hash] parameters additional request parameters
|
|
||||||
# @param [optional, Hash] options additional options
|
|
||||||
# @option options [Symbol] :success_code Successful response code (:success)
|
|
||||||
# @option options [Symbol] :failure_code Failure response code (:unauthorized)
|
|
||||||
def self.should_allow_http_basic_auth_with_username_and_password(http_method, url, parameters={}, options={})
|
|
||||||
success_code = options[:success_code] || :success
|
|
||||||
failure_code = options[:failure_code] || :unauthorized
|
|
||||||
|
|
||||||
context "should allow http basic auth using a username and password for #{http_method} #{url}" do
|
|
||||||
context "with a valid HTTP authentication" do
|
|
||||||
setup do
|
|
||||||
@user = User.generate! do |user|
|
|
||||||
user.admin = true
|
|
||||||
user.password = 'my_password'
|
|
||||||
end
|
|
||||||
send(http_method, url, parameters, credentials(@user.login, 'my_password'))
|
|
||||||
end
|
|
||||||
|
|
||||||
should_respond_with success_code
|
|
||||||
should_respond_with_content_type_based_on_url(url)
|
|
||||||
should "login as the user" do
|
|
||||||
assert_equal @user, User.current
|
|
||||||
end
|
|
||||||
end
|
|
||||||
|
|
||||||
context "with an invalid HTTP authentication" do
|
|
||||||
setup do
|
|
||||||
@user = User.generate!
|
|
||||||
send(http_method, url, parameters, credentials(@user.login, 'wrong_password'))
|
|
||||||
end
|
|
||||||
|
|
||||||
should_respond_with failure_code
|
|
||||||
should_respond_with_content_type_based_on_url(url)
|
|
||||||
should "not login as the user" do
|
|
||||||
assert_equal User.anonymous, User.current
|
|
||||||
end
|
|
||||||
end
|
|
||||||
|
|
||||||
context "without credentials" do
|
|
||||||
setup do
|
|
||||||
send(http_method, url, parameters)
|
|
||||||
end
|
|
||||||
|
|
||||||
should_respond_with failure_code
|
|
||||||
should_respond_with_content_type_based_on_url(url)
|
|
||||||
should "include_www_authenticate_header" do
|
|
||||||
assert @controller.response.headers.has_key?('WWW-Authenticate')
|
|
||||||
end
|
|
||||||
end
|
|
||||||
end
|
|
||||||
end
|
|
||||||
|
|
||||||
# Test that a request allows the API key with HTTP BASIC
|
|
||||||
#
|
|
||||||
# @param [Symbol] http_method the HTTP method for request (:get, :post, :put, :delete)
|
|
||||||
# @param [String] url the request url
|
|
||||||
# @param [optional, Hash] parameters additional request parameters
|
|
||||||
# @param [optional, Hash] options additional options
|
|
||||||
# @option options [Symbol] :success_code Successful response code (:success)
|
|
||||||
# @option options [Symbol] :failure_code Failure response code (:unauthorized)
|
|
||||||
def self.should_allow_http_basic_auth_with_key(http_method, url, parameters={}, options={})
|
|
||||||
success_code = options[:success_code] || :success
|
|
||||||
failure_code = options[:failure_code] || :unauthorized
|
|
||||||
|
|
||||||
context "should allow http basic auth with a key for #{http_method} #{url}" do
|
|
||||||
context "with a valid HTTP authentication using the API token" do
|
|
||||||
setup do
|
|
||||||
@user = User.generate! do |user|
|
|
||||||
user.admin = true
|
|
||||||
end
|
|
||||||
@token = Token.create!(:user => @user, :action => 'api')
|
|
||||||
send(http_method, url, parameters, credentials(@token.value, 'X'))
|
|
||||||
end
|
|
||||||
should_respond_with success_code
|
|
||||||
should_respond_with_content_type_based_on_url(url)
|
|
||||||
should_be_a_valid_response_string_based_on_url(url)
|
|
||||||
should "login as the user" do
|
|
||||||
assert_equal @user, User.current
|
|
||||||
end
|
|
||||||
end
|
|
||||||
|
|
||||||
context "with an invalid HTTP authentication" do
|
|
||||||
setup do
|
|
||||||
@user = User.generate!
|
|
||||||
@token = Token.create!(:user => @user, :action => 'feeds')
|
|
||||||
send(http_method, url, parameters, credentials(@token.value, 'X'))
|
|
||||||
end
|
|
||||||
should_respond_with failure_code
|
|
||||||
should_respond_with_content_type_based_on_url(url)
|
|
||||||
should "not login as the user" do
|
|
||||||
assert_equal User.anonymous, User.current
|
|
||||||
end
|
|
||||||
end
|
|
||||||
end
|
|
||||||
end
|
|
||||||
|
|
||||||
# Test that a request allows full key authentication
|
|
||||||
#
|
|
||||||
# @param [Symbol] http_method the HTTP method for request (:get, :post, :put, :delete)
|
|
||||||
# @param [String] url the request url, without the key=ZXY parameter
|
|
||||||
# @param [optional, Hash] parameters additional request parameters
|
|
||||||
# @param [optional, Hash] options additional options
|
|
||||||
# @option options [Symbol] :success_code Successful response code (:success)
|
|
||||||
# @option options [Symbol] :failure_code Failure response code (:unauthorized)
|
|
||||||
def self.should_allow_key_based_auth(http_method, url, parameters={}, options={})
|
|
||||||
success_code = options[:success_code] || :success
|
|
||||||
failure_code = options[:failure_code] || :unauthorized
|
|
||||||
|
|
||||||
context "should allow key based auth using key=X for #{http_method} #{url}" do
|
|
||||||
context "with a valid api token" do
|
|
||||||
setup do
|
|
||||||
@user = User.generate! do |user|
|
|
||||||
user.admin = true
|
|
||||||
end
|
|
||||||
@token = Token.create!(:user => @user, :action => 'api')
|
|
||||||
# Simple url parse to add on ?key= or &key=
|
|
||||||
request_url = if url.match(/\?/)
|
|
||||||
url + "&key=#{@token.value}"
|
|
||||||
else
|
|
||||||
url + "?key=#{@token.value}"
|
|
||||||
end
|
|
||||||
send(http_method, request_url, parameters)
|
|
||||||
end
|
|
||||||
should_respond_with success_code
|
|
||||||
should_respond_with_content_type_based_on_url(url)
|
|
||||||
should_be_a_valid_response_string_based_on_url(url)
|
|
||||||
should "login as the user" do
|
|
||||||
assert_equal @user, User.current
|
|
||||||
end
|
|
||||||
end
|
|
||||||
|
|
||||||
context "with an invalid api token" do
|
|
||||||
setup do
|
|
||||||
@user = User.generate! do |user|
|
|
||||||
user.admin = true
|
|
||||||
end
|
|
||||||
@token = Token.create!(:user => @user, :action => 'feeds')
|
|
||||||
# Simple url parse to add on ?key= or &key=
|
|
||||||
request_url = if url.match(/\?/)
|
|
||||||
url + "&key=#{@token.value}"
|
|
||||||
else
|
|
||||||
url + "?key=#{@token.value}"
|
|
||||||
end
|
|
||||||
send(http_method, request_url, parameters)
|
|
||||||
end
|
|
||||||
should_respond_with failure_code
|
|
||||||
should_respond_with_content_type_based_on_url(url)
|
|
||||||
should "not login as the user" do
|
|
||||||
assert_equal User.anonymous, User.current
|
|
||||||
end
|
|
||||||
end
|
|
||||||
end
|
|
||||||
|
|
||||||
context "should allow key based auth using X-Redmine-API-Key header for #{http_method} #{url}" do
|
|
||||||
setup do
|
|
||||||
@user = User.generate! do |user|
|
|
||||||
user.admin = true
|
|
||||||
end
|
|
||||||
@token = Token.create!(:user => @user, :action => 'api')
|
|
||||||
send(http_method, url, parameters, {'X-Redmine-API-Key' => @token.value.to_s})
|
|
||||||
end
|
|
||||||
should_respond_with success_code
|
|
||||||
should_respond_with_content_type_based_on_url(url)
|
|
||||||
should_be_a_valid_response_string_based_on_url(url)
|
|
||||||
should "login as the user" do
|
|
||||||
assert_equal @user, User.current
|
|
||||||
end
|
|
||||||
end
|
|
||||||
end
|
|
||||||
|
|
||||||
# Uses should_respond_with_content_type based on what's in the url:
|
|
||||||
#
|
|
||||||
# '/project/issues.xml' => should_respond_with_content_type :xml
|
|
||||||
# '/project/issues.json' => should_respond_with_content_type :json
|
|
||||||
#
|
|
||||||
# @param [String] url Request
|
|
||||||
def self.should_respond_with_content_type_based_on_url(url)
|
|
||||||
case
|
|
||||||
when url.match(/xml/i)
|
|
||||||
should "respond with XML" do
|
|
||||||
assert_equal 'application/xml', @response.content_type
|
|
||||||
end
|
|
||||||
when url.match(/json/i)
|
|
||||||
should "respond with JSON" do
|
|
||||||
assert_equal 'application/json', @response.content_type
|
|
||||||
end
|
|
||||||
else
|
|
||||||
raise "Unknown content type for should_respond_with_content_type_based_on_url: #{url}"
|
|
||||||
end
|
|
||||||
end
|
|
||||||
|
|
||||||
# Uses the url to assert which format the response should be in
|
|
||||||
#
|
|
||||||
# '/project/issues.xml' => should_be_a_valid_xml_string
|
|
||||||
# '/project/issues.json' => should_be_a_valid_json_string
|
|
||||||
#
|
|
||||||
# @param [String] url Request
|
|
||||||
def self.should_be_a_valid_response_string_based_on_url(url)
|
|
||||||
case
|
|
||||||
when url.match(/xml/i)
|
|
||||||
should_be_a_valid_xml_string
|
|
||||||
when url.match(/json/i)
|
|
||||||
should_be_a_valid_json_string
|
|
||||||
else
|
|
||||||
raise "Unknown content type for should_be_a_valid_response_based_on_url: #{url}"
|
|
||||||
end
|
|
||||||
end
|
|
||||||
|
|
||||||
# Checks that the response is a valid JSON string
|
|
||||||
def self.should_be_a_valid_json_string
|
|
||||||
should "be a valid JSON string (or empty)" do
|
|
||||||
assert(response.body.blank? || ActiveSupport::JSON.decode(response.body))
|
|
||||||
end
|
|
||||||
end
|
|
||||||
|
|
||||||
# Checks that the response is a valid XML string
|
|
||||||
def self.should_be_a_valid_xml_string
|
|
||||||
should "be a valid XML string" do
|
|
||||||
assert REXML::Document.new(response.body)
|
|
||||||
end
|
|
||||||
end
|
|
||||||
|
|
||||||
def self.should_respond_with(status)
|
|
||||||
should "respond with #{status}" do
|
|
||||||
assert_response status
|
|
||||||
end
|
|
||||||
end
|
|
||||||
end
|
end
|
||||||
|
|
||||||
# Simple module to "namespace" all of the API tests
|
module Redmine
|
||||||
module ApiTest
|
module ApiTest
|
||||||
|
# Base class for API tests
|
||||||
|
class Base < ActionDispatch::IntegrationTest
|
||||||
|
# Test that a request allows the three types of API authentication
|
||||||
|
#
|
||||||
|
# * HTTP Basic with username and password
|
||||||
|
# * HTTP Basic with an api key for the username
|
||||||
|
# * Key based with the key=X parameter
|
||||||
|
#
|
||||||
|
# @param [Symbol] http_method the HTTP method for request (:get, :post, :put, :delete)
|
||||||
|
# @param [String] url the request url
|
||||||
|
# @param [optional, Hash] parameters additional request parameters
|
||||||
|
# @param [optional, Hash] options additional options
|
||||||
|
# @option options [Symbol] :success_code Successful response code (:success)
|
||||||
|
# @option options [Symbol] :failure_code Failure response code (:unauthorized)
|
||||||
|
def self.should_allow_api_authentication(http_method, url, parameters={}, options={})
|
||||||
|
should_allow_http_basic_auth_with_username_and_password(http_method, url, parameters, options)
|
||||||
|
should_allow_http_basic_auth_with_key(http_method, url, parameters, options)
|
||||||
|
should_allow_key_based_auth(http_method, url, parameters, options)
|
||||||
|
end
|
||||||
|
|
||||||
|
# Test that a request allows the username and password for HTTP BASIC
|
||||||
|
#
|
||||||
|
# @param [Symbol] http_method the HTTP method for request (:get, :post, :put, :delete)
|
||||||
|
# @param [String] url the request url
|
||||||
|
# @param [optional, Hash] parameters additional request parameters
|
||||||
|
# @param [optional, Hash] options additional options
|
||||||
|
# @option options [Symbol] :success_code Successful response code (:success)
|
||||||
|
# @option options [Symbol] :failure_code Failure response code (:unauthorized)
|
||||||
|
def self.should_allow_http_basic_auth_with_username_and_password(http_method, url, parameters={}, options={})
|
||||||
|
success_code = options[:success_code] || :success
|
||||||
|
failure_code = options[:failure_code] || :unauthorized
|
||||||
|
|
||||||
|
context "should allow http basic auth using a username and password for #{http_method} #{url}" do
|
||||||
|
context "with a valid HTTP authentication" do
|
||||||
|
setup do
|
||||||
|
@user = User.generate! do |user|
|
||||||
|
user.admin = true
|
||||||
|
user.password = 'my_password'
|
||||||
|
end
|
||||||
|
send(http_method, url, parameters, credentials(@user.login, 'my_password'))
|
||||||
|
end
|
||||||
|
|
||||||
|
should_respond_with success_code
|
||||||
|
should_respond_with_content_type_based_on_url(url)
|
||||||
|
should "login as the user" do
|
||||||
|
assert_equal @user, User.current
|
||||||
|
end
|
||||||
|
end
|
||||||
|
|
||||||
|
context "with an invalid HTTP authentication" do
|
||||||
|
setup do
|
||||||
|
@user = User.generate!
|
||||||
|
send(http_method, url, parameters, credentials(@user.login, 'wrong_password'))
|
||||||
|
end
|
||||||
|
|
||||||
|
should_respond_with failure_code
|
||||||
|
should_respond_with_content_type_based_on_url(url)
|
||||||
|
should "not login as the user" do
|
||||||
|
assert_equal User.anonymous, User.current
|
||||||
|
end
|
||||||
|
end
|
||||||
|
|
||||||
|
context "without credentials" do
|
||||||
|
setup do
|
||||||
|
send(http_method, url, parameters)
|
||||||
|
end
|
||||||
|
|
||||||
|
should_respond_with failure_code
|
||||||
|
should_respond_with_content_type_based_on_url(url)
|
||||||
|
should "include_www_authenticate_header" do
|
||||||
|
assert @controller.response.headers.has_key?('WWW-Authenticate')
|
||||||
|
end
|
||||||
|
end
|
||||||
|
end
|
||||||
|
end
|
||||||
|
|
||||||
|
# Test that a request allows the API key with HTTP BASIC
|
||||||
|
#
|
||||||
|
# @param [Symbol] http_method the HTTP method for request (:get, :post, :put, :delete)
|
||||||
|
# @param [String] url the request url
|
||||||
|
# @param [optional, Hash] parameters additional request parameters
|
||||||
|
# @param [optional, Hash] options additional options
|
||||||
|
# @option options [Symbol] :success_code Successful response code (:success)
|
||||||
|
# @option options [Symbol] :failure_code Failure response code (:unauthorized)
|
||||||
|
def self.should_allow_http_basic_auth_with_key(http_method, url, parameters={}, options={})
|
||||||
|
success_code = options[:success_code] || :success
|
||||||
|
failure_code = options[:failure_code] || :unauthorized
|
||||||
|
|
||||||
|
context "should allow http basic auth with a key for #{http_method} #{url}" do
|
||||||
|
context "with a valid HTTP authentication using the API token" do
|
||||||
|
setup do
|
||||||
|
@user = User.generate! do |user|
|
||||||
|
user.admin = true
|
||||||
|
end
|
||||||
|
@token = Token.create!(:user => @user, :action => 'api')
|
||||||
|
send(http_method, url, parameters, credentials(@token.value, 'X'))
|
||||||
|
end
|
||||||
|
should_respond_with success_code
|
||||||
|
should_respond_with_content_type_based_on_url(url)
|
||||||
|
should_be_a_valid_response_string_based_on_url(url)
|
||||||
|
should "login as the user" do
|
||||||
|
assert_equal @user, User.current
|
||||||
|
end
|
||||||
|
end
|
||||||
|
|
||||||
|
context "with an invalid HTTP authentication" do
|
||||||
|
setup do
|
||||||
|
@user = User.generate!
|
||||||
|
@token = Token.create!(:user => @user, :action => 'feeds')
|
||||||
|
send(http_method, url, parameters, credentials(@token.value, 'X'))
|
||||||
|
end
|
||||||
|
should_respond_with failure_code
|
||||||
|
should_respond_with_content_type_based_on_url(url)
|
||||||
|
should "not login as the user" do
|
||||||
|
assert_equal User.anonymous, User.current
|
||||||
|
end
|
||||||
|
end
|
||||||
|
end
|
||||||
|
end
|
||||||
|
|
||||||
|
# Test that a request allows full key authentication
|
||||||
|
#
|
||||||
|
# @param [Symbol] http_method the HTTP method for request (:get, :post, :put, :delete)
|
||||||
|
# @param [String] url the request url, without the key=ZXY parameter
|
||||||
|
# @param [optional, Hash] parameters additional request parameters
|
||||||
|
# @param [optional, Hash] options additional options
|
||||||
|
# @option options [Symbol] :success_code Successful response code (:success)
|
||||||
|
# @option options [Symbol] :failure_code Failure response code (:unauthorized)
|
||||||
|
def self.should_allow_key_based_auth(http_method, url, parameters={}, options={})
|
||||||
|
success_code = options[:success_code] || :success
|
||||||
|
failure_code = options[:failure_code] || :unauthorized
|
||||||
|
|
||||||
|
context "should allow key based auth using key=X for #{http_method} #{url}" do
|
||||||
|
context "with a valid api token" do
|
||||||
|
setup do
|
||||||
|
@user = User.generate! do |user|
|
||||||
|
user.admin = true
|
||||||
|
end
|
||||||
|
@token = Token.create!(:user => @user, :action => 'api')
|
||||||
|
# Simple url parse to add on ?key= or &key=
|
||||||
|
request_url = if url.match(/\?/)
|
||||||
|
url + "&key=#{@token.value}"
|
||||||
|
else
|
||||||
|
url + "?key=#{@token.value}"
|
||||||
|
end
|
||||||
|
send(http_method, request_url, parameters)
|
||||||
|
end
|
||||||
|
should_respond_with success_code
|
||||||
|
should_respond_with_content_type_based_on_url(url)
|
||||||
|
should_be_a_valid_response_string_based_on_url(url)
|
||||||
|
should "login as the user" do
|
||||||
|
assert_equal @user, User.current
|
||||||
|
end
|
||||||
|
end
|
||||||
|
|
||||||
|
context "with an invalid api token" do
|
||||||
|
setup do
|
||||||
|
@user = User.generate! do |user|
|
||||||
|
user.admin = true
|
||||||
|
end
|
||||||
|
@token = Token.create!(:user => @user, :action => 'feeds')
|
||||||
|
# Simple url parse to add on ?key= or &key=
|
||||||
|
request_url = if url.match(/\?/)
|
||||||
|
url + "&key=#{@token.value}"
|
||||||
|
else
|
||||||
|
url + "?key=#{@token.value}"
|
||||||
|
end
|
||||||
|
send(http_method, request_url, parameters)
|
||||||
|
end
|
||||||
|
should_respond_with failure_code
|
||||||
|
should_respond_with_content_type_based_on_url(url)
|
||||||
|
should "not login as the user" do
|
||||||
|
assert_equal User.anonymous, User.current
|
||||||
|
end
|
||||||
|
end
|
||||||
|
end
|
||||||
|
|
||||||
|
context "should allow key based auth using X-Redmine-API-Key header for #{http_method} #{url}" do
|
||||||
|
setup do
|
||||||
|
@user = User.generate! do |user|
|
||||||
|
user.admin = true
|
||||||
|
end
|
||||||
|
@token = Token.create!(:user => @user, :action => 'api')
|
||||||
|
send(http_method, url, parameters, {'X-Redmine-API-Key' => @token.value.to_s})
|
||||||
|
end
|
||||||
|
should_respond_with success_code
|
||||||
|
should_respond_with_content_type_based_on_url(url)
|
||||||
|
should_be_a_valid_response_string_based_on_url(url)
|
||||||
|
should "login as the user" do
|
||||||
|
assert_equal @user, User.current
|
||||||
|
end
|
||||||
|
end
|
||||||
|
end
|
||||||
|
|
||||||
|
# Uses should_respond_with_content_type based on what's in the url:
|
||||||
|
#
|
||||||
|
# '/project/issues.xml' => should_respond_with_content_type :xml
|
||||||
|
# '/project/issues.json' => should_respond_with_content_type :json
|
||||||
|
#
|
||||||
|
# @param [String] url Request
|
||||||
|
def self.should_respond_with_content_type_based_on_url(url)
|
||||||
|
case
|
||||||
|
when url.match(/xml/i)
|
||||||
|
should "respond with XML" do
|
||||||
|
assert_equal 'application/xml', @response.content_type
|
||||||
|
end
|
||||||
|
when url.match(/json/i)
|
||||||
|
should "respond with JSON" do
|
||||||
|
assert_equal 'application/json', @response.content_type
|
||||||
|
end
|
||||||
|
else
|
||||||
|
raise "Unknown content type for should_respond_with_content_type_based_on_url: #{url}"
|
||||||
|
end
|
||||||
|
end
|
||||||
|
|
||||||
|
# Uses the url to assert which format the response should be in
|
||||||
|
#
|
||||||
|
# '/project/issues.xml' => should_be_a_valid_xml_string
|
||||||
|
# '/project/issues.json' => should_be_a_valid_json_string
|
||||||
|
#
|
||||||
|
# @param [String] url Request
|
||||||
|
def self.should_be_a_valid_response_string_based_on_url(url)
|
||||||
|
case
|
||||||
|
when url.match(/xml/i)
|
||||||
|
should_be_a_valid_xml_string
|
||||||
|
when url.match(/json/i)
|
||||||
|
should_be_a_valid_json_string
|
||||||
|
else
|
||||||
|
raise "Unknown content type for should_be_a_valid_response_based_on_url: #{url}"
|
||||||
|
end
|
||||||
|
end
|
||||||
|
|
||||||
|
# Checks that the response is a valid JSON string
|
||||||
|
def self.should_be_a_valid_json_string
|
||||||
|
should "be a valid JSON string (or empty)" do
|
||||||
|
assert(response.body.blank? || ActiveSupport::JSON.decode(response.body))
|
||||||
|
end
|
||||||
|
end
|
||||||
|
|
||||||
|
# Checks that the response is a valid XML string
|
||||||
|
def self.should_be_a_valid_xml_string
|
||||||
|
should "be a valid XML string" do
|
||||||
|
assert REXML::Document.new(response.body)
|
||||||
|
end
|
||||||
|
end
|
||||||
|
|
||||||
|
def self.should_respond_with(status)
|
||||||
|
should "respond with #{status}" do
|
||||||
|
assert_response status
|
||||||
|
end
|
||||||
|
end
|
||||||
|
end
|
||||||
|
end
|
||||||
end
|
end
|
||||||
|
|
||||||
# URL helpers do not work with config.threadsafe!
|
# URL helpers do not work with config.threadsafe!
|
||||||
|
|
Loading…
Reference in New Issue