Refactor: convert username/password http basic auth api tests to shoulda macros #6447

git-svn-id: svn+ssh://rubyforge.org/var/svn/redmine/trunk@4360 e93f8b46-1217-0410-a6f0-8f06a7374b81
This commit is contained in:
Eric Davis 2010-11-02 15:52:06 +00:00
parent 27049b848d
commit a04d64881c
2 changed files with 57 additions and 79 deletions

View File

@ -15,89 +15,17 @@ class ApiTest::HttpBasicLoginTest < ActionController::IntegrationTest
# Using the NewsController because it's a simple API.
context "get /news" do
setup do
project = Project.find('onlinestore')
EnabledModule.create(:project => project, :name => 'news')
end
context "in :xml format" do
context "with a valid HTTP authentication" do
setup do
@user = User.generate_with_protected!(:password => 'my_password', :password_confirmation => 'my_password')
@authorization = ActionController::HttpAuthentication::Basic.encode_credentials(@user.login, 'my_password')
get "/news.xml", nil, :authorization => @authorization
end
should_respond_with :success
should_respond_with_content_type :xml
should "login as the user" do
assert_equal @user, User.current
end
end
context "with an invalid HTTP authentication" do
setup do
@user = User.generate_with_protected!
@authorization = ActionController::HttpAuthentication::Basic.encode_credentials(@user.login, 'wrong_password')
get "/news.xml", nil, :authorization => @authorization
end
should_respond_with :unauthorized
should_respond_with_content_type :xml
should "not login as the user" do
assert_equal User.anonymous, User.current
end
end
context "without credentials" do
setup do
get "/projects/onlinestore/news.xml"
end
should_respond_with :unauthorized
should_respond_with_content_type :xml
should "include_www_authenticate_header" do
assert @controller.response.headers.has_key?('WWW-Authenticate')
end
end
should_allow_http_basic_auth_with_username_and_password(:get, "/projects/onlinestore/news.xml")
end
context "in :json format" do
context "with a valid HTTP authentication" do
setup do
@user = User.generate_with_protected!(:password => 'my_password', :password_confirmation => 'my_password')
@authorization = ActionController::HttpAuthentication::Basic.encode_credentials(@user.login, 'my_password')
get "/news.json", nil, :authorization => @authorization
end
should_respond_with :success
should_respond_with_content_type :json
should "login as the user" do
assert_equal @user, User.current
end
end
context "with an invalid HTTP authentication" do
setup do
@user = User.generate_with_protected!
@authorization = ActionController::HttpAuthentication::Basic.encode_credentials(@user.login, 'wrong_password')
get "/news.json", nil, :authorization => @authorization
end
should_respond_with :unauthorized
should_respond_with_content_type :json
should "not login as the user" do
assert_equal User.anonymous, User.current
end
end
end
context "without credentials" do
setup do
get "/projects/onlinestore/news.json"
end
should_respond_with :unauthorized
should_respond_with_content_type :json
should "include_www_authenticate_header" do
assert @controller.response.headers.has_key?('WWW-Authenticate')
end
should_allow_http_basic_auth_with_username_and_password(:get, "/projects/onlinestore/news.json")
end
end
end

View File

@ -186,12 +186,62 @@ class ActiveSupport::TestCase
end
end
# Test that a request allows the username and password for HTTP BASIC
#
# @param [Symbol] http_method the HTTP method for request (:get, :post, :put, :delete)
# @param [String] url the request url
# @param [optional, Hash] parameters additional request parameters
def self.should_allow_http_basic_auth_with_username_and_password(http_method, url, parameters={})
context "should allow http basic auth using a username and password for #{http_method} #{url}" do
context "with a valid HTTP authentication" do
setup do
@user = User.generate_with_protected!(:password => 'my_password', :password_confirmation => 'my_password', :admin => true) # Admin so they can access the project
@authorization = ActionController::HttpAuthentication::Basic.encode_credentials(@user.login, 'my_password')
send(http_method, url, parameters, {:authorization => @authorization})
end
should_respond_with :success
should_respond_with_content_type_based_on_url(url)
should "login as the user" do
assert_equal @user, User.current
end
end
context "with an invalid HTTP authentication" do
setup do
@user = User.generate_with_protected!
@authorization = ActionController::HttpAuthentication::Basic.encode_credentials(@user.login, 'wrong_password')
send(http_method, url, parameters, {:authorization => @authorization})
end
should_respond_with :unauthorized
should_respond_with_content_type_based_on_url(url)
should "not login as the user" do
assert_equal User.anonymous, User.current
end
end
context "without credentials" do
setup do
send(http_method, url, parameters, {:authorization => ''})
end
should_respond_with :unauthorized
should_respond_with_content_type_based_on_url(url)
should "include_www_authenticate_header" do
assert @controller.response.headers.has_key?('WWW-Authenticate')
end
end
end
end
# Test that a request allows full key authentication
#
# @param [Symbol] http_method the HTTP method for request (:get, :post, :put, :delete)
# @param [String] url the request url, without the key=ZXY parameter
def self.should_allow_key_based_auth(http_method, url)
context "should allow key based auth using key=X for #{url}" do
context "should allow key based auth using key=X for #{http_method} #{url}" do
context "with a valid api token" do
setup do
@user = User.generate_with_protected!