kolan
/
obsolete.ChilliProject
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Makes the API accepts the X-Redmine-API-Key header to hold the API key. 

git-svn-id: svn+ssh://rubyforge.org/var/svn/redmine/trunk@4573 e93f8b46-1217-0410-a6f0-8f06a7374b81
This commit is contained in:
Jean-Philippe Lang 2010-12-23 14:49:14 +00:00
parent 283d25d823
commit 07fe46e9df
2 changed files with 26 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

15
app/controllers/application_controller.rb
View File

@ -71,10 +71,10 @@ class ApplicationController < ActionController::Base
elsif params[:format] == 'atom' && params[:key] && accept_key_auth_actions.include?(params[:action]) elsif params[:format] == 'atom' && params[:key] && accept_key_auth_actions.include?(params[:action])
# RSS key authentication does not start a session # RSS key authentication does not start a session
User.find_by_rss_key(params[:key]) User.find_by_rss_key(params[:key])
elsif Setting.rest_api_enabled? && ['xml', 'json'].include?(params[:format]) elsif Setting.rest_api_enabled? && api_request?
if params[:key].present? && accept_key_auth_actions.include?(params[:action]) if (key = api_key_from_request) && accept_key_auth_actions.include?(params[:action])
# Use API key # Use API key
User.find_by_api_key(params[:key]) User.find_by_api_key(key)
else else
# HTTP Basic, either username/password or API key/random # HTTP Basic, either username/password or API key/random
authenticate_with_http_basic do |username, password| authenticate_with_http_basic do |username, password|
@ -403,6 +403,15 @@ class ApplicationController < ActionController::Base
%w(xml json).include? params[:format] %w(xml json).include? params[:format]
end end
# Returns the API key present in the request
def api_key_from_request
if params[:key].present?
params[:key]
elsif request.headers["X-Redmine-API-Key"].present?
request.headers["X-Redmine-API-Key"]
end
end
# Renders a warning flash if obj has unsaved attachments # Renders a warning flash if obj has unsaved attachments
def render_attachment_warning_if_needed(obj) def render_attachment_warning_if_needed(obj)
flash[:warning] = l(:warning_attachments_not_saved, obj.unsaved_attachments.size) if obj.unsaved_attachments.present? flash[:warning] = l(:warning_attachments_not_saved, obj.unsaved_attachments.size) if obj.unsaved_attachments.present?

14
test/test_helper.rb
View File

@ -361,6 +361,20 @@ class ActiveSupport::TestCase
end end
end end
context "should allow key based auth using X-Redmine-API-Key header for #{http_method} #{url}" do
setup do
@user = User.generate_with_protected!(:admin => true)
@token = Token.generate!(:user => @user, :action => 'api')
send(http_method, url, parameters, {'X-Redmine-API-Key' => @token.value.to_s})
end
should_respond_with success_code
should_respond_with_content_type_based_on_url(url)
should_be_a_valid_response_string_based_on_url(url)
should "login as the user" do
assert_equal @user, User.current
end
end
end end
# Uses should_respond_with_content_type based on what's in the url: # Uses should_respond_with_content_type based on what's in the url: