Test API authentification once.

git-svn-id: http://svn.redmine.org/redmine/trunk@13675 e93f8b46-1217-0410-a6f0-8f06a7374b81
2025-11-03 20:06:24 +01:00 · 2014-11-30 14:11:56 +00:00
parent e7518a9e0c
commit 372b24627b
9 changed files with 73 additions and 472 deletions
--- a/test/integration/api_test/authentication_test.rb
+++ b/test/integration/api_test/authentication_test.rb
@@ -28,6 +28,79 @@ class Redmine::ApiTest::AuthenticationTest < Redmine::ApiTest::Base
    Setting.rest_api_enabled = '0'
  end

+  def test_api_should_deny_without_credentials
+    get '/users/current.xml', {}
+    assert_response 401
+    assert_equal User.anonymous, User.current
+    assert response.headers.has_key?('WWW-Authenticate')
+  end
+
+  def test_api_should_accept_http_basic_auth_using_username_and_password
+    user = User.generate! do |user|
+      user.password = 'my_password'
+    end
+    get '/users/current.xml', {}, credentials(user.login, 'my_password')
+    assert_response 200
+    assert_equal user, User.current
+  end
+
+  def test_api_should_deny_http_basic_auth_using_username_and_wrong_password
+    user = User.generate! do |user|
+      user.password = 'my_password'
+    end
+    get '/users/current.xml', {}, credentials(user.login, 'wrong_password')
+    assert_response 401
+    assert_equal User.anonymous, User.current
+  end
+
+  def test_api_should_accept_http_basic_auth_using_api_key
+    user = User.generate!
+    token = Token.create!(:user => user, :action => 'api')
+    get '/users/current.xml', {}, credentials(token.value, 'X')
+    assert_response 200
+    assert_equal user, User.current
+  end
+
+  def test_api_should_deny_http_basic_auth_using_wrong_api_key
+    user = User.generate!
+    token = Token.create!(:user => user, :action => 'feeds') # not the API key
+    get '/users/current.xml', {}, credentials(token.value, 'X')
+    assert_response 401
+    assert_equal User.anonymous, User.current
+  end
+
+  def test_api_should_accept_auth_using_api_key_as_parameter
+    user = User.generate!
+    token = Token.create!(:user => user, :action => 'api')
+    get "/users/current.xml?key=#{token.value}", {}
+    assert_response 200
+    assert_equal user, User.current
+  end
+
+  def test_api_should_deny_auth_using_wrong_api_key_as_parameter
+    user = User.generate!
+    token = Token.create!(:user => user, :action => 'feeds') # not the API key
+    get "/users/current.xml?key=#{token.value}", {}
+    assert_response 401
+    assert_equal User.anonymous, User.current
+  end
+
+  def test_api_should_accept_auth_using_api_key_as_request_header
+    user = User.generate!
+    token = Token.create!(:user => user, :action => 'api')
+    get "/users/current.xml", {}, {'X-Redmine-API-Key' => token.value.to_s}
+    assert_response 200
+    assert_equal user, User.current
+  end
+
+  def test_api_should_deny_auth_using_wrong_api_key_as_request_header
+    user = User.generate!
+    token = Token.create!(:user => user, :action => 'feeds') # not the API key
+    get "/users/current.xml", {}, {'X-Redmine-API-Key' => token.value.to_s}
+    assert_response 401
+    assert_equal User.anonymous, User.current
+  end
+
  def test_api_should_trigger_basic_http_auth_with_basic_authorization_header
    ApplicationController.any_instance.expects(:authenticate_with_http_basic).once
    get '/users/current.xml', {}, credentials('jsmith')