Nemcio/Redmine
1
0
Fork 0
mirror of https://github.com/redmine/redmine.git synced 2026-05-06 21:25:44 +02:00
Code Issues Packages Projects Releases Activity

Backported r4357, r4358, r4360 and r4363 to r4367 from trunk.

Browse Source 
git-svn-id: svn+ssh://rubyforge.org/var/svn/redmine/branches/1.0-stable@4439 e93f8b46-1217-0410-a6f0-8f06a7374b81
This commit is contained in:
Jean-Philippe Lang
2010-11-27 15:16:26 +00:00
parent bdb888476d
commit 541a371b41
12 changed files with 659 additions and 626 deletions
Download Patch File Download Diff File Expand all files Collapse all files

110
test/integration/api_test/disabled_rest_api_test.rb Normal file
View File

@@ -0,0 +1,110 @@
require "#{File.dirname(__FILE__)}/../../test_helper"
class ApiTest::DisabledRestApiTest < ActionController::IntegrationTest
fixtures :all
def setup
Setting.rest_api_enabled = '0'
Setting.login_required = '1'
end
def teardown
Setting.rest_api_enabled = '1'
Setting.login_required = '0'
end
# Using the NewsController because it's a simple API.
context "get /news with the API disabled" do
context "in :xml format" do
context "with a valid api token" do
setup do
@user = User.generate_with_protected!
@token = Token.generate!(:user => @user, :action => 'api')
get "/news.xml?key=#{@token.value}"
end
should_respond_with :unauthorized
should_respond_with_content_type :xml
should "not login as the user" do
assert_equal User.anonymous, User.current
end
end
context "with a valid HTTP authentication" do
setup do
@user = User.generate_with_protected!(:password => 'my_password', :password_confirmation => 'my_password')
@authorization = ActionController::HttpAuthentication::Basic.encode_credentials(@user.login, 'my_password')
get "/news.xml", nil, :authorization => @authorization
end
should_respond_with :unauthorized
should_respond_with_content_type :xml
should "not login as the user" do
assert_equal User.anonymous, User.current
end
end
context "with a valid HTTP authentication using the API token" do
setup do
@user = User.generate_with_protected!
@token = Token.generate!(:user => @user, :action => 'api')
@authorization = ActionController::HttpAuthentication::Basic.encode_credentials(@token.value, 'X')
get "/news.xml", nil, :authorization => @authorization
end
should_respond_with :unauthorized
should_respond_with_content_type :xml
should "not login as the user" do
assert_equal User.anonymous, User.current
end
end
end
context "in :json format" do
context "with a valid api token" do
setup do
@user = User.generate_with_protected!
@token = Token.generate!(:user => @user, :action => 'api')
get "/news.json?key=#{@token.value}"
end
should_respond_with :unauthorized
should_respond_with_content_type :json
should "not login as the user" do
assert_equal User.anonymous, User.current
end
end
context "with a valid HTTP authentication" do
setup do
@user = User.generate_with_protected!(:password => 'my_password', :password_confirmation => 'my_password')
@authorization = ActionController::HttpAuthentication::Basic.encode_credentials(@user.login, 'my_password')
get "/news.json", nil, :authorization => @authorization
end
should_respond_with :unauthorized
should_respond_with_content_type :json
should "not login as the user" do
assert_equal User.anonymous, User.current
end
end
context "with a valid HTTP authentication using the API token" do
setup do
@user = User.generate_with_protected!
@token = Token.generate!(:user => @user, :action => 'api')
@authorization = ActionController::HttpAuthentication::Basic.encode_credentials(@token.value, 'DoesNotMatter')
get "/news.json", nil, :authorization => @authorization
end
should_respond_with :unauthorized
should_respond_with_content_type :json
should "not login as the user" do
assert_equal User.anonymous, User.current
end
end
end
end
end

31
test/integration/api_test/http_basic_login_test.rb Normal file
View File

@@ -0,0 +1,31 @@
require "#{File.dirname(__FILE__)}/../../test_helper"
class ApiTest::HttpBasicLoginTest < ActionController::IntegrationTest
fixtures :all
def setup
Setting.rest_api_enabled = '1'
Setting.login_required = '1'
end
def teardown
Setting.rest_api_enabled = '0'
Setting.login_required = '0'
end
# Using the NewsController because it's a simple API.
context "get /news" do
setup do
project = Project.find('onlinestore')
EnabledModule.create(:project => project, :name => 'news')
end
context "in :xml format" do
should_allow_http_basic_auth_with_username_and_password(:get, "/projects/onlinestore/news.xml")
end
context "in :json format" do
should_allow_http_basic_auth_with_username_and_password(:get, "/projects/onlinestore/news.json")
end
end
end

27
test/integration/api_test/http_basic_login_with_api_token_test.rb Normal file
View File

@@ -0,0 +1,27 @@
require "#{File.dirname(__FILE__)}/../../test_helper"
class ApiTest::HttpBasicLoginWithApiTokenTest < ActionController::IntegrationTest
fixtures :all
def setup
Setting.rest_api_enabled = '1'
Setting.login_required = '1'
end
def teardown
Setting.rest_api_enabled = '0'
Setting.login_required = '0'
end
# Using the NewsController because it's a simple API.
context "get /news" do
context "in :xml format" do
should_allow_http_basic_auth_with_key(:get, "/news.xml")
end
context "in :json format" do
should_allow_http_basic_auth_with_key(:get, "/news.json")
end
end
end

336
test/integration/api_test/issues_test.rb Normal file
View File

@@ -0,0 +1,336 @@
# Redmine - project management software
# Copyright (C) 2006-2010 Jean-Philippe Lang
#
# This program is free software; you can redistribute it and/or
# modify it under the terms of the GNU General Public License
# as published by the Free Software Foundation; either version 2
# of the License, or (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
require "#{File.dirname(__FILE__)}/../../test_helper"
class ApiTest::IssuesTest < ActionController::IntegrationTest
fixtures :projects,
:users,
:roles,
:members,
:member_roles,
:issues,
:issue_statuses,
:versions,
:trackers,
:projects_trackers,
:issue_categories,
:enabled_modules,
:enumerations,
:attachments,
:workflows,
:custom_fields,
:custom_values,
:custom_fields_projects,
:custom_fields_trackers,
:time_entries,
:journals,
:journal_details,
:queries
def setup
Setting.rest_api_enabled = '1'
end
# Use a private project to make sure auth is really working and not just
# only showing public issues.
context "/index.xml" do
should_allow_api_authentication(:get, "/projects/private-child/issues.xml")
end
context "/index.json" do
should_allow_api_authentication(:get, "/projects/private-child/issues.json")
end
context "/index.xml with filter" do
should_allow_api_authentication(:get, "/projects/private-child/issues.xml?status_id=5")
should "show only issues with the status_id" do
get '/issues.xml?status_id=5'
assert_tag :tag => 'issues',
:children => { :count => Issue.visible.count(:conditions => {:status_id => 5}),
:only => { :tag => 'issue' } }
end
end
context "/index.json with filter" do
should_allow_api_authentication(:get, "/projects/private-child/issues.json?status_id=5")
should "show only issues with the status_id" do
get '/issues.json?status_id=5'
json = ActiveSupport::JSON.decode(response.body)
status_ids_used = json.collect {|j| j['status_id'] }
assert_equal 3, status_ids_used.length
assert status_ids_used.all? {|id| id == 5 }
end
end
# Issue 6 is on a private project
context "/issues/6.xml" do
should_allow_api_authentication(:get, "/issues/6.xml")
end
context "/issues/6.json" do
should_allow_api_authentication(:get, "/issues/6.json")
end
context "POST /issues.xml" do
should_allow_api_authentication(:post,
'/issues.xml',
{:issue => {:project_id => 1, :subject => 'API test', :tracker_id => 2, :status_id => 3}},
{:success_code => :created})
should "create an issue with the attributes" do
assert_difference('Issue.count') do
post '/issues.xml', {:issue => {:project_id => 1, :subject => 'API test', :tracker_id => 2, :status_id => 3}}, :authorization => credentials('jsmith')
end
issue = Issue.first(:order => 'id DESC')
assert_equal 1, issue.project_id
assert_equal 2, issue.tracker_id
assert_equal 3, issue.status_id
assert_equal 'API test', issue.subject
end
end
context "POST /issues.xml with failure" do
should_allow_api_authentication(:post,
'/issues.xml',
{:issue => {:project_id => 1}},
{:success_code => :unprocessable_entity})
should "have an errors tag" do
assert_no_difference('Issue.count') do
post '/issues.xml', {:issue => {:project_id => 1}}, :authorization => credentials('jsmith')
end
assert_tag :errors, :child => {:tag => 'error', :content => "Subject can't be blank"}
end
end
context "POST /issues.json" do
should_allow_api_authentication(:post,
'/issues.json',
{:issue => {:project_id => 1, :subject => 'API test', :tracker_id => 2, :status_id => 3}},
{:success_code => :created})
should "create an issue with the attributes" do
assert_difference('Issue.count') do
post '/issues.json', {:issue => {:project_id => 1, :subject => 'API test', :tracker_id => 2, :status_id => 3}}, :authorization => credentials('jsmith')
end
issue = Issue.first(:order => 'id DESC')
assert_equal 1, issue.project_id
assert_equal 2, issue.tracker_id
assert_equal 3, issue.status_id
assert_equal 'API test', issue.subject
end
end
context "POST /issues.json with failure" do
should_allow_api_authentication(:post,
'/issues.json',
{:issue => {:project_id => 1}},
{:success_code => :unprocessable_entity})
should "have an errors element" do
assert_no_difference('Issue.count') do
post '/issues.json', {:issue => {:project_id => 1}}, :authorization => credentials('jsmith')
end
json = ActiveSupport::JSON.decode(response.body)
assert_equal "can't be blank", json.first['subject']
end
end
# Issue 6 is on a private project
context "PUT /issues/6.xml" do
setup do
@parameters = {:issue => {:subject => 'API update', :notes => 'A new note'}}
@headers = { :authorization => credentials('jsmith') }
end
should_allow_api_authentication(:put,
'/issues/6.xml',
{:issue => {:subject => 'API update', :notes => 'A new note'}},
{:success_code => :ok})
should "not create a new issue" do
assert_no_difference('Issue.count') do
put '/issues/6.xml', @parameters, @headers
end
end
should "create a new journal" do
assert_difference('Journal.count') do
put '/issues/6.xml', @parameters, @headers
end
end
should "add the note to the journal" do
put '/issues/6.xml', @parameters, @headers
journal = Journal.last
assert_equal "A new note", journal.notes
end
should "update the issue" do
put '/issues/6.xml', @parameters, @headers
issue = Issue.find(6)
assert_equal "API update", issue.subject
end
end
context "PUT /issues/6.xml with failed update" do
setup do
@parameters = {:issue => {:subject => ''}}
@headers = { :authorization => credentials('jsmith') }
end
should_allow_api_authentication(:put,
'/issues/6.xml',
{:issue => {:subject => ''}}, # Missing subject should fail
{:success_code => :unprocessable_entity})
should "not create a new issue" do
assert_no_difference('Issue.count') do
put '/issues/6.xml', @parameters, @headers
end
end
should "not create a new journal" do
assert_no_difference('Journal.count') do
put '/issues/6.xml', @parameters, @headers
end
end
should "have an errors tag" do
put '/issues/6.xml', @parameters, @headers
assert_tag :errors, :child => {:tag => 'error', :content => "Subject can't be blank"}
end
end
context "PUT /issues/6.json" do
setup do
@parameters = {:issue => {:subject => 'API update', :notes => 'A new note'}}
@headers = { :authorization => credentials('jsmith') }
end
should_allow_api_authentication(:put,
'/issues/6.json',
{:issue => {:subject => 'API update', :notes => 'A new note'}},
{:success_code => :ok})
should "not create a new issue" do
assert_no_difference('Issue.count') do
put '/issues/6.json', @parameters, @headers
end
end
should "create a new journal" do
assert_difference('Journal.count') do
put '/issues/6.json', @parameters, @headers
end
end
should "add the note to the journal" do
put '/issues/6.json', @parameters, @headers
journal = Journal.last
assert_equal "A new note", journal.notes
end
should "update the issue" do
put '/issues/6.json', @parameters, @headers
issue = Issue.find(6)
assert_equal "API update", issue.subject
end
end
context "PUT /issues/6.json with failed update" do
setup do
@parameters = {:issue => {:subject => ''}}
@headers = { :authorization => credentials('jsmith') }
end
should_allow_api_authentication(:put,
'/issues/6.json',
{:issue => {:subject => ''}}, # Missing subject should fail
{:success_code => :unprocessable_entity})
should "not create a new issue" do
assert_no_difference('Issue.count') do
put '/issues/6.json', @parameters, @headers
end
end
should "not create a new journal" do
assert_no_difference('Journal.count') do
put '/issues/6.json', @parameters, @headers
end
end
should "have an errors attribute" do
put '/issues/6.json', @parameters, @headers
json = ActiveSupport::JSON.decode(response.body)
assert_equal "can't be blank", json.first['subject']
end
end
context "DELETE /issues/1.xml" do
should_allow_api_authentication(:delete,
'/issues/6.xml',
{},
{:success_code => :ok})
should "delete the issue" do
assert_difference('Issue.count',-1) do
delete '/issues/6.xml', {}, :authorization => credentials('jsmith')
end
assert_nil Issue.find_by_id(6)
end
end
context "DELETE /issues/1.json" do
should_allow_api_authentication(:delete,
'/issues/6.json',
{},
{:success_code => :ok})
should "delete the issue" do
assert_difference('Issue.count',-1) do
delete '/issues/6.json', {}, :authorization => credentials('jsmith')
end
assert_nil Issue.find_by_id(6)
end
end
def credentials(user, password=nil)
ActionController::HttpAuthentication::Basic.encode_credentials(user, password || user)
end
end

99
test/integration/api_test/projects_test.rb Normal file
View File

@@ -0,0 +1,99 @@
# Redmine - project management software
# Copyright (C) 2006-2010 Jean-Philippe Lang
#
# This program is free software; you can redistribute it and/or
# modify it under the terms of the GNU General Public License
# as published by the Free Software Foundation; either version 2
# of the License, or (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
require "#{File.dirname(__FILE__)}/../../test_helper"
class ApiTest::ProjectsTest < ActionController::IntegrationTest
fixtures :projects, :versions, :users, :roles, :members, :member_roles, :issues, :journals, :journal_details,
:trackers, :projects_trackers, :issue_statuses, :enabled_modules, :enumerations, :boards, :messages,
:attachments, :custom_fields, :custom_values, :time_entries
def setup
Setting.rest_api_enabled = '1'
end
def test_index
get '/projects.xml'
assert_response :success
assert_equal 'application/xml', @response.content_type
end
def test_show
get '/projects/1.xml'
assert_response :success
assert_equal 'application/xml', @response.content_type
end
def test_create
attributes = {:name => 'API test', :identifier => 'api-test'}
assert_difference 'Project.count' do
post '/projects.xml', {:project => attributes}, :authorization => credentials('admin')
end
assert_response :created
assert_equal 'application/xml', @response.content_type
project = Project.first(:order => 'id DESC')
attributes.each do |attribute, value|
assert_equal value, project.send(attribute)
end
end
def test_create_failure
attributes = {:name => 'API test'}
assert_no_difference 'Project.count' do
post '/projects.xml', {:project => attributes}, :authorization => credentials('admin')
end
assert_response :unprocessable_entity
assert_equal 'application/xml', @response.content_type
assert_tag :errors, :child => {:tag => 'error', :content => "Identifier can't be blank"}
end
def test_update
attributes = {:name => 'API update'}
assert_no_difference 'Project.count' do
put '/projects/1.xml', {:project => attributes}, :authorization => credentials('jsmith')
end
assert_response :ok
assert_equal 'application/xml', @response.content_type
project = Project.find(1)
attributes.each do |attribute, value|
assert_equal value, project.send(attribute)
end
end
def test_update_failure
attributes = {:name => ''}
assert_no_difference 'Project.count' do
put '/projects/1.xml', {:project => attributes}, :authorization => credentials('jsmith')
end
assert_response :unprocessable_entity
assert_equal 'application/xml', @response.content_type
assert_tag :errors, :child => {:tag => 'error', :content => "Name can't be blank"}
end
def test_destroy
assert_difference 'Project.count', -1 do
delete '/projects/2.xml', {}, :authorization => credentials('admin')
end
assert_response :ok
assert_equal 'application/xml', @response.content_type
assert_nil Project.find_by_id(2)
end
def credentials(user, password=nil)
ActionController::HttpAuthentication::Basic.encode_credentials(user, password || user)
end
end

26
test/integration/api_test/token_authentication_test.rb Normal file
View File

@@ -0,0 +1,26 @@
require "#{File.dirname(__FILE__)}/../../test_helper"
class ApiTest::TokenAuthenticationTest < ActionController::IntegrationTest
fixtures :all
def setup
Setting.rest_api_enabled = '1'
Setting.login_required = '1'
end
def teardown
Setting.rest_api_enabled = '0'
Setting.login_required = '0'
end
# Using the NewsController because it's a simple API.
context "get /news" do
context "in :xml format" do
should_allow_key_based_auth(:get, "/news.xml")
end
context "in :json format" do
should_allow_key_based_auth(:get, "/news.json")
end
end
end