@ -29,7 +29,13 @@
require File . expand_path ( '../../../spec_helper' , __FILE__ )
require File . expand_path ( '../../../spec_helper' , __FILE__ )
describe 'API v2' , type : :request do
describe 'API v2' , type : :request do
let ( :admin ) { FactoryGirl . create :admin }
let ( :valid_password ) { 'foobar!1234!foobar' }
let ( :admin ) {
FactoryGirl . create :admin ,
login : 'admin' ,
password : valid_password ,
password_confirmation : valid_password
}
let ( :project ) { FactoryGirl . create ( :project ) }
let ( :project ) { FactoryGirl . create ( :project ) }
before do
before do
@ -42,7 +48,7 @@ describe 'API v2', type: :request do
User . current = nil # api key auth sets the current user, reset it to make test idempotent
User . current = nil # api key auth sets the current user, reset it to make test idempotent
end
end
describe 'key authentication' do
describe 'API authentication' do
let ( :api_key ) { admin . api_key }
let ( :api_key ) { admin . api_key }
shared_examples_for 'API key access' do
shared_examples_for 'API key access' do
@ -59,34 +65,69 @@ describe 'API v2', type: :request do
end
end
end
end
shared_examples_for 'API Basic Auth access' do
let ( :used_password ) { valid_password }
let ( :credentials ) {
ActionController :: HttpAuthentication :: Basic . encode_credentials ( 'admin' , used_password )
}
before do
allow ( OpenProject :: Configuration ) . to receive ( :apiv2_enable_basic_auth? ) . and_return ( enabled )
get request_url , nil , { 'HTTP_AUTHORIZATION' = > credentials }
end
context 'when enabled' do
let ( :enabled ) { true }
context 'valid' do
it { expect ( response . status ) . to eq ( 200 ) }
end
context 'invalid' do
let ( :used_password ) { 'foobar' }
it { expect ( response . status ) . to eq ( 401 ) }
end
end
context 'when disabled' do
let ( :enabled ) { false }
it { expect ( response . status ) . to eq ( 401 ) }
end
end
describe 'for planning element types' do
describe 'for planning element types' do
let ( :request_url ) { " /api/v2/projects/ #{ project . id } /planning_element_types.json " }
let ( :request_url ) { " /api/v2/projects/ #{ project . id } /planning_element_types.json " }
it_behaves_like 'API key access'
it_behaves_like 'API key access'
it_behaves_like 'API Basic Auth access'
end
end
describe 'for project associations' do
describe 'for project associations' do
let ( :request_url ) { " /api/v2/projects/ #{ project . id } /project_associations.xml " }
let ( :request_url ) { " /api/v2/projects/ #{ project . id } /project_associations.xml " }
it_behaves_like 'API key access'
it_behaves_like 'API key access'
it_behaves_like 'API Basic Auth access'
end
end
describe " for project associations' available projects " do
describe " for project associations' available projects " do
let ( :request_url ) { " /api/v2/projects/ #{ project . id } /project_associations/available_projects.xml " }
let ( :request_url ) { " /api/v2/projects/ #{ project . id } /project_associations/available_projects.xml " }
it_behaves_like 'API key access'
it_behaves_like 'API key access'
it_behaves_like 'API Basic Auth access'
end
end
describe 'for reportings' do
describe 'for reportings' do
let ( :request_url ) { " /api/v2/projects/ #{ project . id } /reportings.xml " }
let ( :request_url ) { " /api/v2/projects/ #{ project . id } /reportings.xml " }
it_behaves_like 'API key access'
it_behaves_like 'API key access'
it_behaves_like 'API Basic Auth access'
end
end
describe " for reportings' available projects " do
describe " for reportings' available projects " do
let ( :request_url ) { " /api/v2/projects/ #{ project . id } /reportings/available_projects.xml " }
let ( :request_url ) { " /api/v2/projects/ #{ project . id } /reportings/available_projects.xml " }
it_behaves_like 'API key access'
it_behaves_like 'API key access'
it_behaves_like 'API Basic Auth access'
end
end
end
end
end
end