Revision a1b8169f
Added by Daniel Lobato Garcia over 10 years ago
| app/controllers/concerns/foreman/controller/authentication.rb | ||
|---|---|---|
|
# We assume we always have a user logged in, if authentication is disabled, the user is the built-in admin account.
|
||
|
User.current = User.admin
|
||
|
session[:user] = User.current.id unless api_request?
|
||
|
true
|
||
|
end
|
||
|
end
|
||
|
|
||
| test/functional/api/base_controller_subclass_test.rb | ||
|---|---|---|
|
end
|
||
|
end
|
||
|
|
||
|
context "API authentication" do
|
||
|
setup do
|
||
|
User.current = nil
|
||
|
SETTINGS[:login] = false
|
||
|
end
|
||
|
|
||
|
teardown do
|
||
|
SETTINGS[:login] = true
|
||
|
end
|
||
|
|
||
|
it "does not need an username and password when Settings[:login]=false" do
|
||
|
get :index
|
||
|
assert_response :success
|
||
|
end
|
||
|
|
||
|
it "does not set session data for API requests" do
|
||
|
get :index
|
||
|
assert_not session[:user]
|
||
|
end
|
||
|
end
|
||
|
end
|
||
Also available in: Unified diff
fixes #3280 - authenticate returns true for API requests when login:false