Revision a1b8169f
Added by Daniel Lobato Garcia over 10 years ago
app/controllers/concerns/foreman/controller/authentication.rb | ||
---|---|---|
# We assume we always have a user logged in, if authentication is disabled, the user is the built-in admin account.
|
||
User.current = User.admin
|
||
session[:user] = User.current.id unless api_request?
|
||
true
|
||
end
|
||
end
|
||
|
test/functional/api/base_controller_subclass_test.rb | ||
---|---|---|
end
|
||
end
|
||
|
||
context "API authentication" do
|
||
setup do
|
||
User.current = nil
|
||
SETTINGS[:login] = false
|
||
end
|
||
|
||
teardown do
|
||
SETTINGS[:login] = true
|
||
end
|
||
|
||
it "does not need an username and password when Settings[:login]=false" do
|
||
get :index
|
||
assert_response :success
|
||
end
|
||
|
||
it "does not set session data for API requests" do
|
||
get :index
|
||
assert_not session[:user]
|
||
end
|
||
end
|
||
end
|
Also available in: Unified diff
fixes #3280 - authenticate returns true for API requests when login:false