View Issue Details

IDProjectCategoryView StatusLast Update
0032804mantisbtapi restpublic2023-10-31 16:32
Reporterdregad Assigned Todregad  
PrioritynormalSeverityminorReproducibilityalways
Status closedResolutionfixed 
Target Version2.26.0Fixed in Version2.26.0 
Summary0032804: REST API unit test incorrectly failing with anonymous user
Description

When running RestProjectVersionTests.php, testProjectDeleteVersionAnonymous passes when $g_allow_anonymous_login = ON, but fails with a properly setup anonymous account:

1) RestProjectVersionTests::testProjectDeleteVersionAnonymous
Failed asserting that 403 matches expected 401.

With a valid anonymous account setup, the API returns 403 (Access denied).

When anonymous login is disabled or not valid, the API returns 401 (API token required) when no Authorization header is provided, but the test case should be skipped in this case.

TagsNo tags attached.

Activities

dregad

dregad

2023-08-06 18:21

developer   ~0067968

Additional issues found

1) RestUserTests::testCreateUserAnonymous

Failed asserting that 403 matches expected 401.

/home/travis/build/mantisbt/mantisbt/tests/rest/RestUserTests.php:74
/home/travis/build/mantisbt/mantisbt/vendor/phpunit/phpunit/phpunit:53

2) RestUserTests::testUpdateUserAnonymous

Failed asserting that 403 matches expected 401.

/home/travis/build/mantisbt/mantisbt/tests/rest/RestUserTests.php:293
/home/travis/build/mantisbt/mantisbt/vendor/phpunit/phpunit/phpunit:53

3) RestUserTests::testGetUserByIdAnonymous

Failed asserting that 403 matches expected 401.

/home/travis/build/mantisbt/mantisbt/tests/rest/RestUserTests.php:400
/home/travis/build/mantisbt/mantisbt/vendor/phpunit/phpunit/phpunit:53

4) RestUserTests::testGetUserByIdNotFoundAnonymous

Failed asserting that 404 matches expected 401.

/home/travis/build/mantisbt/mantisbt/tests/rest/RestUserTests.php:408
/home/travis/build/mantisbt/mantisbt/vendor/phpunit/phpunit/phpunit:53

5) RestUserTests::testGetUserByIdZeroAnonymous

Failed asserting that 400 matches expected 401.

/home/travis/build/mantisbt/mantisbt/tests/rest/RestUserTests.php:424
/home/travis/build/mantisbt/mantisbt/vendor/phpunit/phpunit/phpunit:53

6) RestUserTests::testDeleteUserByIdAnonymous

Failed asserting that 403 matches expected 401.

/home/travis/build/mantisbt/mantisbt/tests/rest/RestUserTests.php:481
/home/travis/build/mantisbt/mantisbt/vendor/phpunit/phpunit/phpunit:53

Related Changesets

MantisBT: master dc3361c7

2023-08-06 05:39

dregad


Details Diff
Tests: Fix testProjectDeleteVersionAnonymous

- Incorrect assertion: when updating a version as anonymous user, the
API returns 403, not 401. The latter occurs when anonymous account
is not valid.
- Skip the test when anonymous login is disabled

Add assertion messages.

Fixes 0032804
Affected Issues
0032804
mod - tests/rest/RestProjectVersionTests.php Diff File

MantisBT: master 5ba470b2

2023-08-06 09:42

dregad


Details Diff
Travis: avoid skipped anonymous user test cases

Adapt travis_before_script.sh to
- create an anonymous user account
- reference it in the generated config_inc.php file

This ensures that testProjectDeleteVersionAnonymous is not skipped.

Issue 0032804
Affected Issues
0032804
mod - build/travis_before_script.sh Diff File

MantisBT: master cae3e669

2023-08-06 10:46

dregad


Details Diff
Fixing RestUserTest for anonymous user

- Incorrect assertions: when executing tests as anonymous user, the
API does not return 401; this occurs when anonymous account is not
valid. Actual return value is
- testGetUserByIdZeroAnonymous: 400
- testGetUserByIdNotFoundAnonymous: 404

- Skip the test when anonymous login is disabled. The following cases
were adapted:
- testCreateUserAnonymous
- testUpdateUserAnonymous
- testGetUserByIdAnonymous
- testGetUserByIdNotFoundAnonymous
- testGetUserByIdZeroAnonymous
- testDeleteUserByIdAnonymous

Fixes 0032804
Affected Issues
0032804
mod - tests/rest/RestUserTest.php Diff File

MantisBT: master 5883a12d

2023-08-06 19:14

dregad


Details Diff
Travis: generate cookie string with bash commands

Avoid use of MySQL specific functions causing PostgreSQL builds to fail.
Affected Issues
0032804
mod - build/travis_before_script.sh Diff File

MantisBT: master b75d6bd7

2023-08-06 19:30

dregad


Details Diff
Quote bool value to fix type error on PostgreSQL Affected Issues
0032804
mod - build/travis_before_script.sh Diff File