[civicrm-core.git] / tests / phpunit / WebTest / Utils / RestTest.php

<?php
/*
 +--------------------------------------------------------------------+
 | CiviCRM version 4.6                                                |
 +--------------------------------------------------------------------+
 | Copyright CiviCRM LLC (c) 2004-2015                                |
 +--------------------------------------------------------------------+
 | This file is a part of CiviCRM.                                    |
 |                                                                    |
 | CiviCRM is free software; you can copy, modify, and distribute it  |
 | under the terms of the GNU Affero General Public License           |
 | Version 3, 19 November 2007 and the CiviCRM Licensing Exception.   |
 |                                                                    |
 | CiviCRM is distributed in the hope that it will be useful, but     |
 | WITHOUT ANY WARRANTY; without even the implied warranty of         |
 | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.               |
 | See the GNU Affero General Public License for more details.        |
 |                                                                    |
 | You should have received a copy of the GNU Affero General Public   |
 | License along with this program; if not, contact CiviCRM LLC       |
 | at info[AT]civicrm[DOT]org. If you have questions about the        |
 | GNU Affero General Public License or the licensing of CiviCRM,     |
 | see the CiviCRM license FAQ at http://civicrm.org/licensing        |
 +--------------------------------------------------------------------+
 */

require_once 'CiviTest/CiviSeleniumTestCase.php';

/**
 * Verify that the REST API bindings correctly parse and authenticate requests.
 */
class WebTest_Utils_RestTest extends CiviSeleniumTestCase {
  protected $url;
  protected $api_key;
  protected $session_id;
  protected $nocms_contact_id;
  protected $old_api_keys;

  /**
   * @param $apiResult
   * @param $cmpvar
   * @param string $prefix
   */
  protected function assertAPIErrorCode($apiResult, $cmpvar, $prefix = '') {
    if (!empty($prefix)) {
      $prefix .= ': ';
    }
    $this->assertEquals($cmpvar, $apiResult['is_error'], $prefix . (empty($apiResult['error_message']) ? '' : $apiResult['error_message']));
    //$this->assertEquals($cmpvar, $apiResult['is_error'], $prefix . print_r($apiResult, TRUE));
  }

  protected function setUp() {
    parent::setUp();
    //URL should eventually be adapted for multisite
    $this->url = "{$this->settings->sandboxURL}/{$this->sboxPath}sites/all/modules/civicrm/extern/rest.php";

    if (!property_exists($this->settings, 'siteKey') || empty($this->settings->siteKey)) {
      $this->markTestSkipped('CiviSeleniumSettings is missing siteKey');
    }
    if (!property_exists($this->settings, 'adminApiKey') || empty($this->settings->adminApiKey)) {
      $this->markTestSkipped('CiviSeleniumSettings is missing adminApiKey');
    }

    $this->old_api_keys = array();
  }

  protected function tearDown() {
    if (!empty($this->old_api_keys)) {
      foreach ($this->old_api_keys as $cid => $apiKey) {
        $this->webtest_civicrm_api('Contact', 'create', array(
          'id' => $cid,
          'api_key' => $apiKey,
        ));
      }
    }
    parent::tearDown();
    if (isset($this->nocms_contact_id)) {
      $deleteParams = array(
        "id" => $this->nocms_contact_id,
        "skip_undelete" => 1,
      );
      $res = $this->webtest_civicrm_api("Contact", "delete", $deleteParams);
      unset($this->nocms_contact_id);
    }
  }

  /**
   * Build a list of test cases. Each test case defines a set of REST query
   * parameters and an expected outcome for the REST request (eg is_error=>1 or is_error=>0).
   *
   * @return array; each item is a list of parameters for testAPICalls
   */
  public function apiTestCases() {
    $cases = array();

    // entity,action: omit apiKey, valid entity+action
    $cases[] = array(
      array(// query
        "entity" => "Contact",
        "action" => "get",
        "key" => $this->settings->siteKey,
        "json" => "1",
      ),
      1, // is_error
    );

    // entity,action: valid apiKey, valid entity+action
    $cases[] = array(
      array(// query
        "entity" => "Contact",
        "action" => "get",
        "key" => $this->settings->siteKey,
        "json" => "1",
        "api_key" => $this->settings->adminApiKey,
      ),
      0, // is_error
    );

    // entity,action: bad apiKey, valid entity+action
    $cases[] = array(
      array(// query
        "entity" => "Contact",
        "action" => "get",
        "key" => $this->settings->siteKey,
        "json" => "1",
        "api_key" => 'garbage_' . $this->settings->adminApiKey,
      ),
      1, // is_error
    );

    // entity,action: valid apiKey, invalid entity+action
    $cases[] = array(
      array(// query
        "entity" => "Contactses",
        "action" => "get",
        "key" => $this->settings->siteKey,
        "json" => "1",
        "api_key" => $this->settings->adminApiKey,
      ),
      1, // is_error
    );

    // q=civicrm/entity/action: omit apiKey, valid entity+action
    $cases[] = array(
      array(// query
        "q" => "civicrm/contact/get",
        "key" => $this->settings->siteKey,
        "json" => "1",
      ),
      1, // is_error
    );

    // q=civicrm/entity/action: valid apiKey, valid entity+action
    $cases[] = array(
      array(// query
        "q" => "civicrm/contact/get",
        "key" => $this->settings->siteKey,
        "json" => "1",
        "api_key" => $this->settings->adminApiKey,
      ),
      0, // is_error
    );

    // q=civicrm/entity/action: invalid apiKey, valid entity+action
    $cases[] = array(
      array(// query
        "q" => "civicrm/contact/get",
        "key" => $this->settings->siteKey,
        "json" => "1",
        "api_key" => 'garbage_' . $this->settings->adminApiKey,
      ),
      1, // is_error
    );

    // q=civicrm/entity/action: valid apiKey, invalid entity+action
    $cases[] = array(
      array(// query
        "q" => "civicrm/contactses/get",
        "key" => $this->settings->siteKey,
        "json" => "1",
        "api_key" => $this->settings->adminApiKey,
      ),
      1, // is_error
    );

    // q=civicrm/entity/action: valid apiKey, invalid entity+action
    // XXX Actually Ping is valid, no?
    $cases[] = array(
      array(// query
        "q" => "civicrm/ping",
        "key" => $this->settings->siteKey,
        "json" => "1",
        "api_key" => $this->settings->adminApiKey,
      ),
      0, // is_error
    );

    return $cases;
  }

  /**
   * @dataProvider apiTestCases
   * @param $query
   * @param $is_error
   */
  public function testAPICalls($query, $is_error) {
    $this->updateAdminApiKey();

    $client = CRM_Utils_HttpClient::singleton();
    list($status, $data) = $client->post($this->url, $query);
    $this->assertEquals(CRM_Utils_HttpClient::STATUS_OK, $status);
    $result = json_decode($data, TRUE);
    if ($result === NULL) {
      $msg = print_r(array('query' => $query, 'response data' => $data), TRUE);
      $this->assertNotNull($result, $msg);
    }
    $this->assertAPIErrorCode($result, $is_error);
  }

  /**
   * Submit a request with an API key that exists but does not correspond to.
   * a real user. Submit in "?entity=X&action=X" notation
   */
  public function testNotCMSUser_entityAction() {
    $client = CRM_Utils_HttpClient::singleton();

    //Create contact with api_key
    $test_key = "testing1234";
    $contactParams = array(
      "api_key" => $test_key,
      "contact_type" => "Individual",
      "first_name" => "RestTester1",
    );
    $contact = $this->webtest_civicrm_api("Contact", "create", $contactParams);
    $this->nocms_contact_id = $contact["id"];

    // The key associates with a real contact but not a real user
    $params = array(
      "entity" => "Contact",
      "action" => "get",
      "key" => $this->settings->siteKey,
      "json" => "1",
      "api_key" => $test_key,
    );
    list($status, $data) = $client->post($this->url, $params);
    $this->assertEquals(CRM_Utils_HttpClient::STATUS_OK, $status);
    $result = json_decode($data, TRUE);
    $this->assertNotNull($result);
    $this->assertAPIErrorCode($result, 1);
  }

  /**
   * Submit a request with an API key that exists but does not correspond to
   * a real user. Submit in "?q=civicrm/$entity/$action" notation
   */
  public function testNotCMSUser_q() {
    $client = CRM_Utils_HttpClient::singleton();

    //Create contact with api_key
    $test_key = "testing1234";
    $contactParams = array(
      "api_key" => $test_key,
      "contact_type" => "Individual",
      "first_name" => "RestTester1",
    );
    $contact = $this->webtest_civicrm_api("Contact", "create", $contactParams);
    $this->nocms_contact_id = $contact["id"];

    // The key associates with a real contact but not a real user
    $params = array(
      "q" => "civicrm/contact/get",
      "key" => $this->settings->siteKey,
      "json" => "1",
      "api_key" => $test_key,
    );
    list($status, $data) = $client->post($this->url, $params);
    $this->assertEquals(CRM_Utils_HttpClient::STATUS_OK, $status);
    $result = json_decode($data, TRUE);
    $this->assertNotNull($result);
    $this->assertAPIErrorCode($result, 1);
  }

  protected function updateAdminApiKey() {
    $this->webtestLogin($this->settings->adminUsername, $this->settings->adminPassword);
    $adminContact = $this->webtestGetLoggedInContact();
    $this->webtestLogout();

    $this->old_api_keys[$adminContact['id']] = CRM_Core_DAO::singleValueQuery('SELECT api_key FROM civicrm_contact WHERE id = %1', array(
      1 => array($adminContact['id'], 'Positive'),
    ));

    //$this->old_admin_api_key = $this->webtest_civicrm_api('Contact', 'get', array(
    //  'id' => $adminContact['id'],
    //  'return' => 'api_key',
    //));

    $this->webtest_civicrm_api('Contact', 'create', array(
      'id' => $adminContact['id'],
      'api_key' => $this->settings->adminApiKey,
    ));
  }

}
Commit	Line	Data
49626e3d CW	1	<?php
	2	/*
	3	+--------------------------------------------------------------------+
39de6fd5	4	\| CiviCRM version 4.6 \|
49626e3d	5	+--------------------------------------------------------------------+
e7112fa7	6	\| Copyright CiviCRM LLC (c) 2004-2015 \|
49626e3d CW	7	+--------------------------------------------------------------------+
	8	\| This file is a part of CiviCRM. \|
	9	\| \|
	10	\| CiviCRM is free software; you can copy, modify, and distribute it \|
	11	\| under the terms of the GNU Affero General Public License \|
	12	\| Version 3, 19 November 2007 and the CiviCRM Licensing Exception. \|
	13	\| \|
	14	\| CiviCRM is distributed in the hope that it will be useful, but \|
	15	\| WITHOUT ANY WARRANTY; without even the implied warranty of \|
	16	\| MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. \|
	17	\| See the GNU Affero General Public License for more details. \|
	18	\| \|
	19	\| You should have received a copy of the GNU Affero General Public \|
	20	\| License along with this program; if not, contact CiviCRM LLC \|
	21	\| at info[AT]civicrm[DOT]org. If you have questions about the \|
	22	\| GNU Affero General Public License or the licensing of CiviCRM, \|
	23	\| see the CiviCRM license FAQ at http://civicrm.org/licensing \|
	24	+--------------------------------------------------------------------+
d25dd0ee	25	*/
49626e3d CW	26
49626e3d CW	27	require_once 'CiviTest/CiviSeleniumTestCase.php';
83479334 TO	28
	29	/**
	30	* Verify that the REST API bindings correctly parse and authenticate requests.
	31	*/
49626e3d CW	32	class WebTest_Utils_RestTest extends CiviSeleniumTestCase {
	33	protected $url;
	34	protected $api_key;
	35	protected $session_id;
	36	protected $nocms_contact_id;
38ba137b	37	protected $old_api_keys;
49626e3d	38
4cbe18b8 EM	39	/**
	40	* @param $apiResult
	41	* @param $cmpvar
	42	* @param string $prefix
	43	*/
66eec473	44	protected function assertAPIErrorCode($apiResult, $cmpvar, $prefix = '') {
49626e3d CW	45	if (!empty($prefix)) {
	46	$prefix .= ': ';
	47	}
	48	$this->assertEquals($cmpvar, $apiResult['is_error'], $prefix . (empty($apiResult['error_message']) ? '' : $apiResult['error_message']));
668891f2	49	//$this->assertEquals($cmpvar, $apiResult['is_error'], $prefix . print_r($apiResult, TRUE));
49626e3d CW	50	}
	51
	52	protected function setUp() {
	53	parent::setUp();
	54	//URL should eventually be adapted for multisite
	55	$this->url = "{$this->settings->sandboxURL}/{$this->sboxPath}sites/all/modules/civicrm/extern/rest.php";
	56
016157f0	57	if (!property_exists($this->settings, 'siteKey') \|\| empty($this->settings->siteKey)) {
88be34fc TO	58	$this->markTestSkipped('CiviSeleniumSettings is missing siteKey');
88be34fc TO	59	}
eb87411f TO	60	if (!property_exists($this->settings, 'adminApiKey') \|\| empty($this->settings->adminApiKey)) {
	61	$this->markTestSkipped('CiviSeleniumSettings is missing adminApiKey');
	62	}
38ba137b TO	63
38ba137b TO	64	$this->old_api_keys = array();
49626e3d CW	65	}
	66
	67	protected function tearDown() {
38ba137b TO	68	if (!empty($this->old_api_keys)) {
	69	foreach ($this->old_api_keys as $cid => $apiKey) {
	70	$this->webtest_civicrm_api('Contact', 'create', array(
	71	'id' => $cid,
	72	'api_key' => $apiKey,
	73	));
	74	}
	75	}
49626e3d	76	parent::tearDown();
016157f0	77	if (isset($this->nocms_contact_id)) {
49626e3d CW	78	$deleteParams = array(
49626e3d CW	79	"id" => $this->nocms_contact_id,
21dfd5f5	80	"skip_undelete" => 1,
49626e3d CW	81	);
	82	$res = $this->webtest_civicrm_api("Contact", "delete", $deleteParams);
	83	unset($this->nocms_contact_id);
	84	}
	85	}
	86
3cabb1aa	87	/**
668891f2 TO	88	* Build a list of test cases. Each test case defines a set of REST query
	89	* parameters and an expected outcome for the REST request (eg is_error=>1 or is_error=>0).
	90	*
3cabb1aa TO	91	* @return array; each item is a list of parameters for testAPICalls
3cabb1aa TO	92	*/
00be9182	93	public function apiTestCases() {
3cabb1aa TO	94	$cases = array();
3cabb1aa TO	95
668891f2 TO	96	// entity,action: omit apiKey, valid entity+action
668891f2 TO	97	$cases[] = array(
481a74f4	98	array(// query
668891f2 TO	99	"entity" => "Contact",
	100	"action" => "get",
	101	"key" => $this->settings->siteKey,
	102	"json" => "1",
	103	),
	104	1, // is_error
	105	);
	106
3cabb1aa TO	107	// entity,action: valid apiKey, valid entity+action
3cabb1aa TO	108	$cases[] = array(
481a74f4	109	array(// query
3cabb1aa TO	110	"entity" => "Contact",
	111	"action" => "get",
	112	"key" => $this->settings->siteKey,
	113	"json" => "1",
	114	"api_key" => $this->settings->adminApiKey,
	115	),
668891f2	116	0, // is_error
016157f0	117	);
3cabb1aa TO	118
	119	// entity,action: bad apiKey, valid entity+action
	120	$cases[] = array(
481a74f4	121	array(// query
3cabb1aa TO	122	"entity" => "Contact",
	123	"action" => "get",
	124	"key" => $this->settings->siteKey,
	125	"json" => "1",
	126	"api_key" => 'garbage_' . $this->settings->adminApiKey,
	127	),
668891f2	128	1, // is_error
3cabb1aa TO	129	);
	130
	131	// entity,action: valid apiKey, invalid entity+action
	132	$cases[] = array(
481a74f4	133	array(// query
3cabb1aa TO	134	"entity" => "Contactses",
	135	"action" => "get",
	136	"key" => $this->settings->siteKey,
	137	"json" => "1",
	138	"api_key" => $this->settings->adminApiKey,
	139	),
668891f2 TO	140	1, // is_error
	141	);
	142
	143	// q=civicrm/entity/action: omit apiKey, valid entity+action
	144	$cases[] = array(
481a74f4	145	array(// query
668891f2 TO	146	"q" => "civicrm/contact/get",
	147	"key" => $this->settings->siteKey,
	148	"json" => "1",
	149	),
	150	1, // is_error
3cabb1aa TO	151	);
	152
	153	// q=civicrm/entity/action: valid apiKey, valid entity+action
	154	$cases[] = array(
481a74f4	155	array(// query
3cabb1aa TO	156	"q" => "civicrm/contact/get",
	157	"key" => $this->settings->siteKey,
	158	"json" => "1",
	159	"api_key" => $this->settings->adminApiKey,
	160	),
668891f2	161	0, // is_error
3cabb1aa TO	162	);
	163
	164	// q=civicrm/entity/action: invalid apiKey, valid entity+action
	165	$cases[] = array(
481a74f4	166	array(// query
3cabb1aa TO	167	"q" => "civicrm/contact/get",
	168	"key" => $this->settings->siteKey,
	169	"json" => "1",
	170	"api_key" => 'garbage_' . $this->settings->adminApiKey,
	171	),
668891f2	172	1, // is_error
3cabb1aa TO	173	);
	174
	175	// q=civicrm/entity/action: valid apiKey, invalid entity+action
	176	$cases[] = array(
481a74f4	177	array(// query
3cabb1aa TO	178	"q" => "civicrm/contactses/get",
	179	"key" => $this->settings->siteKey,
	180	"json" => "1",
	181	"api_key" => $this->settings->adminApiKey,
	182	),
668891f2	183	1, // is_error
3cabb1aa TO	184	);
3cabb1aa TO	185
308e0075	186	// q=civicrm/entity/action: valid apiKey, invalid entity+action
cf739ea4	187	// XXX Actually Ping is valid, no?
308e0075	188	$cases[] = array(
481a74f4	189	array(// query
308e0075 TO	190	"q" => "civicrm/ping",
	191	"key" => $this->settings->siteKey,
	192	"json" => "1",
	193	"api_key" => $this->settings->adminApiKey,
	194	),
	195	0, // is_error
	196	);
	197
3cabb1aa	198	return $cases;
49626e3d CW	199	}
49626e3d CW	200
3cabb1aa TO	201	/**
3cabb1aa TO	202	* @dataProvider apiTestCases
1e1fdcf6 EM	203	* @param $query
1e1fdcf6 EM	204	* @param $is_error
3cabb1aa	205	*/
00be9182	206	public function testAPICalls($query, $is_error) {
38ba137b TO	207	$this->updateAdminApiKey();
38ba137b TO	208
016157f0	209	$client = CRM_Utils_HttpClient::singleton();
3cabb1aa	210	list($status, $data) = $client->post($this->url, $query);
016157f0 TO	211	$this->assertEquals(CRM_Utils_HttpClient::STATUS_OK, $status);
016157f0 TO	212	$result = json_decode($data, TRUE);
d56bbdb3 TO	213	if ($result === NULL) {
	214	$msg = print_r(array('query' => $query, 'response data' => $data), TRUE);
	215	$this->assertNotNull($result, $msg);
	216	}
3cabb1aa	217	$this->assertAPIErrorCode($result, $is_error);
49626e3d CW	218	}
49626e3d CW	219
0f051868	220	/**
eceb18cc	221	* Submit a request with an API key that exists but does not correspond to.
0f051868 TO	222	* a real user. Submit in "?entity=X&action=X" notation
0f051868 TO	223	*/
00be9182	224	public function testNotCMSUser_entityAction() {
016157f0	225	$client = CRM_Utils_HttpClient::singleton();
0f051868	226
016157f0 TO	227	//Create contact with api_key
	228	$test_key = "testing1234";
	229	$contactParams = array(
	230	"api_key" => $test_key,
	231	"contact_type" => "Individual",
21dfd5f5	232	"first_name" => "RestTester1",
016157f0 TO	233	);
	234	$contact = $this->webtest_civicrm_api("Contact", "create", $contactParams);
	235	$this->nocms_contact_id = $contact["id"];
49626e3d	236
83479334	237	// The key associates with a real contact but not a real user
016157f0 TO	238	$params = array(
	239	"entity" => "Contact",
	240	"action" => "get",
	241	"key" => $this->settings->siteKey,
	242	"json" => "1",
21dfd5f5	243	"api_key" => $test_key,
0f051868 TO	244	);
	245	list($status, $data) = $client->post($this->url, $params);
	246	$this->assertEquals(CRM_Utils_HttpClient::STATUS_OK, $status);
	247	$result = json_decode($data, TRUE);
	248	$this->assertNotNull($result);
	249	$this->assertAPIErrorCode($result, 1);
	250	}
	251
	252	/**
	253	* Submit a request with an API key that exists but does not correspond to
	254	* a real user. Submit in "?q=civicrm/$entity/$action" notation
	255	*/
00be9182	256	public function testNotCMSUser_q() {
0f051868 TO	257	$client = CRM_Utils_HttpClient::singleton();
	258
	259	//Create contact with api_key
	260	$test_key = "testing1234";
	261	$contactParams = array(
	262	"api_key" => $test_key,
	263	"contact_type" => "Individual",
21dfd5f5	264	"first_name" => "RestTester1",
0f051868 TO	265	);
	266	$contact = $this->webtest_civicrm_api("Contact", "create", $contactParams);
	267	$this->nocms_contact_id = $contact["id"];
	268
83479334	269	// The key associates with a real contact but not a real user
0f051868 TO	270	$params = array(
	271	"q" => "civicrm/contact/get",
	272	"key" => $this->settings->siteKey,
	273	"json" => "1",
21dfd5f5	274	"api_key" => $test_key,
016157f0 TO	275	);
	276	list($status, $data) = $client->post($this->url, $params);
	277	$this->assertEquals(CRM_Utils_HttpClient::STATUS_OK, $status);
	278	$result = json_decode($data, TRUE);
	279	$this->assertNotNull($result);
	280	$this->assertAPIErrorCode($result, 1);
49626e3d CW	281	}
49626e3d CW	282
38ba137b TO	283	protected function updateAdminApiKey() {
	284	$this->webtestLogin($this->settings->adminUsername, $this->settings->adminPassword);
	285	$adminContact = $this->webtestGetLoggedInContact();
	286	$this->webtestLogout();
	287
	288	$this->old_api_keys[$adminContact['id']] = CRM_Core_DAO::singleValueQuery('SELECT api_key FROM civicrm_contact WHERE id = %1', array(
	289	1 => array($adminContact['id'], 'Positive'),
	290	));
	291
	292	//$this->old_admin_api_key = $this->webtest_civicrm_api('Contact', 'get', array(
	293	// 'id' => $adminContact['id'],
	294	// 'return' => 'api_key',
	295	//));
	296
	297	$this->webtest_civicrm_api('Contact', 'create', array(
	298	'id' => $adminContact['id'],
	299	'api_key' => $this->settings->adminApiKey,
	300	));
	301	}
	302
49626e3d	303	}