[civicrm-core.git] / tests / phpunit / WebTest / Utils / RestTest.php

<?php
/*
 +--------------------------------------------------------------------+
 | CiviCRM version 4.5                                                |
 +--------------------------------------------------------------------+
 | Copyright CiviCRM LLC (c) 2004-2014                                |
 +--------------------------------------------------------------------+
 | This file is a part of CiviCRM.                                    |
 |                                                                    |
 | CiviCRM is free software; you can copy, modify, and distribute it  |
 | under the terms of the GNU Affero General Public License           |
 | Version 3, 19 November 2007 and the CiviCRM Licensing Exception.   |
 |                                                                    |
 | CiviCRM is distributed in the hope that it will be useful, but     |
 | WITHOUT ANY WARRANTY; without even the implied warranty of         |
 | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.               |
 | See the GNU Affero General Public License for more details.        |
 |                                                                    |
 | You should have received a copy of the GNU Affero General Public   |
 | License along with this program; if not, contact CiviCRM LLC       |
 | at info[AT]civicrm[DOT]org. If you have questions about the        |
 | GNU Affero General Public License or the licensing of CiviCRM,     |
 | see the CiviCRM license FAQ at http://civicrm.org/licensing        |
 +--------------------------------------------------------------------+
*/

require_once 'CiviTest/CiviSeleniumTestCase.php';

/**
 * Verify that the REST API bindings correctly parse and authenticate requests.
 */
class WebTest_Utils_RestTest extends CiviSeleniumTestCase {
  protected $url;
  protected $api_key;
  protected $session_id;
  protected $nocms_contact_id;

  protected function assertAPIErrorCode($apiResult, $cmpvar, $prefix = '') {
    if (!empty($prefix)) {
      $prefix .= ': ';
    }
    $this->assertEquals($cmpvar, $apiResult['is_error'], $prefix . (empty($apiResult['error_message']) ? '' : $apiResult['error_message']));
    //$this->assertEquals($cmpvar, $apiResult['is_error'], $prefix . print_r($apiResult, TRUE));
  }

  protected function setUp() {
    parent::setUp();
    //URL should eventually be adapted for multisite
    $this->url = "{$this->settings->sandboxURL}/{$this->sboxPath}sites/all/modules/civicrm/extern/rest.php";

    if (!property_exists($this->settings, 'siteKey') || empty($this->settings->siteKey)) {
      $this->markTestSkipped('CiviSeleniumSettings is missing siteKey');
    }
    if (!property_exists($this->settings, 'adminApiKey') || empty($this->settings->adminApiKey)) {
      $this->markTestSkipped('CiviSeleniumSettings is missing adminApiKey');
    }
  }

  protected function tearDown() {
    parent::tearDown();
    if (isset($this->nocms_contact_id)) {
      $deleteParams = array(
        "id" => $this->nocms_contact_id,
        "skip_undelete" => 1
      );
      $res = $this->webtest_civicrm_api("Contact", "delete", $deleteParams);
      unset($this->nocms_contact_id);
    }
  }

  /**
   * Build a list of test cases. Each test case defines a set of REST query
   * parameters and an expected outcome for the REST request (eg is_error=>1 or is_error=>0).
   *
   * @return array; each item is a list of parameters for testAPICalls
   */
  function apiTestCases() {
    $cases = array();

    // entity,action: omit apiKey, valid entity+action
    $cases[] = array(
      array( // query
        "entity" => "Contact",
        "action" => "get",
        "key" => $this->settings->siteKey,
        "json" => "1",
      ),
      1, // is_error
    );

    // entity,action: valid apiKey, valid entity+action
    $cases[] = array(
      array( // query
        "entity" => "Contact",
        "action" => "get",
        "key" => $this->settings->siteKey,
        "json" => "1",
        "api_key" => $this->settings->adminApiKey,
      ),
      0, // is_error
    );

    // entity,action: bad apiKey, valid entity+action
    $cases[] = array(
      array( // query
        "entity" => "Contact",
        "action" => "get",
        "key" => $this->settings->siteKey,
        "json" => "1",
        "api_key" => 'garbage_' . $this->settings->adminApiKey,
      ),
      1, // is_error
    );

    // entity,action: valid apiKey, invalid entity+action
    $cases[] = array(
      array( // query
        "entity" => "Contactses",
        "action" => "get",
        "key" => $this->settings->siteKey,
        "json" => "1",
        "api_key" => $this->settings->adminApiKey,
      ),
      1, // is_error
    );

    // q=civicrm/entity/action: omit apiKey, valid entity+action
    $cases[] = array(
      array( // query
        "q" => "civicrm/contact/get",
        "key" => $this->settings->siteKey,
        "json" => "1",
      ),
      1, // is_error
    );

    // q=civicrm/entity/action: valid apiKey, valid entity+action
    $cases[] = array(
      array( // query
        "q" => "civicrm/contact/get",
        "key" => $this->settings->siteKey,
        "json" => "1",
        "api_key" => $this->settings->adminApiKey,
      ),
      0, // is_error
    );

    // q=civicrm/entity/action: invalid apiKey, valid entity+action
    $cases[] = array(
      array( // query
        "q" => "civicrm/contact/get",
        "key" => $this->settings->siteKey,
        "json" => "1",
        "api_key" => 'garbage_' . $this->settings->adminApiKey,
      ),
      1, // is_error
    );

    // q=civicrm/entity/action: valid apiKey, invalid entity+action
    $cases[] = array(
      array( // query
        "q" => "civicrm/contactses/get",
        "key" => $this->settings->siteKey,
        "json" => "1",
        "api_key" => $this->settings->adminApiKey,
      ),
      1, // is_error
    );

    // q=civicrm/entity/action: valid apiKey, invalid entity+action
    // XXX Actually Ping is valid, no?
    $cases[] = array(
      array( // query
        "q" => "civicrm/ping",
        "key" => $this->settings->siteKey,
        "json" => "1",
        "api_key" => $this->settings->adminApiKey,
      ),
      0, // is_error
    );

    return $cases;
  }

  /**
   * @dataProvider apiTestCases
   */
  function testAPICalls($query, $is_error) {
    $client = CRM_Utils_HttpClient::singleton();
    list($status, $data) = $client->post($this->url, $query);
    $this->assertEquals(CRM_Utils_HttpClient::STATUS_OK, $status);
    $result = json_decode($data, TRUE);
    if ($result === NULL) {
      $msg = print_r(array('query' => $query, 'response data' => $data), TRUE);
      $this->assertNotNull($result, $msg);
    }
    $this->assertAPIErrorCode($result, $is_error);
  }

  /**
   * Submit a request with an API key that exists but does not correspond to
   * a real user. Submit in "?entity=X&action=X" notation
   */
  function testNotCMSUser_entityAction() {
    $client = CRM_Utils_HttpClient::singleton();

    //Create contact with api_key
    $test_key = "testing1234";
    $contactParams = array(
      "api_key" => $test_key,
      "contact_type" => "Individual",
      "first_name" => "RestTester1"
    );
    $contact = $this->webtest_civicrm_api("Contact", "create", $contactParams);
    $this->nocms_contact_id = $contact["id"];

    // The key associates with a real contact but not a real user
    $params = array(
      "entity" => "Contact",
      "action" => "get",
      "key" => $this->settings->siteKey,
      "json" => "1",
      "api_key" => $test_key
    );
    list($status, $data) = $client->post($this->url, $params);
    $this->assertEquals(CRM_Utils_HttpClient::STATUS_OK, $status);
    $result = json_decode($data, TRUE);
    $this->assertNotNull($result);
    $this->assertAPIErrorCode($result, 1);
  }

  /**
   * Submit a request with an API key that exists but does not correspond to
   * a real user. Submit in "?q=civicrm/$entity/$action" notation
   */
  function testNotCMSUser_q() {
    $client = CRM_Utils_HttpClient::singleton();

    //Create contact with api_key
    $test_key = "testing1234";
    $contactParams = array(
      "api_key" => $test_key,
      "contact_type" => "Individual",
      "first_name" => "RestTester1"
    );
    $contact = $this->webtest_civicrm_api("Contact", "create", $contactParams);
    $this->nocms_contact_id = $contact["id"];

    // The key associates with a real contact but not a real user
    $params = array(
      "q" => "civicrm/contact/get",
      "key" => $this->settings->siteKey,
      "json" => "1",
      "api_key" => $test_key
    );
    list($status, $data) = $client->post($this->url, $params);
    $this->assertEquals(CRM_Utils_HttpClient::STATUS_OK, $status);
    $result = json_decode($data, TRUE);
    $this->assertNotNull($result);
    $this->assertAPIErrorCode($result, 1);
  }

}
Commit	Line	Data
49626e3d CW	1	<?php
	2	/*
	3	+--------------------------------------------------------------------+
06a1bc01	4	\| CiviCRM version 4.5 \|
49626e3d	5	+--------------------------------------------------------------------+
06a1bc01	6	\| Copyright CiviCRM LLC (c) 2004-2014 \|
49626e3d CW	7	+--------------------------------------------------------------------+
	8	\| This file is a part of CiviCRM. \|
	9	\| \|
	10	\| CiviCRM is free software; you can copy, modify, and distribute it \|
	11	\| under the terms of the GNU Affero General Public License \|
	12	\| Version 3, 19 November 2007 and the CiviCRM Licensing Exception. \|
	13	\| \|
	14	\| CiviCRM is distributed in the hope that it will be useful, but \|
	15	\| WITHOUT ANY WARRANTY; without even the implied warranty of \|
	16	\| MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. \|
	17	\| See the GNU Affero General Public License for more details. \|
	18	\| \|
	19	\| You should have received a copy of the GNU Affero General Public \|
	20	\| License along with this program; if not, contact CiviCRM LLC \|
	21	\| at info[AT]civicrm[DOT]org. If you have questions about the \|
	22	\| GNU Affero General Public License or the licensing of CiviCRM, \|
	23	\| see the CiviCRM license FAQ at http://civicrm.org/licensing \|
	24	+--------------------------------------------------------------------+
	25	*/
	26
	27	require_once 'CiviTest/CiviSeleniumTestCase.php';
83479334 TO	28
	29	/**
	30	* Verify that the REST API bindings correctly parse and authenticate requests.
	31	*/
49626e3d CW	32	class WebTest_Utils_RestTest extends CiviSeleniumTestCase {
	33	protected $url;
	34	protected $api_key;
	35	protected $session_id;
	36	protected $nocms_contact_id;
	37
66eec473	38	protected function assertAPIErrorCode($apiResult, $cmpvar, $prefix = '') {
49626e3d CW	39	if (!empty($prefix)) {
	40	$prefix .= ': ';
	41	}
	42	$this->assertEquals($cmpvar, $apiResult['is_error'], $prefix . (empty($apiResult['error_message']) ? '' : $apiResult['error_message']));
668891f2	43	//$this->assertEquals($cmpvar, $apiResult['is_error'], $prefix . print_r($apiResult, TRUE));
49626e3d CW	44	}
	45
	46	protected function setUp() {
	47	parent::setUp();
	48	//URL should eventually be adapted for multisite
	49	$this->url = "{$this->settings->sandboxURL}/{$this->sboxPath}sites/all/modules/civicrm/extern/rest.php";
	50
016157f0	51	if (!property_exists($this->settings, 'siteKey') \|\| empty($this->settings->siteKey)) {
88be34fc TO	52	$this->markTestSkipped('CiviSeleniumSettings is missing siteKey');
88be34fc TO	53	}
eb87411f TO	54	if (!property_exists($this->settings, 'adminApiKey') \|\| empty($this->settings->adminApiKey)) {
	55	$this->markTestSkipped('CiviSeleniumSettings is missing adminApiKey');
	56	}
49626e3d CW	57	}
	58
	59	protected function tearDown() {
	60	parent::tearDown();
016157f0	61	if (isset($this->nocms_contact_id)) {
49626e3d CW	62	$deleteParams = array(
	63	"id" => $this->nocms_contact_id,
	64	"skip_undelete" => 1
	65	);
	66	$res = $this->webtest_civicrm_api("Contact", "delete", $deleteParams);
	67	unset($this->nocms_contact_id);
	68	}
	69	}
	70
3cabb1aa	71	/**
668891f2 TO	72	* Build a list of test cases. Each test case defines a set of REST query
	73	* parameters and an expected outcome for the REST request (eg is_error=>1 or is_error=>0).
	74	*
3cabb1aa TO	75	* @return array; each item is a list of parameters for testAPICalls
	76	*/
	77	function apiTestCases() {
	78	$cases = array();
	79
668891f2 TO	80	// entity,action: omit apiKey, valid entity+action
	81	$cases[] = array(
	82	array( // query
	83	"entity" => "Contact",
	84	"action" => "get",
	85	"key" => $this->settings->siteKey,
	86	"json" => "1",
	87	),
	88	1, // is_error
	89	);
	90
3cabb1aa TO	91	// entity,action: valid apiKey, valid entity+action
3cabb1aa TO	92	$cases[] = array(
668891f2	93	array( // query
3cabb1aa TO	94	"entity" => "Contact",
	95	"action" => "get",
	96	"key" => $this->settings->siteKey,
	97	"json" => "1",
	98	"api_key" => $this->settings->adminApiKey,
	99	),
668891f2	100	0, // is_error
016157f0	101	);
3cabb1aa TO	102
	103	// entity,action: bad apiKey, valid entity+action
	104	$cases[] = array(
668891f2	105	array( // query
3cabb1aa TO	106	"entity" => "Contact",
	107	"action" => "get",
	108	"key" => $this->settings->siteKey,
	109	"json" => "1",
	110	"api_key" => 'garbage_' . $this->settings->adminApiKey,
	111	),
668891f2	112	1, // is_error
3cabb1aa TO	113	);
	114
	115	// entity,action: valid apiKey, invalid entity+action
	116	$cases[] = array(
668891f2	117	array( // query
3cabb1aa TO	118	"entity" => "Contactses",
	119	"action" => "get",
	120	"key" => $this->settings->siteKey,
	121	"json" => "1",
	122	"api_key" => $this->settings->adminApiKey,
	123	),
668891f2 TO	124	1, // is_error
	125	);
	126
	127	// q=civicrm/entity/action: omit apiKey, valid entity+action
	128	$cases[] = array(
	129	array( // query
	130	"q" => "civicrm/contact/get",
	131	"key" => $this->settings->siteKey,
	132	"json" => "1",
	133	),
	134	1, // is_error
3cabb1aa TO	135	);
	136
	137	// q=civicrm/entity/action: valid apiKey, valid entity+action
	138	$cases[] = array(
668891f2	139	array( // query
3cabb1aa TO	140	"q" => "civicrm/contact/get",
	141	"key" => $this->settings->siteKey,
	142	"json" => "1",
	143	"api_key" => $this->settings->adminApiKey,
	144	),
668891f2	145	0, // is_error
3cabb1aa TO	146	);
	147
	148	// q=civicrm/entity/action: invalid apiKey, valid entity+action
	149	$cases[] = array(
668891f2	150	array( // query
3cabb1aa TO	151	"q" => "civicrm/contact/get",
	152	"key" => $this->settings->siteKey,
	153	"json" => "1",
	154	"api_key" => 'garbage_' . $this->settings->adminApiKey,
	155	),
668891f2	156	1, // is_error
3cabb1aa TO	157	);
	158
	159	// q=civicrm/entity/action: valid apiKey, invalid entity+action
	160	$cases[] = array(
668891f2	161	array( // query
3cabb1aa TO	162	"q" => "civicrm/contactses/get",
	163	"key" => $this->settings->siteKey,
	164	"json" => "1",
	165	"api_key" => $this->settings->adminApiKey,
	166	),
668891f2	167	1, // is_error
3cabb1aa TO	168	);
3cabb1aa TO	169
308e0075	170	// q=civicrm/entity/action: valid apiKey, invalid entity+action
cf739ea4	171	// XXX Actually Ping is valid, no?
308e0075 TO	172	$cases[] = array(
	173	array( // query
	174	"q" => "civicrm/ping",
	175	"key" => $this->settings->siteKey,
	176	"json" => "1",
	177	"api_key" => $this->settings->adminApiKey,
	178	),
	179	0, // is_error
	180	);
	181
3cabb1aa	182	return $cases;
49626e3d CW	183	}
49626e3d CW	184
3cabb1aa TO	185	/**
	186	* @dataProvider apiTestCases
	187	*/
	188	function testAPICalls($query, $is_error) {
016157f0	189	$client = CRM_Utils_HttpClient::singleton();
3cabb1aa	190	list($status, $data) = $client->post($this->url, $query);
016157f0 TO	191	$this->assertEquals(CRM_Utils_HttpClient::STATUS_OK, $status);
016157f0 TO	192	$result = json_decode($data, TRUE);
d56bbdb3 TO	193	if ($result === NULL) {
	194	$msg = print_r(array('query' => $query, 'response data' => $data), TRUE);
	195	$this->assertNotNull($result, $msg);
	196	}
3cabb1aa	197	$this->assertAPIErrorCode($result, $is_error);
49626e3d CW	198	}
49626e3d CW	199
0f051868 TO	200	/**
	201	* Submit a request with an API key that exists but does not correspond to
	202	* a real user. Submit in "?entity=X&action=X" notation
	203	*/
	204	function testNotCMSUser_entityAction() {
016157f0	205	$client = CRM_Utils_HttpClient::singleton();
0f051868	206
016157f0 TO	207	//Create contact with api_key
	208	$test_key = "testing1234";
	209	$contactParams = array(
	210	"api_key" => $test_key,
	211	"contact_type" => "Individual",
	212	"first_name" => "RestTester1"
	213	);
	214	$contact = $this->webtest_civicrm_api("Contact", "create", $contactParams);
	215	$this->nocms_contact_id = $contact["id"];
49626e3d	216
83479334	217	// The key associates with a real contact but not a real user
016157f0 TO	218	$params = array(
	219	"entity" => "Contact",
	220	"action" => "get",
	221	"key" => $this->settings->siteKey,
	222	"json" => "1",
0f051868 TO	223	"api_key" => $test_key
	224	);
	225	list($status, $data) = $client->post($this->url, $params);
	226	$this->assertEquals(CRM_Utils_HttpClient::STATUS_OK, $status);
	227	$result = json_decode($data, TRUE);
	228	$this->assertNotNull($result);
	229	$this->assertAPIErrorCode($result, 1);
	230	}
	231
	232	/**
	233	* Submit a request with an API key that exists but does not correspond to
	234	* a real user. Submit in "?q=civicrm/$entity/$action" notation
	235	*/
	236	function testNotCMSUser_q() {
	237	$client = CRM_Utils_HttpClient::singleton();
	238
	239	//Create contact with api_key
	240	$test_key = "testing1234";
	241	$contactParams = array(
	242	"api_key" => $test_key,
	243	"contact_type" => "Individual",
	244	"first_name" => "RestTester1"
	245	);
	246	$contact = $this->webtest_civicrm_api("Contact", "create", $contactParams);
	247	$this->nocms_contact_id = $contact["id"];
	248
83479334	249	// The key associates with a real contact but not a real user
0f051868 TO	250	$params = array(
	251	"q" => "civicrm/contact/get",
	252	"key" => $this->settings->siteKey,
	253	"json" => "1",
016157f0 TO	254	"api_key" => $test_key
	255	);
	256	list($status, $data) = $client->post($this->url, $params);
	257	$this->assertEquals(CRM_Utils_HttpClient::STATUS_OK, $status);
	258	$result = json_decode($data, TRUE);
	259	$this->assertNotNull($result);
	260	$this->assertAPIErrorCode($result, 1);
49626e3d CW	261	}
	262
	263	}