Commit | Line | Data |
---|---|---|
49626e3d CW |
1 | <?php |
2 | /* | |
3 | +--------------------------------------------------------------------+ | |
06a1bc01 | 4 | | CiviCRM version 4.5 | |
49626e3d | 5 | +--------------------------------------------------------------------+ |
06a1bc01 | 6 | | Copyright CiviCRM LLC (c) 2004-2014 | |
49626e3d CW |
7 | +--------------------------------------------------------------------+ |
8 | | This file is a part of CiviCRM. | | |
9 | | | | |
10 | | CiviCRM is free software; you can copy, modify, and distribute it | | |
11 | | under the terms of the GNU Affero General Public License | | |
12 | | Version 3, 19 November 2007 and the CiviCRM Licensing Exception. | | |
13 | | | | |
14 | | CiviCRM is distributed in the hope that it will be useful, but | | |
15 | | WITHOUT ANY WARRANTY; without even the implied warranty of | | |
16 | | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. | | |
17 | | See the GNU Affero General Public License for more details. | | |
18 | | | | |
19 | | You should have received a copy of the GNU Affero General Public | | |
20 | | License along with this program; if not, contact CiviCRM LLC | | |
21 | | at info[AT]civicrm[DOT]org. If you have questions about the | | |
22 | | GNU Affero General Public License or the licensing of CiviCRM, | | |
23 | | see the CiviCRM license FAQ at http://civicrm.org/licensing | | |
24 | +--------------------------------------------------------------------+ | |
25 | */ | |
26 | ||
27 | require_once 'CiviTest/CiviSeleniumTestCase.php'; | |
83479334 TO |
28 | |
29 | /** | |
30 | * Verify that the REST API bindings correctly parse and authenticate requests. | |
31 | */ | |
49626e3d CW |
32 | class WebTest_Utils_RestTest extends CiviSeleniumTestCase { |
33 | protected $url; | |
34 | protected $api_key; | |
35 | protected $session_id; | |
36 | protected $nocms_contact_id; | |
37 | ||
66eec473 | 38 | protected function assertAPIErrorCode($apiResult, $cmpvar, $prefix = '') { |
49626e3d CW |
39 | if (!empty($prefix)) { |
40 | $prefix .= ': '; | |
41 | } | |
42 | $this->assertEquals($cmpvar, $apiResult['is_error'], $prefix . (empty($apiResult['error_message']) ? '' : $apiResult['error_message'])); | |
668891f2 | 43 | //$this->assertEquals($cmpvar, $apiResult['is_error'], $prefix . print_r($apiResult, TRUE)); |
49626e3d CW |
44 | } |
45 | ||
46 | protected function setUp() { | |
47 | parent::setUp(); | |
48 | //URL should eventually be adapted for multisite | |
49 | $this->url = "{$this->settings->sandboxURL}/{$this->sboxPath}sites/all/modules/civicrm/extern/rest.php"; | |
50 | ||
016157f0 | 51 | if (!property_exists($this->settings, 'siteKey') || empty($this->settings->siteKey)) { |
88be34fc TO |
52 | $this->markTestSkipped('CiviSeleniumSettings is missing siteKey'); |
53 | } | |
eb87411f TO |
54 | if (!property_exists($this->settings, 'adminApiKey') || empty($this->settings->adminApiKey)) { |
55 | $this->markTestSkipped('CiviSeleniumSettings is missing adminApiKey'); | |
56 | } | |
49626e3d CW |
57 | } |
58 | ||
59 | protected function tearDown() { | |
60 | parent::tearDown(); | |
016157f0 | 61 | if (isset($this->nocms_contact_id)) { |
49626e3d CW |
62 | $deleteParams = array( |
63 | "id" => $this->nocms_contact_id, | |
64 | "skip_undelete" => 1 | |
65 | ); | |
66 | $res = $this->webtest_civicrm_api("Contact", "delete", $deleteParams); | |
67 | unset($this->nocms_contact_id); | |
68 | } | |
69 | } | |
70 | ||
3cabb1aa | 71 | /** |
668891f2 TO |
72 | * Build a list of test cases. Each test case defines a set of REST query |
73 | * parameters and an expected outcome for the REST request (eg is_error=>1 or is_error=>0). | |
74 | * | |
3cabb1aa TO |
75 | * @return array; each item is a list of parameters for testAPICalls |
76 | */ | |
77 | function apiTestCases() { | |
78 | $cases = array(); | |
79 | ||
668891f2 TO |
80 | // entity,action: omit apiKey, valid entity+action |
81 | $cases[] = array( | |
82 | array( // query | |
83 | "entity" => "Contact", | |
84 | "action" => "get", | |
85 | "key" => $this->settings->siteKey, | |
86 | "json" => "1", | |
87 | ), | |
88 | 1, // is_error | |
89 | ); | |
90 | ||
3cabb1aa TO |
91 | // entity,action: valid apiKey, valid entity+action |
92 | $cases[] = array( | |
668891f2 | 93 | array( // query |
3cabb1aa TO |
94 | "entity" => "Contact", |
95 | "action" => "get", | |
96 | "key" => $this->settings->siteKey, | |
97 | "json" => "1", | |
98 | "api_key" => $this->settings->adminApiKey, | |
99 | ), | |
668891f2 | 100 | 0, // is_error |
016157f0 | 101 | ); |
3cabb1aa TO |
102 | |
103 | // entity,action: bad apiKey, valid entity+action | |
104 | $cases[] = array( | |
668891f2 | 105 | array( // query |
3cabb1aa TO |
106 | "entity" => "Contact", |
107 | "action" => "get", | |
108 | "key" => $this->settings->siteKey, | |
109 | "json" => "1", | |
110 | "api_key" => 'garbage_' . $this->settings->adminApiKey, | |
111 | ), | |
668891f2 | 112 | 1, // is_error |
3cabb1aa TO |
113 | ); |
114 | ||
115 | // entity,action: valid apiKey, invalid entity+action | |
116 | $cases[] = array( | |
668891f2 | 117 | array( // query |
3cabb1aa TO |
118 | "entity" => "Contactses", |
119 | "action" => "get", | |
120 | "key" => $this->settings->siteKey, | |
121 | "json" => "1", | |
122 | "api_key" => $this->settings->adminApiKey, | |
123 | ), | |
668891f2 TO |
124 | 1, // is_error |
125 | ); | |
126 | ||
127 | // q=civicrm/entity/action: omit apiKey, valid entity+action | |
128 | $cases[] = array( | |
129 | array( // query | |
130 | "q" => "civicrm/contact/get", | |
131 | "key" => $this->settings->siteKey, | |
132 | "json" => "1", | |
133 | ), | |
134 | 1, // is_error | |
3cabb1aa TO |
135 | ); |
136 | ||
137 | // q=civicrm/entity/action: valid apiKey, valid entity+action | |
138 | $cases[] = array( | |
668891f2 | 139 | array( // query |
3cabb1aa TO |
140 | "q" => "civicrm/contact/get", |
141 | "key" => $this->settings->siteKey, | |
142 | "json" => "1", | |
143 | "api_key" => $this->settings->adminApiKey, | |
144 | ), | |
668891f2 | 145 | 0, // is_error |
3cabb1aa TO |
146 | ); |
147 | ||
148 | // q=civicrm/entity/action: invalid apiKey, valid entity+action | |
149 | $cases[] = array( | |
668891f2 | 150 | array( // query |
3cabb1aa TO |
151 | "q" => "civicrm/contact/get", |
152 | "key" => $this->settings->siteKey, | |
153 | "json" => "1", | |
154 | "api_key" => 'garbage_' . $this->settings->adminApiKey, | |
155 | ), | |
668891f2 | 156 | 1, // is_error |
3cabb1aa TO |
157 | ); |
158 | ||
159 | // q=civicrm/entity/action: valid apiKey, invalid entity+action | |
160 | $cases[] = array( | |
668891f2 | 161 | array( // query |
3cabb1aa TO |
162 | "q" => "civicrm/contactses/get", |
163 | "key" => $this->settings->siteKey, | |
164 | "json" => "1", | |
165 | "api_key" => $this->settings->adminApiKey, | |
166 | ), | |
668891f2 | 167 | 1, // is_error |
3cabb1aa TO |
168 | ); |
169 | ||
308e0075 | 170 | // q=civicrm/entity/action: valid apiKey, invalid entity+action |
cf739ea4 | 171 | // XXX Actually Ping is valid, no? |
308e0075 TO |
172 | $cases[] = array( |
173 | array( // query | |
174 | "q" => "civicrm/ping", | |
175 | "key" => $this->settings->siteKey, | |
176 | "json" => "1", | |
177 | "api_key" => $this->settings->adminApiKey, | |
178 | ), | |
179 | 0, // is_error | |
180 | ); | |
181 | ||
3cabb1aa | 182 | return $cases; |
49626e3d CW |
183 | } |
184 | ||
3cabb1aa TO |
185 | /** |
186 | * @dataProvider apiTestCases | |
187 | */ | |
188 | function testAPICalls($query, $is_error) { | |
016157f0 | 189 | $client = CRM_Utils_HttpClient::singleton(); |
3cabb1aa | 190 | list($status, $data) = $client->post($this->url, $query); |
016157f0 TO |
191 | $this->assertEquals(CRM_Utils_HttpClient::STATUS_OK, $status); |
192 | $result = json_decode($data, TRUE); | |
d56bbdb3 TO |
193 | if ($result === NULL) { |
194 | $msg = print_r(array('query' => $query, 'response data' => $data), TRUE); | |
195 | $this->assertNotNull($result, $msg); | |
196 | } | |
3cabb1aa | 197 | $this->assertAPIErrorCode($result, $is_error); |
49626e3d CW |
198 | } |
199 | ||
0f051868 TO |
200 | /** |
201 | * Submit a request with an API key that exists but does not correspond to | |
202 | * a real user. Submit in "?entity=X&action=X" notation | |
203 | */ | |
204 | function testNotCMSUser_entityAction() { | |
016157f0 | 205 | $client = CRM_Utils_HttpClient::singleton(); |
0f051868 | 206 | |
016157f0 TO |
207 | //Create contact with api_key |
208 | $test_key = "testing1234"; | |
209 | $contactParams = array( | |
210 | "api_key" => $test_key, | |
211 | "contact_type" => "Individual", | |
212 | "first_name" => "RestTester1" | |
213 | ); | |
214 | $contact = $this->webtest_civicrm_api("Contact", "create", $contactParams); | |
215 | $this->nocms_contact_id = $contact["id"]; | |
49626e3d | 216 | |
83479334 | 217 | // The key associates with a real contact but not a real user |
016157f0 TO |
218 | $params = array( |
219 | "entity" => "Contact", | |
220 | "action" => "get", | |
221 | "key" => $this->settings->siteKey, | |
222 | "json" => "1", | |
0f051868 TO |
223 | "api_key" => $test_key |
224 | ); | |
225 | list($status, $data) = $client->post($this->url, $params); | |
226 | $this->assertEquals(CRM_Utils_HttpClient::STATUS_OK, $status); | |
227 | $result = json_decode($data, TRUE); | |
228 | $this->assertNotNull($result); | |
229 | $this->assertAPIErrorCode($result, 1); | |
230 | } | |
231 | ||
232 | /** | |
233 | * Submit a request with an API key that exists but does not correspond to | |
234 | * a real user. Submit in "?q=civicrm/$entity/$action" notation | |
235 | */ | |
236 | function testNotCMSUser_q() { | |
237 | $client = CRM_Utils_HttpClient::singleton(); | |
238 | ||
239 | //Create contact with api_key | |
240 | $test_key = "testing1234"; | |
241 | $contactParams = array( | |
242 | "api_key" => $test_key, | |
243 | "contact_type" => "Individual", | |
244 | "first_name" => "RestTester1" | |
245 | ); | |
246 | $contact = $this->webtest_civicrm_api("Contact", "create", $contactParams); | |
247 | $this->nocms_contact_id = $contact["id"]; | |
248 | ||
83479334 | 249 | // The key associates with a real contact but not a real user |
0f051868 TO |
250 | $params = array( |
251 | "q" => "civicrm/contact/get", | |
252 | "key" => $this->settings->siteKey, | |
253 | "json" => "1", | |
016157f0 TO |
254 | "api_key" => $test_key |
255 | ); | |
256 | list($status, $data) = $client->post($this->url, $params); | |
257 | $this->assertEquals(CRM_Utils_HttpClient::STATUS_OK, $status); | |
258 | $result = json_decode($data, TRUE); | |
259 | $this->assertNotNull($result); | |
260 | $this->assertAPIErrorCode($result, 1); | |
49626e3d CW |
261 | } |
262 | ||
263 | } |