Commit | Line | Data |
---|---|---|
49626e3d CW |
1 | <?php |
2 | /* | |
3 | +--------------------------------------------------------------------+ | |
06a1bc01 | 4 | | CiviCRM version 4.5 | |
49626e3d | 5 | +--------------------------------------------------------------------+ |
06a1bc01 | 6 | | Copyright CiviCRM LLC (c) 2004-2014 | |
49626e3d CW |
7 | +--------------------------------------------------------------------+ |
8 | | This file is a part of CiviCRM. | | |
9 | | | | |
10 | | CiviCRM is free software; you can copy, modify, and distribute it | | |
11 | | under the terms of the GNU Affero General Public License | | |
12 | | Version 3, 19 November 2007 and the CiviCRM Licensing Exception. | | |
13 | | | | |
14 | | CiviCRM is distributed in the hope that it will be useful, but | | |
15 | | WITHOUT ANY WARRANTY; without even the implied warranty of | | |
16 | | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. | | |
17 | | See the GNU Affero General Public License for more details. | | |
18 | | | | |
19 | | You should have received a copy of the GNU Affero General Public | | |
20 | | License along with this program; if not, contact CiviCRM LLC | | |
21 | | at info[AT]civicrm[DOT]org. If you have questions about the | | |
22 | | GNU Affero General Public License or the licensing of CiviCRM, | | |
23 | | see the CiviCRM license FAQ at http://civicrm.org/licensing | | |
24 | +--------------------------------------------------------------------+ | |
25 | */ | |
26 | ||
27 | require_once 'CiviTest/CiviSeleniumTestCase.php'; | |
83479334 TO |
28 | |
29 | /** | |
30 | * Verify that the REST API bindings correctly parse and authenticate requests. | |
31 | */ | |
49626e3d CW |
32 | class WebTest_Utils_RestTest extends CiviSeleniumTestCase { |
33 | protected $url; | |
34 | protected $api_key; | |
35 | protected $session_id; | |
36 | protected $nocms_contact_id; | |
37 | ||
4cbe18b8 EM |
38 | /** |
39 | * @param $apiResult | |
40 | * @param $cmpvar | |
41 | * @param string $prefix | |
42 | */ | |
66eec473 | 43 | protected function assertAPIErrorCode($apiResult, $cmpvar, $prefix = '') { |
49626e3d CW |
44 | if (!empty($prefix)) { |
45 | $prefix .= ': '; | |
46 | } | |
47 | $this->assertEquals($cmpvar, $apiResult['is_error'], $prefix . (empty($apiResult['error_message']) ? '' : $apiResult['error_message'])); | |
668891f2 | 48 | //$this->assertEquals($cmpvar, $apiResult['is_error'], $prefix . print_r($apiResult, TRUE)); |
49626e3d CW |
49 | } |
50 | ||
51 | protected function setUp() { | |
52 | parent::setUp(); | |
53 | //URL should eventually be adapted for multisite | |
54 | $this->url = "{$this->settings->sandboxURL}/{$this->sboxPath}sites/all/modules/civicrm/extern/rest.php"; | |
55 | ||
016157f0 | 56 | if (!property_exists($this->settings, 'siteKey') || empty($this->settings->siteKey)) { |
88be34fc TO |
57 | $this->markTestSkipped('CiviSeleniumSettings is missing siteKey'); |
58 | } | |
eb87411f TO |
59 | if (!property_exists($this->settings, 'adminApiKey') || empty($this->settings->adminApiKey)) { |
60 | $this->markTestSkipped('CiviSeleniumSettings is missing adminApiKey'); | |
61 | } | |
49626e3d CW |
62 | } |
63 | ||
64 | protected function tearDown() { | |
65 | parent::tearDown(); | |
016157f0 | 66 | if (isset($this->nocms_contact_id)) { |
49626e3d CW |
67 | $deleteParams = array( |
68 | "id" => $this->nocms_contact_id, | |
69 | "skip_undelete" => 1 | |
70 | ); | |
71 | $res = $this->webtest_civicrm_api("Contact", "delete", $deleteParams); | |
72 | unset($this->nocms_contact_id); | |
73 | } | |
74 | } | |
75 | ||
3cabb1aa | 76 | /** |
668891f2 TO |
77 | * Build a list of test cases. Each test case defines a set of REST query |
78 | * parameters and an expected outcome for the REST request (eg is_error=>1 or is_error=>0). | |
79 | * | |
3cabb1aa TO |
80 | * @return array; each item is a list of parameters for testAPICalls |
81 | */ | |
82 | function apiTestCases() { | |
83 | $cases = array(); | |
84 | ||
668891f2 TO |
85 | // entity,action: omit apiKey, valid entity+action |
86 | $cases[] = array( | |
87 | array( // query | |
88 | "entity" => "Contact", | |
89 | "action" => "get", | |
90 | "key" => $this->settings->siteKey, | |
91 | "json" => "1", | |
92 | ), | |
93 | 1, // is_error | |
94 | ); | |
95 | ||
3cabb1aa TO |
96 | // entity,action: valid apiKey, valid entity+action |
97 | $cases[] = array( | |
668891f2 | 98 | array( // query |
3cabb1aa TO |
99 | "entity" => "Contact", |
100 | "action" => "get", | |
101 | "key" => $this->settings->siteKey, | |
102 | "json" => "1", | |
103 | "api_key" => $this->settings->adminApiKey, | |
104 | ), | |
668891f2 | 105 | 0, // is_error |
016157f0 | 106 | ); |
3cabb1aa TO |
107 | |
108 | // entity,action: bad apiKey, valid entity+action | |
109 | $cases[] = array( | |
668891f2 | 110 | array( // query |
3cabb1aa TO |
111 | "entity" => "Contact", |
112 | "action" => "get", | |
113 | "key" => $this->settings->siteKey, | |
114 | "json" => "1", | |
115 | "api_key" => 'garbage_' . $this->settings->adminApiKey, | |
116 | ), | |
668891f2 | 117 | 1, // is_error |
3cabb1aa TO |
118 | ); |
119 | ||
120 | // entity,action: valid apiKey, invalid entity+action | |
121 | $cases[] = array( | |
668891f2 | 122 | array( // query |
3cabb1aa TO |
123 | "entity" => "Contactses", |
124 | "action" => "get", | |
125 | "key" => $this->settings->siteKey, | |
126 | "json" => "1", | |
127 | "api_key" => $this->settings->adminApiKey, | |
128 | ), | |
668891f2 TO |
129 | 1, // is_error |
130 | ); | |
131 | ||
132 | // q=civicrm/entity/action: omit apiKey, valid entity+action | |
133 | $cases[] = array( | |
134 | array( // query | |
135 | "q" => "civicrm/contact/get", | |
136 | "key" => $this->settings->siteKey, | |
137 | "json" => "1", | |
138 | ), | |
139 | 1, // is_error | |
3cabb1aa TO |
140 | ); |
141 | ||
142 | // q=civicrm/entity/action: valid apiKey, valid entity+action | |
143 | $cases[] = array( | |
668891f2 | 144 | array( // query |
3cabb1aa TO |
145 | "q" => "civicrm/contact/get", |
146 | "key" => $this->settings->siteKey, | |
147 | "json" => "1", | |
148 | "api_key" => $this->settings->adminApiKey, | |
149 | ), | |
668891f2 | 150 | 0, // is_error |
3cabb1aa TO |
151 | ); |
152 | ||
153 | // q=civicrm/entity/action: invalid apiKey, valid entity+action | |
154 | $cases[] = array( | |
668891f2 | 155 | array( // query |
3cabb1aa TO |
156 | "q" => "civicrm/contact/get", |
157 | "key" => $this->settings->siteKey, | |
158 | "json" => "1", | |
159 | "api_key" => 'garbage_' . $this->settings->adminApiKey, | |
160 | ), | |
668891f2 | 161 | 1, // is_error |
3cabb1aa TO |
162 | ); |
163 | ||
164 | // q=civicrm/entity/action: valid apiKey, invalid entity+action | |
165 | $cases[] = array( | |
668891f2 | 166 | array( // query |
3cabb1aa TO |
167 | "q" => "civicrm/contactses/get", |
168 | "key" => $this->settings->siteKey, | |
169 | "json" => "1", | |
170 | "api_key" => $this->settings->adminApiKey, | |
171 | ), | |
668891f2 | 172 | 1, // is_error |
3cabb1aa TO |
173 | ); |
174 | ||
308e0075 | 175 | // q=civicrm/entity/action: valid apiKey, invalid entity+action |
cf739ea4 | 176 | // XXX Actually Ping is valid, no? |
308e0075 TO |
177 | $cases[] = array( |
178 | array( // query | |
179 | "q" => "civicrm/ping", | |
180 | "key" => $this->settings->siteKey, | |
181 | "json" => "1", | |
182 | "api_key" => $this->settings->adminApiKey, | |
183 | ), | |
184 | 0, // is_error | |
185 | ); | |
186 | ||
3cabb1aa | 187 | return $cases; |
49626e3d CW |
188 | } |
189 | ||
3cabb1aa TO |
190 | /** |
191 | * @dataProvider apiTestCases | |
192 | */ | |
193 | function testAPICalls($query, $is_error) { | |
016157f0 | 194 | $client = CRM_Utils_HttpClient::singleton(); |
3cabb1aa | 195 | list($status, $data) = $client->post($this->url, $query); |
016157f0 TO |
196 | $this->assertEquals(CRM_Utils_HttpClient::STATUS_OK, $status); |
197 | $result = json_decode($data, TRUE); | |
d56bbdb3 TO |
198 | if ($result === NULL) { |
199 | $msg = print_r(array('query' => $query, 'response data' => $data), TRUE); | |
200 | $this->assertNotNull($result, $msg); | |
201 | } | |
3cabb1aa | 202 | $this->assertAPIErrorCode($result, $is_error); |
49626e3d CW |
203 | } |
204 | ||
0f051868 TO |
205 | /** |
206 | * Submit a request with an API key that exists but does not correspond to | |
207 | * a real user. Submit in "?entity=X&action=X" notation | |
208 | */ | |
209 | function testNotCMSUser_entityAction() { | |
016157f0 | 210 | $client = CRM_Utils_HttpClient::singleton(); |
0f051868 | 211 | |
016157f0 TO |
212 | //Create contact with api_key |
213 | $test_key = "testing1234"; | |
214 | $contactParams = array( | |
215 | "api_key" => $test_key, | |
216 | "contact_type" => "Individual", | |
217 | "first_name" => "RestTester1" | |
218 | ); | |
219 | $contact = $this->webtest_civicrm_api("Contact", "create", $contactParams); | |
220 | $this->nocms_contact_id = $contact["id"]; | |
49626e3d | 221 | |
83479334 | 222 | // The key associates with a real contact but not a real user |
016157f0 TO |
223 | $params = array( |
224 | "entity" => "Contact", | |
225 | "action" => "get", | |
226 | "key" => $this->settings->siteKey, | |
227 | "json" => "1", | |
0f051868 TO |
228 | "api_key" => $test_key |
229 | ); | |
230 | list($status, $data) = $client->post($this->url, $params); | |
231 | $this->assertEquals(CRM_Utils_HttpClient::STATUS_OK, $status); | |
232 | $result = json_decode($data, TRUE); | |
233 | $this->assertNotNull($result); | |
234 | $this->assertAPIErrorCode($result, 1); | |
235 | } | |
236 | ||
237 | /** | |
238 | * Submit a request with an API key that exists but does not correspond to | |
239 | * a real user. Submit in "?q=civicrm/$entity/$action" notation | |
240 | */ | |
241 | function testNotCMSUser_q() { | |
242 | $client = CRM_Utils_HttpClient::singleton(); | |
243 | ||
244 | //Create contact with api_key | |
245 | $test_key = "testing1234"; | |
246 | $contactParams = array( | |
247 | "api_key" => $test_key, | |
248 | "contact_type" => "Individual", | |
249 | "first_name" => "RestTester1" | |
250 | ); | |
251 | $contact = $this->webtest_civicrm_api("Contact", "create", $contactParams); | |
252 | $this->nocms_contact_id = $contact["id"]; | |
253 | ||
83479334 | 254 | // The key associates with a real contact but not a real user |
0f051868 TO |
255 | $params = array( |
256 | "q" => "civicrm/contact/get", | |
257 | "key" => $this->settings->siteKey, | |
258 | "json" => "1", | |
016157f0 TO |
259 | "api_key" => $test_key |
260 | ); | |
261 | list($status, $data) = $client->post($this->url, $params); | |
262 | $this->assertEquals(CRM_Utils_HttpClient::STATUS_OK, $status); | |
263 | $result = json_decode($data, TRUE); | |
264 | $this->assertNotNull($result); | |
265 | $this->assertAPIErrorCode($result, 1); | |
49626e3d CW |
266 | } |
267 | ||
268 | } |