Commit | Line | Data |
---|---|---|
49626e3d CW |
1 | <?php |
2 | /* | |
3 | +--------------------------------------------------------------------+ | |
4 | | CiviCRM version 4.3 | | |
5 | +--------------------------------------------------------------------+ | |
6 | | Copyright CiviCRM LLC (c) 2004-2013 | | |
7 | +--------------------------------------------------------------------+ | |
8 | | This file is a part of CiviCRM. | | |
9 | | | | |
10 | | CiviCRM is free software; you can copy, modify, and distribute it | | |
11 | | under the terms of the GNU Affero General Public License | | |
12 | | Version 3, 19 November 2007 and the CiviCRM Licensing Exception. | | |
13 | | | | |
14 | | CiviCRM is distributed in the hope that it will be useful, but | | |
15 | | WITHOUT ANY WARRANTY; without even the implied warranty of | | |
16 | | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. | | |
17 | | See the GNU Affero General Public License for more details. | | |
18 | | | | |
19 | | You should have received a copy of the GNU Affero General Public | | |
20 | | License along with this program; if not, contact CiviCRM LLC | | |
21 | | at info[AT]civicrm[DOT]org. If you have questions about the | | |
22 | | GNU Affero General Public License or the licensing of CiviCRM, | | |
23 | | see the CiviCRM license FAQ at http://civicrm.org/licensing | | |
24 | +--------------------------------------------------------------------+ | |
25 | */ | |
26 | ||
27 | require_once 'CiviTest/CiviSeleniumTestCase.php'; | |
28 | class WebTest_Utils_RestTest extends CiviSeleniumTestCase { | |
29 | protected $url; | |
30 | protected $api_key; | |
31 | protected $session_id; | |
32 | protected $nocms_contact_id; | |
33 | ||
66eec473 | 34 | protected function assertAPIErrorCode($apiResult, $cmpvar, $prefix = '') { |
49626e3d CW |
35 | if (!empty($prefix)) { |
36 | $prefix .= ': '; | |
37 | } | |
38 | $this->assertEquals($cmpvar, $apiResult['is_error'], $prefix . (empty($apiResult['error_message']) ? '' : $apiResult['error_message'])); | |
668891f2 | 39 | //$this->assertEquals($cmpvar, $apiResult['is_error'], $prefix . print_r($apiResult, TRUE)); |
49626e3d CW |
40 | } |
41 | ||
42 | protected function setUp() { | |
43 | parent::setUp(); | |
44 | //URL should eventually be adapted for multisite | |
45 | $this->url = "{$this->settings->sandboxURL}/{$this->sboxPath}sites/all/modules/civicrm/extern/rest.php"; | |
46 | ||
016157f0 | 47 | if (!property_exists($this->settings, 'siteKey') || empty($this->settings->siteKey)) { |
88be34fc TO |
48 | $this->markTestSkipped('CiviSeleniumSettings is missing siteKey'); |
49 | } | |
eb87411f TO |
50 | if (!property_exists($this->settings, 'adminApiKey') || empty($this->settings->adminApiKey)) { |
51 | $this->markTestSkipped('CiviSeleniumSettings is missing adminApiKey'); | |
52 | } | |
49626e3d CW |
53 | } |
54 | ||
55 | protected function tearDown() { | |
56 | parent::tearDown(); | |
016157f0 | 57 | if (isset($this->nocms_contact_id)) { |
49626e3d CW |
58 | $deleteParams = array( |
59 | "id" => $this->nocms_contact_id, | |
60 | "skip_undelete" => 1 | |
61 | ); | |
62 | $res = $this->webtest_civicrm_api("Contact", "delete", $deleteParams); | |
63 | unset($this->nocms_contact_id); | |
64 | } | |
65 | } | |
66 | ||
eb87411f | 67 | /* |
49626e3d | 68 | function testValidLoginCMSUser() { |
016157f0 TO |
69 | $client = CRM_Utils_HttpClient::singleton(); |
70 | $params = array( | |
71 | "q" => "civicrm/login", | |
72 | "key" => $this->settings->siteKey, | |
73 | "json" => "1", | |
74 | "name" => $this->settings->adminUsername, | |
75 | "pass" => $this->settings->adminPassword | |
76 | ); | |
77 | list($status, $data) = $client->post($this->url, $params); | |
78 | $this->assertEquals(CRM_Utils_HttpClient::STATUS_OK, $status); | |
79 | $result = json_decode($data, TRUE); | |
80 | $this->assertNotNull($result); | |
81 | $this->assertAPIErrorCode($result, 0); | |
49626e3d CW |
82 | } |
83 | ||
84 | function testInvalidPasswordLogin() { | |
016157f0 TO |
85 | $client = CRM_Utils_HttpClient::singleton(); |
86 | $badPassword = $this->settings->adminPassword . "badpass"; | |
87 | $params = array( | |
88 | "q" => "civicrm/login", | |
89 | "key" => $this->settings->siteKey, | |
90 | "json" => "1", | |
91 | "name" => $this->settings->adminUsername, | |
92 | "pass" => $badPassword | |
93 | ); | |
94 | list($status, $data) = $client->post($this->url, $params); | |
95 | $this->assertEquals(CRM_Utils_HttpClient::STATUS_OK, $status); | |
96 | $result = json_decode($data, TRUE); | |
97 | $this->assertNotNull($result); | |
98 | $this->assertAPIErrorCode($result, 1); | |
49626e3d CW |
99 | } |
100 | ||
eb87411f | 101 | function testValidCallPHPSessionID() { |
5700921b | 102 | $this->_setUpAdminSessionIdAndApiKey(); |
016157f0 TO |
103 | $client = CRM_Utils_HttpClient::singleton(); |
104 | $params = array( | |
105 | "entity" => "Contact", | |
106 | "action" => "get", | |
016157f0 | 107 | "json" => "1", |
eb87411f TO |
108 | "PHPSESSID" => $this->session_id, |
109 | "api_key" => $this->api_key, | |
016157f0 TO |
110 | ); |
111 | list($status, $data) = $client->post($this->url, $params); | |
112 | $this->assertEquals(CRM_Utils_HttpClient::STATUS_OK, $status); | |
113 | $result = json_decode($data, TRUE); | |
114 | $this->assertNotNull($result); | |
115 | $this->assertAPIErrorCode($result, 0); | |
49626e3d | 116 | } |
eb87411f | 117 | */ |
49626e3d | 118 | |
3cabb1aa | 119 | /** |
668891f2 TO |
120 | * Build a list of test cases. Each test case defines a set of REST query |
121 | * parameters and an expected outcome for the REST request (eg is_error=>1 or is_error=>0). | |
122 | * | |
3cabb1aa TO |
123 | * @return array; each item is a list of parameters for testAPICalls |
124 | */ | |
125 | function apiTestCases() { | |
126 | $cases = array(); | |
127 | ||
668891f2 TO |
128 | // entity,action: omit apiKey, valid entity+action |
129 | $cases[] = array( | |
130 | array( // query | |
131 | "entity" => "Contact", | |
132 | "action" => "get", | |
133 | "key" => $this->settings->siteKey, | |
134 | "json" => "1", | |
135 | ), | |
136 | 1, // is_error | |
137 | ); | |
138 | ||
3cabb1aa TO |
139 | // entity,action: valid apiKey, valid entity+action |
140 | $cases[] = array( | |
668891f2 | 141 | array( // query |
3cabb1aa TO |
142 | "entity" => "Contact", |
143 | "action" => "get", | |
144 | "key" => $this->settings->siteKey, | |
145 | "json" => "1", | |
146 | "api_key" => $this->settings->adminApiKey, | |
147 | ), | |
668891f2 | 148 | 0, // is_error |
016157f0 | 149 | ); |
3cabb1aa TO |
150 | |
151 | // entity,action: bad apiKey, valid entity+action | |
152 | $cases[] = array( | |
668891f2 | 153 | array( // query |
3cabb1aa TO |
154 | "entity" => "Contact", |
155 | "action" => "get", | |
156 | "key" => $this->settings->siteKey, | |
157 | "json" => "1", | |
158 | "api_key" => 'garbage_' . $this->settings->adminApiKey, | |
159 | ), | |
668891f2 | 160 | 1, // is_error |
3cabb1aa TO |
161 | ); |
162 | ||
163 | // entity,action: valid apiKey, invalid entity+action | |
164 | $cases[] = array( | |
668891f2 | 165 | array( // query |
3cabb1aa TO |
166 | "entity" => "Contactses", |
167 | "action" => "get", | |
168 | "key" => $this->settings->siteKey, | |
169 | "json" => "1", | |
170 | "api_key" => $this->settings->adminApiKey, | |
171 | ), | |
668891f2 TO |
172 | 1, // is_error |
173 | ); | |
174 | ||
175 | // q=civicrm/entity/action: omit apiKey, valid entity+action | |
176 | $cases[] = array( | |
177 | array( // query | |
178 | "q" => "civicrm/contact/get", | |
179 | "key" => $this->settings->siteKey, | |
180 | "json" => "1", | |
181 | ), | |
182 | 1, // is_error | |
3cabb1aa TO |
183 | ); |
184 | ||
185 | // q=civicrm/entity/action: valid apiKey, valid entity+action | |
186 | $cases[] = array( | |
668891f2 | 187 | array( // query |
3cabb1aa TO |
188 | "q" => "civicrm/contact/get", |
189 | "key" => $this->settings->siteKey, | |
190 | "json" => "1", | |
191 | "api_key" => $this->settings->adminApiKey, | |
192 | ), | |
668891f2 | 193 | 0, // is_error |
3cabb1aa TO |
194 | ); |
195 | ||
196 | // q=civicrm/entity/action: invalid apiKey, valid entity+action | |
197 | $cases[] = array( | |
668891f2 | 198 | array( // query |
3cabb1aa TO |
199 | "q" => "civicrm/contact/get", |
200 | "key" => $this->settings->siteKey, | |
201 | "json" => "1", | |
202 | "api_key" => 'garbage_' . $this->settings->adminApiKey, | |
203 | ), | |
668891f2 | 204 | 1, // is_error |
3cabb1aa TO |
205 | ); |
206 | ||
207 | // q=civicrm/entity/action: valid apiKey, invalid entity+action | |
208 | $cases[] = array( | |
668891f2 | 209 | array( // query |
3cabb1aa TO |
210 | "q" => "civicrm/contactses/get", |
211 | "key" => $this->settings->siteKey, | |
212 | "json" => "1", | |
213 | "api_key" => $this->settings->adminApiKey, | |
214 | ), | |
668891f2 | 215 | 1, // is_error |
3cabb1aa TO |
216 | ); |
217 | ||
218 | return $cases; | |
49626e3d CW |
219 | } |
220 | ||
3cabb1aa TO |
221 | /** |
222 | * @dataProvider apiTestCases | |
223 | */ | |
224 | function testAPICalls($query, $is_error) { | |
016157f0 | 225 | $client = CRM_Utils_HttpClient::singleton(); |
3cabb1aa | 226 | list($status, $data) = $client->post($this->url, $query); |
016157f0 TO |
227 | $this->assertEquals(CRM_Utils_HttpClient::STATUS_OK, $status); |
228 | $result = json_decode($data, TRUE); | |
229 | $this->assertNotNull($result); | |
3cabb1aa | 230 | $this->assertAPIErrorCode($result, $is_error); |
49626e3d CW |
231 | } |
232 | ||
0f051868 TO |
233 | /** |
234 | * Submit a request with an API key that exists but does not correspond to | |
235 | * a real user. Submit in "?entity=X&action=X" notation | |
236 | */ | |
237 | function testNotCMSUser_entityAction() { | |
016157f0 | 238 | $client = CRM_Utils_HttpClient::singleton(); |
0f051868 | 239 | |
016157f0 TO |
240 | //Create contact with api_key |
241 | $test_key = "testing1234"; | |
242 | $contactParams = array( | |
243 | "api_key" => $test_key, | |
244 | "contact_type" => "Individual", | |
245 | "first_name" => "RestTester1" | |
246 | ); | |
247 | $contact = $this->webtest_civicrm_api("Contact", "create", $contactParams); | |
248 | $this->nocms_contact_id = $contact["id"]; | |
49626e3d | 249 | |
0f051868 | 250 | // Use the malformed key |
016157f0 TO |
251 | $params = array( |
252 | "entity" => "Contact", | |
253 | "action" => "get", | |
254 | "key" => $this->settings->siteKey, | |
255 | "json" => "1", | |
0f051868 TO |
256 | "api_key" => $test_key |
257 | ); | |
258 | list($status, $data) = $client->post($this->url, $params); | |
259 | $this->assertEquals(CRM_Utils_HttpClient::STATUS_OK, $status); | |
260 | $result = json_decode($data, TRUE); | |
261 | $this->assertNotNull($result); | |
262 | $this->assertAPIErrorCode($result, 1); | |
263 | } | |
264 | ||
265 | /** | |
266 | * Submit a request with an API key that exists but does not correspond to | |
267 | * a real user. Submit in "?q=civicrm/$entity/$action" notation | |
268 | */ | |
269 | function testNotCMSUser_q() { | |
270 | $client = CRM_Utils_HttpClient::singleton(); | |
271 | ||
272 | //Create contact with api_key | |
273 | $test_key = "testing1234"; | |
274 | $contactParams = array( | |
275 | "api_key" => $test_key, | |
276 | "contact_type" => "Individual", | |
277 | "first_name" => "RestTester1" | |
278 | ); | |
279 | $contact = $this->webtest_civicrm_api("Contact", "create", $contactParams); | |
280 | $this->nocms_contact_id = $contact["id"]; | |
281 | ||
282 | // Use the malformed key | |
283 | $params = array( | |
284 | "q" => "civicrm/contact/get", | |
285 | "key" => $this->settings->siteKey, | |
286 | "json" => "1", | |
016157f0 TO |
287 | "api_key" => $test_key |
288 | ); | |
289 | list($status, $data) = $client->post($this->url, $params); | |
290 | $this->assertEquals(CRM_Utils_HttpClient::STATUS_OK, $status); | |
291 | $result = json_decode($data, TRUE); | |
292 | $this->assertNotNull($result); | |
293 | $this->assertAPIErrorCode($result, 1); | |
49626e3d CW |
294 | } |
295 | ||
eb87411f | 296 | /* |
5700921b TO |
297 | protected function _setUpAdminSessionIdAndApiKey() { |
298 | $client = CRM_Utils_HttpClient::singleton(); | |
299 | $params = array( | |
300 | "q" => "civicrm/login", | |
301 | "key" => $this->settings->siteKey, | |
302 | "json" => "1", | |
303 | "name" => $this->settings->adminUsername, | |
304 | "pass" => $this->settings->adminPassword | |
305 | ); | |
306 | list($status, $data) = $client->post($this->url, $params); | |
307 | $this->assertEquals(CRM_Utils_HttpClient::STATUS_OK, $status); | |
308 | $result = json_decode($data, TRUE); | |
309 | $this->assertAPIErrorCode($result, 0); | |
310 | $this->api_key = $result["api_key"]; | |
311 | $this->session_id = $result["PHPSESSID"]; | |
eb87411f | 312 | $this->assertTrue(isset($this->api_key), 'Failed to find admin API key'); |
5700921b | 313 | return $result; |
eb87411f | 314 | } // */ |
49626e3d | 315 | } |