Commit | Line | Data |
---|---|---|
49626e3d CW |
1 | <?php |
2 | /* | |
3 | +--------------------------------------------------------------------+ | |
81621fee | 4 | | CiviCRM version 4.7 | |
49626e3d | 5 | +--------------------------------------------------------------------+ |
e7112fa7 | 6 | | Copyright CiviCRM LLC (c) 2004-2015 | |
49626e3d CW |
7 | +--------------------------------------------------------------------+ |
8 | | This file is a part of CiviCRM. | | |
9 | | | | |
10 | | CiviCRM is free software; you can copy, modify, and distribute it | | |
11 | | under the terms of the GNU Affero General Public License | | |
12 | | Version 3, 19 November 2007 and the CiviCRM Licensing Exception. | | |
13 | | | | |
14 | | CiviCRM is distributed in the hope that it will be useful, but | | |
15 | | WITHOUT ANY WARRANTY; without even the implied warranty of | | |
16 | | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. | | |
17 | | See the GNU Affero General Public License for more details. | | |
18 | | | | |
19 | | You should have received a copy of the GNU Affero General Public | | |
20 | | License along with this program; if not, contact CiviCRM LLC | | |
21 | | at info[AT]civicrm[DOT]org. If you have questions about the | | |
22 | | GNU Affero General Public License or the licensing of CiviCRM, | | |
23 | | see the CiviCRM license FAQ at http://civicrm.org/licensing | | |
24 | +--------------------------------------------------------------------+ | |
d25dd0ee | 25 | */ |
49626e3d CW |
26 | |
27 | require_once 'CiviTest/CiviSeleniumTestCase.php'; | |
83479334 TO |
28 | |
29 | /** | |
30 | * Verify that the REST API bindings correctly parse and authenticate requests. | |
31 | */ | |
49626e3d CW |
32 | class WebTest_Utils_RestTest extends CiviSeleniumTestCase { |
33 | protected $url; | |
34 | protected $api_key; | |
35 | protected $session_id; | |
36 | protected $nocms_contact_id; | |
38ba137b | 37 | protected $old_api_keys; |
49626e3d | 38 | |
4cbe18b8 EM |
39 | /** |
40 | * @param $apiResult | |
41 | * @param $cmpvar | |
42 | * @param string $prefix | |
43 | */ | |
66eec473 | 44 | protected function assertAPIErrorCode($apiResult, $cmpvar, $prefix = '') { |
49626e3d CW |
45 | if (!empty($prefix)) { |
46 | $prefix .= ': '; | |
47 | } | |
48 | $this->assertEquals($cmpvar, $apiResult['is_error'], $prefix . (empty($apiResult['error_message']) ? '' : $apiResult['error_message'])); | |
668891f2 | 49 | //$this->assertEquals($cmpvar, $apiResult['is_error'], $prefix . print_r($apiResult, TRUE)); |
49626e3d CW |
50 | } |
51 | ||
52 | protected function setUp() { | |
53 | parent::setUp(); | |
54 | //URL should eventually be adapted for multisite | |
55 | $this->url = "{$this->settings->sandboxURL}/{$this->sboxPath}sites/all/modules/civicrm/extern/rest.php"; | |
56 | ||
016157f0 | 57 | if (!property_exists($this->settings, 'siteKey') || empty($this->settings->siteKey)) { |
88be34fc TO |
58 | $this->markTestSkipped('CiviSeleniumSettings is missing siteKey'); |
59 | } | |
eb87411f TO |
60 | if (!property_exists($this->settings, 'adminApiKey') || empty($this->settings->adminApiKey)) { |
61 | $this->markTestSkipped('CiviSeleniumSettings is missing adminApiKey'); | |
62 | } | |
38ba137b TO |
63 | |
64 | $this->old_api_keys = array(); | |
49626e3d CW |
65 | } |
66 | ||
67 | protected function tearDown() { | |
38ba137b TO |
68 | if (!empty($this->old_api_keys)) { |
69 | foreach ($this->old_api_keys as $cid => $apiKey) { | |
70 | $this->webtest_civicrm_api('Contact', 'create', array( | |
71 | 'id' => $cid, | |
72 | 'api_key' => $apiKey, | |
73 | )); | |
74 | } | |
75 | } | |
49626e3d | 76 | parent::tearDown(); |
016157f0 | 77 | if (isset($this->nocms_contact_id)) { |
49626e3d CW |
78 | $deleteParams = array( |
79 | "id" => $this->nocms_contact_id, | |
21dfd5f5 | 80 | "skip_undelete" => 1, |
49626e3d CW |
81 | ); |
82 | $res = $this->webtest_civicrm_api("Contact", "delete", $deleteParams); | |
83 | unset($this->nocms_contact_id); | |
84 | } | |
85 | } | |
86 | ||
3cabb1aa | 87 | /** |
668891f2 TO |
88 | * Build a list of test cases. Each test case defines a set of REST query |
89 | * parameters and an expected outcome for the REST request (eg is_error=>1 or is_error=>0). | |
90 | * | |
3cabb1aa TO |
91 | * @return array; each item is a list of parameters for testAPICalls |
92 | */ | |
00be9182 | 93 | public function apiTestCases() { |
3cabb1aa TO |
94 | $cases = array(); |
95 | ||
668891f2 TO |
96 | // entity,action: omit apiKey, valid entity+action |
97 | $cases[] = array( | |
481a74f4 | 98 | array(// query |
668891f2 TO |
99 | "entity" => "Contact", |
100 | "action" => "get", | |
101 | "key" => $this->settings->siteKey, | |
102 | "json" => "1", | |
103 | ), | |
104 | 1, // is_error | |
105 | ); | |
106 | ||
3cabb1aa TO |
107 | // entity,action: valid apiKey, valid entity+action |
108 | $cases[] = array( | |
481a74f4 | 109 | array(// query |
3cabb1aa TO |
110 | "entity" => "Contact", |
111 | "action" => "get", | |
112 | "key" => $this->settings->siteKey, | |
113 | "json" => "1", | |
114 | "api_key" => $this->settings->adminApiKey, | |
115 | ), | |
668891f2 | 116 | 0, // is_error |
016157f0 | 117 | ); |
3cabb1aa TO |
118 | |
119 | // entity,action: bad apiKey, valid entity+action | |
120 | $cases[] = array( | |
481a74f4 | 121 | array(// query |
3cabb1aa TO |
122 | "entity" => "Contact", |
123 | "action" => "get", | |
124 | "key" => $this->settings->siteKey, | |
125 | "json" => "1", | |
126 | "api_key" => 'garbage_' . $this->settings->adminApiKey, | |
127 | ), | |
668891f2 | 128 | 1, // is_error |
3cabb1aa TO |
129 | ); |
130 | ||
131 | // entity,action: valid apiKey, invalid entity+action | |
132 | $cases[] = array( | |
481a74f4 | 133 | array(// query |
3cabb1aa TO |
134 | "entity" => "Contactses", |
135 | "action" => "get", | |
136 | "key" => $this->settings->siteKey, | |
137 | "json" => "1", | |
138 | "api_key" => $this->settings->adminApiKey, | |
139 | ), | |
668891f2 TO |
140 | 1, // is_error |
141 | ); | |
142 | ||
143 | // q=civicrm/entity/action: omit apiKey, valid entity+action | |
144 | $cases[] = array( | |
481a74f4 | 145 | array(// query |
668891f2 TO |
146 | "q" => "civicrm/contact/get", |
147 | "key" => $this->settings->siteKey, | |
148 | "json" => "1", | |
149 | ), | |
150 | 1, // is_error | |
3cabb1aa TO |
151 | ); |
152 | ||
153 | // q=civicrm/entity/action: valid apiKey, valid entity+action | |
154 | $cases[] = array( | |
481a74f4 | 155 | array(// query |
3cabb1aa TO |
156 | "q" => "civicrm/contact/get", |
157 | "key" => $this->settings->siteKey, | |
158 | "json" => "1", | |
159 | "api_key" => $this->settings->adminApiKey, | |
160 | ), | |
668891f2 | 161 | 0, // is_error |
3cabb1aa TO |
162 | ); |
163 | ||
164 | // q=civicrm/entity/action: invalid apiKey, valid entity+action | |
165 | $cases[] = array( | |
481a74f4 | 166 | array(// query |
3cabb1aa TO |
167 | "q" => "civicrm/contact/get", |
168 | "key" => $this->settings->siteKey, | |
169 | "json" => "1", | |
170 | "api_key" => 'garbage_' . $this->settings->adminApiKey, | |
171 | ), | |
668891f2 | 172 | 1, // is_error |
3cabb1aa TO |
173 | ); |
174 | ||
175 | // q=civicrm/entity/action: valid apiKey, invalid entity+action | |
176 | $cases[] = array( | |
481a74f4 | 177 | array(// query |
3cabb1aa TO |
178 | "q" => "civicrm/contactses/get", |
179 | "key" => $this->settings->siteKey, | |
180 | "json" => "1", | |
181 | "api_key" => $this->settings->adminApiKey, | |
182 | ), | |
668891f2 | 183 | 1, // is_error |
3cabb1aa TO |
184 | ); |
185 | ||
308e0075 | 186 | // q=civicrm/entity/action: valid apiKey, invalid entity+action |
cf739ea4 | 187 | // XXX Actually Ping is valid, no? |
308e0075 | 188 | $cases[] = array( |
481a74f4 | 189 | array(// query |
308e0075 TO |
190 | "q" => "civicrm/ping", |
191 | "key" => $this->settings->siteKey, | |
192 | "json" => "1", | |
193 | "api_key" => $this->settings->adminApiKey, | |
194 | ), | |
195 | 0, // is_error | |
196 | ); | |
197 | ||
3cabb1aa | 198 | return $cases; |
49626e3d CW |
199 | } |
200 | ||
3cabb1aa TO |
201 | /** |
202 | * @dataProvider apiTestCases | |
1e1fdcf6 EM |
203 | * @param $query |
204 | * @param $is_error | |
3cabb1aa | 205 | */ |
00be9182 | 206 | public function testAPICalls($query, $is_error) { |
38ba137b TO |
207 | $this->updateAdminApiKey(); |
208 | ||
016157f0 | 209 | $client = CRM_Utils_HttpClient::singleton(); |
3cabb1aa | 210 | list($status, $data) = $client->post($this->url, $query); |
016157f0 TO |
211 | $this->assertEquals(CRM_Utils_HttpClient::STATUS_OK, $status); |
212 | $result = json_decode($data, TRUE); | |
d56bbdb3 TO |
213 | if ($result === NULL) { |
214 | $msg = print_r(array('query' => $query, 'response data' => $data), TRUE); | |
215 | $this->assertNotNull($result, $msg); | |
216 | } | |
3cabb1aa | 217 | $this->assertAPIErrorCode($result, $is_error); |
49626e3d CW |
218 | } |
219 | ||
0f051868 | 220 | /** |
eceb18cc | 221 | * Submit a request with an API key that exists but does not correspond to. |
0f051868 TO |
222 | * a real user. Submit in "?entity=X&action=X" notation |
223 | */ | |
00be9182 | 224 | public function testNotCMSUser_entityAction() { |
016157f0 | 225 | $client = CRM_Utils_HttpClient::singleton(); |
0f051868 | 226 | |
016157f0 TO |
227 | //Create contact with api_key |
228 | $test_key = "testing1234"; | |
229 | $contactParams = array( | |
230 | "api_key" => $test_key, | |
231 | "contact_type" => "Individual", | |
21dfd5f5 | 232 | "first_name" => "RestTester1", |
016157f0 TO |
233 | ); |
234 | $contact = $this->webtest_civicrm_api("Contact", "create", $contactParams); | |
235 | $this->nocms_contact_id = $contact["id"]; | |
49626e3d | 236 | |
83479334 | 237 | // The key associates with a real contact but not a real user |
016157f0 TO |
238 | $params = array( |
239 | "entity" => "Contact", | |
240 | "action" => "get", | |
241 | "key" => $this->settings->siteKey, | |
242 | "json" => "1", | |
21dfd5f5 | 243 | "api_key" => $test_key, |
0f051868 TO |
244 | ); |
245 | list($status, $data) = $client->post($this->url, $params); | |
246 | $this->assertEquals(CRM_Utils_HttpClient::STATUS_OK, $status); | |
247 | $result = json_decode($data, TRUE); | |
248 | $this->assertNotNull($result); | |
249 | $this->assertAPIErrorCode($result, 1); | |
250 | } | |
251 | ||
252 | /** | |
253 | * Submit a request with an API key that exists but does not correspond to | |
254 | * a real user. Submit in "?q=civicrm/$entity/$action" notation | |
255 | */ | |
00be9182 | 256 | public function testNotCMSUser_q() { |
0f051868 TO |
257 | $client = CRM_Utils_HttpClient::singleton(); |
258 | ||
259 | //Create contact with api_key | |
260 | $test_key = "testing1234"; | |
261 | $contactParams = array( | |
262 | "api_key" => $test_key, | |
263 | "contact_type" => "Individual", | |
21dfd5f5 | 264 | "first_name" => "RestTester1", |
0f051868 TO |
265 | ); |
266 | $contact = $this->webtest_civicrm_api("Contact", "create", $contactParams); | |
267 | $this->nocms_contact_id = $contact["id"]; | |
268 | ||
83479334 | 269 | // The key associates with a real contact but not a real user |
0f051868 TO |
270 | $params = array( |
271 | "q" => "civicrm/contact/get", | |
272 | "key" => $this->settings->siteKey, | |
273 | "json" => "1", | |
21dfd5f5 | 274 | "api_key" => $test_key, |
016157f0 TO |
275 | ); |
276 | list($status, $data) = $client->post($this->url, $params); | |
277 | $this->assertEquals(CRM_Utils_HttpClient::STATUS_OK, $status); | |
278 | $result = json_decode($data, TRUE); | |
279 | $this->assertNotNull($result); | |
280 | $this->assertAPIErrorCode($result, 1); | |
49626e3d CW |
281 | } |
282 | ||
38ba137b TO |
283 | protected function updateAdminApiKey() { |
284 | $this->webtestLogin($this->settings->adminUsername, $this->settings->adminPassword); | |
285 | $adminContact = $this->webtestGetLoggedInContact(); | |
286 | $this->webtestLogout(); | |
287 | ||
288 | $this->old_api_keys[$adminContact['id']] = CRM_Core_DAO::singleValueQuery('SELECT api_key FROM civicrm_contact WHERE id = %1', array( | |
289 | 1 => array($adminContact['id'], 'Positive'), | |
290 | )); | |
291 | ||
292 | //$this->old_admin_api_key = $this->webtest_civicrm_api('Contact', 'get', array( | |
293 | // 'id' => $adminContact['id'], | |
294 | // 'return' => 'api_key', | |
295 | //)); | |
296 | ||
297 | $this->webtest_civicrm_api('Contact', 'create', array( | |
298 | 'id' => $adminContact['id'], | |
299 | 'api_key' => $this->settings->adminApiKey, | |
300 | )); | |
301 | } | |
302 | ||
49626e3d | 303 | } |