tests/phpunit/WebTest/Utils/RestTest.php

   1 <?php
   2 /*
   3  +--------------------------------------------------------------------+
   4  | CiviCRM version 4.5                                                |
   5  +--------------------------------------------------------------------+
   6  | Copyright CiviCRM LLC (c) 2004-2014                                |
   7  +--------------------------------------------------------------------+
   8  | This file is a part of CiviCRM.                                    |
   9  |                                                                    |
  10  | CiviCRM is free software; you can copy, modify, and distribute it  |
  11  | under the terms of the GNU Affero General Public License           |
  12  | Version 3, 19 November 2007 and the CiviCRM Licensing Exception.   |
  13  |                                                                    |
  14  | CiviCRM is distributed in the hope that it will be useful, but     |
  15  | WITHOUT ANY WARRANTY; without even the implied warranty of         |
  16  | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.               |
  17  | See the GNU Affero General Public License for more details.        |
  18  |                                                                    |
  19  | You should have received a copy of the GNU Affero General Public   |
  20  | License along with this program; if not, contact CiviCRM LLC       |
  21  | at info[AT]civicrm[DOT]org. If you have questions about the        |
  22  | GNU Affero General Public License or the licensing of CiviCRM,     |
  23  | see the CiviCRM license FAQ at http://civicrm.org/licensing        |
  24  +--------------------------------------------------------------------+
  25 */
  26
  27 require_once 'CiviTest/CiviSeleniumTestCase.php';
  28
  29 /**
  30  * Verify that the REST API bindings correctly parse and authenticate requests.
  31  */
  32 class WebTest_Utils_RestTest extends CiviSeleniumTestCase {
  33   protected $url;
  34   protected $api_key;
  35   protected $session_id;
  36   protected $nocms_contact_id;
  37
  38   protected function assertAPIErrorCode($apiResult, $cmpvar, $prefix = '') {
  39     if (!empty($prefix)) {
  40       $prefix .= ': ';
  41     }
  42     $this->assertEquals($cmpvar, $apiResult['is_error'], $prefix . (empty($apiResult['error_message']) ? '' : $apiResult['error_message']));
  43     //$this->assertEquals($cmpvar, $apiResult['is_error'], $prefix . print_r($apiResult, TRUE));
  44   }
  45
  46   protected function setUp() {
  47     parent::setUp();
  48     //URL should eventually be adapted for multisite
  49     $this->url = "{$this->settings->sandboxURL}/{$this->sboxPath}sites/all/modules/civicrm/extern/rest.php";
  50
  51     if (!property_exists($this->settings, 'siteKey') || empty($this->settings->siteKey)) {
  52       $this->markTestSkipped('CiviSeleniumSettings is missing siteKey');
  53     }
  54     if (!property_exists($this->settings, 'adminApiKey') || empty($this->settings->adminApiKey)) {
  55       $this->markTestSkipped('CiviSeleniumSettings is missing adminApiKey');
  56     }
  57   }
  58
  59   protected function tearDown() {
  60     parent::tearDown();
  61     if (isset($this->nocms_contact_id)) {
  62       $deleteParams = array(
  63         "id" => $this->nocms_contact_id,
  64         "skip_undelete" => 1
  65       );
  66       $res = $this->webtest_civicrm_api("Contact", "delete", $deleteParams);
  67       unset($this->nocms_contact_id);
  68     }
  69   }
  70
  71   /**
  72    * Build a list of test cases. Each test case defines a set of REST query
  73    * parameters and an expected outcome for the REST request (eg is_error=>1 or is_error=>0).
  74    *
  75    * @return array; each item is a list of parameters for testAPICalls
  76    */
  77   function apiTestCases() {
  78     $cases = array();
  79
  80     // entity,action: omit apiKey, valid entity+action
  81     $cases[] = array(
  82       array( // query
  83         "entity" => "Contact",
  84         "action" => "get",
  85         "key" => $this->settings->siteKey,
  86         "json" => "1",
  87       ),
  88       1, // is_error
  89     );
  90
  91     // entity,action: valid apiKey, valid entity+action
  92     $cases[] = array(
  93       array( // query
  94         "entity" => "Contact",
  95         "action" => "get",
  96         "key" => $this->settings->siteKey,
  97         "json" => "1",
  98         "api_key" => $this->settings->adminApiKey,
  99       ),
 100       0, // is_error
 101     );
 102
 103     // entity,action: bad apiKey, valid entity+action
 104     $cases[] = array(
 105       array( // query
 106         "entity" => "Contact",
 107         "action" => "get",
 108         "key" => $this->settings->siteKey,
 109         "json" => "1",
 110         "api_key" => 'garbage_' . $this->settings->adminApiKey,
 111       ),
 112       1, // is_error
 113     );
 114
 115     // entity,action: valid apiKey, invalid entity+action
 116     $cases[] = array(
 117       array( // query
 118         "entity" => "Contactses",
 119         "action" => "get",
 120         "key" => $this->settings->siteKey,
 121         "json" => "1",
 122         "api_key" => $this->settings->adminApiKey,
 123       ),
 124       1, // is_error
 125     );
 126
 127     // q=civicrm/entity/action: omit apiKey, valid entity+action
 128     $cases[] = array(
 129       array( // query
 130         "q" => "civicrm/contact/get",
 131         "key" => $this->settings->siteKey,
 132         "json" => "1",
 133       ),
 134       1, // is_error
 135     );
 136
 137     // q=civicrm/entity/action: valid apiKey, valid entity+action
 138     $cases[] = array(
 139       array( // query
 140         "q" => "civicrm/contact/get",
 141         "key" => $this->settings->siteKey,
 142         "json" => "1",
 143         "api_key" => $this->settings->adminApiKey,
 144       ),
 145       0, // is_error
 146     );
 147
 148     // q=civicrm/entity/action: invalid apiKey, valid entity+action
 149     $cases[] = array(
 150       array( // query
 151         "q" => "civicrm/contact/get",
 152         "key" => $this->settings->siteKey,
 153         "json" => "1",
 154         "api_key" => 'garbage_' . $this->settings->adminApiKey,
 155       ),
 156       1, // is_error
 157     );
 158
 159     // q=civicrm/entity/action: valid apiKey, invalid entity+action
 160     $cases[] = array(
 161       array( // query
 162         "q" => "civicrm/contactses/get",
 163         "key" => $this->settings->siteKey,
 164         "json" => "1",
 165         "api_key" => $this->settings->adminApiKey,
 166       ),
 167       1, // is_error
 168     );
 169
 170     // q=civicrm/entity/action: valid apiKey, invalid entity+action
 171     // XXX Actually Ping is valid, no?
 172     $cases[] = array(
 173       array( // query
 174         "q" => "civicrm/ping",
 175         "key" => $this->settings->siteKey,
 176         "json" => "1",
 177         "api_key" => $this->settings->adminApiKey,
 178       ),
 179       0, // is_error
 180     );
 181
 182     return $cases;
 183   }
 184
 185   /**
 186    * @dataProvider apiTestCases
 187    */
 188   function testAPICalls($query, $is_error) {
 189     $client = CRM_Utils_HttpClient::singleton();
 190     list($status, $data) = $client->post($this->url, $query);
 191     $this->assertEquals(CRM_Utils_HttpClient::STATUS_OK, $status);
 192     $result = json_decode($data, TRUE);
 193     if ($result === NULL) {
 194       $msg = print_r(array('query' => $query, 'response data' => $data), TRUE);
 195       $this->assertNotNull($result, $msg);
 196     }
 197     $this->assertAPIErrorCode($result, $is_error);
 198   }
 199
 200   /**
 201    * Submit a request with an API key that exists but does not correspond to
 202    * a real user. Submit in "?entity=X&action=X" notation
 203    */
 204   function testNotCMSUser_entityAction() {
 205     $client = CRM_Utils_HttpClient::singleton();
 206
 207     //Create contact with api_key
 208     $test_key = "testing1234";
 209     $contactParams = array(
 210       "api_key" => $test_key,
 211       "contact_type" => "Individual",
 212       "first_name" => "RestTester1"
 213     );
 214     $contact = $this->webtest_civicrm_api("Contact", "create", $contactParams);
 215     $this->nocms_contact_id = $contact["id"];
 216
 217     // The key associates with a real contact but not a real user
 218     $params = array(
 219       "entity" => "Contact",
 220       "action" => "get",
 221       "key" => $this->settings->siteKey,
 222       "json" => "1",
 223       "api_key" => $test_key
 224     );
 225     list($status, $data) = $client->post($this->url, $params);
 226     $this->assertEquals(CRM_Utils_HttpClient::STATUS_OK, $status);
 227     $result = json_decode($data, TRUE);
 228     $this->assertNotNull($result);
 229     $this->assertAPIErrorCode($result, 1);
 230   }
 231
 232   /**
 233    * Submit a request with an API key that exists but does not correspond to
 234    * a real user. Submit in "?q=civicrm/$entity/$action" notation
 235    */
 236   function testNotCMSUser_q() {
 237     $client = CRM_Utils_HttpClient::singleton();
 238
 239     //Create contact with api_key
 240     $test_key = "testing1234";
 241     $contactParams = array(
 242       "api_key" => $test_key,
 243       "contact_type" => "Individual",
 244       "first_name" => "RestTester1"
 245     );
 246     $contact = $this->webtest_civicrm_api("Contact", "create", $contactParams);
 247     $this->nocms_contact_id = $contact["id"];
 248
 249     // The key associates with a real contact but not a real user
 250     $params = array(
 251       "q" => "civicrm/contact/get",
 252       "key" => $this->settings->siteKey,
 253       "json" => "1",
 254       "api_key" => $test_key
 255     );
 256     list($status, $data) = $client->post($this->url, $params);
 257     $this->assertEquals(CRM_Utils_HttpClient::STATUS_OK, $status);
 258     $result = json_decode($data, TRUE);
 259     $this->assertNotNull($result);
 260     $this->assertAPIErrorCode($result, 1);
 261   }
 262
 263 }