801764662690e919b2cc70904c7da4f7a652086d
3 +--------------------------------------------------------------------+
4 | CiviCRM version 4.7 |
5 +--------------------------------------------------------------------+
6 | Copyright CiviCRM LLC (c) 2004-2015 |
7 +--------------------------------------------------------------------+
8 | This file is a part of CiviCRM. |
10 | CiviCRM is free software; you can copy, modify, and distribute it |
11 | under the terms of the GNU Affero General Public License |
12 | Version 3, 19 November 2007 and the CiviCRM Licensing Exception. |
14 | CiviCRM is distributed in the hope that it will be useful, but |
15 | WITHOUT ANY WARRANTY; without even the implied warranty of |
16 | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. |
17 | See the GNU Affero General Public License for more details. |
19 | You should have received a copy of the GNU Affero General Public |
20 | License along with this program; if not, contact CiviCRM LLC |
21 | at info[AT]civicrm[DOT]org. If you have questions about the |
22 | GNU Affero General Public License or the licensing of CiviCRM, |
23 | see the CiviCRM license FAQ at http://civicrm.org/licensing |
24 +--------------------------------------------------------------------+
27 require_once 'CiviTest/CiviSeleniumTestCase.php';
30 * Verify that the REST API bindings correctly parse and authenticate requests.
32 class WebTest_Utils_RestTest
extends CiviSeleniumTestCase
{
35 protected $session_id;
36 protected $nocms_contact_id;
37 protected $old_api_keys;
42 * @param string $prefix
44 protected function assertAPIErrorCode($apiResult, $cmpvar, $prefix = '') {
45 if (!empty($prefix)) {
48 $this->assertEquals($cmpvar, $apiResult['is_error'], $prefix . (empty($apiResult['error_message']) ?
'' : $apiResult['error_message']));
49 //$this->assertEquals($cmpvar, $apiResult['is_error'], $prefix . print_r($apiResult, TRUE));
52 protected function setUp() {
54 //URL should eventually be adapted for multisite
55 $this->url
= "{$this->settings->sandboxURL}/{$this->sboxPath}sites/all/modules/civicrm/extern/rest.php";
57 if (!property_exists($this->settings
, 'siteKey') ||
empty($this->settings
->siteKey
)) {
58 $this->markTestSkipped('CiviSeleniumSettings is missing siteKey');
60 if (!property_exists($this->settings
, 'adminApiKey') ||
empty($this->settings
->adminApiKey
)) {
61 $this->markTestSkipped('CiviSeleniumSettings is missing adminApiKey');
64 $this->old_api_keys
= array();
67 protected function tearDown() {
68 if (!empty($this->old_api_keys
)) {
69 foreach ($this->old_api_keys
as $cid => $apiKey) {
70 $this->webtest_civicrm_api('Contact', 'create', array(
77 if (isset($this->nocms_contact_id
)) {
78 $deleteParams = array(
79 "id" => $this->nocms_contact_id
,
82 $res = $this->webtest_civicrm_api("Contact", "delete", $deleteParams);
83 unset($this->nocms_contact_id
);
88 * Build a list of test cases. Each test case defines a set of REST query
89 * parameters and an expected outcome for the REST request (eg is_error=>1 or is_error=>0).
91 * @return array; each item is a list of parameters for testAPICalls
93 public function apiTestCases() {
96 // entity,action: omit apiKey, valid entity+action
99 "entity" => "Contact",
101 "key" => $this->settings
->siteKey
,
107 // entity,action: valid apiKey, valid entity+action
110 "entity" => "Contact",
112 "key" => $this->settings
->siteKey
,
114 "api_key" => $this->settings
->adminApiKey
,
119 // entity,action: bad apiKey, valid entity+action
122 "entity" => "Contact",
124 "key" => $this->settings
->siteKey
,
126 "api_key" => 'garbage_' . $this->settings
->adminApiKey
,
131 // entity,action: valid apiKey, invalid entity+action
134 "entity" => "Contactses",
136 "key" => $this->settings
->siteKey
,
138 "api_key" => $this->settings
->adminApiKey
,
143 // q=civicrm/entity/action: omit apiKey, valid entity+action
146 "q" => "civicrm/contact/get",
147 "key" => $this->settings
->siteKey
,
153 // q=civicrm/entity/action: valid apiKey, valid entity+action
156 "q" => "civicrm/contact/get",
157 "key" => $this->settings
->siteKey
,
159 "api_key" => $this->settings
->adminApiKey
,
164 // q=civicrm/entity/action: invalid apiKey, valid entity+action
167 "q" => "civicrm/contact/get",
168 "key" => $this->settings
->siteKey
,
170 "api_key" => 'garbage_' . $this->settings
->adminApiKey
,
175 // q=civicrm/entity/action: valid apiKey, invalid entity+action
178 "q" => "civicrm/contactses/get",
179 "key" => $this->settings
->siteKey
,
181 "api_key" => $this->settings
->adminApiKey
,
186 // q=civicrm/entity/action: valid apiKey, invalid entity+action
187 // XXX Actually Ping is valid, no?
190 "q" => "civicrm/ping",
191 "key" => $this->settings
->siteKey
,
193 "api_key" => $this->settings
->adminApiKey
,
202 * @dataProvider apiTestCases
206 public function testAPICalls($query, $is_error) {
207 $this->updateAdminApiKey();
209 $client = CRM_Utils_HttpClient
::singleton();
210 list($status, $data) = $client->post($this->url
, $query);
211 $this->assertEquals(CRM_Utils_HttpClient
::STATUS_OK
, $status);
212 $result = json_decode($data, TRUE);
213 if ($result === NULL) {
214 $msg = print_r(array('query' => $query, 'response data' => $data), TRUE);
215 $this->assertNotNull($result, $msg);
217 $this->assertAPIErrorCode($result, $is_error);
221 * Submit a request with an API key that exists but does not correspond to.
222 * a real user. Submit in "?entity=X&action=X" notation
224 public function testNotCMSUser_entityAction() {
225 $client = CRM_Utils_HttpClient
::singleton();
227 //Create contact with api_key
228 $test_key = "testing1234";
229 $contactParams = array(
230 "api_key" => $test_key,
231 "contact_type" => "Individual",
232 "first_name" => "RestTester1",
234 $contact = $this->webtest_civicrm_api("Contact", "create", $contactParams);
235 $this->nocms_contact_id
= $contact["id"];
237 // The key associates with a real contact but not a real user
239 "entity" => "Contact",
241 "key" => $this->settings
->siteKey
,
243 "api_key" => $test_key,
245 list($status, $data) = $client->post($this->url
, $params);
246 $this->assertEquals(CRM_Utils_HttpClient
::STATUS_OK
, $status);
247 $result = json_decode($data, TRUE);
248 $this->assertNotNull($result);
249 $this->assertAPIErrorCode($result, 1);
253 * Submit a request with an API key that exists but does not correspond to
254 * a real user. Submit in "?q=civicrm/$entity/$action" notation
256 public function testNotCMSUser_q() {
257 $client = CRM_Utils_HttpClient
::singleton();
259 //Create contact with api_key
260 $test_key = "testing1234";
261 $contactParams = array(
262 "api_key" => $test_key,
263 "contact_type" => "Individual",
264 "first_name" => "RestTester1",
266 $contact = $this->webtest_civicrm_api("Contact", "create", $contactParams);
267 $this->nocms_contact_id
= $contact["id"];
269 // The key associates with a real contact but not a real user
271 "q" => "civicrm/contact/get",
272 "key" => $this->settings
->siteKey
,
274 "api_key" => $test_key,
276 list($status, $data) = $client->post($this->url
, $params);
277 $this->assertEquals(CRM_Utils_HttpClient
::STATUS_OK
, $status);
278 $result = json_decode($data, TRUE);
279 $this->assertNotNull($result);
280 $this->assertAPIErrorCode($result, 1);
283 protected function updateAdminApiKey() {
284 $this->webtestLogin($this->settings
->adminUsername
, $this->settings
->adminPassword
);
285 $adminContact = $this->webtestGetLoggedInContact();
286 $this->webtestLogout();
288 $this->old_api_keys
[$adminContact['id']] = CRM_Core_DAO
::singleValueQuery('SELECT api_key FROM civicrm_contact WHERE id = %1', array(
289 1 => array($adminContact['id'], 'Positive'),
292 //$this->old_admin_api_key = $this->webtest_civicrm_api('Contact', 'get', array(
293 // 'id' => $adminContact['id'],
294 // 'return' => 'api_key',
297 $this->webtest_civicrm_api('Contact', 'create', array(
298 'id' => $adminContact['id'],
299 'api_key' => $this->settings
->adminApiKey
,