[github/wallabag/wallabag.git] / src / Wallabag / CoreBundle / Tests / Controller / WallabagRestControllerTest.php

<?php

namespace Wallabag\CoreBundle\Tests\Controller;

use Wallabag\CoreBundle\Tests\WallabagTestCase;

class WallabagRestControllerTest extends WallabagTestCase
{
    /**
     * Generate HTTP headers for authenticate user on API
     *
     * @param $username
     * @param $password
     * @param $salt
     *
     * @return array
     */
    private function generateHeaders($username, $password, $salt)
    {
        $encryptedPassword = sha1($password.$username.$salt);
        $nonce = substr(md5(uniqid('nonce_', true)), 0, 16);

        $now = new \DateTime('now', new \DateTimeZone('UTC'));
        $created = (string) $now->format('Y-m-d\TH:i:s\Z');
        $digest = base64_encode(sha1(base64_decode($nonce).$created.$encryptedPassword, true));

        return array(
            'HTTP_AUTHORIZATION' => 'Authorization profile="UsernameToken"',
            'HTTP_x-wsse' => 'X-WSSE: UsernameToken Username="'.$username.'", PasswordDigest="'.$digest.'", Nonce="'.$nonce.'", Created="'.$created.'"',
        );
    }

    public function testGetSalt()
    {
        $client = $this->createClient();
        $client->request('GET', '/api/salts/admin.json');
        $this->assertEquals(200, $client->getResponse()->getStatusCode());
        $this->assertNotEmpty(json_decode($client->getResponse()->getContent()));

        $client->request('GET', '/api/salts/notfound.json');
        $this->assertEquals(404, $client->getResponse()->getStatusCode());
    }

    public function testWithBadHeaders()
    {
        $client = $this->createClient();
        $client->request('GET', '/api/salts/admin.json');
        $salt = json_decode($client->getResponse()->getContent());

        $headers = $this->generateHeaders('admin', 'mypassword', $salt[0]);

        $entry = $client->getContainer()
            ->get('doctrine.orm.entity_manager')
            ->getRepository('WallabagCoreBundle:Entry')
            ->findOneByIsArchived(false);

        if (!$entry) {
            $this->markTestSkipped('No content found in db.');
        }

        $badHeaders = array(
            'HTTP_AUTHORIZATION' => 'Authorization profile="UsernameToken"',
            'HTTP_x-wsse' => 'X-WSSE: UsernameToken Username="admin", PasswordDigest="Wr0ngDig3st", Nonce="n0Nc3", Created="2015-01-01T13:37:00Z"',
        );

        $client->request('GET', '/api/entries/'.$entry->getId().'.json', array(), array(), $badHeaders);
        $this->assertEquals(403, $client->getResponse()->getStatusCode());
    }

    public function testGetOneEntry()
    {
        $client = $this->createClient();
        $client->request('GET', '/api/salts/admin.json');
        $salt = json_decode($client->getResponse()->getContent());

        $headers = $this->generateHeaders('admin', 'mypassword', $salt[0]);

        $entry = $client->getContainer()
            ->get('doctrine.orm.entity_manager')
            ->getRepository('WallabagCoreBundle:Entry')
            ->findOneByIsArchived(false);

        if (!$entry) {
            $this->markTestSkipped('No content found in db.');
        }

        $client->request('GET', '/api/entries/'.$entry->getId().'.json', array(), array(), $headers);
        $this->assertContains($entry->getTitle(), $client->getResponse()->getContent());

        $this->assertTrue(
            $client->getResponse()->headers->contains(
                'Content-Type',
                'application/json'
            )
        );
    }

    public function testGetEntries()
    {
        $client = $this->createClient();
        $client->request('GET', '/api/salts/admin.json');
        $salt = json_decode($client->getResponse()->getContent());

        $headers = $this->generateHeaders('admin', 'mypassword', $salt[0]);

        $client->request('GET', '/api/entries', array(), array(), $headers);

        $this->assertEquals(200, $client->getResponse()->getStatusCode());

        $this->assertGreaterThanOrEqual(1, count(json_decode($client->getResponse()->getContent())));

        $this->assertContains('Mailjet', $client->getResponse()->getContent());

        $this->assertTrue(
            $client->getResponse()->headers->contains(
                'Content-Type',
                'application/json'
            )
        );
    }

    public function testDeleteEntry()
    {
        $client = $this->createClient();
        $client->request('GET', '/api/salts/admin.json');
        $salt = json_decode($client->getResponse()->getContent());

        $headers = $this->generateHeaders('admin', 'mypassword', $salt[0]);

        $entry = $client->getContainer()
            ->get('doctrine.orm.entity_manager')
            ->getRepository('WallabagCoreBundle:Entry')
            ->findOneByUser(1);

        if (!$entry) {
            $this->markTestSkipped('No content found in db.');
        }

        $client->request('DELETE', '/api/entries/'.$entry->getId().'.json', array(), array(), $headers);

        $this->assertEquals(200, $client->getResponse()->getStatusCode());

        // We'll try to delete this entry again
        $client->request('GET', '/api/salts/admin.json');
        $salt = json_decode($client->getResponse()->getContent());

        $headers = $this->generateHeaders('admin', 'test', $salt[0]);

        $client->request('DELETE', '/api/entries/'.$entry->getId().'.json', array(), array(), $headers);

        $this->assertEquals(404, $client->getResponse()->getStatusCode());
    }

    public function testGetOneTag()
    {
        $client = $this->createClient();
        $client->request('GET', '/api/salts/admin.json');
        $salt = json_decode($client->getResponse()->getContent());

        $headers = $this->generateHeaders('admin', 'test', $salt[0]);

        $tag = $client->getContainer()
            ->get('doctrine.orm.entity_manager')
            ->getRepository('WallabagCoreBundle:Tag')
            ->findOneByLabel('foo');

        if (!$tag) {
            $this->markTestSkipped('No content found in db.');
        }

        $client->request('GET', '/api/tags/'.$tag->getLabel().'.json', array(), array(), $headers);

        $this->assertEquals(json_encode($tag), $client->getResponse()->getContent());

        $this->assertTrue(
            $client->getResponse()->headers->contains(
                'Content-Type',
                'application/json'
            )
        );
    }
}
Commit	Line	Data
68c6f1bd NL	1	<?php
	2
	3	namespace Wallabag\CoreBundle\Tests\Controller;
	4
874e3e10	5	use Wallabag\CoreBundle\Tests\WallabagTestCase;
68c6f1bd	6
874e3e10	7	class WallabagRestControllerTest extends WallabagTestCase
68c6f1bd	8	{
19aee7cd NL	9	/**
	10	* Generate HTTP headers for authenticate user on API
	11	*
	12	* @param $username
	13	* @param $password
	14	* @param $salt
	15	*
	16	* @return array
	17	*/
	18	private function generateHeaders($username, $password, $salt)
	19	{
	20	$encryptedPassword = sha1($password.$username.$salt);
	21	$nonce = substr(md5(uniqid('nonce_', true)), 0, 16);
	22
	23	$now = new \DateTime('now', new \DateTimeZone('UTC'));
	24	$created = (string) $now->format('Y-m-d\TH:i:s\Z');
	25	$digest = base64_encode(sha1(base64_decode($nonce).$created.$encryptedPassword, true));
	26
	27	return array(
19aee7cd NL	28	'HTTP_AUTHORIZATION' => 'Authorization profile="UsernameToken"',
	29	'HTTP_x-wsse' => 'X-WSSE: UsernameToken Username="'.$username.'", PasswordDigest="'.$digest.'", Nonce="'.$nonce.'", Created="'.$created.'"',
	30	);
	31	}
	32
f5deb024 NL	33	public function testGetSalt()
	34	{
	35	$client = $this->createClient();
	36	$client->request('GET', '/api/salts/admin.json');
	37	$this->assertEquals(200, $client->getResponse()->getStatusCode());
f170f315	38	$this->assertNotEmpty(json_decode($client->getResponse()->getContent()));
f5deb024 NL	39
	40	$client->request('GET', '/api/salts/notfound.json');
	41	$this->assertEquals(404, $client->getResponse()->getStatusCode());
	42	}
	43
59f18f9a NL	44	public function testWithBadHeaders()
	45	{
	46	$client = $this->createClient();
	47	$client->request('GET', '/api/salts/admin.json');
	48	$salt = json_decode($client->getResponse()->getContent());
	49
d9085c63	50	$headers = $this->generateHeaders('admin', 'mypassword', $salt[0]);
59f18f9a NL	51
	52	$entry = $client->getContainer()
	53	->get('doctrine.orm.entity_manager')
	54	->getRepository('WallabagCoreBundle:Entry')
	55	->findOneByIsArchived(false);
	56
	57	if (!$entry) {
	58	$this->markTestSkipped('No content found in db.');
	59	}
	60
	61	$badHeaders = array(
	62	'HTTP_AUTHORIZATION' => 'Authorization profile="UsernameToken"',
	63	'HTTP_x-wsse' => 'X-WSSE: UsernameToken Username="admin", PasswordDigest="Wr0ngDig3st", Nonce="n0Nc3", Created="2015-01-01T13:37:00Z"',
	64	);
	65
	66	$client->request('GET', '/api/entries/'.$entry->getId().'.json', array(), array(), $badHeaders);
	67	$this->assertEquals(403, $client->getResponse()->getStatusCode());
	68	}
	69
19aee7cd	70	public function testGetOneEntry()
f5deb024	71	{
68c6f1bd	72	$client = $this->createClient();
e1dd7f70	73	$client->request('GET', '/api/salts/admin.json');
c9fa9677	74	$salt = json_decode($client->getResponse()->getContent());
e1dd7f70	75
d9085c63	76	$headers = $this->generateHeaders('admin', 'mypassword', $salt[0]);
e1dd7f70	77
c9fa9677 NL	78	$entry = $client->getContainer()
	79	->get('doctrine.orm.entity_manager')
	80	->getRepository('WallabagCoreBundle:Entry')
	81	->findOneByIsArchived(false);
	82
	83	if (!$entry) {
	84	$this->markTestSkipped('No content found in db.');
	85	}
	86
	87	$client->request('GET', '/api/entries/'.$entry->getId().'.json', array(), array(), $headers);
	88	$this->assertContains($entry->getTitle(), $client->getResponse()->getContent());
e1dd7f70	89
19aee7cd NL	90	$this->assertTrue(
	91	$client->getResponse()->headers->contains(
	92	'Content-Type',
	93	'application/json'
	94	)
e1dd7f70	95	);
19aee7cd NL	96	}
	97
	98	public function testGetEntries()
	99	{
	100	$client = $this->createClient();
	101	$client->request('GET', '/api/salts/admin.json');
c9fa9677	102	$salt = json_decode($client->getResponse()->getContent());
19aee7cd	103
d9085c63	104	$headers = $this->generateHeaders('admin', 'mypassword', $salt[0]);
e1dd7f70 NL	105
e1dd7f70 NL	106	$client->request('GET', '/api/entries', array(), array(), $headers);
d9b71755 NL	107
	108	$this->assertEquals(200, $client->getResponse()->getStatusCode());
	109
d9b71755 NL	110	$this->assertGreaterThanOrEqual(1, count(json_decode($client->getResponse()->getContent())));
d9b71755 NL	111
e1dd7f70	112	$this->assertContains('Mailjet', $client->getResponse()->getContent());
68c6f1bd NL	113
	114	$this->assertTrue(
	115	$client->getResponse()->headers->contains(
	116	'Content-Type',
	117	'application/json'
	118	)
	119	);
68c6f1bd	120	}
c9fa9677 NL	121
	122	public function testDeleteEntry()
	123	{
	124	$client = $this->createClient();
	125	$client->request('GET', '/api/salts/admin.json');
	126	$salt = json_decode($client->getResponse()->getContent());
	127
d9085c63	128	$headers = $this->generateHeaders('admin', 'mypassword', $salt[0]);
c9fa9677 NL	129
	130	$entry = $client->getContainer()
	131	->get('doctrine.orm.entity_manager')
	132	->getRepository('WallabagCoreBundle:Entry')
1d147791	133	->findOneByUser(1);
c9fa9677 NL	134
	135	if (!$entry) {
	136	$this->markTestSkipped('No content found in db.');
	137	}
	138
	139	$client->request('DELETE', '/api/entries/'.$entry->getId().'.json', array(), array(), $headers);
	140
	141	$this->assertEquals(200, $client->getResponse()->getStatusCode());
	142
1d147791 NL	143	// We'll try to delete this entry again
	144	$client->request('GET', '/api/salts/admin.json');
	145	$salt = json_decode($client->getResponse()->getContent());
	146
	147	$headers = $this->generateHeaders('admin', 'test', $salt[0]);
	148
	149	$client->request('DELETE', '/api/entries/'.$entry->getId().'.json', array(), array(), $headers);
	150
	151	$this->assertEquals(404, $client->getResponse()->getStatusCode());
c9fa9677	152	}
2691cf04 NL	153
	154	public function testGetOneTag()
	155	{
	156	$client = $this->createClient();
	157	$client->request('GET', '/api/salts/admin.json');
	158	$salt = json_decode($client->getResponse()->getContent());
	159
	160	$headers = $this->generateHeaders('admin', 'test', $salt[0]);
	161
	162	$tag = $client->getContainer()
	163	->get('doctrine.orm.entity_manager')
	164	->getRepository('WallabagCoreBundle:Tag')
	165	->findOneByLabel('foo');
	166
	167	if (!$tag) {
	168	$this->markTestSkipped('No content found in db.');
	169	}
	170
	171	$client->request('GET', '/api/tags/'.$tag->getLabel().'.json', array(), array(), $headers);
	172
	173	$this->assertEquals(json_encode($tag), $client->getResponse()->getContent());
	174
	175	$this->assertTrue(
	176	$client->getResponse()->headers->contains(
	177	'Content-Type',
	178	'application/json'
	179	)
	180	);
	181	}
2734044a	182	}