[github/wallabag/wallabag.git] / src / Wallabag / CoreBundle / Tests / Controller / WallabagRestControllerTest.php

<?php

namespace Wallabag\CoreBundle\Tests\Controller;

use Wallabag\CoreBundle\Tests\WallabagTestCase;

class WallabagRestControllerTest extends WallabagTestCase
{
    /**
     * Generate HTTP headers for authenticate user on API
     *
     * @param $username
     * @param $password
     * @param $salt
     *
     * @return array
     */
    private function generateHeaders($username, $password, $salt)
    {
        $encryptedPassword = sha1($password.$username.$salt);
        $nonce = substr(md5(uniqid('nonce_', true)), 0, 16);

        $now = new \DateTime('now', new \DateTimeZone('UTC'));
        $created = (string) $now->format('Y-m-d\TH:i:s\Z');
        $digest = base64_encode(sha1(base64_decode($nonce).$created.$encryptedPassword, true));

        return array(
            'HTTP_AUTHORIZATION' => 'Authorization profile="UsernameToken"',
            'HTTP_x-wsse' => 'X-WSSE: UsernameToken Username="'.$username.'", PasswordDigest="'.$digest.'", Nonce="'.$nonce.'", Created="'.$created.'"',
        );
    }

    public function testGetSalt()
    {
        $client = $this->createClient();
        $client->request('GET', '/api/salts/admin.json');
        $this->assertEquals(200, $client->getResponse()->getStatusCode());
        $this->assertNotEmpty(json_decode($client->getResponse()->getContent()));

        $client->request('GET', '/api/salts/notfound.json');
        $this->assertEquals(404, $client->getResponse()->getStatusCode());
    }

    public function testGetOneEntry()
    {
        $client = $this->createClient();
        $client->request('GET', '/api/salts/admin.json');
        $salt = json_decode($client->getResponse()->getContent());

        $headers = $this->generateHeaders('admin', 'test', $salt[0]);

        $entry = $client->getContainer()
            ->get('doctrine.orm.entity_manager')
            ->getRepository('WallabagCoreBundle:Entry')
            ->findOneByIsArchived(false);

        if (!$entry) {
            $this->markTestSkipped('No content found in db.');
        }

        $client->request('GET', '/api/entries/'.$entry->getId().'.json', array(), array(), $headers);
        $this->assertContains($entry->getTitle(), $client->getResponse()->getContent());

        $this->assertTrue(
            $client->getResponse()->headers->contains(
                'Content-Type',
                'application/json'
            )
        );

        // Now testing with bad headers
        $badHeaders = array(
            'HTTP_AUTHORIZATION' => 'Authorization profile="UsernameToken"',
            'HTTP_x-wsse' => 'X-WSSE: UsernameToken Username="admin", PasswordDigest="Wr0ngDig3st", Nonce="n0Nc3", Created="2015-01-01T13:37:00Z"',
        );

        $client->request('GET', '/api/entries/'.$entry->getId().'.json', array(), array(), $badHeaders);
        $this->assertEquals(403, $client->getResponse()->getStatusCode());
    }

    public function testGetEntries()
    {
        $client = $this->createClient();
        $client->request('GET', '/api/salts/admin.json');
        $salt = json_decode($client->getResponse()->getContent());

        $headers = $this->generateHeaders('admin', 'test', $salt[0]);

        $client->request('GET', '/api/entries', array(), array(), $headers);
        $this->assertContains('Mailjet', $client->getResponse()->getContent());

        $this->assertTrue(
            $client->getResponse()->headers->contains(
                'Content-Type',
                'application/json'
            )
        );
    }

    public function testDeleteEntry()
    {
        $client = $this->createClient();
        $client->request('GET', '/api/salts/admin.json');
        $salt = json_decode($client->getResponse()->getContent());

        $headers = $this->generateHeaders('admin', 'test', $salt[0]);

        $entry = $client->getContainer()
            ->get('doctrine.orm.entity_manager')
            ->getRepository('WallabagCoreBundle:Entry')
            ->findOneByIsDeleted(false);

        if (!$entry) {
            $this->markTestSkipped('No content found in db.');
        }

        $client->request('DELETE', '/api/entries/'.$entry->getId().'.json', array(), array(), $headers);

        $this->assertEquals(200, $client->getResponse()->getStatusCode());

        $res = $client->getContainer()
            ->get('doctrine.orm.entity_manager')
            ->getRepository('WallabagCoreBundle:Entry')
            ->findOneById($entry->getId());
        $this->assertEquals($res->isDeleted(), true);
    }
}
Commit	Line	Data
68c6f1bd NL	1	<?php
	2
	3	namespace Wallabag\CoreBundle\Tests\Controller;
	4
874e3e10	5	use Wallabag\CoreBundle\Tests\WallabagTestCase;
68c6f1bd	6
874e3e10	7	class WallabagRestControllerTest extends WallabagTestCase
68c6f1bd	8	{
19aee7cd NL	9	/**
	10	* Generate HTTP headers for authenticate user on API
	11	*
	12	* @param $username
	13	* @param $password
	14	* @param $salt
	15	*
	16	* @return array
	17	*/
	18	private function generateHeaders($username, $password, $salt)
	19	{
	20	$encryptedPassword = sha1($password.$username.$salt);
	21	$nonce = substr(md5(uniqid('nonce_', true)), 0, 16);
	22
	23	$now = new \DateTime('now', new \DateTimeZone('UTC'));
	24	$created = (string) $now->format('Y-m-d\TH:i:s\Z');
	25	$digest = base64_encode(sha1(base64_decode($nonce).$created.$encryptedPassword, true));
	26
	27	return array(
19aee7cd NL	28	'HTTP_AUTHORIZATION' => 'Authorization profile="UsernameToken"',
	29	'HTTP_x-wsse' => 'X-WSSE: UsernameToken Username="'.$username.'", PasswordDigest="'.$digest.'", Nonce="'.$nonce.'", Created="'.$created.'"',
	30	);
	31	}
	32
f5deb024 NL	33	public function testGetSalt()
	34	{
	35	$client = $this->createClient();
	36	$client->request('GET', '/api/salts/admin.json');
	37	$this->assertEquals(200, $client->getResponse()->getStatusCode());
f170f315	38	$this->assertNotEmpty(json_decode($client->getResponse()->getContent()));
f5deb024 NL	39
	40	$client->request('GET', '/api/salts/notfound.json');
	41	$this->assertEquals(404, $client->getResponse()->getStatusCode());
	42	}
	43
19aee7cd	44	public function testGetOneEntry()
f5deb024	45	{
68c6f1bd	46	$client = $this->createClient();
e1dd7f70	47	$client->request('GET', '/api/salts/admin.json');
c9fa9677	48	$salt = json_decode($client->getResponse()->getContent());
e1dd7f70	49
c9fa9677	50	$headers = $this->generateHeaders('admin', 'test', $salt[0]);
e1dd7f70	51
c9fa9677 NL	52	$entry = $client->getContainer()
	53	->get('doctrine.orm.entity_manager')
	54	->getRepository('WallabagCoreBundle:Entry')
	55	->findOneByIsArchived(false);
	56
	57	if (!$entry) {
	58	$this->markTestSkipped('No content found in db.');
	59	}
	60
	61	$client->request('GET', '/api/entries/'.$entry->getId().'.json', array(), array(), $headers);
	62	$this->assertContains($entry->getTitle(), $client->getResponse()->getContent());
e1dd7f70	63
19aee7cd NL	64	$this->assertTrue(
	65	$client->getResponse()->headers->contains(
	66	'Content-Type',
	67	'application/json'
	68	)
e1dd7f70	69	);
9ca5fd43 NL	70
	71	// Now testing with bad headers
	72	$badHeaders = array(
	73	'HTTP_AUTHORIZATION' => 'Authorization profile="UsernameToken"',
	74	'HTTP_x-wsse' => 'X-WSSE: UsernameToken Username="admin", PasswordDigest="Wr0ngDig3st", Nonce="n0Nc3", Created="2015-01-01T13:37:00Z"',
	75	);
	76
	77	$client->request('GET', '/api/entries/'.$entry->getId().'.json', array(), array(), $badHeaders);
	78	$this->assertEquals(403, $client->getResponse()->getStatusCode());
19aee7cd NL	79	}
	80
	81	public function testGetEntries()
	82	{
	83	$client = $this->createClient();
	84	$client->request('GET', '/api/salts/admin.json');
c9fa9677	85	$salt = json_decode($client->getResponse()->getContent());
19aee7cd	86
c9fa9677	87	$headers = $this->generateHeaders('admin', 'test', $salt[0]);
e1dd7f70 NL	88
	89	$client->request('GET', '/api/entries', array(), array(), $headers);
	90	$this->assertContains('Mailjet', $client->getResponse()->getContent());
68c6f1bd NL	91
	92	$this->assertTrue(
	93	$client->getResponse()->headers->contains(
	94	'Content-Type',
	95	'application/json'
	96	)
	97	);
68c6f1bd	98	}
c9fa9677 NL	99
	100	public function testDeleteEntry()
	101	{
	102	$client = $this->createClient();
	103	$client->request('GET', '/api/salts/admin.json');
	104	$salt = json_decode($client->getResponse()->getContent());
	105
	106	$headers = $this->generateHeaders('admin', 'test', $salt[0]);
	107
	108	$entry = $client->getContainer()
	109	->get('doctrine.orm.entity_manager')
	110	->getRepository('WallabagCoreBundle:Entry')
	111	->findOneByIsDeleted(false);
	112
	113	if (!$entry) {
	114	$this->markTestSkipped('No content found in db.');
	115	}
	116
	117	$client->request('DELETE', '/api/entries/'.$entry->getId().'.json', array(), array(), $headers);
	118
	119	$this->assertEquals(200, $client->getResponse()->getStatusCode());
	120
	121	$res = $client->getContainer()
	122	->get('doctrine.orm.entity_manager')
	123	->getRepository('WallabagCoreBundle:Entry')
	124	->findOneById($entry->getId());
	125	$this->assertEquals($res->isDeleted(), true);
	126	}
2734044a	127	}