]>
Commit | Line | Data |
---|---|---|
1 | <?php | |
2 | ||
3 | namespace Wallabag\CoreBundle\Tests\Controller; | |
4 | ||
5 | use Wallabag\CoreBundle\Tests\WallabagTestCase; | |
6 | ||
7 | class WallabagRestControllerTest extends WallabagTestCase | |
8 | { | |
9 | /** | |
10 | * Generate HTTP headers for authenticate user on API | |
11 | * | |
12 | * @param $username | |
13 | * @param $password | |
14 | * @param $salt | |
15 | * | |
16 | * @return array | |
17 | */ | |
18 | private function generateHeaders($username, $password, $salt) | |
19 | { | |
20 | $encryptedPassword = sha1($password.$username.$salt); | |
21 | $nonce = substr(md5(uniqid('nonce_', true)), 0, 16); | |
22 | ||
23 | $now = new \DateTime('now', new \DateTimeZone('UTC')); | |
24 | $created = (string) $now->format('Y-m-d\TH:i:s\Z'); | |
25 | $digest = base64_encode(sha1(base64_decode($nonce).$created.$encryptedPassword, true)); | |
26 | ||
27 | return array( | |
28 | 'HTTP_AUTHORIZATION' => 'Authorization profile="UsernameToken"', | |
29 | 'HTTP_x-wsse' => 'X-WSSE: UsernameToken Username="'.$username.'", PasswordDigest="'.$digest.'", Nonce="'.$nonce.'", Created="'.$created.'"', | |
30 | ); | |
31 | } | |
32 | ||
33 | public function testGetSalt() | |
34 | { | |
35 | $client = $this->createClient(); | |
36 | $client->request('GET', '/api/salts/admin.json'); | |
37 | $this->assertEquals(200, $client->getResponse()->getStatusCode()); | |
38 | $this->assertNotEmpty(json_decode($client->getResponse()->getContent())); | |
39 | ||
40 | $client->request('GET', '/api/salts/notfound.json'); | |
41 | $this->assertEquals(404, $client->getResponse()->getStatusCode()); | |
42 | } | |
43 | ||
44 | public function testWithBadHeaders() | |
45 | { | |
46 | $client = $this->createClient(); | |
47 | $client->request('GET', '/api/salts/admin.json'); | |
48 | $salt = json_decode($client->getResponse()->getContent()); | |
49 | ||
50 | $headers = $this->generateHeaders('admin', 'test', $salt[0]); | |
51 | ||
52 | $entry = $client->getContainer() | |
53 | ->get('doctrine.orm.entity_manager') | |
54 | ->getRepository('WallabagCoreBundle:Entry') | |
55 | ->findOneByIsArchived(false); | |
56 | ||
57 | if (!$entry) { | |
58 | $this->markTestSkipped('No content found in db.'); | |
59 | } | |
60 | ||
61 | $badHeaders = array( | |
62 | 'HTTP_AUTHORIZATION' => 'Authorization profile="UsernameToken"', | |
63 | 'HTTP_x-wsse' => 'X-WSSE: UsernameToken Username="admin", PasswordDigest="Wr0ngDig3st", Nonce="n0Nc3", Created="2015-01-01T13:37:00Z"', | |
64 | ); | |
65 | ||
66 | $client->request('GET', '/api/entries/'.$entry->getId().'.json', array(), array(), $badHeaders); | |
67 | $this->assertEquals(403, $client->getResponse()->getStatusCode()); | |
68 | } | |
69 | ||
70 | public function testGetOneEntry() | |
71 | { | |
72 | $client = $this->createClient(); | |
73 | $client->request('GET', '/api/salts/admin.json'); | |
74 | $salt = json_decode($client->getResponse()->getContent()); | |
75 | ||
76 | $headers = $this->generateHeaders('admin', 'test', $salt[0]); | |
77 | ||
78 | $entry = $client->getContainer() | |
79 | ->get('doctrine.orm.entity_manager') | |
80 | ->getRepository('WallabagCoreBundle:Entry') | |
81 | ->findOneByIsArchived(false); | |
82 | ||
83 | if (!$entry) { | |
84 | $this->markTestSkipped('No content found in db.'); | |
85 | } | |
86 | ||
87 | $client->request('GET', '/api/entries/'.$entry->getId().'.json', array(), array(), $headers); | |
88 | $this->assertContains($entry->getTitle(), $client->getResponse()->getContent()); | |
89 | ||
90 | $this->assertTrue( | |
91 | $client->getResponse()->headers->contains( | |
92 | 'Content-Type', | |
93 | 'application/json' | |
94 | ) | |
95 | ); | |
96 | } | |
97 | ||
98 | public function testGetEntries() | |
99 | { | |
100 | $client = $this->createClient(); | |
101 | $client->request('GET', '/api/salts/admin.json'); | |
102 | $salt = json_decode($client->getResponse()->getContent()); | |
103 | ||
104 | $headers = $this->generateHeaders('admin', 'test', $salt[0]); | |
105 | ||
106 | $client->request('GET', '/api/entries', array(), array(), $headers); | |
107 | ||
108 | $this->assertEquals(200, $client->getResponse()->getStatusCode()); | |
109 | ||
110 | $this->assertGreaterThanOrEqual(1, count(json_decode($client->getResponse()->getContent()))); | |
111 | ||
112 | $this->assertContains('Mailjet', $client->getResponse()->getContent()); | |
113 | ||
114 | $this->assertTrue( | |
115 | $client->getResponse()->headers->contains( | |
116 | 'Content-Type', | |
117 | 'application/json' | |
118 | ) | |
119 | ); | |
120 | } | |
121 | ||
122 | public function testDeleteEntry() | |
123 | { | |
124 | $client = $this->createClient(); | |
125 | $client->request('GET', '/api/salts/admin.json'); | |
126 | $salt = json_decode($client->getResponse()->getContent()); | |
127 | ||
128 | $headers = $this->generateHeaders('admin', 'test', $salt[0]); | |
129 | ||
130 | $entry = $client->getContainer() | |
131 | ->get('doctrine.orm.entity_manager') | |
132 | ->getRepository('WallabagCoreBundle:Entry') | |
133 | ->findOneByIsDeleted(false); | |
134 | ||
135 | if (!$entry) { | |
136 | $this->markTestSkipped('No content found in db.'); | |
137 | } | |
138 | ||
139 | $client->request('DELETE', '/api/entries/'.$entry->getId().'.json', array(), array(), $headers); | |
140 | ||
141 | $this->assertEquals(200, $client->getResponse()->getStatusCode()); | |
142 | ||
143 | $res = $client->getContainer() | |
144 | ->get('doctrine.orm.entity_manager') | |
145 | ->getRepository('WallabagCoreBundle:Entry') | |
146 | ->findOneById($entry->getId()); | |
147 | $this->assertEquals($res->isDeleted(), true); | |
148 | } | |
149 | } |