src/Wallabag/CoreBundle/Tests/Controller/WallabagRestControllerTest.php

   1 <?php
   2
   3 namespace Wallabag\CoreBundle\Tests\Controller;
   4
   5 use Wallabag\CoreBundle\Tests\WallabagTestCase;
   6
   7 class WallabagRestControllerTest extends WallabagTestCase
   8 {
   9     /**
  10      * Generate HTTP headers for authenticate user on API
  11      *
  12      * @param $username
  13      * @param $password
  14      * @param $salt
  15      *
  16      * @return array
  17      */
  18     private function generateHeaders($username, $password, $salt)
  19     {
  20         $encryptedPassword = sha1($password.$username.$salt);
  21         $nonce = substr(md5(uniqid('nonce_', true)), 0, 16);
  22
  23         $now = new \DateTime('now', new \DateTimeZone('UTC'));
  24         $created = (string) $now->format('Y-m-d\TH:i:s\Z');
  25         $digest = base64_encode(sha1(base64_decode($nonce).$created.$encryptedPassword, true));
  26
  27         return array(
  28             'HTTP_AUTHORIZATION' => 'Authorization profile="UsernameToken"',
  29             'HTTP_x-wsse' => 'X-WSSE: UsernameToken Username="'.$username.'", PasswordDigest="'.$digest.'", Nonce="'.$nonce.'", Created="'.$created.'"',
  30         );
  31     }
  32
  33     public function testGetSalt()
  34     {
  35         $client = $this->createClient();
  36         $client->request('GET', '/api/salts/admin.json');
  37         $this->assertEquals(200, $client->getResponse()->getStatusCode());
  38         $this->assertNotEmpty(json_decode($client->getResponse()->getContent()));
  39
  40         $client->request('GET', '/api/salts/notfound.json');
  41         $this->assertEquals(404, $client->getResponse()->getStatusCode());
  42     }
  43
  44     public function testWithBadHeaders()
  45     {
  46         $client = $this->createClient();
  47         $client->request('GET', '/api/salts/admin.json');
  48         $salt = json_decode($client->getResponse()->getContent());
  49
  50         $headers = $this->generateHeaders('admin', 'mypassword', $salt[0]);
  51
  52         $entry = $client->getContainer()
  53             ->get('doctrine.orm.entity_manager')
  54             ->getRepository('WallabagCoreBundle:Entry')
  55             ->findOneByIsArchived(false);
  56
  57         if (!$entry) {
  58             $this->markTestSkipped('No content found in db.');
  59         }
  60
  61         $badHeaders = array(
  62             'HTTP_AUTHORIZATION' => 'Authorization profile="UsernameToken"',
  63             'HTTP_x-wsse' => 'X-WSSE: UsernameToken Username="admin", PasswordDigest="Wr0ngDig3st", Nonce="n0Nc3", Created="2015-01-01T13:37:00Z"',
  64         );
  65
  66         $client->request('GET', '/api/entries/'.$entry->getId().'.json', array(), array(), $badHeaders);
  67         $this->assertEquals(403, $client->getResponse()->getStatusCode());
  68     }
  69
  70     public function testGetOneEntry()
  71     {
  72         $client = $this->createClient();
  73         $client->request('GET', '/api/salts/admin.json');
  74         $salt = json_decode($client->getResponse()->getContent());
  75
  76         $headers = $this->generateHeaders('admin', 'mypassword', $salt[0]);
  77
  78         $entry = $client->getContainer()
  79             ->get('doctrine.orm.entity_manager')
  80             ->getRepository('WallabagCoreBundle:Entry')
  81             ->findOneByIsArchived(false);
  82
  83         if (!$entry) {
  84             $this->markTestSkipped('No content found in db.');
  85         }
  86
  87         $client->request('GET', '/api/entries/'.$entry->getId().'.json', array(), array(), $headers);
  88         $this->assertContains($entry->getTitle(), $client->getResponse()->getContent());
  89
  90         $this->assertTrue(
  91             $client->getResponse()->headers->contains(
  92                 'Content-Type',
  93                 'application/json'
  94             )
  95         );
  96     }
  97
  98     public function testGetEntries()
  99     {
 100         $client = $this->createClient();
 101         $client->request('GET', '/api/salts/admin.json');
 102         $salt = json_decode($client->getResponse()->getContent());
 103
 104         $headers = $this->generateHeaders('admin', 'mypassword', $salt[0]);
 105
 106         $client->request('GET', '/api/entries', array(), array(), $headers);
 107
 108         $this->assertEquals(200, $client->getResponse()->getStatusCode());
 109
 110         $this->assertGreaterThanOrEqual(1, count(json_decode($client->getResponse()->getContent())));
 111
 112         $this->assertContains('Mailjet', $client->getResponse()->getContent());
 113
 114         $this->assertTrue(
 115             $client->getResponse()->headers->contains(
 116                 'Content-Type',
 117                 'application/json'
 118             )
 119         );
 120     }
 121
 122     public function testDeleteEntry()
 123     {
 124         $client = $this->createClient();
 125         $client->request('GET', '/api/salts/admin.json');
 126         $salt = json_decode($client->getResponse()->getContent());
 127
 128         $headers = $this->generateHeaders('admin', 'mypassword', $salt[0]);
 129
 130         $entry = $client->getContainer()
 131             ->get('doctrine.orm.entity_manager')
 132             ->getRepository('WallabagCoreBundle:Entry')
 133             ->findOneByUser(1);
 134
 135         if (!$entry) {
 136             $this->markTestSkipped('No content found in db.');
 137         }
 138
 139         $client->request('DELETE', '/api/entries/'.$entry->getId().'.json', array(), array(), $headers);
 140
 141         $this->assertEquals(200, $client->getResponse()->getStatusCode());
 142
 143         // We'll try to delete this entry again
 144         $client->request('GET', '/api/salts/admin.json');
 145         $salt = json_decode($client->getResponse()->getContent());
 146
 147         $headers = $this->generateHeaders('admin', 'test', $salt[0]);
 148
 149         $client->request('DELETE', '/api/entries/'.$entry->getId().'.json', array(), array(), $headers);
 150
 151         $this->assertEquals(404, $client->getResponse()->getStatusCode());
 152     }
 153
 154     public function testGetOneTag()
 155     {
 156         $client = $this->createClient();
 157         $client->request('GET', '/api/salts/admin.json');
 158         $salt = json_decode($client->getResponse()->getContent());
 159
 160         $headers = $this->generateHeaders('admin', 'test', $salt[0]);
 161
 162         $tag = $client->getContainer()
 163             ->get('doctrine.orm.entity_manager')
 164             ->getRepository('WallabagCoreBundle:Tag')
 165             ->findOneByLabel('foo');
 166
 167         if (!$tag) {
 168             $this->markTestSkipped('No content found in db.');
 169         }
 170
 171         $client->request('GET', '/api/tags/'.$tag->getLabel().'.json', array(), array(), $headers);
 172
 173         $this->assertEquals(json_encode($tag), $client->getResponse()->getContent());
 174
 175         $this->assertTrue(
 176             $client->getResponse()->headers->contains(
 177                 'Content-Type',
 178                 'application/json'
 179             )
 180         );
 181     }
 182 }