- /**
- * Grab the salt once and store it to be available for all tests.
- */
- public static function setUpBeforeClass()
- {
- $client = self::createClient();
-
- $user = $client->getContainer()
- ->get('doctrine.orm.entity_manager')
- ->getRepository('WallabagCoreBundle:User')
- ->findOneByUsername('admin');
-
- self::$salt = $user->getSalt();
- }
-
- /**
- * Generate HTTP headers for authenticate user on API.
- *
- * @param string $username
- * @param string $password
- *
- * @return array
- */
- private function generateHeaders($username, $password)
- {
- $encryptedPassword = sha1($password.$username.self::$salt);
- $nonce = substr(md5(uniqid('nonce_', true)), 0, 16);
-
- $now = new \DateTime('now', new \DateTimeZone('UTC'));
- $created = (string) $now->format('Y-m-d\TH:i:s\Z');
- $digest = base64_encode(sha1(base64_decode($nonce).$created.$encryptedPassword, true));
-
- return array(
- 'HTTP_AUTHORIZATION' => 'Authorization profile="UsernameToken"',
- 'HTTP_x-wsse' => 'X-WSSE: UsernameToken Username="'.$username.'", PasswordDigest="'.$digest.'", Nonce="'.$nonce.'", Created="'.$created.'"',
- );
- }
-
- public function testGetSalt()
- {
- $client = $this->createClient();
- $client->request('GET', '/api/salts/admin.json');
-
- $user = $client->getContainer()
- ->get('doctrine.orm.entity_manager')
- ->getRepository('WallabagCoreBundle:User')
- ->findOneByUsername('admin');
-
- $this->assertEquals(200, $client->getResponse()->getStatusCode());
-
- $content = json_decode($client->getResponse()->getContent(), true);
-
- $this->assertArrayHasKey(0, $content);
- $this->assertEquals($user->getSalt(), $content[0]);
-
- $client->request('GET', '/api/salts/notfound.json');
- $this->assertEquals(404, $client->getResponse()->getStatusCode());
- }
-
- public function testWithBadHeaders()
- {
- $client = $this->createClient();
-
- $entry = $client->getContainer()
- ->get('doctrine.orm.entity_manager')
- ->getRepository('WallabagCoreBundle:Entry')
- ->findOneByIsArchived(false);
-
- if (!$entry) {
- $this->markTestSkipped('No content found in db.');
- }
-
- $badHeaders = array(
- 'HTTP_AUTHORIZATION' => 'Authorization profile="UsernameToken"',
- 'HTTP_x-wsse' => 'X-WSSE: UsernameToken Username="admin", PasswordDigest="Wr0ngDig3st", Nonce="n0Nc3", Created="2015-01-01T13:37:00Z"',
- );
-
- $client->request('GET', '/api/entries/'.$entry->getId().'.json', array(), array(), $badHeaders);
- $this->assertEquals(403, $client->getResponse()->getStatusCode());
- }
-