diff options
author | Nicolas LÅ“uillet <nicolas@loeuillet.org> | 2015-06-01 15:49:49 +0200 |
---|---|---|
committer | Nicolas LÅ“uillet <nicolas@loeuillet.org> | 2015-06-01 15:49:49 +0200 |
commit | 2878416f8b4d94fb5e64c2fa61861526a7654d3d (patch) | |
tree | cbdf2d95ecdb651e2003747a28572c35b6c9da64 /src/Wallabag/ApiBundle | |
parent | 98510a4189186c8dcc3f1bf38843d935ed3d1859 (diff) | |
parent | 4346a86068781f4acdeb574d7e2af08b77b58ea7 (diff) | |
download | wallabag-2878416f8b4d94fb5e64c2fa61861526a7654d3d.tar.gz wallabag-2878416f8b4d94fb5e64c2fa61861526a7654d3d.tar.zst wallabag-2878416f8b4d94fb5e64c2fa61861526a7654d3d.zip |
Merge pull request #1167 from wallabag/v2-api-bundle
Move API stuff in ApiBundle
Diffstat (limited to 'src/Wallabag/ApiBundle')
12 files changed, 1079 insertions, 0 deletions
diff --git a/src/Wallabag/ApiBundle/Controller/WallabagRestController.php b/src/Wallabag/ApiBundle/Controller/WallabagRestController.php new file mode 100644 index 00000000..2f5923c8 --- /dev/null +++ b/src/Wallabag/ApiBundle/Controller/WallabagRestController.php | |||
@@ -0,0 +1,376 @@ | |||
1 | <?php | ||
2 | |||
3 | namespace Wallabag\ApiBundle\Controller; | ||
4 | |||
5 | use Nelmio\ApiDocBundle\Annotation\ApiDoc; | ||
6 | use Symfony\Bundle\FrameworkBundle\Controller\Controller; | ||
7 | use Symfony\Component\HttpFoundation\Request; | ||
8 | use Symfony\Component\HttpFoundation\Response; | ||
9 | use Wallabag\CoreBundle\Entity\Entry; | ||
10 | use Wallabag\CoreBundle\Entity\Tag; | ||
11 | use Wallabag\CoreBundle\Service\Extractor; | ||
12 | use Hateoas\Configuration\Route; | ||
13 | use Hateoas\Representation\Factory\PagerfantaFactory; | ||
14 | |||
15 | class WallabagRestController extends Controller | ||
16 | { | ||
17 | /** | ||
18 | * @param Entry $entry | ||
19 | * @param string $tags | ||
20 | */ | ||
21 | private function assignTagsToEntry(Entry $entry, $tags) | ||
22 | { | ||
23 | foreach (explode(',', $tags) as $label) { | ||
24 | $label = trim($label); | ||
25 | $tagEntity = $this | ||
26 | ->getDoctrine() | ||
27 | ->getRepository('WallabagCoreBundle:Tag') | ||
28 | ->findOneByLabel($label); | ||
29 | |||
30 | if (is_null($tagEntity)) { | ||
31 | $tagEntity = new Tag($this->getUser()); | ||
32 | $tagEntity->setLabel($label); | ||
33 | } | ||
34 | |||
35 | // only add the tag on the entry if the relation doesn't exist | ||
36 | if (!$entry->getTags()->contains($tagEntity)) { | ||
37 | $entry->addTag($tagEntity); | ||
38 | } | ||
39 | } | ||
40 | } | ||
41 | |||
42 | /** | ||
43 | * Retrieve salt for a giver user. | ||
44 | * | ||
45 | * @ApiDoc( | ||
46 | * parameters={ | ||
47 | * {"name"="username", "dataType"="string", "required"=true, "description"="username"} | ||
48 | * } | ||
49 | * ) | ||
50 | * | ||
51 | * @return array | ||
52 | */ | ||
53 | public function getSaltAction($username) | ||
54 | { | ||
55 | $user = $this | ||
56 | ->getDoctrine() | ||
57 | ->getRepository('WallabagCoreBundle:User') | ||
58 | ->findOneByUsername($username); | ||
59 | |||
60 | if (is_null($user)) { | ||
61 | throw $this->createNotFoundException(); | ||
62 | } | ||
63 | |||
64 | return array($user->getSalt() ?: null); | ||
65 | } | ||
66 | |||
67 | /** | ||
68 | * Retrieve all entries. It could be filtered by many options. | ||
69 | * | ||
70 | * @ApiDoc( | ||
71 | * parameters={ | ||
72 | * {"name"="archive", "dataType"="boolean", "required"=false, "format"="true or false, all entries by default", "description"="filter by archived status."}, | ||
73 | * {"name"="star", "dataType"="boolean", "required"=false, "format"="true or false, all entries by default", "description"="filter by starred status."}, | ||
74 | * {"name"="sort", "dataType"="string", "required"=false, "format"="'created' or 'updated', default 'created'", "description"="sort entries by date."}, | ||
75 | * {"name"="order", "dataType"="string", "required"=false, "format"="'asc' or 'desc', default 'desc'", "description"="order of sort."}, | ||
76 | * {"name"="page", "dataType"="integer", "required"=false, "format"="default '1'", "description"="what page you want."}, | ||
77 | * {"name"="perPage", "dataType"="integer", "required"=false, "format"="default'30'", "description"="results per page."}, | ||
78 | * {"name"="tags", "dataType"="string", "required"=false, "format"="api%2Crest", "description"="a list of tags url encoded. Will returns entries that matches ALL tags."}, | ||
79 | * } | ||
80 | * ) | ||
81 | * | ||
82 | * @return Entry | ||
83 | */ | ||
84 | public function getEntriesAction(Request $request) | ||
85 | { | ||
86 | $isArchived = $request->query->get('archive'); | ||
87 | $isStarred = $request->query->get('star'); | ||
88 | $sort = $request->query->get('sort', 'created'); | ||
89 | $order = $request->query->get('order', 'desc'); | ||
90 | $page = (int) $request->query->get('page', 1); | ||
91 | $perPage = (int) $request->query->get('perPage', 30); | ||
92 | $tags = $request->query->get('tags', []); | ||
93 | |||
94 | $pager = $this | ||
95 | ->getDoctrine() | ||
96 | ->getRepository('WallabagCoreBundle:Entry') | ||
97 | ->findEntries($this->getUser()->getId(), $isArchived, $isStarred, $sort, $order); | ||
98 | |||
99 | $pager->setCurrentPage($page); | ||
100 | $pager->setMaxPerPage($perPage); | ||
101 | |||
102 | $pagerfantaFactory = new PagerfantaFactory('page', 'perPage'); | ||
103 | $paginatedCollection = $pagerfantaFactory->createRepresentation( | ||
104 | $pager, | ||
105 | new Route('api_get_entries', [], $absolute = true) | ||
106 | ); | ||
107 | |||
108 | $json = $this->get('serializer')->serialize($paginatedCollection, 'json'); | ||
109 | |||
110 | return $this->renderJsonResponse($json); | ||
111 | } | ||
112 | |||
113 | /** | ||
114 | * Retrieve a single entry. | ||
115 | * | ||
116 | * @ApiDoc( | ||
117 | * requirements={ | ||
118 | * {"name"="entry", "dataType"="integer", "requirement"="\w+", "description"="The entry ID"} | ||
119 | * } | ||
120 | * ) | ||
121 | * | ||
122 | * @return Entry | ||
123 | */ | ||
124 | public function getEntryAction(Entry $entry) | ||
125 | { | ||
126 | $this->validateUserAccess($entry->getUser()->getId(), $this->getUser()->getId()); | ||
127 | |||
128 | $json = $this->get('serializer')->serialize($entry, 'json'); | ||
129 | |||
130 | return $this->renderJsonResponse($json); | ||
131 | } | ||
132 | |||
133 | /** | ||
134 | * Create an entry. | ||
135 | * | ||
136 | * @ApiDoc( | ||
137 | * parameters={ | ||
138 | * {"name"="url", "dataType"="string", "required"=true, "format"="http://www.test.com/article.html", "description"="Url for the entry."}, | ||
139 | * {"name"="title", "dataType"="string", "required"=false, "description"="Optional, we'll get the title from the page."}, | ||
140 | * {"name"="tags", "dataType"="string", "required"=false, "format"="tag1,tag2,tag3", "description"="a comma-separated list of tags."}, | ||
141 | * } | ||
142 | * ) | ||
143 | * | ||
144 | * @return Entry | ||
145 | */ | ||
146 | public function postEntriesAction(Request $request) | ||
147 | { | ||
148 | $url = $request->request->get('url'); | ||
149 | |||
150 | $content = Extractor::extract($url); | ||
151 | $entry = new Entry($this->getUser()); | ||
152 | $entry->setUrl($url); | ||
153 | $entry->setTitle($request->request->get('title') ?: $content->getTitle()); | ||
154 | $entry->setContent($content->getBody()); | ||
155 | |||
156 | $tags = $request->request->get('tags', ''); | ||
157 | if (!empty($tags)) { | ||
158 | $this->assignTagsToEntry($entry, $tags); | ||
159 | } | ||
160 | |||
161 | $em = $this->getDoctrine()->getManager(); | ||
162 | $em->persist($entry); | ||
163 | $em->flush(); | ||
164 | |||
165 | $json = $this->get('serializer')->serialize($entry, 'json'); | ||
166 | |||
167 | return $this->renderJsonResponse($json); | ||
168 | } | ||
169 | |||
170 | /** | ||
171 | * Change several properties of an entry. | ||
172 | * | ||
173 | * @ApiDoc( | ||
174 | * requirements={ | ||
175 | * {"name"="entry", "dataType"="integer", "requirement"="\w+", "description"="The entry ID"} | ||
176 | * }, | ||
177 | * parameters={ | ||
178 | * {"name"="title", "dataType"="string", "required"=false}, | ||
179 | * {"name"="tags", "dataType"="string", "required"=false, "format"="tag1,tag2,tag3", "description"="a comma-separated list of tags."}, | ||
180 | * {"name"="archive", "dataType"="boolean", "required"=false, "format"="true or false", "description"="archived the entry."}, | ||
181 | * {"name"="star", "dataType"="boolean", "required"=false, "format"="true or false", "description"="starred the entry."}, | ||
182 | * } | ||
183 | * ) | ||
184 | * | ||
185 | * @return Entry | ||
186 | */ | ||
187 | public function patchEntriesAction(Entry $entry, Request $request) | ||
188 | { | ||
189 | $this->validateUserAccess($entry->getUser()->getId(), $this->getUser()->getId()); | ||
190 | |||
191 | $title = $request->request->get('title'); | ||
192 | $isArchived = $request->request->get('archive'); | ||
193 | $isStarred = $request->request->get('star'); | ||
194 | |||
195 | if (!is_null($title)) { | ||
196 | $entry->setTitle($title); | ||
197 | } | ||
198 | |||
199 | if (!is_null($isArchived)) { | ||
200 | $entry->setArchived($isArchived); | ||
201 | } | ||
202 | |||
203 | if (!is_null($isStarred)) { | ||
204 | $entry->setStarred($isStarred); | ||
205 | } | ||
206 | |||
207 | $tags = $request->request->get('tags', ''); | ||
208 | if (!empty($tags)) { | ||
209 | $this->assignTagsToEntry($entry, $tags); | ||
210 | } | ||
211 | |||
212 | $em = $this->getDoctrine()->getManager(); | ||
213 | $em->flush(); | ||
214 | |||
215 | $json = $this->get('serializer')->serialize($entry, 'json'); | ||
216 | |||
217 | return $this->renderJsonResponse($json); | ||
218 | } | ||
219 | |||
220 | /** | ||
221 | * Delete **permanently** an entry. | ||
222 | * | ||
223 | * @ApiDoc( | ||
224 | * requirements={ | ||
225 | * {"name"="entry", "dataType"="integer", "requirement"="\w+", "description"="The entry ID"} | ||
226 | * } | ||
227 | * ) | ||
228 | * | ||
229 | * @return Entry | ||
230 | */ | ||
231 | public function deleteEntriesAction(Entry $entry) | ||
232 | { | ||
233 | $this->validateUserAccess($entry->getUser()->getId(), $this->getUser()->getId()); | ||
234 | |||
235 | $em = $this->getDoctrine()->getManager(); | ||
236 | $em->remove($entry); | ||
237 | $em->flush(); | ||
238 | |||
239 | $json = $this->get('serializer')->serialize($entry, 'json'); | ||
240 | |||
241 | return $this->renderJsonResponse($json); | ||
242 | } | ||
243 | |||
244 | /** | ||
245 | * Retrieve all tags for an entry. | ||
246 | * | ||
247 | * @ApiDoc( | ||
248 | * requirements={ | ||
249 | * {"name"="entry", "dataType"="integer", "requirement"="\w+", "description"="The entry ID"} | ||
250 | * } | ||
251 | * ) | ||
252 | */ | ||
253 | public function getEntriesTagsAction(Entry $entry) | ||
254 | { | ||
255 | $this->validateUserAccess($entry->getUser()->getId(), $this->getUser()->getId()); | ||
256 | |||
257 | $json = $this->get('serializer')->serialize($entry->getTags(), 'json'); | ||
258 | |||
259 | return $this->renderJsonResponse($json); | ||
260 | } | ||
261 | |||
262 | /** | ||
263 | * Add one or more tags to an entry. | ||
264 | * | ||
265 | * @ApiDoc( | ||
266 | * requirements={ | ||
267 | * {"name"="entry", "dataType"="integer", "requirement"="\w+", "description"="The entry ID"} | ||
268 | * }, | ||
269 | * parameters={ | ||
270 | * {"name"="tags", "dataType"="string", "required"=false, "format"="tag1,tag2,tag3", "description"="a comma-separated list of tags."}, | ||
271 | * } | ||
272 | * ) | ||
273 | */ | ||
274 | public function postEntriesTagsAction(Request $request, Entry $entry) | ||
275 | { | ||
276 | $this->validateUserAccess($entry->getUser()->getId(), $this->getUser()->getId()); | ||
277 | |||
278 | $tags = $request->request->get('tags', ''); | ||
279 | if (!empty($tags)) { | ||
280 | $this->assignTagsToEntry($entry, $tags); | ||
281 | } | ||
282 | |||
283 | $em = $this->getDoctrine()->getManager(); | ||
284 | $em->persist($entry); | ||
285 | $em->flush(); | ||
286 | |||
287 | $json = $this->get('serializer')->serialize($entry, 'json'); | ||
288 | |||
289 | return $this->renderJsonResponse($json); | ||
290 | } | ||
291 | |||
292 | /** | ||
293 | * Permanently remove one tag for an entry. | ||
294 | * | ||
295 | * @ApiDoc( | ||
296 | * requirements={ | ||
297 | * {"name"="tag", "dataType"="integer", "requirement"="\w+", "description"="The tag ID"}, | ||
298 | * {"name"="entry", "dataType"="integer", "requirement"="\w+", "description"="The entry ID"} | ||
299 | * } | ||
300 | * ) | ||
301 | */ | ||
302 | public function deleteEntriesTagsAction(Entry $entry, Tag $tag) | ||
303 | { | ||
304 | $this->validateUserAccess($entry->getUser()->getId(), $this->getUser()->getId()); | ||
305 | |||
306 | $entry->removeTag($tag); | ||
307 | $em = $this->getDoctrine()->getManager(); | ||
308 | $em->persist($entry); | ||
309 | $em->flush(); | ||
310 | |||
311 | $json = $this->get('serializer')->serialize($entry, 'json'); | ||
312 | |||
313 | return $this->renderJsonResponse($json); | ||
314 | } | ||
315 | |||
316 | /** | ||
317 | * Retrieve all tags. | ||
318 | * | ||
319 | * @ApiDoc() | ||
320 | */ | ||
321 | public function getTagsAction() | ||
322 | { | ||
323 | $json = $this->get('serializer')->serialize($this->getUser()->getTags(), 'json'); | ||
324 | |||
325 | return $this->renderJsonResponse($json); | ||
326 | } | ||
327 | |||
328 | /** | ||
329 | * Permanently remove one tag from **every** entry. | ||
330 | * | ||
331 | * @ApiDoc( | ||
332 | * requirements={ | ||
333 | * {"name"="tag", "dataType"="integer", "requirement"="\w+", "description"="The tag"} | ||
334 | * } | ||
335 | * ) | ||
336 | */ | ||
337 | public function deleteTagAction(Tag $tag) | ||
338 | { | ||
339 | $this->validateUserAccess($tag->getUser()->getId(), $this->getUser()->getId()); | ||
340 | |||
341 | $em = $this->getDoctrine()->getManager(); | ||
342 | $em->remove($tag); | ||
343 | $em->flush(); | ||
344 | |||
345 | $json = $this->get('serializer')->serialize($tag, 'json'); | ||
346 | |||
347 | return $this->renderJsonResponse($json); | ||
348 | } | ||
349 | |||
350 | /** | ||
351 | * Validate that the first id is equal to the second one. | ||
352 | * If not, throw exception. It means a user try to access information from an other user. | ||
353 | * | ||
354 | * @param int $requestUserId User id from the requested source | ||
355 | * @param int $currentUserId User id from the retrieved source | ||
356 | */ | ||
357 | private function validateUserAccess($requestUserId, $currentUserId) | ||
358 | { | ||
359 | if ($requestUserId != $currentUserId) { | ||
360 | throw $this->createAccessDeniedException('Access forbidden. Entry user id: '.$requestUserId.', logged user id: '.$currentUserId); | ||
361 | } | ||
362 | } | ||
363 | |||
364 | /** | ||
365 | * Send a JSON Response. | ||
366 | * We don't use the Symfony JsonRespone, because it takes an array as parameter instead of a JSON string. | ||
367 | * | ||
368 | * @param string $json | ||
369 | * | ||
370 | * @return Response | ||
371 | */ | ||
372 | private function renderJsonResponse($json) | ||
373 | { | ||
374 | return new Response($json, 200, array('application/json')); | ||
375 | } | ||
376 | } | ||
diff --git a/src/Wallabag/ApiBundle/DependencyInjection/Configuration.php b/src/Wallabag/ApiBundle/DependencyInjection/Configuration.php new file mode 100644 index 00000000..cec45412 --- /dev/null +++ b/src/Wallabag/ApiBundle/DependencyInjection/Configuration.php | |||
@@ -0,0 +1,29 @@ | |||
1 | <?php | ||
2 | |||
3 | namespace Wallabag\ApiBundle\DependencyInjection; | ||
4 | |||
5 | use Symfony\Component\Config\Definition\Builder\TreeBuilder; | ||
6 | use Symfony\Component\Config\Definition\ConfigurationInterface; | ||
7 | |||
8 | /** | ||
9 | * This is the class that validates and merges configuration from your app/config files. | ||
10 | * | ||
11 | * To learn more see {@link http://symfony.com/doc/current/cookbook/bundles/extension.html#cookbook-bundles-extension-config-class} | ||
12 | */ | ||
13 | class Configuration implements ConfigurationInterface | ||
14 | { | ||
15 | /** | ||
16 | * {@inheritdoc} | ||
17 | */ | ||
18 | public function getConfigTreeBuilder() | ||
19 | { | ||
20 | $treeBuilder = new TreeBuilder(); | ||
21 | $rootNode = $treeBuilder->root('wallabag_api'); | ||
22 | |||
23 | // Here you should define the parameters that are allowed to | ||
24 | // configure your bundle. See the documentation linked above for | ||
25 | // more information on that topic. | ||
26 | |||
27 | return $treeBuilder; | ||
28 | } | ||
29 | } | ||
diff --git a/src/Wallabag/ApiBundle/DependencyInjection/Security/Factory/WsseFactory.php b/src/Wallabag/ApiBundle/DependencyInjection/Security/Factory/WsseFactory.php new file mode 100644 index 00000000..402eb869 --- /dev/null +++ b/src/Wallabag/ApiBundle/DependencyInjection/Security/Factory/WsseFactory.php | |||
@@ -0,0 +1,40 @@ | |||
1 | <?php | ||
2 | |||
3 | namespace Wallabag\ApiBundle\DependencyInjection\Security\Factory; | ||
4 | |||
5 | use Symfony\Component\DependencyInjection\ContainerBuilder; | ||
6 | use Symfony\Component\DependencyInjection\Reference; | ||
7 | use Symfony\Component\DependencyInjection\DefinitionDecorator; | ||
8 | use Symfony\Component\Config\Definition\Builder\NodeDefinition; | ||
9 | use Symfony\Bundle\SecurityBundle\DependencyInjection\Security\Factory\SecurityFactoryInterface; | ||
10 | |||
11 | class WsseFactory implements SecurityFactoryInterface | ||
12 | { | ||
13 | public function create(ContainerBuilder $container, $id, $config, $userProvider, $defaultEntryPoint) | ||
14 | { | ||
15 | $providerId = 'security.authentication.provider.wsse.'.$id; | ||
16 | $container | ||
17 | ->setDefinition($providerId, new DefinitionDecorator('wsse.security.authentication.provider')) | ||
18 | ->replaceArgument(0, new Reference($userProvider)) | ||
19 | ; | ||
20 | |||
21 | $listenerId = 'security.authentication.listener.wsse.'.$id; | ||
22 | $listener = $container->setDefinition($listenerId, new DefinitionDecorator('wsse.security.authentication.listener')); | ||
23 | |||
24 | return array($providerId, $listenerId, $defaultEntryPoint); | ||
25 | } | ||
26 | |||
27 | public function getPosition() | ||
28 | { | ||
29 | return 'pre_auth'; | ||
30 | } | ||
31 | |||
32 | public function getKey() | ||
33 | { | ||
34 | return 'wsse'; | ||
35 | } | ||
36 | |||
37 | public function addConfiguration(NodeDefinition $node) | ||
38 | { | ||
39 | } | ||
40 | } | ||
diff --git a/src/Wallabag/ApiBundle/DependencyInjection/WallabagApiExtension.php b/src/Wallabag/ApiBundle/DependencyInjection/WallabagApiExtension.php new file mode 100644 index 00000000..c5cc204e --- /dev/null +++ b/src/Wallabag/ApiBundle/DependencyInjection/WallabagApiExtension.php | |||
@@ -0,0 +1,25 @@ | |||
1 | <?php | ||
2 | |||
3 | namespace Wallabag\ApiBundle\DependencyInjection; | ||
4 | |||
5 | use Symfony\Component\DependencyInjection\ContainerBuilder; | ||
6 | use Symfony\Component\Config\FileLocator; | ||
7 | use Symfony\Component\HttpKernel\DependencyInjection\Extension; | ||
8 | use Symfony\Component\DependencyInjection\Loader; | ||
9 | |||
10 | class WallabagApiExtension extends Extension | ||
11 | { | ||
12 | public function load(array $configs, ContainerBuilder $container) | ||
13 | { | ||
14 | $configuration = new Configuration(); | ||
15 | $config = $this->processConfiguration($configuration, $configs); | ||
16 | |||
17 | $loader = new Loader\YamlFileLoader($container, new FileLocator(__DIR__.'/../Resources/config')); | ||
18 | $loader->load('services.yml'); | ||
19 | } | ||
20 | |||
21 | public function getAlias() | ||
22 | { | ||
23 | return 'wallabag_api'; | ||
24 | } | ||
25 | } | ||
diff --git a/src/Wallabag/ApiBundle/Resources/config/routing.yml b/src/Wallabag/ApiBundle/Resources/config/routing.yml new file mode 100644 index 00000000..e69de29b --- /dev/null +++ b/src/Wallabag/ApiBundle/Resources/config/routing.yml | |||
diff --git a/src/Wallabag/ApiBundle/Resources/config/routing_rest.yml b/src/Wallabag/ApiBundle/Resources/config/routing_rest.yml new file mode 100644 index 00000000..5f43f971 --- /dev/null +++ b/src/Wallabag/ApiBundle/Resources/config/routing_rest.yml | |||
@@ -0,0 +1,4 @@ | |||
1 | entries: | ||
2 | type: rest | ||
3 | resource: "WallabagApiBundle:WallabagRest" | ||
4 | name_prefix: api_ | ||
diff --git a/src/Wallabag/ApiBundle/Resources/config/services.yml b/src/Wallabag/ApiBundle/Resources/config/services.yml new file mode 100644 index 00000000..6854a444 --- /dev/null +++ b/src/Wallabag/ApiBundle/Resources/config/services.yml | |||
@@ -0,0 +1,12 @@ | |||
1 | services: | ||
2 | wsse.security.authentication.provider: | ||
3 | class: Wallabag\ApiBundle\Security\Authentication\Provider\WsseProvider | ||
4 | public: false | ||
5 | arguments: ['', '%kernel.cache_dir%/security/nonces'] | ||
6 | |||
7 | wsse.security.authentication.listener: | ||
8 | class: Wallabag\ApiBundle\Security\Firewall\WsseListener | ||
9 | public: false | ||
10 | tags: | ||
11 | - { name: monolog.logger, channel: wsse } | ||
12 | arguments: ['@security.context', '@security.authentication.manager', '@logger'] | ||
diff --git a/src/Wallabag/ApiBundle/Security/Authentication/Provider/WsseProvider.php b/src/Wallabag/ApiBundle/Security/Authentication/Provider/WsseProvider.php new file mode 100644 index 00000000..db73ae2a --- /dev/null +++ b/src/Wallabag/ApiBundle/Security/Authentication/Provider/WsseProvider.php | |||
@@ -0,0 +1,79 @@ | |||
1 | <?php | ||
2 | |||
3 | namespace Wallabag\ApiBundle\Security\Authentication\Provider; | ||
4 | |||
5 | use Symfony\Component\Security\Core\Authentication\Provider\AuthenticationProviderInterface; | ||
6 | use Symfony\Component\Security\Core\User\UserProviderInterface; | ||
7 | use Symfony\Component\Security\Core\Exception\AuthenticationException; | ||
8 | use Symfony\Component\Security\Core\Exception\NonceExpiredException; | ||
9 | use Symfony\Component\Security\Core\Authentication\Token\TokenInterface; | ||
10 | use Wallabag\ApiBundle\Security\Authentication\Token\WsseUserToken; | ||
11 | |||
12 | class WsseProvider implements AuthenticationProviderInterface | ||
13 | { | ||
14 | private $userProvider; | ||
15 | private $cacheDir; | ||
16 | |||
17 | public function __construct(UserProviderInterface $userProvider, $cacheDir) | ||
18 | { | ||
19 | $this->userProvider = $userProvider; | ||
20 | $this->cacheDir = $cacheDir; | ||
21 | |||
22 | // If cache directory does not exist we create it | ||
23 | if (!is_dir($this->cacheDir)) { | ||
24 | mkdir($this->cacheDir, 0777, true); | ||
25 | } | ||
26 | } | ||
27 | |||
28 | public function authenticate(TokenInterface $token) | ||
29 | { | ||
30 | $user = $this->userProvider->loadUserByUsername($token->getUsername()); | ||
31 | |||
32 | if (!$user) { | ||
33 | throw new AuthenticationException('Bad credentials. Did you forgot your username?'); | ||
34 | } | ||
35 | |||
36 | if ($user && $this->validateDigest($token->digest, $token->nonce, $token->created, $user->getPassword())) { | ||
37 | $authenticatedToken = new WsseUserToken($user->getRoles()); | ||
38 | $authenticatedToken->setUser($user); | ||
39 | |||
40 | return $authenticatedToken; | ||
41 | } | ||
42 | |||
43 | throw new AuthenticationException('The WSSE authentication failed.'); | ||
44 | } | ||
45 | |||
46 | protected function validateDigest($digest, $nonce, $created, $secret) | ||
47 | { | ||
48 | // Check created time is not in the future | ||
49 | if (strtotime($created) > time()) { | ||
50 | throw new AuthenticationException('Back to the future...'); | ||
51 | } | ||
52 | |||
53 | // Expire timestamp after 5 minutes | ||
54 | if (time() - strtotime($created) > 300) { | ||
55 | throw new AuthenticationException('Too late for this timestamp... Watch your watch.'); | ||
56 | } | ||
57 | |||
58 | // Validate nonce is unique within 5 minutes | ||
59 | if (file_exists($this->cacheDir.'/'.$nonce) && file_get_contents($this->cacheDir.'/'.$nonce) + 300 > time()) { | ||
60 | throw new NonceExpiredException('Previously used nonce detected'); | ||
61 | } | ||
62 | |||
63 | file_put_contents($this->cacheDir.'/'.$nonce, time()); | ||
64 | |||
65 | // Validate Secret | ||
66 | $expected = base64_encode(sha1(base64_decode($nonce).$created.$secret, true)); | ||
67 | |||
68 | if ($digest !== $expected) { | ||
69 | throw new AuthenticationException('Bad credentials ! Digest is not as expected.'); | ||
70 | } | ||
71 | |||
72 | return $digest === $expected; | ||
73 | } | ||
74 | |||
75 | public function supports(TokenInterface $token) | ||
76 | { | ||
77 | return $token instanceof WsseUserToken; | ||
78 | } | ||
79 | } | ||
diff --git a/src/Wallabag/ApiBundle/Security/Authentication/Token/WsseUserToken.php b/src/Wallabag/ApiBundle/Security/Authentication/Token/WsseUserToken.php new file mode 100644 index 00000000..e6d30224 --- /dev/null +++ b/src/Wallabag/ApiBundle/Security/Authentication/Token/WsseUserToken.php | |||
@@ -0,0 +1,24 @@ | |||
1 | <?php | ||
2 | |||
3 | namespace Wallabag\ApiBundle\Security\Authentication\Token; | ||
4 | |||
5 | use Symfony\Component\Security\Core\Authentication\Token\AbstractToken; | ||
6 | |||
7 | class WsseUserToken extends AbstractToken | ||
8 | { | ||
9 | public $created; | ||
10 | public $digest; | ||
11 | public $nonce; | ||
12 | |||
13 | public function __construct(array $roles = array()) | ||
14 | { | ||
15 | parent::__construct($roles); | ||
16 | |||
17 | $this->setAuthenticated(count($roles) > 0); | ||
18 | } | ||
19 | |||
20 | public function getCredentials() | ||
21 | { | ||
22 | return ''; | ||
23 | } | ||
24 | } | ||
diff --git a/src/Wallabag/ApiBundle/Security/Firewall/WsseListener.php b/src/Wallabag/ApiBundle/Security/Firewall/WsseListener.php new file mode 100644 index 00000000..50587837 --- /dev/null +++ b/src/Wallabag/ApiBundle/Security/Firewall/WsseListener.php | |||
@@ -0,0 +1,62 @@ | |||
1 | <?php | ||
2 | |||
3 | namespace Wallabag\ApiBundle\Security\Firewall; | ||
4 | |||
5 | use Symfony\Component\HttpFoundation\Response; | ||
6 | use Symfony\Component\HttpKernel\Event\GetResponseEvent; | ||
7 | use Symfony\Component\Security\Http\Firewall\ListenerInterface; | ||
8 | use Symfony\Component\Security\Core\Exception\AuthenticationException; | ||
9 | use Symfony\Component\Security\Core\SecurityContextInterface; | ||
10 | use Symfony\Component\Security\Core\Authentication\AuthenticationManagerInterface; | ||
11 | use Wallabag\ApiBundle\Security\Authentication\Token\WsseUserToken; | ||
12 | use Psr\Log\LoggerInterface; | ||
13 | |||
14 | class WsseListener implements ListenerInterface | ||
15 | { | ||
16 | protected $securityContext; | ||
17 | protected $authenticationManager; | ||
18 | protected $logger; | ||
19 | |||
20 | public function __construct(SecurityContextInterface $securityContext, AuthenticationManagerInterface $authenticationManager, LoggerInterface $logger) | ||
21 | { | ||
22 | $this->securityContext = $securityContext; | ||
23 | $this->authenticationManager = $authenticationManager; | ||
24 | $this->logger = $logger; | ||
25 | } | ||
26 | |||
27 | public function handle(GetResponseEvent $event) | ||
28 | { | ||
29 | $request = $event->getRequest(); | ||
30 | |||
31 | $wsseRegex = '/UsernameToken Username="([^"]+)", PasswordDigest="([^"]+)", Nonce="([^"]+)", Created="([^"]+)"/'; | ||
32 | if (!$request->headers->has('x-wsse') || 1 !== preg_match($wsseRegex, $request->headers->get('x-wsse'), $matches)) { | ||
33 | return; | ||
34 | } | ||
35 | |||
36 | $token = new WsseUserToken(); | ||
37 | $token->setUser($matches[1]); | ||
38 | |||
39 | $token->digest = $matches[2]; | ||
40 | $token->nonce = $matches[3]; | ||
41 | $token->created = $matches[4]; | ||
42 | |||
43 | try { | ||
44 | $authToken = $this->authenticationManager->authenticate($token); | ||
45 | |||
46 | $this->securityContext->setToken($authToken); | ||
47 | |||
48 | return; | ||
49 | } catch (AuthenticationException $failed) { | ||
50 | $failedMessage = 'WSSE Login failed for '.$token->getUsername().'. Why ? '.$failed->getMessage(); | ||
51 | $this->logger->err($failedMessage); | ||
52 | |||
53 | // Deny authentication with a '403 Forbidden' HTTP response | ||
54 | $response = new Response(); | ||
55 | $response->setStatusCode(403); | ||
56 | $response->setContent($failedMessage); | ||
57 | $event->setResponse($response); | ||
58 | |||
59 | return; | ||
60 | } | ||
61 | } | ||
62 | } | ||
diff --git a/src/Wallabag/ApiBundle/Tests/Controller/WallabagRestControllerTest.php b/src/Wallabag/ApiBundle/Tests/Controller/WallabagRestControllerTest.php new file mode 100644 index 00000000..86c8de1e --- /dev/null +++ b/src/Wallabag/ApiBundle/Tests/Controller/WallabagRestControllerTest.php | |||
@@ -0,0 +1,410 @@ | |||
1 | <?php | ||
2 | |||
3 | namespace Wallabag\ApiBundle\Tests\Controller; | ||
4 | |||
5 | use Symfony\Bundle\FrameworkBundle\Test\WebTestCase; | ||
6 | |||
7 | class WallabagRestControllerTest extends WebTestCase | ||
8 | { | ||
9 | protected static $salt; | ||
10 | |||
11 | /** | ||
12 | * Grab the salt once and store it to be available for all tests. | ||
13 | */ | ||
14 | public static function setUpBeforeClass() | ||
15 | { | ||
16 | $client = self::createClient(); | ||
17 | |||
18 | $user = $client->getContainer() | ||
19 | ->get('doctrine.orm.entity_manager') | ||
20 | ->getRepository('WallabagCoreBundle:User') | ||
21 | ->findOneByUsername('admin'); | ||
22 | |||
23 | self::$salt = $user->getSalt(); | ||
24 | } | ||
25 | |||
26 | /** | ||
27 | * Generate HTTP headers for authenticate user on API. | ||
28 | * | ||
29 | * @param string $username | ||
30 | * @param string $password | ||
31 | * | ||
32 | * @return array | ||
33 | */ | ||
34 | private function generateHeaders($username, $password) | ||
35 | { | ||
36 | $encryptedPassword = sha1($password.$username.self::$salt); | ||
37 | $nonce = substr(md5(uniqid('nonce_', true)), 0, 16); | ||
38 | |||
39 | $now = new \DateTime('now', new \DateTimeZone('UTC')); | ||
40 | $created = (string) $now->format('Y-m-d\TH:i:s\Z'); | ||
41 | $digest = base64_encode(sha1(base64_decode($nonce).$created.$encryptedPassword, true)); | ||
42 | |||
43 | return array( | ||
44 | 'HTTP_AUTHORIZATION' => 'Authorization profile="UsernameToken"', | ||
45 | 'HTTP_x-wsse' => 'X-WSSE: UsernameToken Username="'.$username.'", PasswordDigest="'.$digest.'", Nonce="'.$nonce.'", Created="'.$created.'"', | ||
46 | ); | ||
47 | } | ||
48 | |||
49 | public function testGetSalt() | ||
50 | { | ||
51 | $client = $this->createClient(); | ||
52 | $client->request('GET', '/api/salts/admin.json'); | ||
53 | |||
54 | $user = $client->getContainer() | ||
55 | ->get('doctrine.orm.entity_manager') | ||
56 | ->getRepository('WallabagCoreBundle:User') | ||
57 | ->findOneByUsername('admin'); | ||
58 | |||
59 | $this->assertEquals(200, $client->getResponse()->getStatusCode()); | ||
60 | |||
61 | $content = json_decode($client->getResponse()->getContent(), true); | ||
62 | |||
63 | $this->assertArrayHasKey(0, $content); | ||
64 | $this->assertEquals($user->getSalt(), $content[0]); | ||
65 | |||
66 | $client->request('GET', '/api/salts/notfound.json'); | ||
67 | $this->assertEquals(404, $client->getResponse()->getStatusCode()); | ||
68 | } | ||
69 | |||
70 | public function testWithBadHeaders() | ||
71 | { | ||
72 | $client = $this->createClient(); | ||
73 | |||
74 | $entry = $client->getContainer() | ||
75 | ->get('doctrine.orm.entity_manager') | ||
76 | ->getRepository('WallabagCoreBundle:Entry') | ||
77 | ->findOneByIsArchived(false); | ||
78 | |||
79 | if (!$entry) { | ||
80 | $this->markTestSkipped('No content found in db.'); | ||
81 | } | ||
82 | |||
83 | $badHeaders = array( | ||
84 | 'HTTP_AUTHORIZATION' => 'Authorization profile="UsernameToken"', | ||
85 | 'HTTP_x-wsse' => 'X-WSSE: UsernameToken Username="admin", PasswordDigest="Wr0ngDig3st", Nonce="n0Nc3", Created="2015-01-01T13:37:00Z"', | ||
86 | ); | ||
87 | |||
88 | $client->request('GET', '/api/entries/'.$entry->getId().'.json', array(), array(), $badHeaders); | ||
89 | $this->assertEquals(403, $client->getResponse()->getStatusCode()); | ||
90 | } | ||
91 | |||
92 | public function testGetOneEntry() | ||
93 | { | ||
94 | $client = $this->createClient(); | ||
95 | $headers = $this->generateHeaders('admin', 'mypassword'); | ||
96 | |||
97 | $entry = $client->getContainer() | ||
98 | ->get('doctrine.orm.entity_manager') | ||
99 | ->getRepository('WallabagCoreBundle:Entry') | ||
100 | ->findOneBy(array('user' => 1, 'isArchived' => false)); | ||
101 | |||
102 | if (!$entry) { | ||
103 | $this->markTestSkipped('No content found in db.'); | ||
104 | } | ||
105 | |||
106 | $client->request('GET', '/api/entries/'.$entry->getId().'.json', array(), array(), $headers); | ||
107 | |||
108 | $this->assertEquals(200, $client->getResponse()->getStatusCode()); | ||
109 | |||
110 | $content = json_decode($client->getResponse()->getContent(), true); | ||
111 | |||
112 | $this->assertEquals($entry->getTitle(), $content['title']); | ||
113 | $this->assertEquals($entry->getUrl(), $content['url']); | ||
114 | $this->assertCount(count($entry->getTags()), $content['tags']); | ||
115 | |||
116 | $this->assertTrue( | ||
117 | $client->getResponse()->headers->contains( | ||
118 | 'Content-Type', | ||
119 | 'application/json' | ||
120 | ) | ||
121 | ); | ||
122 | } | ||
123 | |||
124 | public function testGetOneEntryWrongUser() | ||
125 | { | ||
126 | $client = $this->createClient(); | ||
127 | $headers = $this->generateHeaders('admin', 'mypassword'); | ||
128 | |||
129 | $entry = $client->getContainer() | ||
130 | ->get('doctrine.orm.entity_manager') | ||
131 | ->getRepository('WallabagCoreBundle:Entry') | ||
132 | ->findOneBy(array('user' => 2, 'isArchived' => false)); | ||
133 | |||
134 | if (!$entry) { | ||
135 | $this->markTestSkipped('No content found in db.'); | ||
136 | } | ||
137 | |||
138 | $client->request('GET', '/api/entries/'.$entry->getId().'.json', array(), array(), $headers); | ||
139 | |||
140 | $this->assertEquals(403, $client->getResponse()->getStatusCode()); | ||
141 | } | ||
142 | |||
143 | public function testGetEntries() | ||
144 | { | ||
145 | $client = $this->createClient(); | ||
146 | $headers = $this->generateHeaders('admin', 'mypassword'); | ||
147 | |||
148 | $client->request('GET', '/api/entries', array(), array(), $headers); | ||
149 | |||
150 | $this->assertEquals(200, $client->getResponse()->getStatusCode()); | ||
151 | |||
152 | $content = json_decode($client->getResponse()->getContent(), true); | ||
153 | |||
154 | $this->assertGreaterThanOrEqual(1, count($content)); | ||
155 | $this->assertNotEmpty($content['_embedded']['items']); | ||
156 | $this->assertGreaterThanOrEqual(1, $content['total']); | ||
157 | $this->assertEquals(1, $content['page']); | ||
158 | $this->assertGreaterThanOrEqual(1, $content['pages']); | ||
159 | |||
160 | $this->assertTrue( | ||
161 | $client->getResponse()->headers->contains( | ||
162 | 'Content-Type', | ||
163 | 'application/json' | ||
164 | ) | ||
165 | ); | ||
166 | } | ||
167 | |||
168 | public function testGetStarredEntries() | ||
169 | { | ||
170 | $client = $this->createClient(); | ||
171 | $headers = $this->generateHeaders('admin', 'mypassword'); | ||
172 | |||
173 | $client->request('GET', '/api/entries', array('archive' => 1), array(), $headers); | ||
174 | |||
175 | $this->assertEquals(200, $client->getResponse()->getStatusCode()); | ||
176 | |||
177 | $content = json_decode($client->getResponse()->getContent(), true); | ||
178 | |||
179 | $this->assertGreaterThanOrEqual(1, count($content)); | ||
180 | $this->assertNotEmpty($content['_embedded']['items']); | ||
181 | $this->assertGreaterThanOrEqual(1, $content['total']); | ||
182 | $this->assertEquals(1, $content['page']); | ||
183 | $this->assertGreaterThanOrEqual(1, $content['pages']); | ||
184 | |||
185 | $this->assertTrue( | ||
186 | $client->getResponse()->headers->contains( | ||
187 | 'Content-Type', | ||
188 | 'application/json' | ||
189 | ) | ||
190 | ); | ||
191 | } | ||
192 | |||
193 | public function testDeleteEntry() | ||
194 | { | ||
195 | $client = $this->createClient(); | ||
196 | $headers = $this->generateHeaders('admin', 'mypassword'); | ||
197 | |||
198 | $entry = $client->getContainer() | ||
199 | ->get('doctrine.orm.entity_manager') | ||
200 | ->getRepository('WallabagCoreBundle:Entry') | ||
201 | ->findOneByUser(1); | ||
202 | |||
203 | if (!$entry) { | ||
204 | $this->markTestSkipped('No content found in db.'); | ||
205 | } | ||
206 | |||
207 | $client->request('DELETE', '/api/entries/'.$entry->getId().'.json', array(), array(), $headers); | ||
208 | |||
209 | $this->assertEquals(200, $client->getResponse()->getStatusCode()); | ||
210 | |||
211 | $content = json_decode($client->getResponse()->getContent(), true); | ||
212 | |||
213 | $this->assertEquals($entry->getTitle(), $content['title']); | ||
214 | $this->assertEquals($entry->getUrl(), $content['url']); | ||
215 | |||
216 | // We'll try to delete this entry again | ||
217 | $headers = $this->generateHeaders('admin', 'mypassword'); | ||
218 | |||
219 | $client->request('DELETE', '/api/entries/'.$entry->getId().'.json', array(), array(), $headers); | ||
220 | |||
221 | $this->assertEquals(404, $client->getResponse()->getStatusCode()); | ||
222 | } | ||
223 | |||
224 | public function testPostEntry() | ||
225 | { | ||
226 | $client = $this->createClient(); | ||
227 | $headers = $this->generateHeaders('admin', 'mypassword'); | ||
228 | |||
229 | $client->request('POST', '/api/entries.json', array( | ||
230 | 'url' => 'http://www.lemonde.fr/pixels/article/2015/03/28/plongee-dans-l-univers-d-ingress-le-jeu-de-google-aux-frontieres-du-reel_4601155_4408996.html', | ||
231 | 'tags' => 'google', | ||
232 | ), array(), $headers); | ||
233 | |||
234 | $this->assertEquals(200, $client->getResponse()->getStatusCode()); | ||
235 | |||
236 | $content = json_decode($client->getResponse()->getContent(), true); | ||
237 | |||
238 | $this->assertGreaterThan(0, $content['id']); | ||
239 | $this->assertEquals('http://www.lemonde.fr/pixels/article/2015/03/28/plongee-dans-l-univers-d-ingress-le-jeu-de-google-aux-frontieres-du-reel_4601155_4408996.html', $content['url']); | ||
240 | $this->assertEquals(false, $content['is_archived']); | ||
241 | $this->assertEquals(false, $content['is_starred']); | ||
242 | $this->assertCount(1, $content['tags']); | ||
243 | } | ||
244 | |||
245 | public function testPatchEntry() | ||
246 | { | ||
247 | $client = $this->createClient(); | ||
248 | $headers = $this->generateHeaders('admin', 'mypassword'); | ||
249 | |||
250 | $entry = $client->getContainer() | ||
251 | ->get('doctrine.orm.entity_manager') | ||
252 | ->getRepository('WallabagCoreBundle:Entry') | ||
253 | ->findOneByUser(1); | ||
254 | |||
255 | if (!$entry) { | ||
256 | $this->markTestSkipped('No content found in db.'); | ||
257 | } | ||
258 | |||
259 | // hydrate the tags relations | ||
260 | $nbTags = count($entry->getTags()); | ||
261 | |||
262 | $client->request('PATCH', '/api/entries/'.$entry->getId().'.json', array( | ||
263 | 'title' => 'New awesome title', | ||
264 | 'tags' => 'new tag '.uniqid(), | ||
265 | 'star' => true, | ||
266 | 'archive' => false, | ||
267 | ), array(), $headers); | ||
268 | |||
269 | $this->assertEquals(200, $client->getResponse()->getStatusCode()); | ||
270 | |||
271 | $content = json_decode($client->getResponse()->getContent(), true); | ||
272 | |||
273 | $this->assertEquals($entry->getId(), $content['id']); | ||
274 | $this->assertEquals($entry->getUrl(), $content['url']); | ||
275 | $this->assertEquals('New awesome title', $content['title']); | ||
276 | $this->assertGreaterThan($nbTags, count($content['tags'])); | ||
277 | } | ||
278 | |||
279 | public function testGetTagsEntry() | ||
280 | { | ||
281 | $client = $this->createClient(); | ||
282 | $headers = $this->generateHeaders('admin', 'mypassword'); | ||
283 | |||
284 | $entry = $client->getContainer() | ||
285 | ->get('doctrine.orm.entity_manager') | ||
286 | ->getRepository('WallabagCoreBundle:Entry') | ||
287 | ->findOneWithTags(1); | ||
288 | |||
289 | $entry = $entry[0]; | ||
290 | |||
291 | if (!$entry) { | ||
292 | $this->markTestSkipped('No content found in db.'); | ||
293 | } | ||
294 | |||
295 | $tags = array(); | ||
296 | foreach ($entry->getTags() as $tag) { | ||
297 | $tags[] = array('id' => $tag->getId(), 'label' => $tag->getLabel()); | ||
298 | } | ||
299 | |||
300 | $client->request('GET', '/api/entries/'.$entry->getId().'/tags', array(), array(), $headers); | ||
301 | |||
302 | $this->assertEquals(json_encode($tags, JSON_HEX_QUOT), $client->getResponse()->getContent()); | ||
303 | } | ||
304 | |||
305 | public function testPostTagsOnEntry() | ||
306 | { | ||
307 | $client = $this->createClient(); | ||
308 | $headers = $this->generateHeaders('admin', 'mypassword'); | ||
309 | |||
310 | $entry = $client->getContainer() | ||
311 | ->get('doctrine.orm.entity_manager') | ||
312 | ->getRepository('WallabagCoreBundle:Entry') | ||
313 | ->findOneByUser(1); | ||
314 | |||
315 | if (!$entry) { | ||
316 | $this->markTestSkipped('No content found in db.'); | ||
317 | } | ||
318 | |||
319 | $nbTags = count($entry->getTags()); | ||
320 | |||
321 | $newTags = 'tag1,tag2,tag3'; | ||
322 | |||
323 | $client->request('POST', '/api/entries/'.$entry->getId().'/tags', array('tags' => $newTags), array(), $headers); | ||
324 | |||
325 | $this->assertEquals(200, $client->getResponse()->getStatusCode()); | ||
326 | |||
327 | $content = json_decode($client->getResponse()->getContent(), true); | ||
328 | |||
329 | $this->assertArrayHasKey('tags', $content); | ||
330 | $this->assertEquals($nbTags + 3, count($content['tags'])); | ||
331 | |||
332 | $entryDB = $client->getContainer() | ||
333 | ->get('doctrine.orm.entity_manager') | ||
334 | ->getRepository('WallabagCoreBundle:Entry') | ||
335 | ->find($entry->getId()); | ||
336 | |||
337 | $tagsInDB = array(); | ||
338 | foreach ($entryDB->getTags()->toArray() as $tag) { | ||
339 | $tagsInDB[$tag->getId()] = $tag->getLabel(); | ||
340 | } | ||
341 | |||
342 | foreach (explode(',', $newTags) as $tag) { | ||
343 | $this->assertContains($tag, $tagsInDB); | ||
344 | } | ||
345 | } | ||
346 | |||
347 | public function testDeleteOneTagEntrie() | ||
348 | { | ||
349 | $client = $this->createClient(); | ||
350 | $headers = $this->generateHeaders('admin', 'mypassword'); | ||
351 | |||
352 | $entry = $client->getContainer() | ||
353 | ->get('doctrine.orm.entity_manager') | ||
354 | ->getRepository('WallabagCoreBundle:Entry') | ||
355 | ->findOneByUser(1); | ||
356 | |||
357 | if (!$entry) { | ||
358 | $this->markTestSkipped('No content found in db.'); | ||
359 | } | ||
360 | |||
361 | // hydrate the tags relations | ||
362 | $nbTags = count($entry->getTags()); | ||
363 | $tag = $entry->getTags()[0]; | ||
364 | |||
365 | $client->request('DELETE', '/api/entries/'.$entry->getId().'/tags/'.$tag->getId().'.json', array(), array(), $headers); | ||
366 | |||
367 | $this->assertEquals(200, $client->getResponse()->getStatusCode()); | ||
368 | |||
369 | $content = json_decode($client->getResponse()->getContent(), true); | ||
370 | |||
371 | $this->assertArrayHasKey('tags', $content); | ||
372 | $this->assertEquals($nbTags - 1, count($content['tags'])); | ||
373 | } | ||
374 | |||
375 | public function testGetUserTags() | ||
376 | { | ||
377 | $client = $this->createClient(); | ||
378 | $headers = $this->generateHeaders('admin', 'mypassword'); | ||
379 | |||
380 | $client->request('GET', '/api/tags.json', array(), array(), $headers); | ||
381 | |||
382 | $this->assertEquals(200, $client->getResponse()->getStatusCode()); | ||
383 | |||
384 | $content = json_decode($client->getResponse()->getContent(), true); | ||
385 | |||
386 | $this->assertGreaterThan(0, $content); | ||
387 | $this->assertArrayHasKey('id', $content[0]); | ||
388 | $this->assertArrayHasKey('label', $content[0]); | ||
389 | |||
390 | return end($content); | ||
391 | } | ||
392 | |||
393 | /** | ||
394 | * @depends testGetUserTags | ||
395 | */ | ||
396 | public function testDeleteUserTag($tag) | ||
397 | { | ||
398 | $client = $this->createClient(); | ||
399 | $headers = $this->generateHeaders('admin', 'mypassword'); | ||
400 | |||
401 | $client->request('DELETE', '/api/tags/'.$tag['id'].'.json', array(), array(), $headers); | ||
402 | |||
403 | $this->assertEquals(200, $client->getResponse()->getStatusCode()); | ||
404 | |||
405 | $content = json_decode($client->getResponse()->getContent(), true); | ||
406 | |||
407 | $this->assertArrayHasKey('label', $content); | ||
408 | $this->assertEquals($tag['label'], $content['label']); | ||
409 | } | ||
410 | } | ||
diff --git a/src/Wallabag/ApiBundle/WallabagApiBundle.php b/src/Wallabag/ApiBundle/WallabagApiBundle.php new file mode 100644 index 00000000..2484f277 --- /dev/null +++ b/src/Wallabag/ApiBundle/WallabagApiBundle.php | |||
@@ -0,0 +1,18 @@ | |||
1 | <?php | ||
2 | |||
3 | namespace Wallabag\ApiBundle; | ||
4 | |||
5 | use Symfony\Component\HttpKernel\Bundle\Bundle; | ||
6 | use Wallabag\ApiBundle\DependencyInjection\Security\Factory\WsseFactory; | ||
7 | use Symfony\Component\DependencyInjection\ContainerBuilder; | ||
8 | |||
9 | class WallabagApiBundle extends Bundle | ||
10 | { | ||
11 | public function build(ContainerBuilder $container) | ||
12 | { | ||
13 | parent::build($container); | ||
14 | |||
15 | $extension = $container->getExtension('security'); | ||
16 | $extension->addSecurityListenerFactory(new WsseFactory()); | ||
17 | } | ||
18 | } | ||