From 769e19dc4ab1a068e8165a7b237f42a78a6d312f Mon Sep 17 00:00:00 2001 From: Jeremy Date: Sun, 29 Mar 2015 10:53:10 +0200 Subject: Move API stuff in ApiBundle --- .../Controller/WallabagRestController.php | 370 +++++++++++++++++++ .../DependencyInjection/Configuration.php | 29 ++ .../Security/Factory/WsseFactory.php | 40 ++ .../DependencyInjection/WallabagApiExtension.php | 25 ++ .../ApiBundle/Resources/config/routing.yml | 0 .../ApiBundle/Resources/config/routing_rest.yml | 4 + .../ApiBundle/Resources/config/services.yml | 12 + .../Authentication/Provider/WsseProvider.php | 78 ++++ .../Authentication/Token/WsseUserToken.php | 23 ++ .../ApiBundle/Security/Firewall/WsseListener.php | 62 ++++ .../Controller/WallabagRestControllerTest.php | 410 +++++++++++++++++++++ src/Wallabag/ApiBundle/WallabagApiBundle.php | 18 + 12 files changed, 1071 insertions(+) create mode 100644 src/Wallabag/ApiBundle/Controller/WallabagRestController.php create mode 100644 src/Wallabag/ApiBundle/DependencyInjection/Configuration.php create mode 100644 src/Wallabag/ApiBundle/DependencyInjection/Security/Factory/WsseFactory.php create mode 100644 src/Wallabag/ApiBundle/DependencyInjection/WallabagApiExtension.php create mode 100644 src/Wallabag/ApiBundle/Resources/config/routing.yml create mode 100644 src/Wallabag/ApiBundle/Resources/config/routing_rest.yml create mode 100644 src/Wallabag/ApiBundle/Resources/config/services.yml create mode 100644 src/Wallabag/ApiBundle/Security/Authentication/Provider/WsseProvider.php create mode 100644 src/Wallabag/ApiBundle/Security/Authentication/Token/WsseUserToken.php create mode 100644 src/Wallabag/ApiBundle/Security/Firewall/WsseListener.php create mode 100644 src/Wallabag/ApiBundle/Tests/Controller/WallabagRestControllerTest.php create mode 100644 src/Wallabag/ApiBundle/WallabagApiBundle.php (limited to 'src/Wallabag/ApiBundle') diff --git a/src/Wallabag/ApiBundle/Controller/WallabagRestController.php b/src/Wallabag/ApiBundle/Controller/WallabagRestController.php new file mode 100644 index 00000000..21e4552d --- /dev/null +++ b/src/Wallabag/ApiBundle/Controller/WallabagRestController.php @@ -0,0 +1,370 @@ +getDoctrine() + ->getRepository('WallabagCoreBundle:Tag') + ->findOneByLabel($label); + + if (is_null($tagEntity)) { + $tagEntity = new Tag($this->getUser()); + $tagEntity->setLabel($label); + } + + // only add the tag on the entry if the relation doesn't exist + if (!$entry->getTags()->contains($tagEntity)) { + $entry->addTag($tagEntity); + } + } + } + + /** + * Retrieve salt for a giver user. + * + * @ApiDoc( + * parameters={ + * {"name"="username", "dataType"="string", "required"=true, "description"="username"} + * } + * ) + * @return array + */ + public function getSaltAction($username) + { + $user = $this + ->getDoctrine() + ->getRepository('WallabagCoreBundle:User') + ->findOneByUsername($username); + + if (is_null($user)) { + throw $this->createNotFoundException(); + } + + return array($user->getSalt() ?: null); + } + + /** + * Retrieve all entries. It could be filtered by many options. + * + * @ApiDoc( + * parameters={ + * {"name"="archive", "dataType"="boolean", "required"=false, "format"="true or false, all entries by default", "description"="filter by archived status."}, + * {"name"="star", "dataType"="boolean", "required"=false, "format"="true or false, all entries by default", "description"="filter by starred status."}, + * {"name"="sort", "dataType"="string", "required"=false, "format"="'created' or 'updated', default 'created'", "description"="sort entries by date."}, + * {"name"="order", "dataType"="string", "required"=false, "format"="'asc' or 'desc', default 'desc'", "description"="order of sort."}, + * {"name"="page", "dataType"="integer", "required"=false, "format"="default '1'", "description"="what page you want."}, + * {"name"="perPage", "dataType"="integer", "required"=false, "format"="default'30'", "description"="results per page."}, + * {"name"="tags", "dataType"="string", "required"=false, "format"="api%2Crest", "description"="a list of tags url encoded. Will returns entries that matches ALL tags."}, + * } + * ) + * @return Entry + */ + public function getEntriesAction(Request $request) + { + $isArchived = $request->query->get('archive'); + $isStarred = $request->query->get('star'); + $sort = $request->query->get('sort', 'created'); + $order = $request->query->get('order', 'desc'); + $page = (int) $request->query->get('page', 1); + $perPage = (int) $request->query->get('perPage', 30); + $tags = $request->query->get('tags', []); + + $pager = $this + ->getDoctrine() + ->getRepository('WallabagCoreBundle:Entry') + ->findEntries($this->getUser()->getId(), $isArchived, $isStarred, $sort, $order); + + $pager->setCurrentPage($page); + $pager->setMaxPerPage($perPage); + + $pagerfantaFactory = new PagerfantaFactory('page', 'perPage'); + $paginatedCollection = $pagerfantaFactory->createRepresentation( + $pager, + new Route('api_get_entries', [], $absolute = true) + ); + + $json = $this->get('serializer')->serialize($paginatedCollection, 'json'); + + return $this->renderJsonResponse($json); + } + + /** + * Retrieve a single entry + * + * @ApiDoc( + * requirements={ + * {"name"="entry", "dataType"="integer", "requirement"="\w+", "description"="The entry ID"} + * } + * ) + * @return Entry + */ + public function getEntryAction(Entry $entry) + { + $this->validateUserAccess($entry->getUser()->getId(), $this->getUser()->getId()); + + $json = $this->get('serializer')->serialize($entry, 'json'); + + return $this->renderJsonResponse($json); + } + + /** + * Create an entry + * + * @ApiDoc( + * parameters={ + * {"name"="url", "dataType"="string", "required"=true, "format"="http://www.test.com/article.html", "description"="Url for the entry."}, + * {"name"="title", "dataType"="string", "required"=false, "description"="Optional, we'll get the title from the page."}, + * {"name"="tags", "dataType"="string", "required"=false, "format"="tag1,tag2,tag3", "description"="a comma-separated list of tags."}, + * } + * ) + * @return Entry + */ + public function postEntriesAction(Request $request) + { + $url = $request->request->get('url'); + + $content = Extractor::extract($url); + $entry = new Entry($this->getUser()); + $entry->setUrl($url); + $entry->setTitle($request->request->get('title') ?: $content->getTitle()); + $entry->setContent($content->getBody()); + + $tags = $request->request->get('tags', ''); + if (!empty($tags)) { + $this->assignTagsToEntry($entry, $tags); + } + + $em = $this->getDoctrine()->getManager(); + $em->persist($entry); + $em->flush(); + + $json = $this->get('serializer')->serialize($entry, 'json'); + + return $this->renderJsonResponse($json); + } + + /** + * Change several properties of an entry + * + * @ApiDoc( + * requirements={ + * {"name"="entry", "dataType"="integer", "requirement"="\w+", "description"="The entry ID"} + * }, + * parameters={ + * {"name"="title", "dataType"="string", "required"=false}, + * {"name"="tags", "dataType"="string", "required"=false, "format"="tag1,tag2,tag3", "description"="a comma-separated list of tags."}, + * {"name"="archive", "dataType"="boolean", "required"=false, "format"="true or false", "description"="archived the entry."}, + * {"name"="star", "dataType"="boolean", "required"=false, "format"="true or false", "description"="starred the entry."}, + * } + * ) + * @return Entry + */ + public function patchEntriesAction(Entry $entry, Request $request) + { + $this->validateUserAccess($entry->getUser()->getId(), $this->getUser()->getId()); + + $title = $request->request->get("title"); + $isArchived = $request->request->get("archive"); + $isStarred = $request->request->get("star"); + + if (!is_null($title)) { + $entry->setTitle($title); + } + + if (!is_null($isArchived)) { + $entry->setArchived($isArchived); + } + + if (!is_null($isStarred)) { + $entry->setStarred($isStarred); + } + + $tags = $request->request->get('tags', ''); + if (!empty($tags)) { + $this->assignTagsToEntry($entry, $tags); + } + + $em = $this->getDoctrine()->getManager(); + $em->flush(); + + $json = $this->get('serializer')->serialize($entry, 'json'); + + return $this->renderJsonResponse($json); + } + + /** + * Delete **permanently** an entry + * + * @ApiDoc( + * requirements={ + * {"name"="entry", "dataType"="integer", "requirement"="\w+", "description"="The entry ID"} + * } + * ) + * @return Entry + */ + public function deleteEntriesAction(Entry $entry) + { + $this->validateUserAccess($entry->getUser()->getId(), $this->getUser()->getId()); + + $em = $this->getDoctrine()->getManager(); + $em->remove($entry); + $em->flush(); + + $json = $this->get('serializer')->serialize($entry, 'json'); + + return $this->renderJsonResponse($json); + } + + /** + * Retrieve all tags for an entry + * + * @ApiDoc( + * requirements={ + * {"name"="entry", "dataType"="integer", "requirement"="\w+", "description"="The entry ID"} + * } + * ) + */ + public function getEntriesTagsAction(Entry $entry) + { + $this->validateUserAccess($entry->getUser()->getId(), $this->getUser()->getId()); + + $json = $this->get('serializer')->serialize($entry->getTags(), 'json'); + + return $this->renderJsonResponse($json); + } + + /** + * Add one or more tags to an entry + * + * @ApiDoc( + * requirements={ + * {"name"="entry", "dataType"="integer", "requirement"="\w+", "description"="The entry ID"} + * }, + * parameters={ + * {"name"="tags", "dataType"="string", "required"=false, "format"="tag1,tag2,tag3", "description"="a comma-separated list of tags."}, + * } + * ) + */ + public function postEntriesTagsAction(Request $request, Entry $entry) + { + $this->validateUserAccess($entry->getUser()->getId(), $this->getUser()->getId()); + + $tags = $request->request->get('tags', ''); + if (!empty($tags)) { + $this->assignTagsToEntry($entry, $tags); + } + + $em = $this->getDoctrine()->getManager(); + $em->persist($entry); + $em->flush(); + + $json = $this->get('serializer')->serialize($entry, 'json'); + + return $this->renderJsonResponse($json); + } + + /** + * Permanently remove one tag for an entry + * + * @ApiDoc( + * requirements={ + * {"name"="tag", "dataType"="integer", "requirement"="\w+", "description"="The tag ID"}, + * {"name"="entry", "dataType"="integer", "requirement"="\w+", "description"="The entry ID"} + * } + * ) + */ + public function deleteEntriesTagsAction(Entry $entry, Tag $tag) + { + $this->validateUserAccess($entry->getUser()->getId(), $this->getUser()->getId()); + + $entry->removeTag($tag); + $em = $this->getDoctrine()->getManager(); + $em->persist($entry); + $em->flush(); + + $json = $this->get('serializer')->serialize($entry, 'json'); + + return $this->renderJsonResponse($json); + } + + /** + * Retrieve all tags + * + * @ApiDoc() + */ + public function getTagsAction() + { + $json = $this->get('serializer')->serialize($this->getUser()->getTags(), 'json'); + + return $this->renderJsonResponse($json); + } + + /** + * Permanently remove one tag from **every** entry + * + * @ApiDoc( + * requirements={ + * {"name"="tag", "dataType"="integer", "requirement"="\w+", "description"="The tag"} + * } + * ) + */ + public function deleteTagAction(Tag $tag) + { + $this->validateUserAccess($tag->getUser()->getId(), $this->getUser()->getId()); + + $em = $this->getDoctrine()->getManager(); + $em->remove($tag); + $em->flush(); + + $json = $this->get('serializer')->serialize($tag, 'json'); + + return $this->renderJsonResponse($json); + } + + /** + * Validate that the first id is equal to the second one. + * If not, throw exception. It means a user try to access information from an other user + * + * @param integer $requestUserId User id from the requested source + * @param integer $currentUserId User id from the retrieved source + */ + private function validateUserAccess($requestUserId, $currentUserId) + { + if ($requestUserId != $currentUserId) { + throw $this->createAccessDeniedException('Access forbidden. Entry user id: '.$requestUserId.', logged user id: '.$currentUserId); + } + } + + /** + * Send a JSON Response. + * We don't use the Symfony JsonRespone, because it takes an array as parameter instead of a JSON string + * + * @param string $json + * + * @return Response + */ + private function renderJsonResponse($json) + { + return new Response($json, 200, array('application/json')); + } +} diff --git a/src/Wallabag/ApiBundle/DependencyInjection/Configuration.php b/src/Wallabag/ApiBundle/DependencyInjection/Configuration.php new file mode 100644 index 00000000..80a07ca2 --- /dev/null +++ b/src/Wallabag/ApiBundle/DependencyInjection/Configuration.php @@ -0,0 +1,29 @@ +root('wallabag_api'); + + // Here you should define the parameters that are allowed to + // configure your bundle. See the documentation linked above for + // more information on that topic. + + return $treeBuilder; + } +} diff --git a/src/Wallabag/ApiBundle/DependencyInjection/Security/Factory/WsseFactory.php b/src/Wallabag/ApiBundle/DependencyInjection/Security/Factory/WsseFactory.php new file mode 100644 index 00000000..402eb869 --- /dev/null +++ b/src/Wallabag/ApiBundle/DependencyInjection/Security/Factory/WsseFactory.php @@ -0,0 +1,40 @@ +setDefinition($providerId, new DefinitionDecorator('wsse.security.authentication.provider')) + ->replaceArgument(0, new Reference($userProvider)) + ; + + $listenerId = 'security.authentication.listener.wsse.'.$id; + $listener = $container->setDefinition($listenerId, new DefinitionDecorator('wsse.security.authentication.listener')); + + return array($providerId, $listenerId, $defaultEntryPoint); + } + + public function getPosition() + { + return 'pre_auth'; + } + + public function getKey() + { + return 'wsse'; + } + + public function addConfiguration(NodeDefinition $node) + { + } +} diff --git a/src/Wallabag/ApiBundle/DependencyInjection/WallabagApiExtension.php b/src/Wallabag/ApiBundle/DependencyInjection/WallabagApiExtension.php new file mode 100644 index 00000000..c5cc204e --- /dev/null +++ b/src/Wallabag/ApiBundle/DependencyInjection/WallabagApiExtension.php @@ -0,0 +1,25 @@ +processConfiguration($configuration, $configs); + + $loader = new Loader\YamlFileLoader($container, new FileLocator(__DIR__.'/../Resources/config')); + $loader->load('services.yml'); + } + + public function getAlias() + { + return 'wallabag_api'; + } +} diff --git a/src/Wallabag/ApiBundle/Resources/config/routing.yml b/src/Wallabag/ApiBundle/Resources/config/routing.yml new file mode 100644 index 00000000..e69de29b diff --git a/src/Wallabag/ApiBundle/Resources/config/routing_rest.yml b/src/Wallabag/ApiBundle/Resources/config/routing_rest.yml new file mode 100644 index 00000000..5f43f971 --- /dev/null +++ b/src/Wallabag/ApiBundle/Resources/config/routing_rest.yml @@ -0,0 +1,4 @@ +entries: + type: rest + resource: "WallabagApiBundle:WallabagRest" + name_prefix: api_ diff --git a/src/Wallabag/ApiBundle/Resources/config/services.yml b/src/Wallabag/ApiBundle/Resources/config/services.yml new file mode 100644 index 00000000..6854a444 --- /dev/null +++ b/src/Wallabag/ApiBundle/Resources/config/services.yml @@ -0,0 +1,12 @@ +services: + wsse.security.authentication.provider: + class: Wallabag\ApiBundle\Security\Authentication\Provider\WsseProvider + public: false + arguments: ['', '%kernel.cache_dir%/security/nonces'] + + wsse.security.authentication.listener: + class: Wallabag\ApiBundle\Security\Firewall\WsseListener + public: false + tags: + - { name: monolog.logger, channel: wsse } + arguments: ['@security.context', '@security.authentication.manager', '@logger'] diff --git a/src/Wallabag/ApiBundle/Security/Authentication/Provider/WsseProvider.php b/src/Wallabag/ApiBundle/Security/Authentication/Provider/WsseProvider.php new file mode 100644 index 00000000..8e49167a --- /dev/null +++ b/src/Wallabag/ApiBundle/Security/Authentication/Provider/WsseProvider.php @@ -0,0 +1,78 @@ +userProvider = $userProvider; + $this->cacheDir = $cacheDir; + + // If cache directory does not exist we create it + if (!is_dir($this->cacheDir)) { + mkdir($this->cacheDir, 0777, true); + } + } + + public function authenticate(TokenInterface $token) + { + $user = $this->userProvider->loadUserByUsername($token->getUsername()); + + if (!$user) { + throw new AuthenticationException("Bad credentials. Did you forgot your username?"); + } + + if ($user && $this->validateDigest($token->digest, $token->nonce, $token->created, $user->getPassword())) { + $authenticatedToken = new WsseUserToken($user->getRoles()); + $authenticatedToken->setUser($user); + + return $authenticatedToken; + } + + throw new AuthenticationException('The WSSE authentication failed.'); + } + + protected function validateDigest($digest, $nonce, $created, $secret) + { + // Check created time is not in the future + if (strtotime($created) > time()) { + throw new AuthenticationException("Back to the future..."); + } + + // Expire timestamp after 5 minutes + if (time() - strtotime($created) > 300) { + throw new AuthenticationException("Too late for this timestamp... Watch your watch."); + } + + // Validate nonce is unique within 5 minutes + if (file_exists($this->cacheDir.'/'.$nonce) && file_get_contents($this->cacheDir.'/'.$nonce) + 300 > time()) { + throw new NonceExpiredException('Previously used nonce detected'); + } + + file_put_contents($this->cacheDir.'/'.$nonce, time()); + + // Validate Secret + $expected = base64_encode(sha1(base64_decode($nonce).$created.$secret, true)); + + if ($digest !== $expected) { + throw new AuthenticationException("Bad credentials ! Digest is not as expected."); + } + + return $digest === $expected; + } + + public function supports(TokenInterface $token) + { + return $token instanceof WsseUserToken; + } +} diff --git a/src/Wallabag/ApiBundle/Security/Authentication/Token/WsseUserToken.php b/src/Wallabag/ApiBundle/Security/Authentication/Token/WsseUserToken.php new file mode 100644 index 00000000..aa68dbdc --- /dev/null +++ b/src/Wallabag/ApiBundle/Security/Authentication/Token/WsseUserToken.php @@ -0,0 +1,23 @@ +setAuthenticated(count($roles) > 0); + } + + public function getCredentials() + { + return ''; + } +} diff --git a/src/Wallabag/ApiBundle/Security/Firewall/WsseListener.php b/src/Wallabag/ApiBundle/Security/Firewall/WsseListener.php new file mode 100644 index 00000000..50587837 --- /dev/null +++ b/src/Wallabag/ApiBundle/Security/Firewall/WsseListener.php @@ -0,0 +1,62 @@ +securityContext = $securityContext; + $this->authenticationManager = $authenticationManager; + $this->logger = $logger; + } + + public function handle(GetResponseEvent $event) + { + $request = $event->getRequest(); + + $wsseRegex = '/UsernameToken Username="([^"]+)", PasswordDigest="([^"]+)", Nonce="([^"]+)", Created="([^"]+)"/'; + if (!$request->headers->has('x-wsse') || 1 !== preg_match($wsseRegex, $request->headers->get('x-wsse'), $matches)) { + return; + } + + $token = new WsseUserToken(); + $token->setUser($matches[1]); + + $token->digest = $matches[2]; + $token->nonce = $matches[3]; + $token->created = $matches[4]; + + try { + $authToken = $this->authenticationManager->authenticate($token); + + $this->securityContext->setToken($authToken); + + return; + } catch (AuthenticationException $failed) { + $failedMessage = 'WSSE Login failed for '.$token->getUsername().'. Why ? '.$failed->getMessage(); + $this->logger->err($failedMessage); + + // Deny authentication with a '403 Forbidden' HTTP response + $response = new Response(); + $response->setStatusCode(403); + $response->setContent($failedMessage); + $event->setResponse($response); + + return; + } + } +} diff --git a/src/Wallabag/ApiBundle/Tests/Controller/WallabagRestControllerTest.php b/src/Wallabag/ApiBundle/Tests/Controller/WallabagRestControllerTest.php new file mode 100644 index 00000000..ea8ee072 --- /dev/null +++ b/src/Wallabag/ApiBundle/Tests/Controller/WallabagRestControllerTest.php @@ -0,0 +1,410 @@ +getContainer() + ->get('doctrine.orm.entity_manager') + ->getRepository('WallabagCoreBundle:User') + ->findOneByUsername('admin'); + + self::$salt = $user->getSalt(); + } + + /** + * Generate HTTP headers for authenticate user on API + * + * @param string $username + * @param string $password + * + * @return array + */ + private function generateHeaders($username, $password) + { + $encryptedPassword = sha1($password.$username.self::$salt); + $nonce = substr(md5(uniqid('nonce_', true)), 0, 16); + + $now = new \DateTime('now', new \DateTimeZone('UTC')); + $created = (string) $now->format('Y-m-d\TH:i:s\Z'); + $digest = base64_encode(sha1(base64_decode($nonce).$created.$encryptedPassword, true)); + + return array( + 'HTTP_AUTHORIZATION' => 'Authorization profile="UsernameToken"', + 'HTTP_x-wsse' => 'X-WSSE: UsernameToken Username="'.$username.'", PasswordDigest="'.$digest.'", Nonce="'.$nonce.'", Created="'.$created.'"', + ); + } + + public function testGetSalt() + { + $client = $this->createClient(); + $client->request('GET', '/api/salts/admin.json'); + + $user = $client->getContainer() + ->get('doctrine.orm.entity_manager') + ->getRepository('WallabagCoreBundle:User') + ->findOneByUsername('admin'); + + $this->assertEquals(200, $client->getResponse()->getStatusCode()); + + $content = json_decode($client->getResponse()->getContent(), true); + + $this->assertArrayHasKey(0, $content); + $this->assertEquals($user->getSalt(), $content[0]); + + $client->request('GET', '/api/salts/notfound.json'); + $this->assertEquals(404, $client->getResponse()->getStatusCode()); + } + + public function testWithBadHeaders() + { + $client = $this->createClient(); + + $entry = $client->getContainer() + ->get('doctrine.orm.entity_manager') + ->getRepository('WallabagCoreBundle:Entry') + ->findOneByIsArchived(false); + + if (!$entry) { + $this->markTestSkipped('No content found in db.'); + } + + $badHeaders = array( + 'HTTP_AUTHORIZATION' => 'Authorization profile="UsernameToken"', + 'HTTP_x-wsse' => 'X-WSSE: UsernameToken Username="admin", PasswordDigest="Wr0ngDig3st", Nonce="n0Nc3", Created="2015-01-01T13:37:00Z"', + ); + + $client->request('GET', '/api/entries/'.$entry->getId().'.json', array(), array(), $badHeaders); + $this->assertEquals(403, $client->getResponse()->getStatusCode()); + } + + public function testGetOneEntry() + { + $client = $this->createClient(); + $headers = $this->generateHeaders('admin', 'mypassword'); + + $entry = $client->getContainer() + ->get('doctrine.orm.entity_manager') + ->getRepository('WallabagCoreBundle:Entry') + ->findOneBy(array('user' => 1, 'isArchived' => false)); + + if (!$entry) { + $this->markTestSkipped('No content found in db.'); + } + + $client->request('GET', '/api/entries/'.$entry->getId().'.json', array(), array(), $headers); + + $this->assertEquals(200, $client->getResponse()->getStatusCode()); + + $content = json_decode($client->getResponse()->getContent(), true); + + $this->assertEquals($entry->getTitle(), $content['title']); + $this->assertEquals($entry->getUrl(), $content['url']); + $this->assertCount(count($entry->getTags()), $content['tags']); + + $this->assertTrue( + $client->getResponse()->headers->contains( + 'Content-Type', + 'application/json' + ) + ); + } + + public function testGetOneEntryWrongUser() + { + $client = $this->createClient(); + $headers = $this->generateHeaders('admin', 'mypassword'); + + $entry = $client->getContainer() + ->get('doctrine.orm.entity_manager') + ->getRepository('WallabagCoreBundle:Entry') + ->findOneBy(array('user' => 2, 'isArchived' => false)); + + if (!$entry) { + $this->markTestSkipped('No content found in db.'); + } + + $client->request('GET', '/api/entries/'.$entry->getId().'.json', array(), array(), $headers); + + $this->assertEquals(403, $client->getResponse()->getStatusCode()); + } + + public function testGetEntries() + { + $client = $this->createClient(); + $headers = $this->generateHeaders('admin', 'mypassword'); + + $client->request('GET', '/api/entries', array(), array(), $headers); + + $this->assertEquals(200, $client->getResponse()->getStatusCode()); + + $content = json_decode($client->getResponse()->getContent(), true); + + $this->assertGreaterThanOrEqual(1, count($content)); + $this->assertNotEmpty($content['_embedded']['items']); + $this->assertGreaterThanOrEqual(1, $content['total']); + $this->assertEquals(1, $content['page']); + $this->assertGreaterThanOrEqual(1, $content['pages']); + + $this->assertTrue( + $client->getResponse()->headers->contains( + 'Content-Type', + 'application/json' + ) + ); + } + + public function testGetStarredEntries() + { + $client = $this->createClient(); + $headers = $this->generateHeaders('admin', 'mypassword'); + + $client->request('GET', '/api/entries', array('archive' => 1), array(), $headers); + + $this->assertEquals(200, $client->getResponse()->getStatusCode()); + + $content = json_decode($client->getResponse()->getContent(), true); + + $this->assertGreaterThanOrEqual(1, count($content)); + $this->assertEmpty($content['_embedded']['items']); + $this->assertEquals(0, $content['total']); + $this->assertEquals(1, $content['page']); + $this->assertEquals(1, $content['pages']); + + $this->assertTrue( + $client->getResponse()->headers->contains( + 'Content-Type', + 'application/json' + ) + ); + } + + public function testDeleteEntry() + { + $client = $this->createClient(); + $headers = $this->generateHeaders('admin', 'mypassword'); + + $entry = $client->getContainer() + ->get('doctrine.orm.entity_manager') + ->getRepository('WallabagCoreBundle:Entry') + ->findOneByUser(1); + + if (!$entry) { + $this->markTestSkipped('No content found in db.'); + } + + $client->request('DELETE', '/api/entries/'.$entry->getId().'.json', array(), array(), $headers); + + $this->assertEquals(200, $client->getResponse()->getStatusCode()); + + $content = json_decode($client->getResponse()->getContent(), true); + + $this->assertEquals($entry->getTitle(), $content['title']); + $this->assertEquals($entry->getUrl(), $content['url']); + + // We'll try to delete this entry again + $headers = $this->generateHeaders('admin', 'mypassword'); + + $client->request('DELETE', '/api/entries/'.$entry->getId().'.json', array(), array(), $headers); + + $this->assertEquals(404, $client->getResponse()->getStatusCode()); + } + + public function testPostEntry() + { + $client = $this->createClient(); + $headers = $this->generateHeaders('admin', 'mypassword'); + + $client->request('POST', '/api/entries.json', array( + 'url' => 'http://www.lemonde.fr/pixels/article/2015/03/28/plongee-dans-l-univers-d-ingress-le-jeu-de-google-aux-frontieres-du-reel_4601155_4408996.html', + 'tags' => 'google', + ), array(), $headers); + + $this->assertEquals(200, $client->getResponse()->getStatusCode()); + + $content = json_decode($client->getResponse()->getContent(), true); + + $this->assertGreaterThan(0, $content['id']); + $this->assertEquals('http://www.lemonde.fr/pixels/article/2015/03/28/plongee-dans-l-univers-d-ingress-le-jeu-de-google-aux-frontieres-du-reel_4601155_4408996.html', $content['url']); + $this->assertEquals(false, $content['is_archived']); + $this->assertEquals(false, $content['is_starred']); + $this->assertCount(1, $content['tags']); + } + + public function testPatchEntry() + { + $client = $this->createClient(); + $headers = $this->generateHeaders('admin', 'mypassword'); + + $entry = $client->getContainer() + ->get('doctrine.orm.entity_manager') + ->getRepository('WallabagCoreBundle:Entry') + ->findOneByUser(1); + + if (!$entry) { + $this->markTestSkipped('No content found in db.'); + } + + // hydrate the tags relations + $nbTags = count($entry->getTags()); + + $client->request('PATCH', '/api/entries/'.$entry->getId().'.json', array( + 'title' => 'New awesome title', + 'tags' => 'new tag '.uniqid(), + 'star' => true, + 'archive' => false, + ), array(), $headers); + + $this->assertEquals(200, $client->getResponse()->getStatusCode()); + + $content = json_decode($client->getResponse()->getContent(), true); + + $this->assertEquals($entry->getId(), $content['id']); + $this->assertEquals($entry->getUrl(), $content['url']); + $this->assertEquals('New awesome title', $content['title']); + $this->assertGreaterThan($nbTags, count($content['tags'])); + } + + public function testGetTagsEntry() + { + $client = $this->createClient(); + $headers = $this->generateHeaders('admin', 'mypassword'); + + $entry = $client->getContainer() + ->get('doctrine.orm.entity_manager') + ->getRepository('WallabagCoreBundle:Entry') + ->findOneWithTags(1); + + $entry = $entry[0]; + + if (!$entry) { + $this->markTestSkipped('No content found in db.'); + } + + $tags = array(); + foreach ($entry->getTags() as $tag) { + $tags[] = array('id' => $tag->getId(), 'label' => $tag->getLabel()); + } + + $client->request('GET', '/api/entries/'.$entry->getId().'/tags', array(), array(), $headers); + + $this->assertEquals(json_encode($tags, JSON_HEX_QUOT), $client->getResponse()->getContent()); + } + + public function testPostTagsOnEntry() + { + $client = $this->createClient(); + $headers = $this->generateHeaders('admin', 'mypassword'); + + $entry = $client->getContainer() + ->get('doctrine.orm.entity_manager') + ->getRepository('WallabagCoreBundle:Entry') + ->findOneByUser(1); + + if (!$entry) { + $this->markTestSkipped('No content found in db.'); + } + + $nbTags = count($entry->getTags()); + + $newTags = 'tag1,tag2,tag3'; + + $client->request('POST', '/api/entries/'.$entry->getId().'/tags', array('tags' => $newTags), array(), $headers); + + $this->assertEquals(200, $client->getResponse()->getStatusCode()); + + $content = json_decode($client->getResponse()->getContent(), true); + + $this->assertArrayHasKey('tags', $content); + $this->assertEquals($nbTags+3, count($content['tags'])); + + $entryDB = $client->getContainer() + ->get('doctrine.orm.entity_manager') + ->getRepository('WallabagCoreBundle:Entry') + ->find($entry->getId()); + + $tagsInDB = array(); + foreach ($entryDB->getTags()->toArray() as $tag) { + $tagsInDB[$tag->getId()] = $tag->getLabel(); + } + + foreach (explode(',', $newTags) as $tag) { + $this->assertContains($tag, $tagsInDB); + } + } + + public function testDeleteOneTagEntrie() + { + $client = $this->createClient(); + $headers = $this->generateHeaders('admin', 'mypassword'); + + $entry = $client->getContainer() + ->get('doctrine.orm.entity_manager') + ->getRepository('WallabagCoreBundle:Entry') + ->findOneByUser(1); + + if (!$entry) { + $this->markTestSkipped('No content found in db.'); + } + + // hydrate the tags relations + $nbTags = count($entry->getTags()); + $tag = $entry->getTags()[0]; + + $client->request('DELETE', '/api/entries/'.$entry->getId().'/tags/'.$tag->getId().'.json', array(), array(), $headers); + + $this->assertEquals(200, $client->getResponse()->getStatusCode()); + + $content = json_decode($client->getResponse()->getContent(), true); + + $this->assertArrayHasKey('tags', $content); + $this->assertEquals($nbTags-1, count($content['tags'])); + } + + public function testGetUserTags() + { + $client = $this->createClient(); + $headers = $this->generateHeaders('admin', 'mypassword'); + + $client->request('GET', '/api/tags.json', array(), array(), $headers); + + $this->assertEquals(200, $client->getResponse()->getStatusCode()); + + $content = json_decode($client->getResponse()->getContent(), true); + + $this->assertGreaterThan(0, $content); + $this->assertArrayHasKey('id', $content[0]); + $this->assertArrayHasKey('label', $content[0]); + + return end($content); + } + + /** + * @depends testGetUserTags + */ + public function testDeleteUserTag($tag) + { + $client = $this->createClient(); + $headers = $this->generateHeaders('admin', 'mypassword'); + + $client->request('DELETE', '/api/tags/'.$tag['id'].'.json', array(), array(), $headers); + + $this->assertEquals(200, $client->getResponse()->getStatusCode()); + + $content = json_decode($client->getResponse()->getContent(), true); + + $this->assertArrayHasKey('label', $content); + $this->assertEquals($tag['label'], $content['label']); + } +} diff --git a/src/Wallabag/ApiBundle/WallabagApiBundle.php b/src/Wallabag/ApiBundle/WallabagApiBundle.php new file mode 100644 index 00000000..2484f277 --- /dev/null +++ b/src/Wallabag/ApiBundle/WallabagApiBundle.php @@ -0,0 +1,18 @@ +getExtension('security'); + $extension->addSecurityListenerFactory(new WsseFactory()); + } +} -- cgit v1.2.3 From 9744e97131182f413b51a0ce671ff273fc28a0bb Mon Sep 17 00:00:00 2001 From: Jeremy Date: Wed, 1 Apr 2015 21:53:57 +0200 Subject: Fix tests --- .../ApiBundle/Tests/Controller/WallabagRestControllerTest.php | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) (limited to 'src/Wallabag/ApiBundle') diff --git a/src/Wallabag/ApiBundle/Tests/Controller/WallabagRestControllerTest.php b/src/Wallabag/ApiBundle/Tests/Controller/WallabagRestControllerTest.php index ea8ee072..b36ae7c6 100644 --- a/src/Wallabag/ApiBundle/Tests/Controller/WallabagRestControllerTest.php +++ b/src/Wallabag/ApiBundle/Tests/Controller/WallabagRestControllerTest.php @@ -1,6 +1,6 @@ getResponse()->getContent(), true); $this->assertGreaterThanOrEqual(1, count($content)); - $this->assertEmpty($content['_embedded']['items']); - $this->assertEquals(0, $content['total']); + $this->assertNotEmpty($content['_embedded']['items']); + $this->assertGreaterThanOrEqual(1, $content['total']); $this->assertEquals(1, $content['page']); - $this->assertEquals(1, $content['pages']); + $this->assertGreaterThanOrEqual(1, $content['pages']); $this->assertTrue( $client->getResponse()->headers->contains( -- cgit v1.2.3 From 4346a86068781f4acdeb574d7e2af08b77b58ea7 Mon Sep 17 00:00:00 2001 From: Jeremy Benoist Date: Sat, 30 May 2015 13:52:26 +0200 Subject: CS --- .../Controller/WallabagRestController.php | 38 +++++++++++++--------- .../DependencyInjection/Configuration.php | 2 +- .../Authentication/Provider/WsseProvider.php | 9 ++--- .../Authentication/Token/WsseUserToken.php | 1 + .../Controller/WallabagRestControllerTest.php | 8 ++--- 5 files changed, 33 insertions(+), 25 deletions(-) (limited to 'src/Wallabag/ApiBundle') diff --git a/src/Wallabag/ApiBundle/Controller/WallabagRestController.php b/src/Wallabag/ApiBundle/Controller/WallabagRestController.php index 21e4552d..2f5923c8 100644 --- a/src/Wallabag/ApiBundle/Controller/WallabagRestController.php +++ b/src/Wallabag/ApiBundle/Controller/WallabagRestController.php @@ -47,6 +47,7 @@ class WallabagRestController extends Controller * {"name"="username", "dataType"="string", "required"=true, "description"="username"} * } * ) + * * @return array */ public function getSaltAction($username) @@ -77,6 +78,7 @@ class WallabagRestController extends Controller * {"name"="tags", "dataType"="string", "required"=false, "format"="api%2Crest", "description"="a list of tags url encoded. Will returns entries that matches ALL tags."}, * } * ) + * * @return Entry */ public function getEntriesAction(Request $request) @@ -109,13 +111,14 @@ class WallabagRestController extends Controller } /** - * Retrieve a single entry + * Retrieve a single entry. * * @ApiDoc( * requirements={ * {"name"="entry", "dataType"="integer", "requirement"="\w+", "description"="The entry ID"} * } * ) + * * @return Entry */ public function getEntryAction(Entry $entry) @@ -128,7 +131,7 @@ class WallabagRestController extends Controller } /** - * Create an entry + * Create an entry. * * @ApiDoc( * parameters={ @@ -137,6 +140,7 @@ class WallabagRestController extends Controller * {"name"="tags", "dataType"="string", "required"=false, "format"="tag1,tag2,tag3", "description"="a comma-separated list of tags."}, * } * ) + * * @return Entry */ public function postEntriesAction(Request $request) @@ -164,7 +168,7 @@ class WallabagRestController extends Controller } /** - * Change several properties of an entry + * Change several properties of an entry. * * @ApiDoc( * requirements={ @@ -177,15 +181,16 @@ class WallabagRestController extends Controller * {"name"="star", "dataType"="boolean", "required"=false, "format"="true or false", "description"="starred the entry."}, * } * ) + * * @return Entry */ public function patchEntriesAction(Entry $entry, Request $request) { $this->validateUserAccess($entry->getUser()->getId(), $this->getUser()->getId()); - $title = $request->request->get("title"); - $isArchived = $request->request->get("archive"); - $isStarred = $request->request->get("star"); + $title = $request->request->get('title'); + $isArchived = $request->request->get('archive'); + $isStarred = $request->request->get('star'); if (!is_null($title)) { $entry->setTitle($title); @@ -213,13 +218,14 @@ class WallabagRestController extends Controller } /** - * Delete **permanently** an entry + * Delete **permanently** an entry. * * @ApiDoc( * requirements={ * {"name"="entry", "dataType"="integer", "requirement"="\w+", "description"="The entry ID"} * } * ) + * * @return Entry */ public function deleteEntriesAction(Entry $entry) @@ -236,7 +242,7 @@ class WallabagRestController extends Controller } /** - * Retrieve all tags for an entry + * Retrieve all tags for an entry. * * @ApiDoc( * requirements={ @@ -254,7 +260,7 @@ class WallabagRestController extends Controller } /** - * Add one or more tags to an entry + * Add one or more tags to an entry. * * @ApiDoc( * requirements={ @@ -284,7 +290,7 @@ class WallabagRestController extends Controller } /** - * Permanently remove one tag for an entry + * Permanently remove one tag for an entry. * * @ApiDoc( * requirements={ @@ -308,7 +314,7 @@ class WallabagRestController extends Controller } /** - * Retrieve all tags + * Retrieve all tags. * * @ApiDoc() */ @@ -320,7 +326,7 @@ class WallabagRestController extends Controller } /** - * Permanently remove one tag from **every** entry + * Permanently remove one tag from **every** entry. * * @ApiDoc( * requirements={ @@ -343,10 +349,10 @@ class WallabagRestController extends Controller /** * Validate that the first id is equal to the second one. - * If not, throw exception. It means a user try to access information from an other user + * If not, throw exception. It means a user try to access information from an other user. * - * @param integer $requestUserId User id from the requested source - * @param integer $currentUserId User id from the retrieved source + * @param int $requestUserId User id from the requested source + * @param int $currentUserId User id from the retrieved source */ private function validateUserAccess($requestUserId, $currentUserId) { @@ -357,7 +363,7 @@ class WallabagRestController extends Controller /** * Send a JSON Response. - * We don't use the Symfony JsonRespone, because it takes an array as parameter instead of a JSON string + * We don't use the Symfony JsonRespone, because it takes an array as parameter instead of a JSON string. * * @param string $json * diff --git a/src/Wallabag/ApiBundle/DependencyInjection/Configuration.php b/src/Wallabag/ApiBundle/DependencyInjection/Configuration.php index 80a07ca2..cec45412 100644 --- a/src/Wallabag/ApiBundle/DependencyInjection/Configuration.php +++ b/src/Wallabag/ApiBundle/DependencyInjection/Configuration.php @@ -6,7 +6,7 @@ use Symfony\Component\Config\Definition\Builder\TreeBuilder; use Symfony\Component\Config\Definition\ConfigurationInterface; /** - * This is the class that validates and merges configuration from your app/config files + * This is the class that validates and merges configuration from your app/config files. * * To learn more see {@link http://symfony.com/doc/current/cookbook/bundles/extension.html#cookbook-bundles-extension-config-class} */ diff --git a/src/Wallabag/ApiBundle/Security/Authentication/Provider/WsseProvider.php b/src/Wallabag/ApiBundle/Security/Authentication/Provider/WsseProvider.php index 8e49167a..db73ae2a 100644 --- a/src/Wallabag/ApiBundle/Security/Authentication/Provider/WsseProvider.php +++ b/src/Wallabag/ApiBundle/Security/Authentication/Provider/WsseProvider.php @@ -1,4 +1,5 @@ userProvider->loadUserByUsername($token->getUsername()); if (!$user) { - throw new AuthenticationException("Bad credentials. Did you forgot your username?"); + throw new AuthenticationException('Bad credentials. Did you forgot your username?'); } if ($user && $this->validateDigest($token->digest, $token->nonce, $token->created, $user->getPassword())) { @@ -46,12 +47,12 @@ class WsseProvider implements AuthenticationProviderInterface { // Check created time is not in the future if (strtotime($created) > time()) { - throw new AuthenticationException("Back to the future..."); + throw new AuthenticationException('Back to the future...'); } // Expire timestamp after 5 minutes if (time() - strtotime($created) > 300) { - throw new AuthenticationException("Too late for this timestamp... Watch your watch."); + throw new AuthenticationException('Too late for this timestamp... Watch your watch.'); } // Validate nonce is unique within 5 minutes @@ -65,7 +66,7 @@ class WsseProvider implements AuthenticationProviderInterface $expected = base64_encode(sha1(base64_decode($nonce).$created.$secret, true)); if ($digest !== $expected) { - throw new AuthenticationException("Bad credentials ! Digest is not as expected."); + throw new AuthenticationException('Bad credentials ! Digest is not as expected.'); } return $digest === $expected; diff --git a/src/Wallabag/ApiBundle/Security/Authentication/Token/WsseUserToken.php b/src/Wallabag/ApiBundle/Security/Authentication/Token/WsseUserToken.php index aa68dbdc..e6d30224 100644 --- a/src/Wallabag/ApiBundle/Security/Authentication/Token/WsseUserToken.php +++ b/src/Wallabag/ApiBundle/Security/Authentication/Token/WsseUserToken.php @@ -1,4 +1,5 @@ getResponse()->getContent(), true); $this->assertArrayHasKey('tags', $content); - $this->assertEquals($nbTags+3, count($content['tags'])); + $this->assertEquals($nbTags + 3, count($content['tags'])); $entryDB = $client->getContainer() ->get('doctrine.orm.entity_manager') @@ -369,7 +369,7 @@ class WallabagRestControllerTest extends WebTestCase $content = json_decode($client->getResponse()->getContent(), true); $this->assertArrayHasKey('tags', $content); - $this->assertEquals($nbTags-1, count($content['tags'])); + $this->assertEquals($nbTags - 1, count($content['tags'])); } public function testGetUserTags() -- cgit v1.2.3