/**
* Create dependant objects before running each test
**/
public final function setUp()
{
//Run the default setUp() method first
parent::setUp();
//create and insert profile to tag image
$password = "******";
$salt = bin2hex(openssl_random_pseudo_bytes(32));
$verify = $salt;
$hash = hash_pbkdf2("sha512", $password, $salt, 262144);
$this->profile = new Profile(null, true, null, "Email", "myName", $hash, 1, "mynameagain", "867", $salt, $verify);
$this->profile->insert($this->getPDO());
//create an image to be tagged
$this->imageTagImage = new Image(null, $this->profile->getProfileId(), "jpeg", "myfile", "theText", null);
$this->imageTagImage->insert($this->getPDO());
$this->imageTagTag = new Tag(null, "Photo");
$this->imageTagTag->insert($this->getPDO());
}
/**
* test grabbing all Votes
**/
public function testGetAllValidVotes()
{
// count the number of rows and save it for later
$numRows = $this->getConnection()->getRowCount("vote");
// create a new Vote and insert to into mySQL
$vote = new Vote($this->voteProfile->getProfileId(), $this->voteImage->getImageId(), $this->VALID_VOTEVALUE);
$vote->insert($this->getPDO());
// grab the data from mySQL and enforce the fields match our expectations
$results = Vote::getAllvotes($this->getPDO());
$this->assertEquals($numRows + 1, $this->getConnection()->getRowCount("vote"));
$this->assertCount(1, $results);
$this->assertContainsOnlyInstancesOf("Edu\\Cnm\\Jpegery\\Vote", $results);
// grab the result from the array and validate it
$pdoVote = $results[0];
$this->assertEquals($pdoVote->getVoteProfileId(), $this->voteProfile->getProfileId());
$this->assertEquals($pdoVote->getVoteImageId(), $this->voteImage->getImageId());
$this->assertEquals($pdoVote->getVoteValue(), $this->VALID_VOTEVALUE);
}
use Edu\Cnm\Jpegery\Profile;
//verify the xsrf challenge
if (session_status() !== PHP_SESSION_ACTIVE) {
session_start();
}
// prepare default error message
$reply = new stdClass();
$reply->status = 200;
$reply->data = null;
try {
//grab the mySQL connection
$pdo = connectToEncryptedMySQL("/etc/apache2/capstone-mysql/jpegery.ini");
$profileVerify = filter_input(INPUT_GET, "profileVerify", FILTER_SANITIZE_STRING);
if ($profileVerify === null) {
throw new \InvalidArgumentException("Testing");
}
$profile = Profile::getProfileByProfileVerify($pdo, $profileVerify);
// make sure the verification isn't empty
if (empty($profile) === true || $profile === null) {
throw new InvalidArgumentException("Activation code has been used or does not exist", 404);
} else {
$profileVerify->setProfileVerify();
$profile->update($pdo);
$reply->data = "Congratulations, your account has been activated!";
}
} catch (Exception $exception) {
$reply->status = $exception->getCode();
$reply->data = $exception->getMessage();
}
header("Content-type: application/json");
echo json_encode($reply);
}
$reply->message = "Profile has been updated";
//post
} elseif ($method === "POST") {
// Verify that they are trying to update their own profile
// $security = Profile::getProfileByProfileId($pdo, $_SESSION["profile"]->getProfileId());
// if($security->getProfileId() === false) {
// $_SESSION["profile"]->setProfileId(false);
// throw(new RunTimeException("Access Denied", 403));
// }
$password = $requestObject->profilePassword;
$salt = bin2hex(openssl_random_pseudo_bytes(32));
$hash = hash_pbkdf2("sha512", $password, $salt, 262144);
$profileVerify = bin2hex(openssl_random_pseudo_bytes(8));
//create new Profile
$profile = new Profile(null, false, null, $requestObject->profileEmail, $requestObject->profileHandle, $hash, 4414, $requestObject->profileNameF, $requestObject->profileNameL, $requestObject->profilePhone, $salt, $profileVerify);
$profile->insert($pdo);
$_SESSION["profile"] = $profile;
$reply->message = "Profile has been created";
//compose and send the email for confirmation and setting a new password
// create Swift message
$swiftMessage = Swift_Message::newInstance();
// attach the sender to the message
// this takes the form of an associative array where the Email is the key for the real name
$swiftMessage->setFrom(["*****@*****.**" => "Jpegery"]);
/**
* attach the recipients to the message
* this is an array that can include or omit the the recipient's real name
* use the recipients' real name where possible; this reduces the probability of the Email being marked as spam
**/
$recipients = [$requestObject->profileEmail];
// $pdo //Connect to mysql encrypted;
verifyXsrf();
$requestContent = file_get_contents("php://input");
$requestObject = json_decode($requestContent);
//grab the mySQL connection
$pdo = connectToEncryptedMySQL("/etc/apache2/capstone-mysql/jpegery.ini");
try {
$profile = Profile::getProfileByProfileEmail($pdo, $requestObject->emailHandlePhone);
} catch (Exception $exception) {
$profile = null;
}
if ($profile === null) {
$profile = Profile::getProfileByProfileHandle($pdo, $requestObject->emailHandlePhone);
}
if ($profile === null) {
$profile = Profile::getProfileByProfilePhone($pdo, $requestObject->emailHandlePhone);
}
// if login options cannot be verified throw exception
if ($profile === null) {
throw new \RuntimeException("User name or password is incorrect");
}
$hash = hash_pbkdf2("sha512", $requestObject->password, $profile->getProfileSalt(), 262144);
// if login credentials are valid; start session
if (empty($profile) === false && $hash === $profile->getProfileHash()) {
//Put the profile in the session.
$reply->message = "Welcome to jpegery!";
$_SESSION["profile"] = $profile;
} else {
throw new \RuntimeException("User name or password is incorrect");
}
} catch (Exception $exception) {
verifyXsrf();
$requestContent = file_get_contents("php://input");
$requestObject = json_decode($requestContent);
$follow = new Follower($requestObject->followerFollowerId, $requestObject->followerFollowedId);
$follow->insert($pdo);
$tempName = Profile::getProfilebyProfileId($pdo, $requestObject->followerFollowedId)->getProfileHandle();
$reply->message = "You are now following " . $tempName;
} elseif ($method === "DELETE") {
$follower = Follower::getFollowerByFollowerIdAndFollowedId($pdo, $followerFollowerId, $followerFollowedId);
if ($follower === null) {
throw new \RuntimeException("relationship does not exist", 404);
}
if ($_SESSION["profile"]->getProfileId() !== $follower->getFollowerFollowerId()) {
throw new \RuntimeException("Only the follower can stop following.");
}
$tempName = Profile::getProfilebyProfileId($pdo, $follower->getFollowerFollowedId())->getProfileHandle();
$follower->delete($pdo);
$deletedObject = new stdClass();
$deletedObject->followerFollowerId = $followerFollowerId;
$deletedObject->followerFollowedId = $followerFollowedId;
$reply->message = "You are no longer following " . $tempName;
}
} elseif (empty($method) === false && $method !== "GET") {
//If a non-admin attempted to access anything other than GET, throw an error at them
throw new \RuntimeException("Only administrators are allowed to modify entries", 401);
}
}
} catch (Exception $exception) {
$reply->status = $exception->getCode();
$reply->message = $exception->getMessage();
}
/**
* test grabbing a Profile that does not exist
**/
public function testGetInvalidProfileByProfileId()
{
// grab a profile id that exceeds the maximum allowable profile id
$profile = Profile::getProfileByProfileId($this->getPDO(), JpegeryTest::INVALID_KEY);
$this->assertNull($profile);
}
/**
* @expectedException \RangeException
*/
public function testInsertInvalidCommentByTooMuchText()
{
//Create a new Comment and insert it into mySQL
$comment = new Comment(null, $this->image->getImageId(), $this->profile->getProfileId(), $this->VALID_COMMENTDATE, $this->INVALID_TEXTLENGTH);
$comment->insert($this->getPDO());
}
/**
* @expectedException \RangeException
**/
public function testSetInvalidFollowerByNegativeFollowedId()
{
$follow = new Follower($this->follower->getProfileId(), -1);
$follow->insert($this->getPDO());
}
