public function testVariousInteractions()
{
$controller = new SessionAPILoginController(true);
//User email set but not API key
$_GET = array('success_redir' => 'success', 'failure_redir' => 'failure', 'u' => '*****@*****.**');
$results = $controller->go();
$this->assertEqual($controller->redirect_destination, "failure?msg=API+key+must+not+be+empty.");
//User email set but not API key on failure URL with ? in it
$_GET = array('success_redir' => 'success', 'failure_redir' => 'http://example.com/failure?yes=yes', 'u' => '*****@*****.**');
$results = $controller->go();
$this->assertEqual($controller->redirect_destination, 'http://example.com/failure?yes=yes&msg=API+key+must+not+be+empty.');
//API key set but not user email
$_GET = array('success_redir' => 'success', 'failure_redir' => 'failure', 'k' => 'apikeyyo');
$results = $controller->go();
$this->assertEqual($controller->redirect_destination, 'failure?msg=Email+must+not+be+empty.');
//User does not exist
$_GET = array('success_redir' => 'success', 'failure_redir' => 'failure', 'u' => '*****@*****.**', 'k' => 'apikeyyo');
$results = $controller->go();
$this->assertEqual($controller->redirect_destination, 'failure?msg=Invalid+email.');
//User is not activated
$_GET = array('success_redir' => 'success', 'failure_redir' => 'failure', 'u' => '*****@*****.**', 'k' => 'apikeyyo');
$results = $controller->go();
$this->assertEqual($controller->redirect_destination, 'failure?msg=Inactive+account.');
//User exists but doesn't have a private API key set
$_GET = array('success_redir' => 'success', 'failure_redir' => 'failure', 'u' => '*****@*****.**', 'k' => 'apikeyyo');
$results = $controller->go();
$this->assertEqual($controller->redirect_destination, 'failure?msg=Invalid+API+key.');
//User exists and has API key but it is incorrect
$_GET = array('success_redir' => 'success', 'failure_redir' => 'failure', 'u' => '*****@*****.**', 'k' => 'aasdasdfafabbccdd');
$results = $controller->go();
$this->assertEqual($controller->redirect_destination, 'failure?msg=Invalid+API+key.');
//User 1 is logged in and user 2 attempts login
$_GET = array('success_redir' => 'success', 'failure_redir' => 'failure', 'u' => '*****@*****.**', 'k' => 'yayaya');
$results = $controller->go();
$this->assertEqual($controller->redirect_destination, 'success');
//User logs in successfully with success redirect that has a ? in it
$_GET = array('success_redir' => 'https://thinkup.com/admin/user/success.php?answer=yes&comment=indeed', 'failure_redir' => 'failure', 'u' => '*****@*****.**', 'k' => 'yayaya');
$results = $controller->go();
$this->assertEqual($controller->redirect_destination, 'https://thinkup.com/admin/user/success.php?answer=yes&comment=indeed');
}
<?php
/**
*
* ThinkUp/webapp/api/v1/session/login.php
*
* Copyright (c) 2013 Gina Trapani
*
* LICENSE:
*
* This file is part of ThinkUp (http://thinkup.com).
*
* ThinkUp is free software: you can redistribute it and/or modify it under the terms of the GNU General Public
* License as published by the Free Software Foundation, either version 2 of the License, or (at your option) any
* later version.
*
* ThinkUp is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied
* warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more
* details.
*
* You should have received a copy of the GNU General Public License along with ThinkUp. If not, see
* <http://www.gnu.org/licenses/>.
*
* @license http://www.gnu.org/licenses/gpl.html
* @copyright 2013 Gina Trapani
*/
chdir("../../../");
require_once 'init.php';
$controller = new SessionAPILoginController();
echo $controller->go();
