/**
*
* ThinkUp/webapp/api/v1/post.php
*
* Copyright (c) 2009-2013 Gina Trapani, Sam Rose
*
* LICENSE:
*
* This file is part of ThinkUp (http://thinkup.com).
*
* ThinkUp is free software: you can redistribute it and/or modify it under the terms of the GNU General Public
* License as published by the Free Software Foundation, either version 2 of the License, or (at your option) any
* later version.
*
* ThinkUp is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied
* warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more
* details.
*
* You should have received a copy of the GNU General Public License along with ThinkUp. If not, see
* <http://www.gnu.org/licenses/>.
*
*
* @author Sam Rose <*****@*****.**>
* @license http://www.gnu.org/licenses/gpl.html
* @copyright 2009-2013 Gina Trapani, Sam Rose
*/
chdir("../../");
require_once 'init.php';
$controller = new PostAPIController();
echo $controller->go();
public function testKeywordPosts()
{
$_GET['type'] = 'keyword_posts';
$_GET['keyword'] = 'first';
$_GET['network'] = 'twitter';
$controller = new PostAPIController(true);
$output = json_decode($controller->go());
$this->assertEqual(sizeof($output), 20);
// test the object type is correct
$this->assertTrue(is_array($output));
foreach ($output as $post) {
$this->assertTrue($post instanceof stdClass);
$this->assertEqual($post->protected, false);
}
// test all posts are from correct user
foreach ($output as $post) {
$this->assertWithinMargin($post->user->id, 102, 1);
}
//test page
$_GET['page'] = 1;
$_GET['order_by'] = 'post_id';
$_GET['direction'] = 'ASC';
$controller = new PostAPIController(true);
$output = json_decode($controller->go());
$this->assertEqual(sizeof($output), 20);
$counter = 301;
foreach ($output as $post) {
$this->assertEqual($post->id, $counter);
$counter = $counter + 2;
}
$_GET['page'] = 2;
$controller = new PostAPIController(true);
$output = json_decode($controller->go());
$this->assertEqual(sizeof($output), 10);
$counter = 341;
foreach ($output as $post) {
$this->assertEqual($post->id, $counter);
$counter = $counter + 2;
}
unset($_GET['page']);
unset($_GET['order_by']);
unset($_GET['direction']);
//test #second
$_GET['keyword'] = '#second';
$controller = new PostAPIController(true);
$output = json_decode($controller->go());
$this->assertEqual(sizeof($output), 20);
// test the object type is correct
$this->assertTrue(is_array($output));
foreach ($output as $post) {
$this->assertTrue($post instanceof stdClass);
$this->assertEqual($post->protected, false);
}
// test all posts are from correct user
foreach ($output as $post) {
$this->assertWithinMargin($post->user->id, 102, 1);
}
// test count
for ($count = 1; $count <= 20; $count++) {
$_GET['count'] = $count;
$controller = new PostAPIController(true);
$output = json_decode($controller->go());
$this->assertEqual(sizeof($output), $count);
}
unset($_GET['count']);
// test order_by
$_GET['order_by'] = 'date';
$_GET['direction'] = 'DESC';
$controller = new PostAPIController(true);
$output = json_decode($controller->go());
$date = strtotime($output[0]->created_at);
foreach ($output as $post) {
$this->assertTrue(strtotime($post->created_at) <= $date);
$date = strtotime($post->created_at);
}
$_GET['order_by'] = 'date';
$_GET['direction'] = 'ASC';
$controller = new PostAPIController(true);
$output = json_decode($controller->go());
$date = strtotime($output[0]->created_at);
foreach ($output as $post) {
$this->assertTrue(strtotime($post->created_at) >= $date);
$date = strtotime($post->created_at);
}
$_GET['order_by'] = 'source';
$_GET['direction'] = 'DESC';
$controller = new PostAPIController(true);
$output = json_decode($controller->go());
$str = $output[0]->source;
foreach ($output as $post) {
$this->assertTrue(strcmp($post->source, $str) <= 0);
$str = $post->source;
}
$_GET['order_by'] = 'source';
$_GET['direction'] = 'ASC';
$controller = new PostAPIController(true);
$output = json_decode($controller->go());
$str = $output[0]->source;
foreach ($output as $post) {
$this->assertTrue(strcmp($post->source, $str) >= 0);
$str = $post->source;
}
$_GET['order_by'] = 'post_text';
$_GET['direction'] = 'DESC';
$controller = new PostAPIController(true);
$output = json_decode($controller->go());
$str = $output[0]->text;
foreach ($output as $post) {
$this->assertTrue(strcmp($post->text, $str) <= 0);
$str = $post->text;
}
$_GET['order_by'] = 'post_text';
$_GET['direction'] = 'ASC';
$controller = new PostAPIController(true);
$output = json_decode($controller->go());
$str = $output[0]->text;
foreach ($output as $post) {
$this->assertTrue(strcmp($post->text, $str) >= 0);
$str = $post->text;
}
$_GET['order_by'] = 'author_username';
$_GET['direction'] = 'DESC';
$controller = new PostAPIController(true);
$output = json_decode($controller->go());
$str = $output[0]->user->screen_name;
foreach ($output as $post) {
$this->assertTrue(strcmp($post->user->screen_name, $str) <= 0);
$str = $post->user->screen_name;
}
$_GET['order_by'] = 'author_username';
$_GET['direction'] = 'ASC';
$controller = new PostAPIController(true);
$output = json_decode($controller->go());
$str = $output[0]->user->screen_name;
foreach ($output as $post) {
$this->assertTrue(strcmp($post->user->screen_name, $str) >= 0);
$str = $post->user->screen_name;
}
// test trim user
unset($_GET['order_by'], $_GET['direction']);
$_GET['trim_user'] = true;
$controller = new PostAPIController(true);
$output = json_decode($controller->go());
$this->assertEqual(sizeof($output), 20);
$this->assertEqual(sizeof($output[0]->user), 1);
// test sql injection
$_GET = array('type' => 'keyword_posts');
$prefix = Config::getInstance()->getValue('table_prefix');
foreach (get_object_vars($controller) as $key => $value) {
if ($key == 'type' || $key == 'app_session') {
continue;
}
$_GET[$key] = "'; DROP TABLE " . $prefix . "posts--";
$controller = new PostAPIController(true);
$output = json_decode($controller->go());
unset($_GET[$key]);
}
$installer_dao = DAOFactory::getDAO('InstallerDAO');
$this->assertTrue(array_search($prefix . "posts", $installer_dao->getTables()) !== false);
}
public function testAPIDisabled()
{
// test option does not exist (default is true)
$_GET['type'] = 'user_posts_in_range';
$_GET['user_id'] = 18;
$_GET['from'] = '2006-01-02 00:00:00';
$_GET['until'] = '2006-01-02 00:59:59';
$controller = new PostAPIController(true);
$output = json_decode($controller->go());
$this->assertFalse(isset($output->error));
// test option true
$option_dao = DAOFactory::getDAO('OptionDAO');
$option_dao->insertOption(OptionDAO::APP_OPTIONS, 'is_api_disabled', 'true');
$controller = new PostAPIController(true);
$output = json_decode($controller->go());
$this->assertEqual($output->error->type, 'APIDisabledException');
// test option false
$option_dao->updateOptionByName(OptionDAO::APP_OPTIONS, 'is_api_disabled', 'false');
$controller = new PostAPIController(true);
$output = json_decode($controller->go());
$this->assertFalse(isset($output->error));
}
public function testUserPostsInRange()
{
$_GET['type'] = 'user_posts_in_range';
$_GET['user_id'] = 18;
$_GET['from'] = '2006-01-02 00:00:00';
$_GET['until'] = '2006-01-02 00:59:59';
$controller = new PostAPIController(true);
$output = json_decode($controller->go());
// test the object type is correct
$this->assertTrue(is_array($output));
foreach ($output as $post) {
$this->assertTrue(is_a($post, 'stdClass'));
$this->assertEqual($post->protected, false);
$this->assertTrue(strtotime($post->created_at) >= strtotime($_GET['from']));
$this->assertTrue(strtotime($post->created_at) < strtotime($_GET['until']));
}
// test order_by
$_GET['order_by'] = 'date';
$_GET['direction'] = 'DESC';
$controller = new PostAPIController(true);
$output = json_decode($controller->go());
$date = strtotime($output[0]->created_at);
foreach ($output as $post) {
$this->assertTrue(strtotime($post->created_at) <= $date);
$date = strtotime($post->created_at);
}
$_GET['order_by'] = 'date';
$_GET['direction'] = 'ASC';
$controller = new PostAPIController(true);
$output = json_decode($controller->go());
$date = strtotime($output[0]->created_at);
foreach ($output as $post) {
$this->assertTrue(strtotime($post->created_at) >= $date);
$date = strtotime($post->created_at);
}
$_GET['order_by'] = 'post_id';
$_GET['direction'] = 'DESC';
$controller = new PostAPIController(true);
$output = json_decode($controller->go());
$id = $output[0]->id;
foreach ($output as $post) {
$this->assertTrue($post->id <= $id);
$id = $post->id;
}
$_GET['order_by'] = 'post_id';
$_GET['direction'] = 'ASC';
$controller = new PostAPIController(true);
$output = json_decode($controller->go());
$id = $output[0]->id;
foreach ($output as $post) {
$this->assertTrue($post->id >= $id);
$id = $post->id;
}
$_GET['order_by'] = 'source';
$_GET['direction'] = 'DESC';
$controller = new PostAPIController(true);
$output = json_decode($controller->go());
$str = $output[0]->source;
foreach ($output as $post) {
$this->assertTrue(strcmp($post->source, $str) <= 0);
$str = $post->source;
}
$_GET['order_by'] = 'source';
$_GET['direction'] = 'ASC';
$controller = new PostAPIController(true);
$output = json_decode($controller->go());
$str = $output[0]->source;
foreach ($output as $post) {
$this->assertTrue(strcmp($post->source, $str) >= 0);
$str = $post->source;
}
$_GET['order_by'] = 'follower_count';
$_GET['direction'] = 'DESC';
$controller = new PostAPIController(true);
$output = json_decode($controller->go());
$count = $output[0]->user->followers_count;
foreach ($output as $post) {
$this->assertTrue($post->user->followers_count <= $count);
$count = $post->user->followers_count;
}
$_GET['order_by'] = 'follower_count';
$_GET['direction'] = 'ASC';
$controller = new PostAPIController(true);
$output = json_decode($controller->go());
$count = $output[0]->user->followers_count;
foreach ($output as $post) {
$this->assertTrue($post->user->followers_count >= $count);
$count = $post->user->followers_count;
}
$_GET['order_by'] = 'post_text';
$_GET['direction'] = 'DESC';
$controller = new PostAPIController(true);
$output = json_decode($controller->go());
$str = $output[0]->text;
foreach ($output as $post) {
$this->assertTrue(strcmp($post->text, $str) <= 0);
$str = $post->text;
}
$_GET['order_by'] = 'post_text';
$_GET['direction'] = 'ASC';
$controller = new PostAPIController(true);
$output = json_decode($controller->go());
$str = $output[0]->text;
foreach ($output as $post) {
$this->assertTrue(strcmp($post->text, $str) >= 0);
$str = $post->text;
}
$_GET['order_by'] = 'author_username';
$_GET['direction'] = 'DESC';
$controller = new PostAPIController(true);
$output = json_decode($controller->go());
$str = $output[0]->user->screen_name;
foreach ($output as $post) {
$this->assertTrue(strcmp($post->user->screen_name, $str) <= 0);
$str = $post->user->screen_name;
}
$_GET['order_by'] = 'author_username';
$_GET['direction'] = 'ASC';
$controller = new PostAPIController(true);
$output = json_decode($controller->go());
$str = $output[0]->user->screen_name;
foreach ($output as $post) {
$this->assertTrue(strcmp($post->user->screen_name, $str) >= 0);
$str = $post->user->screen_name;
}
// test sql injection
$_GET = array('type' => 'user_posts_in_range');
$prefix = Config::getInstance()->getValue('table_prefix');
foreach (get_object_vars($controller) as $key => $value) {
if ($key == 'type' || $key == 'app_session') {
continue;
}
$_GET[$key] = "'; DROP TABLE " . $prefix . "posts--";
$controller = new PostAPIController(true);
$output = json_decode($controller->go());
unset($_GET[$key]);
}
$installer_dao = DAOFactory::getDAO('InstallerDAO');
$this->assertTrue(array_search($prefix . "posts", $installer_dao->getTables()) !== false);
}
