public function testExecuteMethodWrongMethod() { $this->registerFunction(); try { // GET when it should be a POST execute_method('test'); $this->assertTrue(FALSE); } catch (Exception $e) { $this->assertIsA($e, 'CallException'); $this->assertIdentical($e->getMessage(), sprintf(elgg_echo('CallException:InvalidCallMethod'), 'test', 'POST')); } }
/** * REST API handler * * @return void * @access private * * @throws SecurityException|APIException */ function rest_handler() { global $CONFIG; // Register the error handler error_reporting(E_ALL); set_error_handler('_php_api_error_handler'); // Register a default exception handler set_exception_handler('_php_api_exception_handler'); // Check to see if the api is available if (isset($CONFIG->disable_api) && $CONFIG->disable_api == true) { throw new SecurityException(elgg_echo('SecurityException:APIAccessDenied')); } // plugins should return true to control what API and user authentication handlers are registered if (elgg_trigger_plugin_hook('rest', 'init', null, false) == false) { // for testing from a web browser, you can use the session PAM // do not use for production sites!! //register_pam_handler('pam_auth_session'); // user token can also be used for user authentication register_pam_handler('pam_auth_usertoken'); // simple API key check register_pam_handler('api_auth_key', "sufficient", "api"); // hmac register_pam_handler('api_auth_hmac', "sufficient", "api"); } // Get parameter variables $method = get_input('method'); $result = null; // this will throw an exception if authentication fails authenticate_method($method); $result = execute_method($method); if (!$result instanceof GenericResult) { throw new APIException(elgg_echo('APIException:ApiResultUnknown')); } // Output the result echo elgg_view_page($method, elgg_view("api/output", array("result" => $result))); }
// Register the error handler error_reporting(E_ALL); set_error_handler('__php_api_error_handler'); // Register a default exception handler set_exception_handler('__php_api_exception_handler'); // Check to see if the api is available if (isset($CONFIG->disable_api) && $CONFIG->disable_api == true) { throw new SecurityException(elgg_echo('SecurityException:APIAccessDenied')); } // plugins should return true to control what API and user authentication handlers are registered if (trigger_plugin_hook('rest', 'init', null, false) == false) { // check session - this usually means a REST call from a web browser register_pam_handler('pam_auth_session'); // user token can also be used for user authentication register_pam_handler('pam_auth_usertoken'); // simple API key check register_pam_handler('api_auth_key', "sufficient", "api"); // hmac register_pam_handler('api_auth_hmac', "sufficient", "api"); } // Get parameter variables $method = get_input('method'); $result = null; // this will throw an exception if authentication fails authenticate_method($method); $result = execute_method($method); if (!$result instanceof GenericResult) { throw new APIException(elgg_echo('APIException:ApiResultUnknown')); } // Output the result page_draw($method, elgg_view("api/output", array("result" => $result)));
/** * REST API handler * * @return void * @access private * * @throws SecurityException|APIException */ function ws_rest_handler() { $viewtype = elgg_get_viewtype(); if (!elgg_view_exists('api/output', $viewtype)) { header("HTTP/1.0 400 Bad Request"); header("Content-type: text/plain"); echo "Missing view 'api/output' in viewtype '{$viewtype}'."; if (in_array($viewtype, ['xml', 'php'])) { echo "\nEnable the 'data_views' plugin to add this view."; } exit; } elgg_load_library('elgg:ws'); // Register the error handler error_reporting(E_ALL); set_error_handler('_php_api_error_handler'); // Register a default exception handler set_exception_handler('_php_api_exception_handler'); // plugins should return true to control what API and user authentication handlers are registered if (elgg_trigger_plugin_hook('rest', 'init', null, false) == false) { // for testing from a web browser, you can use the session PAM // do not use for production sites!! //register_pam_handler('pam_auth_session'); // user token can also be used for user authentication register_pam_handler('pam_auth_usertoken'); // simple API key check register_pam_handler('api_auth_key', "sufficient", "api"); // hmac register_pam_handler('api_auth_hmac', "sufficient", "api"); } // Get parameter variables $method = get_input('method'); $result = null; // this will throw an exception if authentication fails authenticate_method($method); $result = execute_method($method); if (!$result instanceof GenericResult) { throw new APIException(elgg_echo('APIException:ApiResultUnknown')); } // Output the result echo elgg_view_page($method, elgg_view("api/output", array("result" => $result))); }
throw new SecurityException(elgg_echo('SecurityException:APIAccessDenied')); } // Register some default PAM methods, plugins can add their own register_pam_handler('pam_auth_session_or_hmac'); // Command must either be authenticated by a hmac or the user is already logged in register_pam_handler('pam_auth_usertoken', 'required'); // Either token present and valid OR method doesn't require one. register_pam_handler('pam_auth_anonymous_method'); // Support anonymous functions // Get parameter variables $method = get_input('method'); $result = null; // Authenticate session if (pam_authenticate()) { // Authenticated somehow, now execute. $token = ""; $params = get_parameters_for_method($method); // Use $CONFIG->input instead of $_REQUEST since this is called by the pagehandler if (isset($params['auth_token'])) { $token = $params['auth_token']; } $result = execute_method($method, $params, $token); } else { throw new SecurityException(elgg_echo('SecurityException:NoAuthMethods')); } // Finally output if (!$result instanceof GenericResult) { throw new APIException(elgg_echo('APIException:ApiResultUnknown')); } // Output the result page_draw($method, elgg_view("api/output", array("result" => $result)));
public function testExecuteMethodAssoc() { $params = array('param1' => array('type' => 'int', 'required' => false), 'param2' => array('type' => 'bool', 'required' => true)); elgg_ws_expose_function('test', array($this, 'methodCallbackAssoc'), $params, '', 'GET', false, false, true); set_input('param1', "2"); set_input('param2', "1"); $result = execute_method('test'); $this->assertIsA($result, 'SuccessResult'); $this->assertIdentical($result->export()->result, array('param1' => 2, 'param2' => true)); set_input('param1', null); set_input('param2', "1"); $result = execute_method('test'); $this->assertIsA($result, 'SuccessResult'); $this->assertIdentical($result->export()->result, array('param1' => null, 'param2' => true)); }