public function testAuthorization() { $apiKey = self::$config['apiKey']; API::useAPIKey(false); // Header $response = API::userGet(self::$config['userID'], "items", ["Authorization: Bearer {$apiKey}"]); $this->assertHTTPStatus(200, $response); // Query parameter $response = API::userGet(self::$config['userID'], "items?key={$apiKey}"); $this->assertHTTPStatus(200, $response); // Header and query parameter $response = API::userGet(self::$config['userID'], "items?key={$apiKey}", ["Authorization: Bearer {$apiKey}"]); $this->assertHTTPStatus(200, $response); // No key $response = API::userGet(self::$config['userID'], "items"); $this->assertHTTPStatus(403, $response); // Header and empty key (which is still an error) $response = API::userGet(self::$config['userID'], "items?key=", ["Authorization: Bearer {$apiKey}"]); $this->assertHTTPStatus(400, $response); // Header and key mismatch $response = API::userGet(self::$config['userID'], "items?key=invalidkey", ["Authorization: Bearer {$apiKey}"]); $this->assertHTTPStatus(400, $response); // Invalid Bearer format $response = API::userGet(self::$config['userID'], "items?key={$apiKey}", ["Authorization: Bearer key={$apiKey}"]); $this->assertHTTPStatus(400, $response); // Ignored OAuth 1.0 header, with key query parameter $response = API::userGet(self::$config['userID'], "items?key={$apiKey}", ['Authorization: OAuth oauth_consumer_key="aaaaaaaaaaaaaaaaaaaa"']); $this->assertHTTPStatus(200, $response); // Ignored OAuth 1.0 header, with no key query parameter $response = API::userGet(self::$config['userID'], "items", ['Authorization: OAuth oauth_consumer_key="aaaaaaaaaaaaaaaaaaaa"']); $this->assertHTTPStatus(403, $response); }
public function setUp() { parent::setUp(); API::useAPIKey(self::$config['apiKey']); API::useAPIVersion(3); $this->apiVersion = 3; }
public function testGroupLibraryReading() { $groupID = self::$config['ownedPublicNoAnonymousGroupID']; API::groupClear($groupID); $json = API::groupCreateItem($groupID, 'book', ['title' => "Test"], $this); try { API::useAPIKey(self::$config['apiKey']); $response = API::groupGet($groupID, "items"); $this->assert200($response); $this->assertNumResults(1, $response); // An anonymous request should fail, because libraryReading is members API::useAPIKey(false); $response = API::groupGet($groupID, "items"); $this->assert403($response); } finally { API::groupClear($groupID); } }
public function testLastStorageSyncNoAuthorization() { API::useAPIKey(false); $response = API::userGet( self::$config['userID'], "laststoragesync" ); $this->assert401($response); }
public function testLinkedFileAttachment() { $msg = "Linked-file attachments cannot be added to publications libraries"; // Create top-level item API::useAPIKey(self::$config['apiKey']); $json = API::getItemTemplate("book"); $response = API::userPost(self::$config['userID'], "publications/items", json_encode([$json])); $this->assert200($response); $json = API::getJSONFromResponse($response); $itemKey = $json['success'][0]; $json = API::getItemTemplate("attachment&linkMode=linked_file"); $json->parentItem = $itemKey; API::useAPIKey(self::$config['apiKey']); $response = API::userPost(self::$config['userID'], "publications/items", json_encode([$json]), array("Content-Type: application/json")); $this->assert400ForObject($response, $msg, 0); }
public function testKeyCreateAndDelete() { API::useAPIKey(""); $name = "Test " . uniqid(); // Can't create as user $response = API::userPost(self::$config['userID'], 'keys', json_encode(['name' => $name, 'access' => ['user' => ['library' => true]]])); $this->assert403($response); // Create as root $response = API::userPost(self::$config['userID'], 'keys', json_encode(['name' => $name, 'access' => ['user' => ['library' => true]]]), [], ["username" => self::$config['rootUsername'], "password" => self::$config['rootPassword']]); $this->assert201($response); $json = API::getJSONFromResponse($response); $key = $json['key']; $this->assertEquals($json['name'], $name); $this->assertEquals(['user' => ['library' => true, 'files' => true]], $json['access']); // Delete anonymously (with embedded key) $response = API::userDelete(self::$config['userID'], "keys/{$key}"); $this->assert204($response); $response = API::userGet(self::$config['userID'], "keys/{$key}"); $this->assert404($response); }
public function testPatchItems() { // Create top-level item API::useAPIKey(self::$config['apiKey']); $json = API::getItemTemplate("book"); $response = API::userPost(self::$config['userID'], "publications/items", json_encode([$json])); $this->assert200($response); $key = API::getJSONFromResponse($response)['successful'][0]['key']; $version = $response->getHeader("Last-Modified-Version"); $json = ["key" => $key, "version" => $version, "title" => "Test"]; $response = API::userPost(self::$config['userID'], "publications/items", json_encode([$json]), ["Content-Type: application/json"]); $this->assert200ForObject($response); }
public function testKeyCreateAndModifyWithCredentials() { API::useAPIKey(""); $name = "Test " . uniqid(); // Can't create on /users/:userID/keys with credentials $response = API::userPost(self::$config['userID'], 'keys', json_encode(['username' => self::$config['username'], 'password' => self::$config['password'], 'name' => $name, 'access' => ['user' => ['library' => true]]])); $this->assert403($response); // Create with credentials $response = API::post('keys', json_encode(['username' => self::$config['username'], 'password' => self::$config['password'], 'name' => $name, 'access' => ['user' => ['library' => true]]]), [], []); $this->assert201($response); $json = API::getJSONFromResponse($response); $key = $json['key']; $this->assertEquals($json['userID'], self::$config['userID']); $this->assertEquals($json['name'], $name); $this->assertEquals(['user' => ['library' => true, 'files' => true]], $json['access']); $name = "Test " . uniqid(); // Can't modify on /users/:userID/keys/:key with credentials $response = API::userPut(self::$config['userID'], "keys/{$key}", json_encode(['username' => self::$config['username'], 'password' => self::$config['password'], 'name' => $name, 'access' => ['user' => ['library' => true]]])); $this->assert403($response); // Modify with credentials $response = API::put("keys/{$key}", json_encode(['username' => self::$config['username'], 'password' => self::$config['password'], 'name' => $name, 'access' => ['user' => ['library' => true]]])); $this->assert200($response); $json = API::getJSONFromResponse($response); $key = $json['key']; $this->assertEquals($json['name'], $name); $response = API::userDelete(self::$config['userID'], "keys/{$key}"); $this->assert204($response); }
public function testAddRemoveGroupMemberNotification() { API::useAPIKey(""); $json = $this->createKeyWithAllGroupAccess(self::$config['userID']); $apiKey = $json['key']; try { // Get all keys with access to all groups $allGroupsKeys = $this->getKeysWithAllGroupAccess(self::$config['userID']); // Create group owned by another user $response = $this->createGroup(self::$config['userID2']); $xml = API::getXMLFromResponse($response); $groupID = (int) $xml->xpath("/atom:entry/zapi:groupID")[0]; try { // Add user to group $response = API::superPost("groups/{$groupID}/users", '<user id="' . self::$config['userID'] . '" role="member"/>'); $this->assert200($response); $this->assertCountNotifications(sizeOf($allGroupsKeys), $response); foreach ($allGroupsKeys as $key) { $this->assertHasNotification(['event' => 'topicAdded', 'apiKey' => $key, 'topic' => '/groups/' . $groupID], $response); } // Remove user from group $response = API::superDelete("groups/{$groupID}/users/" . self::$config['userID']); $this->assert204($response); $this->assertCountNotifications(sizeOf($allGroupsKeys), $response); foreach ($allGroupsKeys as $key) { $this->assertHasNotification(['event' => 'topicRemoved', 'apiKey' => $key, 'topic' => '/groups/' . $groupID], $response); } } finally { $response = API::superDelete("groups/{$groupID}"); $this->assert204($response); $this->assertCountNotifications(1, $response); $this->assertHasNotification(['event' => 'topicDeleted', 'topic' => '/groups/' . $groupID], $response); } } finally { $response = API::superDelete("keys/{$apiKey}"); try { $this->assert204($response); } catch (Exception $e) { var_dump($e); } } }