public function testAuthorization()
{
$apiKey = self::$config['apiKey'];
API::useAPIKey(false);
// Header
$response = API::userGet(self::$config['userID'], "items", ["Authorization: Bearer {$apiKey}"]);
$this->assertHTTPStatus(200, $response);
// Query parameter
$response = API::userGet(self::$config['userID'], "items?key={$apiKey}");
$this->assertHTTPStatus(200, $response);
// Header and query parameter
$response = API::userGet(self::$config['userID'], "items?key={$apiKey}", ["Authorization: Bearer {$apiKey}"]);
$this->assertHTTPStatus(200, $response);
// No key
$response = API::userGet(self::$config['userID'], "items");
$this->assertHTTPStatus(403, $response);
// Header and empty key (which is still an error)
$response = API::userGet(self::$config['userID'], "items?key=", ["Authorization: Bearer {$apiKey}"]);
$this->assertHTTPStatus(400, $response);
// Header and key mismatch
$response = API::userGet(self::$config['userID'], "items?key=invalidkey", ["Authorization: Bearer {$apiKey}"]);
$this->assertHTTPStatus(400, $response);
// Invalid Bearer format
$response = API::userGet(self::$config['userID'], "items?key={$apiKey}", ["Authorization: Bearer key={$apiKey}"]);
$this->assertHTTPStatus(400, $response);
// Ignored OAuth 1.0 header, with key query parameter
$response = API::userGet(self::$config['userID'], "items?key={$apiKey}", ['Authorization: OAuth oauth_consumer_key="aaaaaaaaaaaaaaaaaaaa"']);
$this->assertHTTPStatus(200, $response);
// Ignored OAuth 1.0 header, with no key query parameter
$response = API::userGet(self::$config['userID'], "items", ['Authorization: OAuth oauth_consumer_key="aaaaaaaaaaaaaaaaaaaa"']);
$this->assertHTTPStatus(403, $response);
}
public function setUp()
{
parent::setUp();
API::useAPIKey(self::$config['apiKey']);
API::useAPIVersion(3);
$this->apiVersion = 3;
}
public function testGroupLibraryReading()
{
$groupID = self::$config['ownedPublicNoAnonymousGroupID'];
API::groupClear($groupID);
$json = API::groupCreateItem($groupID, 'book', ['title' => "Test"], $this);
try {
API::useAPIKey(self::$config['apiKey']);
$response = API::groupGet($groupID, "items");
$this->assert200($response);
$this->assertNumResults(1, $response);
// An anonymous request should fail, because libraryReading is members
API::useAPIKey(false);
$response = API::groupGet($groupID, "items");
$this->assert403($response);
} finally {
API::groupClear($groupID);
}
}
public function testLastStorageSyncNoAuthorization() {
API::useAPIKey(false);
$response = API::userGet(
self::$config['userID'],
"laststoragesync"
);
$this->assert401($response);
}
public function testLinkedFileAttachment()
{
$msg = "Linked-file attachments cannot be added to publications libraries";
// Create top-level item
API::useAPIKey(self::$config['apiKey']);
$json = API::getItemTemplate("book");
$response = API::userPost(self::$config['userID'], "publications/items", json_encode([$json]));
$this->assert200($response);
$json = API::getJSONFromResponse($response);
$itemKey = $json['success'][0];
$json = API::getItemTemplate("attachment&linkMode=linked_file");
$json->parentItem = $itemKey;
API::useAPIKey(self::$config['apiKey']);
$response = API::userPost(self::$config['userID'], "publications/items", json_encode([$json]), array("Content-Type: application/json"));
$this->assert400ForObject($response, $msg, 0);
}
public function testKeyCreateAndDelete()
{
API::useAPIKey("");
$name = "Test " . uniqid();
// Can't create as user
$response = API::userPost(self::$config['userID'], 'keys', json_encode(['name' => $name, 'access' => ['user' => ['library' => true]]]));
$this->assert403($response);
// Create as root
$response = API::userPost(self::$config['userID'], 'keys', json_encode(['name' => $name, 'access' => ['user' => ['library' => true]]]), [], ["username" => self::$config['rootUsername'], "password" => self::$config['rootPassword']]);
$this->assert201($response);
$json = API::getJSONFromResponse($response);
$key = $json['key'];
$this->assertEquals($json['name'], $name);
$this->assertEquals(['user' => ['library' => true, 'files' => true]], $json['access']);
// Delete anonymously (with embedded key)
$response = API::userDelete(self::$config['userID'], "keys/{$key}");
$this->assert204($response);
$response = API::userGet(self::$config['userID'], "keys/{$key}");
$this->assert404($response);
}
public function testPatchItems()
{
// Create top-level item
API::useAPIKey(self::$config['apiKey']);
$json = API::getItemTemplate("book");
$response = API::userPost(self::$config['userID'], "publications/items", json_encode([$json]));
$this->assert200($response);
$key = API::getJSONFromResponse($response)['successful'][0]['key'];
$version = $response->getHeader("Last-Modified-Version");
$json = ["key" => $key, "version" => $version, "title" => "Test"];
$response = API::userPost(self::$config['userID'], "publications/items", json_encode([$json]), ["Content-Type: application/json"]);
$this->assert200ForObject($response);
}
public function testKeyCreateAndModifyWithCredentials()
{
API::useAPIKey("");
$name = "Test " . uniqid();
// Can't create on /users/:userID/keys with credentials
$response = API::userPost(self::$config['userID'], 'keys', json_encode(['username' => self::$config['username'], 'password' => self::$config['password'], 'name' => $name, 'access' => ['user' => ['library' => true]]]));
$this->assert403($response);
// Create with credentials
$response = API::post('keys', json_encode(['username' => self::$config['username'], 'password' => self::$config['password'], 'name' => $name, 'access' => ['user' => ['library' => true]]]), [], []);
$this->assert201($response);
$json = API::getJSONFromResponse($response);
$key = $json['key'];
$this->assertEquals($json['userID'], self::$config['userID']);
$this->assertEquals($json['name'], $name);
$this->assertEquals(['user' => ['library' => true, 'files' => true]], $json['access']);
$name = "Test " . uniqid();
// Can't modify on /users/:userID/keys/:key with credentials
$response = API::userPut(self::$config['userID'], "keys/{$key}", json_encode(['username' => self::$config['username'], 'password' => self::$config['password'], 'name' => $name, 'access' => ['user' => ['library' => true]]]));
$this->assert403($response);
// Modify with credentials
$response = API::put("keys/{$key}", json_encode(['username' => self::$config['username'], 'password' => self::$config['password'], 'name' => $name, 'access' => ['user' => ['library' => true]]]));
$this->assert200($response);
$json = API::getJSONFromResponse($response);
$key = $json['key'];
$this->assertEquals($json['name'], $name);
$response = API::userDelete(self::$config['userID'], "keys/{$key}");
$this->assert204($response);
}
public function testAddRemoveGroupMemberNotification()
{
API::useAPIKey("");
$json = $this->createKeyWithAllGroupAccess(self::$config['userID']);
$apiKey = $json['key'];
try {
// Get all keys with access to all groups
$allGroupsKeys = $this->getKeysWithAllGroupAccess(self::$config['userID']);
// Create group owned by another user
$response = $this->createGroup(self::$config['userID2']);
$xml = API::getXMLFromResponse($response);
$groupID = (int) $xml->xpath("/atom:entry/zapi:groupID")[0];
try {
// Add user to group
$response = API::superPost("groups/{$groupID}/users", '<user id="' . self::$config['userID'] . '" role="member"/>');
$this->assert200($response);
$this->assertCountNotifications(sizeOf($allGroupsKeys), $response);
foreach ($allGroupsKeys as $key) {
$this->assertHasNotification(['event' => 'topicAdded', 'apiKey' => $key, 'topic' => '/groups/' . $groupID], $response);
}
// Remove user from group
$response = API::superDelete("groups/{$groupID}/users/" . self::$config['userID']);
$this->assert204($response);
$this->assertCountNotifications(sizeOf($allGroupsKeys), $response);
foreach ($allGroupsKeys as $key) {
$this->assertHasNotification(['event' => 'topicRemoved', 'apiKey' => $key, 'topic' => '/groups/' . $groupID], $response);
}
} finally {
$response = API::superDelete("groups/{$groupID}");
$this->assert204($response);
$this->assertCountNotifications(1, $response);
$this->assertHasNotification(['event' => 'topicDeleted', 'topic' => '/groups/' . $groupID], $response);
}
} finally {
$response = API::superDelete("keys/{$apiKey}");
try {
$this->assert204($response);
} catch (Exception $e) {
var_dump($e);
}
}
}
