public function testVariousInteractions() { $controller = new SessionAPILoginController(true); //User email set but not API key $_GET = array('success_redir' => 'success', 'failure_redir' => 'failure', 'u' => '*****@*****.**'); $results = $controller->go(); $this->assertEqual($controller->redirect_destination, "failure?msg=API+key+must+not+be+empty."); //User email set but not API key on failure URL with ? in it $_GET = array('success_redir' => 'success', 'failure_redir' => 'http://example.com/failure?yes=yes', 'u' => '*****@*****.**'); $results = $controller->go(); $this->assertEqual($controller->redirect_destination, 'http://example.com/failure?yes=yes&msg=API+key+must+not+be+empty.'); //API key set but not user email $_GET = array('success_redir' => 'success', 'failure_redir' => 'failure', 'k' => 'apikeyyo'); $results = $controller->go(); $this->assertEqual($controller->redirect_destination, 'failure?msg=Email+must+not+be+empty.'); //User does not exist $_GET = array('success_redir' => 'success', 'failure_redir' => 'failure', 'u' => '*****@*****.**', 'k' => 'apikeyyo'); $results = $controller->go(); $this->assertEqual($controller->redirect_destination, 'failure?msg=Invalid+email.'); //User is not activated $_GET = array('success_redir' => 'success', 'failure_redir' => 'failure', 'u' => '*****@*****.**', 'k' => 'apikeyyo'); $results = $controller->go(); $this->assertEqual($controller->redirect_destination, 'failure?msg=Inactive+account.'); //User exists but doesn't have a private API key set $_GET = array('success_redir' => 'success', 'failure_redir' => 'failure', 'u' => '*****@*****.**', 'k' => 'apikeyyo'); $results = $controller->go(); $this->assertEqual($controller->redirect_destination, 'failure?msg=Invalid+API+key.'); //User exists and has API key but it is incorrect $_GET = array('success_redir' => 'success', 'failure_redir' => 'failure', 'u' => '*****@*****.**', 'k' => 'aasdasdfafabbccdd'); $results = $controller->go(); $this->assertEqual($controller->redirect_destination, 'failure?msg=Invalid+API+key.'); //User 1 is logged in and user 2 attempts login $_GET = array('success_redir' => 'success', 'failure_redir' => 'failure', 'u' => '*****@*****.**', 'k' => 'yayaya'); $results = $controller->go(); $this->assertEqual($controller->redirect_destination, 'success'); //User logs in successfully with success redirect that has a ? in it $_GET = array('success_redir' => 'https://thinkup.com/admin/user/success.php?answer=yes&comment=indeed', 'failure_redir' => 'failure', 'u' => '*****@*****.**', 'k' => 'yayaya'); $results = $controller->go(); $this->assertEqual($controller->redirect_destination, 'https://thinkup.com/admin/user/success.php?answer=yes&comment=indeed'); }
<?php /** * * ThinkUp/webapp/api/v1/session/login.php * * Copyright (c) 2013 Gina Trapani * * LICENSE: * * This file is part of ThinkUp (http://thinkup.com). * * ThinkUp is free software: you can redistribute it and/or modify it under the terms of the GNU General Public * License as published by the Free Software Foundation, either version 2 of the License, or (at your option) any * later version. * * ThinkUp is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied * warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more * details. * * You should have received a copy of the GNU General Public License along with ThinkUp. If not, see * <http://www.gnu.org/licenses/>. * * @license http://www.gnu.org/licenses/gpl.html * @copyright 2013 Gina Trapani */ chdir("../../../"); require_once 'init.php'; $controller = new SessionAPILoginController(); echo $controller->go();