/**
* Used for integration tests
*
* Valid only on testing site
*/
public function testSetup()
{
if (!$this->permissions->isSuper()) {
$this->e404();
}
if (!Z_ENV_TESTING_SITE) {
$this->e404();
}
$this->allowMethods(['POST']);
if (empty($_GET['u'])) {
throw new Exception("User not provided (e.g., ?u=1)");
}
$userID = $_GET['u'];
// Clear keys
$keys = Zotero_Keys::getUserKeys($userID);
foreach ($keys as $keyObj) {
$keyObj->erase();
}
$keys = Zotero_Keys::getUserKeys($userID);
if ($keys) {
throw new Exception("Keys still exist");
}
// Create new key
$keyObj = new Zotero_Key();
$keyObj->userID = $userID;
$keyObj->name = "Tests Key";
$libraryID = Zotero_Users::getLibraryIDFromUserID($userID);
$keyObj->setPermission($libraryID, 'library', true);
$keyObj->setPermission($libraryID, 'notes', true);
$keyObj->setPermission($libraryID, 'write', true);
$keyObj->setPermission(0, 'group', true);
$keyObj->setPermission(0, 'write', true);
$keyObj->save();
$key = $keyObj->key;
Zotero_DB::beginTransaction();
// Clear data
Zotero_Users::clearAllData($userID);
// Delete publications library, so we can test auto-creating it
$publicationsLibraryID = Zotero_Users::getLibraryIDFromUserID($userID, 'publications');
if ($publicationsLibraryID) {
// Delete user publications shard library
$sql = "DELETE FROM shardLibraries WHERE libraryID=?";
Zotero_DB::query($sql, $publicationsLibraryID, Zotero_Shards::getByUserID($userID));
// Delete user publications library
$sql = "DELETE FROM libraries WHERE libraryID=?";
Zotero_DB::query($sql, $publicationsLibraryID);
Z_Core::$MC->delete('userPublicationsLibraryID_' . $userID);
Z_Core::$MC->delete('libraryUserID_' . $publicationsLibraryID);
}
Zotero_DB::commit();
echo json_encode(["apiKey" => $key]);
$this->end();
}
public function keys()
{
$userID = $this->objectUserID;
$key = $this->objectName;
$this->allowMethods(['GET', 'POST', 'PUT', 'DELETE']);
if ($this->method == 'GET') {
// Single key
if ($key) {
$keyObj = Zotero_Keys::getByKey($key);
if (!$keyObj) {
$this->e404("Key not found");
}
// /users/<userID>/keys/<keyID> (deprecated)
if ($userID) {
// If we have a userID, make sure it matches
if ($keyObj->userID != $userID) {
$this->e404("Key not found");
}
} else {
if ($this->apiVersion < 3) {
$this->e404();
}
}
if ($this->apiVersion >= 3) {
$json = $keyObj->toJSON();
// If not super-user, don't include name or recent IP addresses
if (!$this->permissions->isSuper()) {
unset($json['dateAdded']);
unset($json['lastUsed']);
unset($json['name']);
unset($json['recentIPs']);
}
header('application/json');
echo Zotero_Utilities::formatJSON($json);
} else {
$this->responseXML = $keyObj->toXML();
// If not super-user, don't include name or recent IP addresses
if (!$this->permissions->isSuper()) {
unset($this->responseXML['dateAdded']);
unset($this->responseXML['lastUsed']);
unset($this->responseXML->name);
unset($this->responseXML->recentIPs);
}
}
} else {
if (!$this->permissions->isSuper()) {
$this->e403();
}
$keyObjs = Zotero_Keys::getUserKeys($userID);
if ($keyObjs) {
if ($this->apiVersion >= 3) {
$json = [];
foreach ($keyObjs as $keyObj) {
$json[] = $keyObj->toJSON();
}
echo Zotero_Utilities::formatJSON($json);
} else {
$xml = new SimpleXMLElement('<keys/>');
$domXML = dom_import_simplexml($xml);
foreach ($keyObjs as $keyObj) {
$keyXML = $keyObj->toXML();
$domKeyXML = dom_import_simplexml($keyXML);
$node = $domXML->ownerDocument->importNode($domKeyXML, true);
$domXML->appendChild($node);
}
$this->responseXML = $xml;
}
}
}
} else {
if ($this->method == 'DELETE') {
if (!$key) {
$this->e400("DELETE requests must end with a key");
}
Zotero_DB::beginTransaction();
$keyObj = Zotero_Keys::getByKey($key);
if (!$keyObj) {
$this->e404("Key '{$key}' does not exist");
}
$keyObj->erase();
Zotero_DB::commit();
header("HTTP/1.1 204 No Content");
exit;
} else {
// Require super-user for modifications
if (!$this->permissions->isSuper()) {
$this->e403();
}
if ($this->method == 'POST') {
if ($key) {
$this->e400("POST requests cannot end with a key (did you mean PUT?)");
}
if ($this->apiVersion >= 3) {
$json = json_decode($this->body, true);
if (!$json) {
$this->e400("{$this->method} data is not valid JSON");
}
if (!empty($json['key'])) {
$this->e400("POST requests cannot contain a key in '" . $this->body . "'");
}
$fields = $this->getFieldsFromJSON($json);
} else {
try {
$keyXML = @new SimpleXMLElement($this->body);
} catch (Exception $e) {
$this->e400("{$this->method} data is not valid XML");
}
if (!empty($key['key'])) {
$this->e400("POST requests cannot contain a key in '" . $this->body . "'");
}
$fields = $this->getFieldsFromKeyXML($keyXML);
}
Zotero_DB::beginTransaction();
try {
$keyObj = new Zotero_Key();
$keyObj->userID = $userID;
foreach ($fields as $field => $val) {
if ($field == 'access') {
foreach ($val as $access) {
$this->setKeyPermissions($keyObj, $access);
}
} else {
$keyObj->{$field} = $val;
}
}
$keyObj->save();
} catch (Exception $e) {
if ($e->getCode() == Z_ERROR_KEY_NAME_TOO_LONG) {
$this->e400($e->getMessage());
}
$this->handleException($e);
}
if ($this->apiVersion >= 3) {
header('application/json');
echo Zotero_Utilities::formatJSON($keyObj->toJSON());
} else {
$this->responseXML = $keyObj->toXML();
}
Zotero_DB::commit();
$url = Zotero_API::getKeyURI($keyObj);
$this->responseCode = 201;
header("Location: " . $url, false, 201);
} else {
if ($this->method == 'PUT') {
if (!$key) {
$this->e400("PUT requests must end with a key (did you mean POST?)");
}
if ($this->apiVersion >= 3) {
$json = json_decode($this->body, true);
if (!$json) {
$this->e400("{$this->method} data is not valid JSON");
}
$fields = $this->getFieldsFromJSON($json);
} else {
try {
$keyXML = @new SimpleXMLElement($this->body);
} catch (Exception $e) {
$this->e400("{$this->method} data is not valid XML");
}
$fields = $this->getFieldsFromKeyXML($keyXML);
}
// Key attribute is optional, but, if it's there, make sure it matches
if (isset($fields['key']) && $fields['key'] != $key) {
$this->e400("Key '{$fields['key']}' does not match key '{$key}' from URI");
}
Zotero_DB::beginTransaction();
try {
$keyObj = Zotero_Keys::getByKey($key);
if (!$keyObj) {
$this->e404("Key '{$key}' does not exist");
}
foreach ($fields as $field => $val) {
if ($field == 'access') {
foreach ($val as $access) {
$this->setKeyPermissions($keyObj, $access);
}
} else {
$keyObj->{$field} = $val;
}
}
$keyObj->save();
} catch (Exception $e) {
if ($e->getCode() == Z_ERROR_KEY_NAME_TOO_LONG) {
$this->e400($e->getMessage());
}
$this->handleException($e);
}
if ($this->apiVersion >= 3) {
echo Zotero_Utilities::formatJSON($keyObj->toJSON());
} else {
$this->responseXML = $keyObj->toXML();
}
Zotero_DB::commit();
}
}
}
}
if ($this->apiVersion >= 3) {
$this->end();
} else {
header('Content-Type: application/xml');
$xmlstr = $this->responseXML->asXML();
$doc = new DOMDocument('1.0');
$doc->loadXML($xmlstr);
$doc->formatOutput = true;
echo $doc->saveXML();
exit;
}
}
/**
* Used for integration tests
*
* Valid only on testing site
*/
public function testSetup()
{
if (!$this->permissions->isSuper()) {
$this->e404();
}
if (!Z_ENV_TESTING_SITE) {
$this->e404();
}
if (empty($_GET['u'])) {
throw new Exception("User not provided (e.g., ?u=1)");
}
$userID = $_GET['u'];
// Clear keys
$keys = Zotero_Keys::getUserKeys($userID);
foreach ($keys as $keyObj) {
$keyObj->erase();
}
$keys = Zotero_Keys::getUserKeys($userID);
if ($keys) {
throw new Exception("Keys still exist");
}
// Clear data
Zotero_Users::clearAllData($userID);
$this->responseXML = new SimpleXMLElement("<ok/>");
$this->end();
}