From 541b8563d5c59fab70d36cbfa75f410d7bb34783 Mon Sep 17 00:00:00 2001 From: Roman Hergenreder Date: Thu, 2 Apr 2020 16:31:17 +0200 Subject: [PATCH] ApiKeys fixed + tests --- core/Api/CreateApiKey.class.php | 10 +++++--- core/Api/GetApiKeys.class.php | 9 ++++++- core/Api/RefreshApiKey.class.php | 4 +-- core/Api/RevokeApiKey.class.php | 4 +-- core/Driver/SQL/SQL.class.php | 2 ++ test/apiTest.py | 44 ++++++++++++++++++++++++++++---- 6 files changed, 60 insertions(+), 13 deletions(-) diff --git a/core/Api/CreateApiKey.class.php b/core/Api/CreateApiKey.class.php index d240b0d..90d6a90 100644 --- a/core/Api/CreateApiKey.class.php +++ b/core/Api/CreateApiKey.class.php @@ -28,9 +28,13 @@ class CreateApiKey extends Request { $this->lastError = $sql->getLastError(); if ($this->success) { - $this->result["api_key"] = $apiKey; - $this->result["valid_until"] = $validUntil->getTimestamp(); - $this->result["uid"] = $sql->getLastInsertId(); + $this->result["api_key"] = array( + "api_key" => $apiKey, + "valid_until" => $validUntil->getTimestamp(), + "uid" => $sql->getLastInsertId(), + ); + } else { + $this->result["api_key"] = null; } return $this->success; } diff --git a/core/Api/GetApiKeys.class.php b/core/Api/GetApiKeys.class.php index c391188..5735474 100644 --- a/core/Api/GetApiKeys.class.php +++ b/core/Api/GetApiKeys.class.php @@ -28,7 +28,14 @@ class GetApiKeys extends Request { $this->lastError = $sql->getLastError(); if($this->success) { - $this->result["api_keys"] = $res; + $this->result["api_keys"] = array(); + foreach($res as $row) { + $this->result["api_keys"][] = array( + "uid" => $row["uid"], + "api_key" => $row["api_key"], + "valid_until" => (new \DateTime($row["valid_until"]))->getTimestamp(), + ); + } } return $this->success; diff --git a/core/Api/RefreshApiKey.class.php b/core/Api/RefreshApiKey.class.php index f584f6b..22ff18c 100644 --- a/core/Api/RefreshApiKey.class.php +++ b/core/Api/RefreshApiKey.class.php @@ -18,7 +18,7 @@ class RefreshApiKey extends Request { $id = $this->getParam("id"); $sql = $this->user->getSQL(); - $res = $sql->select("COUNT(*)") + $res = $sql->select($sql->count()) ->from("ApiKey") ->where(new Compare("uid", $id)) ->where(new Compare("user_id", $this->user->getId())) @@ -29,7 +29,7 @@ class RefreshApiKey extends Request { $this->success = ($res !== FALSE); $this->lastError = $sql->getLastError(); - if($this->success && $res[0]["COUNT(*)"] === 0) { + if($this->success && $res[0]["count"] === 0) { $this->success = false; $this->lastError = "This API-Key does not exist."; } diff --git a/core/Api/RevokeApiKey.class.php b/core/Api/RevokeApiKey.class.php index a769449..c80140c 100644 --- a/core/Api/RevokeApiKey.class.php +++ b/core/Api/RevokeApiKey.class.php @@ -18,7 +18,7 @@ class RevokeApiKey extends Request { $id = $this->getParam("id"); $sql = $this->user->getSQL(); - $res = $sql->select("COUNT(*)") + $res = $sql->select($sql->count()) ->from("ApiKey") ->where(new Compare("uid", $id)) ->where(new Compare("user_id", $this->user->getId())) @@ -29,7 +29,7 @@ class RevokeApiKey extends Request { $this->success = ($res !== FALSE); $this->lastError = $sql->getLastError(); - if($this->success && $res[0]["COUNT(*)"] === 0) { + if($this->success && $res[0]["count"] === 0) { $this->success = false; $this->lastError = "This API-Key does not exist."; } diff --git a/core/Driver/SQL/SQL.class.php b/core/Driver/SQL/SQL.class.php index 12dda38..247be60 100644 --- a/core/Driver/SQL/SQL.class.php +++ b/core/Driver/SQL/SQL.class.php @@ -60,6 +60,8 @@ abstract class SQL { public abstract function connect(); public abstract function disconnect(); + // TODO: pull code duplicates up + // Querybuilder public abstract function executeCreateTable($query); public abstract function executeInsert($query); diff --git a/test/apiTest.py b/test/apiTest.py index 9a6cf28..b9ef596 100644 --- a/test/apiTest.py +++ b/test/apiTest.py @@ -6,12 +6,21 @@ class ApiTestCase(PhpTest): super().__init__({ "Testing login…": self.test_login, "Testing already logged in…": self.test_already_logged_in, - "Testing get api keys empty…": self.test_get_api_keys, + "Testing get api keys empty…": self.test_get_api_keys_empty, + "Testing create api key…": self.test_create_api_key, + "Testing referesh api key…": self.test_refresh_api_key, + "Testing revoke api key…": self.test_revoke_api_key, + "Testing logout…": self.test_logout, }) def api(self, method): return "/api/%s" % method + def getApiKeys(self): + obj = self.httpPost(self.api("getApiKeys")) + self.assertEquals(True, obj["success"], obj["msg"]) + return obj + def test_login(self): obj = self.httpPost(self.api("login"), data={ "username": PhpTest.ADMIN_USERNAME, "password": PhpTest.ADMIN_PASSWORD }) self.assertEquals(True, obj["success"], obj["msg"]) @@ -21,8 +30,33 @@ class ApiTestCase(PhpTest): obj = self.test_login() self.assertEquals("You are already logged in", obj["msg"]) - def test_get_api_keys(self): - obj = self.httpPost(self.api("getApiKeys")) - self.assertEquals(True, obj["success"], obj["msg"]) + def test_get_api_keys_empty(self): + obj = self.getApiKeys() self.assertEquals([], obj["api_keys"]) - return obj + + def test_create_api_key(self): + obj = self.httpPost(self.api("createApiKey")) + self.assertEquals(True, obj["success"], obj["msg"]) + self.assertTrue("api_key" in obj) + self.apiKey = obj["api_key"] + + obj = self.getApiKeys() + self.assertEquals(1, len(obj["api_keys"])) + self.assertDictEqual(self.apiKey, obj["api_keys"][0]) + + def test_refresh_api_key(self): + obj = self.httpPost(self.api("refreshApiKey"), data={"id": self.apiKey["uid"]}) + self.assertEquals(True, obj["success"], obj["msg"]) + self.assertTrue("valid_until" in obj) + self.assertTrue(obj["valid_until"] >= self.apiKey["valid_until"]) + + def test_revoke_api_key(self): + obj = self.httpPost(self.api("revokeApiKey"), data={"id": self.apiKey["uid"]}) + self.assertEquals(True, obj["success"], obj["msg"]) + self.test_get_api_keys_empty() + + def test_logout(self): + obj = self.httpPost(self.api("logout")) + self.assertEquals(True, obj["success"], obj["msg"]) + obj = self.httpPost(self.api("logout")) + self.assertEquals(False, obj["success"])