diff options
author | Florian Pritz <bluewind@xinu.at> | 2016-10-08 16:57:44 +0200 |
---|---|---|
committer | Florian Pritz <bluewind@xinu.at> | 2016-11-05 19:44:15 +0100 |
commit | 2c94026f7f36ec7da94279a94ecf1f555f3994c6 (patch) | |
tree | 7feba2745d875db154b1837008526aa3c39c9353 /application/test/tests/api_v2/test_api_permissions.php | |
parent | 83f45f1fdf9cf89a0f3dac99221cc6e770e94dc0 (diff) |
Parallelize remaining API tests
Signed-off-by: Florian Pritz <bluewind@xinu.at>
Diffstat (limited to 'application/test/tests/api_v2/test_api_permissions.php')
-rw-r--r-- | application/test/tests/api_v2/test_api_permissions.php | 108 |
1 files changed, 108 insertions, 0 deletions
diff --git a/application/test/tests/api_v2/test_api_permissions.php b/application/test/tests/api_v2/test_api_permissions.php new file mode 100644 index 000000000..6df612911 --- /dev/null +++ b/application/test/tests/api_v2/test_api_permissions.php @@ -0,0 +1,108 @@ +<?php +/* + * Copyright 2015-2016 Florian "Bluewind" Pritz <bluewind@server-speed.net> + * + * Licensed under AGPLv3 + * (see COPYING for full license text) + * + */ + +namespace test\tests\api_v2; + +class test_api_permissions extends common { + + public function __construct() + { + parent::__construct(); + $this->startServer(23200); + $this->userCounter = 100; + } + + public function test_callPrivateEndpointsWithoutApikey() + { + $endpoints = array( + "file/upload", + "file/history", + "file/delete", + "file/create_multipaste", + "user/apikeys", + "user/create_apikey", + "user/delete_apikey", + ); + foreach ($endpoints as $endpoint) { + $ret = $this->CallEndpoint("POST", $endpoint, array( + )); + $this->expectError("call $endpoint without apikey", $ret); + $this->t->is_deeply(array( + 'status' => 'error', + 'error_id' => 'api/not-authenticated', + 'message' => 'Not authenticated. FileBin requires you to have an account, please go to the homepage at http://127.0.0.1:23200/ for more information.', + ), $ret, "expected error"); + } + } + + public function test_callPrivateEndpointsWithUnsupportedAuthentication() + { + $endpoints = array( + "file/upload", + "file/history", + "file/delete", + "file/create_multipaste", + "user/apikeys", + // create_apikey is the only one that supports username/pw + //"user/create_apikey", + "user/delete_apikey", + ); + foreach ($endpoints as $endpoint) { + $ret = $this->CallEndpoint("POST", $endpoint, array( + "username" => "apiv2testuser1", + "password" => "testpass1", + )); + $this->expectError("call $endpoint without apikey", $ret); + $this->t->is_deeply(array( + 'status' => 'error', + 'error_id' => 'api/not-authenticated', + 'message' => 'Not authenticated. FileBin requires you to have an account, please go to the homepage at http://127.0.0.1:23200/ for more information.', + ), $ret, "expected error"); + } + } + + public function test_callEndpointsWithoutEnoughPermissions() + { + $testconfig = array( + array( + "have_level" => "basic", + "wanted_level" => "apikey", + "apikey" => $this->createUserAndApikey('basic'), + "endpoints" => array( + "file/delete", + "file/history", + ), + ), + array( + "have_level" => "apikey", + "wanted_level" => "full", + "apikey" => $this->createUserAndApikey(), + "endpoints" => array( + "user/apikeys", + "user/create_apikey", + "user/delete_apikey", + ), + ), + ); + foreach ($testconfig as $test) { + foreach ($test['endpoints'] as $endpoint) { + $ret = $this->CallEndpoint("POST", $endpoint, array( + "apikey" => $test['apikey'], + )); + $this->expectError("call $endpoint without enough permissions", $ret); + $this->t->is_deeply(array( + 'status' => "error", + 'error_id' => "api/insufficient-permissions", + 'message' => "Access denied: Access level too low. Required: ${test['wanted_level']}; Have: ${test['have_level']}", + ), $ret, "expected permission error"); + } + } + } + +} |