diff --git a/application/modules/api/controllers/ErrorController.php b/application/modules/api/controllers/ErrorController.php
new file mode 100644
index 0000000000000000000000000000000000000000..13821b4bec0aed5126c92ee988f1e88865636829
--- /dev/null
+++ b/application/modules/api/controllers/ErrorController.php
@@ -0,0 +1,31 @@
+<?php
+/**
+ * Copyright (c) 2012, Agence Française Informatique (AFI). All rights reserved.
+ *
+ * BOKEH is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU AFFERO GENERAL PUBLIC LICENSE as published by
+ * the Free Software Foundation.
+ *
+ * There are special exceptions to the terms and conditions of the AGPL as it
+ * is applied to this software (see README file).
+ *
+ * BOKEH is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU AFFERO GENERAL PUBLIC LICENSE for more details.
+ *
+ * You should have received a copy of the GNU AFFERO GENERAL PUBLIC LICENSE
+ * along with BOKEH; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
+ */
+
+class Api_ErrorController extends Zend_Controller_Action {
+ public function errorAction() {
+ $errors = $this->_getParam('error_handler');
+
+ $this->_helper->json(['error' => 'invalid_request',
+ 'message' => $errors->exception->getMessage()]);
+
+ $this->_response->setHttpResponseCode($errors->exception->getCode());
+ }
+}
diff --git a/application/modules/api/controllers/UserController.php b/application/modules/api/controllers/UserController.php
index 68f8695d4cd58e0b0a31cc5db7df053fd8a1ac51..d67f3182243b44e4b37788969f621102d9f57994 100644
--- a/application/modules/api/controllers/UserController.php
+++ b/application/modules/api/controllers/UserController.php
@@ -21,31 +21,53 @@
class Api_UserController extends ZendAfi_Controller_Action {
+ public function preDispatch() {
+ parent::preDispatch();
+ $this->_authenticate();
+ }
+
+
+ public function accountAction() {
+ $user = Class_Users::getIdentity();
+ $this->_helper
+ ->json(['account' => ['label' => $user->getNomAff(),
+ 'card' => ['id'=> $user->getIdabon(),
+ 'expire_at' => $user->getDateFin()]
+ ]]);
+ }
+
+
public function loansAction() {
+ $this->view->loans = (new Class_User_Cards(Class_Users::getIdentity()))->getLoans();
+ }
+
+
+ protected function _authenticate() {
if (Class_AdminVar_OAuthAcceptHTTP::shouldRejectRequest($this->_request))
- return $this->_error($this->_('Protocole HTTPS obligatoire'));
+ return $this->_error($this->_('Protocole HTTPS obligatoire'), 403);
if (!$authorization = $this->_request->getHeader('authorization'))
- return $this->_error($this->_('Autorisation non spécifiée'));
+ return $this->_error($this->_('Autorisation non spécifiée'), 401);
$parts = explode(' ', $authorization);
if ($parts[0] !== 'Bearer')
- return $this->_error($this->_('Jeton d\'autorisation non fourni'));
+ return $this->_error($this->_('Jeton d\'autorisation non fourni'), 401);
if (!$token = Class_User_ApiToken::findFirstBy(['token' => $parts[1]]))
- return $this->_error($this->_('Jeton d\'autorisation invalide'));
+ return $this->_error($this->_('Jeton d\'autorisation invalide'), 403);
if (!$user = $token->getUser())
- return $this->_error($this->_('Utilisateur non trouvé'));
+ return $this->_error($this->_('Utilisateur non trouvé'), 403);
ZendAfi_Auth::getInstance()->logUser($user);
- $this->view->loans = (new Class_User_Cards($user))->getLoans();
}
- protected function _error($message) {
- $this->view->message = $message;
- return $this->renderScript('invalid_request.pjson');
+ protected function _error($message, $code) {
+ Zend_Controller_Front::getInstance()
+ ->getPlugin('Zend_Controller_Plugin_ErrorHandler')
+ ->setErrorHandlerModule('api');
+
+ throw new Zend_Controller_Action_Exception($message, $code);
}
}
-?>
\ No newline at end of file
diff --git a/application/modules/api/views/scripts/invalid_request.pjson b/application/modules/api/views/scripts/invalid_request.pjson
deleted file mode 100644
index 153d898f6f513c3f6da36abd64232443fbbe0c02..0000000000000000000000000000000000000000
--- a/application/modules/api/views/scripts/invalid_request.pjson
+++ /dev/null
@@ -1,4 +0,0 @@
-{
- "error":"invalid_request",
- "message":"<?php echo $this->message ?>"
-}
\ No newline at end of file
diff --git a/tests/scenarios/MobileApplication/UserAccountTest.php b/tests/scenarios/MobileApplication/UserAccountTest.php
index f79ec7ec28ac709d99b556f8932d33b3cac9879f..1106b77ecc80507ab00c6787b1d1673f40d79b1d 100644
--- a/tests/scenarios/MobileApplication/UserAccountTest.php
+++ b/tests/scenarios/MobileApplication/UserAccountTest.php
@@ -29,6 +29,8 @@ abstract class Scenario_MobileApplication_UserAccountTestCase extends AbstractCo
$puppy = $this->fixture('Class_Users',
['id' => 345,
+ 'pseudo' => 'Puppy',
+ 'date_fin' => '2018-02-12',
'login' => 'puppy',
'password' => 'opied',
'role_level' => ZendAfi_Acl_AdminControllerRoles::ABONNE_SIGB,
@@ -73,7 +75,7 @@ abstract class Scenario_MobileApplication_UserAccountTestCase extends AbstractCo
-class Scenario_MobileApplication_UserAccountWithTokenTest extends Scenario_MobileApplication_UserAccountTestCase {
+class Scenario_MobileApplication_UserAccountLoansWithTokenTest extends Scenario_MobileApplication_UserAccountTestCase {
protected
$_json;
@@ -118,11 +120,11 @@ class Scenario_MobileApplication_UserAccountWithTokenTest extends Scenario_Mobil
-class Scenario_MobileApplication_UserAccountWithoutTokenTest extends Scenario_MobileApplication_UserAccountTestCase {
+class Scenario_MobileApplication_UserAccountLoansWithoutTokenTest extends Scenario_MobileApplication_UserAccountTestCase {
/** @test */
public function withoutAuthorizationShouldAnswerInvalidRequest() {
$this->dispatch('/api/user/loans',
- true,
+ false,
["Content-Type" => "application/json"]);
$this->assertEquals(['error' => 'invalid_request',
@@ -134,7 +136,7 @@ class Scenario_MobileApplication_UserAccountWithoutTokenTest extends Scenario_Mo
/** @test */
public function withWrongAuthorizationTypeShouldAnswerInvalidRequest() {
$this->dispatch('/api/user/loans',
- true,
+ false,
["Authorization" => 'Catch nonos',
"Content-Type" => "application/json"]);
@@ -147,7 +149,7 @@ class Scenario_MobileApplication_UserAccountWithoutTokenTest extends Scenario_Mo
/** @test */
public function withWrongAuthorizationTokenShouldAnswerInvalidRequest() {
$this->dispatch('/api/user/loans',
- true,
+ false,
["Authorization" => 'Bearer veget@ble',
"Content-Type" => "application/json"]);
@@ -165,7 +167,7 @@ class Scenario_MobileApplication_UserAccountWithoutTokenTest extends Scenario_Mo
'user_id' => 987]);
$this->dispatch('/api/user/loans',
- true,
+ false,
["Authorization" => 'Bearer veget@ble',
"Content-Type" => "application/json"]);
@@ -180,7 +182,7 @@ class Scenario_MobileApplication_UserAccountWithoutTokenTest extends Scenario_Mo
unset($_SERVER['HTTPS']);
$this->dispatch('/api/user/loans',
- true,
+ false,
["Authorization" => "Bearer nonos" ,
"Content-Type" => "application/json"]);
@@ -365,4 +367,33 @@ class Scenario_MobileApplication_UserAccountOAuthPostLoginSuccessTest extends Sc
$this->assertEquals('My mobile bokeh', $token->getClientId());
}
}
+
+
+
+
+class Scenario_MobileApplication_UserAccountWithTokenTest extends Scenario_MobileApplication_UserAccountTestCase {
+ protected
+ $_json;
+
+ public function setUp() {
+ parent::setUp();
+
+ $this->dispatch('/api/user/account',
+ true,
+ ["Authorization" => "Bearer nonos" ,
+ "Content-Type" => "application/json"]);
+ $this->_json = json_decode($this->_response->getBody(), true);
+ }
+
+
+ /** @test */
+ public function responseShouldContainsCardValidityAndLabel() {
+ $this->assertEquals(['label' => 'Puppy',
+ 'card' => [
+ 'id' => '234',
+ 'expire_at' => '2018-02-12']
+ ],
+ $this->_json['account']);
+ }
+}
?>
\ No newline at end of file