Merge branch 'dev#73651_api_account' into 'hotline'

Dev#73651 api account

See merge request !2575

application/modules/api/controllers/ErrorController.php

+<?php
+/**
+ * Copyright (c) 2012, Agence Française Informatique (AFI). All rights reserved.
+ *
+ * BOKEH is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU AFFERO GENERAL PUBLIC LICENSE as published by
+ * the Free Software Foundation.
+ *
+ * There are special exceptions to the terms and conditions of the AGPL as it
+ * is applied to this software (see README file).
+ *
+ * BOKEH is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU AFFERO GENERAL PUBLIC LICENSE for more details.
+ *
+ * You should have received a copy of the GNU AFFERO GENERAL PUBLIC LICENSE
+ * along with BOKEH; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301  USA
+ */
+
+class Api_ErrorController extends Zend_Controller_Action {
+  public function errorAction() {
+    $errors = $this->_getParam('error_handler');
+
+    $this->_helper->json(['error'   => 'invalid_request',
+                          'message' => $errors->exception->getMessage()]);
+
+    $this->_response->setHttpResponseCode($errors->exception->getCode());
+  }
+}

application/modules/api/controllers/UserController.php

@@ -21,31 +21,53 @@
 
 
 class Api_UserController extends ZendAfi_Controller_Action {
+  public function preDispatch() {
+    parent::preDispatch();
+    $this->_authenticate();
+  }
+
+
+  public function accountAction() {
+    $user = Class_Users::getIdentity();
+    $this->_helper
+      ->json(['account' => ['label' => $user->getNomAff(),
+                            'card' => ['id'=> $user->getIdabon(),
+                                       'expire_at' => $user->getDateFin()]
+              ]]);
+  }
+
+
   public function loansAction() {
+    $this->view->loans = (new Class_User_Cards(Class_Users::getIdentity()))->getLoans();
+  }
+
+
+  protected function _authenticate() {
     if (Class_AdminVar_OAuthAcceptHTTP::shouldRejectRequest($this->_request))
-      return $this->_error($this->_('Protocole HTTPS obligatoire'));
+      return $this->_error($this->_('Protocole HTTPS obligatoire'), 403);
 
     if (!$authorization = $this->_request->getHeader('authorization'))
-      return $this->_error($this->_('Autorisation non spécifiée'));
+      return $this->_error($this->_('Autorisation non spécifiée'), 401);
 
     $parts = explode(' ', $authorization);
     if ($parts[0] !== 'Bearer')
-      return $this->_error($this->_('Jeton d\'autorisation non fourni'));
+      return $this->_error($this->_('Jeton d\'autorisation non fourni'), 401);
 
     if (!$token = Class_User_ApiToken::findFirstBy(['token' => $parts[1]]))
-      return $this->_error($this->_('Jeton d\'autorisation invalide'));
+      return $this->_error($this->_('Jeton d\'autorisation invalide'), 403);
 
     if (!$user = $token->getUser())
-      return $this->_error($this->_('Utilisateur non trouvé'));
+      return $this->_error($this->_('Utilisateur non trouvé'), 403);
 
     ZendAfi_Auth::getInstance()->logUser($user);
-    $this->view->loans = (new Class_User_Cards($user))->getLoans();
   }
 
 
-  protected function _error($message) {
-    $this->view->message = $message;
-    return $this->renderScript('invalid_request.pjson');
+  protected function _error($message, $code) {
+    Zend_Controller_Front::getInstance()
+      ->getPlugin('Zend_Controller_Plugin_ErrorHandler')
+      ->setErrorHandlerModule('api');
+
+    throw new Zend_Controller_Action_Exception($message, $code);
   }
 }
-?>
\ No newline at end of file

application/modules/api/views/scripts/invalid_request.pjson

-{
-	"error":"invalid_request",
-	"message":"<?php echo $this->message ?>"
-}
\ No newline at end of file

tests/scenarios/MobileApplication/UserAccountTest.php

@@ -29,6 +29,8 @@ abstract class Scenario_MobileApplication_UserAccountTestCase extends AbstractCo
 
     $puppy = $this->fixture('Class_Users',
                             ['id' => 345,
+                             'pseudo' => 'Puppy',
+                             'date_fin' => '2018-02-12',
                              'login' => 'puppy',
                              'password' => 'opied',
                              'role_level' => ZendAfi_Acl_AdminControllerRoles::ABONNE_SIGB,
@@ -73,7 +75,7 @@ abstract class Scenario_MobileApplication_UserAccountTestCase extends AbstractCo
 
 
 
-class Scenario_MobileApplication_UserAccountWithTokenTest extends Scenario_MobileApplication_UserAccountTestCase {
+class Scenario_MobileApplication_UserAccountLoansWithTokenTest extends Scenario_MobileApplication_UserAccountTestCase {
   protected
     $_json;
 
@@ -118,11 +120,11 @@ class Scenario_MobileApplication_UserAccountWithTokenTest extends Scenario_Mobil
 
 
 
-class Scenario_MobileApplication_UserAccountWithoutTokenTest extends Scenario_MobileApplication_UserAccountTestCase {
+class Scenario_MobileApplication_UserAccountLoansWithoutTokenTest extends Scenario_MobileApplication_UserAccountTestCase {
   /** @test */
   public function withoutAuthorizationShouldAnswerInvalidRequest() {
     $this->dispatch('/api/user/loans',
-                    true,
+                    false,
                     ["Content-Type" => "application/json"]);
 
     $this->assertEquals(['error' => 'invalid_request',
@@ -134,7 +136,7 @@ class Scenario_MobileApplication_UserAccountWithoutTokenTest extends Scenario_Mo
   /** @test */
   public function withWrongAuthorizationTypeShouldAnswerInvalidRequest() {
     $this->dispatch('/api/user/loans',
-                    true,
+                    false,
                     ["Authorization" => 'Catch nonos',
                      "Content-Type" => "application/json"]);
 
@@ -147,7 +149,7 @@ class Scenario_MobileApplication_UserAccountWithoutTokenTest extends Scenario_Mo
   /** @test */
   public function withWrongAuthorizationTokenShouldAnswerInvalidRequest() {
     $this->dispatch('/api/user/loans',
-                    true,
+                    false,
                     ["Authorization" => 'Bearer veget@ble',
                      "Content-Type" => "application/json"]);
 
@@ -165,7 +167,7 @@ class Scenario_MobileApplication_UserAccountWithoutTokenTest extends Scenario_Mo
                     'user_id' => 987]);
 
     $this->dispatch('/api/user/loans',
-                    true,
+                    false,
                     ["Authorization" => 'Bearer veget@ble',
                      "Content-Type" => "application/json"]);
 
@@ -180,7 +182,7 @@ class Scenario_MobileApplication_UserAccountWithoutTokenTest extends Scenario_Mo
     unset($_SERVER['HTTPS']);
 
     $this->dispatch('/api/user/loans',
-                    true,
+                    false,
                     ["Authorization" => "Bearer nonos" ,
                      "Content-Type" => "application/json"]);
 
@@ -365,4 +367,33 @@ class Scenario_MobileApplication_UserAccountOAuthPostLoginSuccessTest extends Sc
     $this->assertEquals('My mobile bokeh', $token->getClientId());
   }
 }
+
+
+
+
+class Scenario_MobileApplication_UserAccountWithTokenTest extends Scenario_MobileApplication_UserAccountTestCase {
+  protected
+    $_json;
+
+  public function setUp() {
+    parent::setUp();
+
+    $this->dispatch('/api/user/account',
+                    true,
+                    ["Authorization" => "Bearer nonos" ,
+                     "Content-Type" => "application/json"]);
+    $this->_json = json_decode($this->_response->getBody(), true);
+  }
+
+
+  /** @test */
+  public function responseShouldContainsCardValidityAndLabel() {
+    $this->assertEquals(['label' => 'Puppy',
+                         'card' => [
+                                    'id' =>  '234',
+                                    'expire_at' => '2018-02-12']
+                         ],
+                        $this->_json['account']);
+  }
+}
 ?>
\ No newline at end of file