From b77622b199cd0202ec7835b98effdfa8e374ccf2 Mon Sep 17 00:00:00 2001
From: llaffont <llaffont@afi-sa.fr>
Date: Sat, 31 Mar 2018 12:54:23 +0200
Subject: [PATCH] dev #73651 add REST service /api/user/account
---
.../api/controllers/ErrorController.php | 34 ++++++++++++++
.../api/controllers/UserController.php | 36 +++++++++++----
.../api/views/scripts/user/account.pjson | 11 +++++
.../opac/controllers/CmsControllerTest.php | 2 +-
.../MobileApplication/UserAccountTest.php | 45 ++++++++++++++++---
5 files changed, 111 insertions(+), 17 deletions(-)
create mode 100644 application/modules/api/controllers/ErrorController.php
create mode 100644 application/modules/api/views/scripts/user/account.pjson
diff --git a/application/modules/api/controllers/ErrorController.php b/application/modules/api/controllers/ErrorController.php
new file mode 100644
index 00000000000..d732730fff6
--- /dev/null
+++ b/application/modules/api/controllers/ErrorController.php
@@ -0,0 +1,34 @@
+<?php
+/**
+ * Copyright (c) 2012, Agence Française Informatique (AFI). All rights reserved.
+ *
+ * BOKEH is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU AFFERO GENERAL PUBLIC LICENSE as published by
+ * the Free Software Foundation.
+ *
+ * There are special exceptions to the terms and conditions of the AGPL as it
+ * is applied to this software (see README file).
+ *
+ * BOKEH is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU AFFERO GENERAL PUBLIC LICENSE for more details.
+ *
+ * You should have received a copy of the GNU AFFERO GENERAL PUBLIC LICENSE
+ * along with BOKEH; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
+ */
+
+class Api_ErrorController extends Zend_Controller_Action {
+ public function errorAction() {
+ $errors = $this->_getParam('error_handler');
+
+ $this->_response->setHttpResponseCode($errors->exception->getCode());
+ $this->_response->clearBody();
+
+ $this->view->message = $errors->exception->getMessage();
+ return $this->renderScript('invalid_request.pjson');
+ }
+}
+
+?>
\ No newline at end of file
diff --git a/application/modules/api/controllers/UserController.php b/application/modules/api/controllers/UserController.php
index 68f8695d4cd..15ce8483854 100644
--- a/application/modules/api/controllers/UserController.php
+++ b/application/modules/api/controllers/UserController.php
@@ -21,31 +21,49 @@
class Api_UserController extends ZendAfi_Controller_Action {
+ public function preDispatch() {
+ parent::preDispatch();
+ $this->_authenticate();
+ }
+
+
+ public function accountAction() {
+ $this->view->user = Class_Users::getIdentity();
+ }
+
+
public function loansAction() {
+ $this->view->loans = (new Class_User_Cards(Class_Users::getIdentity()))->getLoans();
+ }
+
+
+ protected function _authenticate() {
if (Class_AdminVar_OAuthAcceptHTTP::shouldRejectRequest($this->_request))
- return $this->_error($this->_('Protocole HTTPS obligatoire'));
+ return $this->_error($this->_('Protocole HTTPS obligatoire'), 403);
if (!$authorization = $this->_request->getHeader('authorization'))
- return $this->_error($this->_('Autorisation non spécifiée'));
+ return $this->_error($this->_('Autorisation non spécifiée'), 401);
$parts = explode(' ', $authorization);
if ($parts[0] !== 'Bearer')
- return $this->_error($this->_('Jeton d\'autorisation non fourni'));
+ return $this->_error($this->_('Jeton d\'autorisation non fourni'), 401);
if (!$token = Class_User_ApiToken::findFirstBy(['token' => $parts[1]]))
- return $this->_error($this->_('Jeton d\'autorisation invalide'));
+ return $this->_error($this->_('Jeton d\'autorisation invalide'), 403);
if (!$user = $token->getUser())
- return $this->_error($this->_('Utilisateur non trouvé'));
+ return $this->_error($this->_('Utilisateur non trouvé'), 403);
ZendAfi_Auth::getInstance()->logUser($user);
- $this->view->loans = (new Class_User_Cards($user))->getLoans();
}
- protected function _error($message) {
- $this->view->message = $message;
- return $this->renderScript('invalid_request.pjson');
+ protected function _error($message, $code) {
+ Zend_Controller_Front::getInstance()
+ ->getPlugin('Zend_Controller_Plugin_ErrorHandler')
+ ->setErrorHandlerModule('api');
+
+ throw new Zend_Controller_Action_Exception($message, $code);
}
}
?>
\ No newline at end of file
diff --git a/application/modules/api/views/scripts/user/account.pjson b/application/modules/api/views/scripts/user/account.pjson
new file mode 100644
index 00000000000..f97ce379325
--- /dev/null
+++ b/application/modules/api/views/scripts/user/account.pjson
@@ -0,0 +1,11 @@
+<?php
+echo json_encode(
+ ['account' => ['label' => $this->user->getNomAff(),
+ 'card' => [
+ 'id'=> $this->user->getIdabon(),
+ 'expire_at' => $this->user->getDateFin()
+ ]
+ ]
+ ]
+);
+?>
diff --git a/tests/application/modules/opac/controllers/CmsControllerTest.php b/tests/application/modules/opac/controllers/CmsControllerTest.php
index 124edac0422..2086d4a6967 100644
--- a/tests/application/modules/opac/controllers/CmsControllerTest.php
+++ b/tests/application/modules/opac/controllers/CmsControllerTest.php
@@ -1214,7 +1214,7 @@ class CmsControllerArticleViewArticleArchivedWithWorkflowTest extends CmsControl
/** @test */
- public function responseShouldBeA404NotFound() {
+ public function responseShouldBeA404NotFound() {
$this->assertResponseCode(404);
}
diff --git a/tests/scenarios/MobileApplication/UserAccountTest.php b/tests/scenarios/MobileApplication/UserAccountTest.php
index f79ec7ec28a..1106b77ecc8 100644
--- a/tests/scenarios/MobileApplication/UserAccountTest.php
+++ b/tests/scenarios/MobileApplication/UserAccountTest.php
@@ -29,6 +29,8 @@ abstract class Scenario_MobileApplication_UserAccountTestCase extends AbstractCo
$puppy = $this->fixture('Class_Users',
['id' => 345,
+ 'pseudo' => 'Puppy',
+ 'date_fin' => '2018-02-12',
'login' => 'puppy',
'password' => 'opied',
'role_level' => ZendAfi_Acl_AdminControllerRoles::ABONNE_SIGB,
@@ -73,7 +75,7 @@ abstract class Scenario_MobileApplication_UserAccountTestCase extends AbstractCo
-class Scenario_MobileApplication_UserAccountWithTokenTest extends Scenario_MobileApplication_UserAccountTestCase {
+class Scenario_MobileApplication_UserAccountLoansWithTokenTest extends Scenario_MobileApplication_UserAccountTestCase {
protected
$_json;
@@ -118,11 +120,11 @@ class Scenario_MobileApplication_UserAccountWithTokenTest extends Scenario_Mobil
-class Scenario_MobileApplication_UserAccountWithoutTokenTest extends Scenario_MobileApplication_UserAccountTestCase {
+class Scenario_MobileApplication_UserAccountLoansWithoutTokenTest extends Scenario_MobileApplication_UserAccountTestCase {
/** @test */
public function withoutAuthorizationShouldAnswerInvalidRequest() {
$this->dispatch('/api/user/loans',
- true,
+ false,
["Content-Type" => "application/json"]);
$this->assertEquals(['error' => 'invalid_request',
@@ -134,7 +136,7 @@ class Scenario_MobileApplication_UserAccountWithoutTokenTest extends Scenario_Mo
/** @test */
public function withWrongAuthorizationTypeShouldAnswerInvalidRequest() {
$this->dispatch('/api/user/loans',
- true,
+ false,
["Authorization" => 'Catch nonos',
"Content-Type" => "application/json"]);
@@ -147,7 +149,7 @@ class Scenario_MobileApplication_UserAccountWithoutTokenTest extends Scenario_Mo
/** @test */
public function withWrongAuthorizationTokenShouldAnswerInvalidRequest() {
$this->dispatch('/api/user/loans',
- true,
+ false,
["Authorization" => 'Bearer veget@ble',
"Content-Type" => "application/json"]);
@@ -165,7 +167,7 @@ class Scenario_MobileApplication_UserAccountWithoutTokenTest extends Scenario_Mo
'user_id' => 987]);
$this->dispatch('/api/user/loans',
- true,
+ false,
["Authorization" => 'Bearer veget@ble',
"Content-Type" => "application/json"]);
@@ -180,7 +182,7 @@ class Scenario_MobileApplication_UserAccountWithoutTokenTest extends Scenario_Mo
unset($_SERVER['HTTPS']);
$this->dispatch('/api/user/loans',
- true,
+ false,
["Authorization" => "Bearer nonos" ,
"Content-Type" => "application/json"]);
@@ -365,4 +367,33 @@ class Scenario_MobileApplication_UserAccountOAuthPostLoginSuccessTest extends Sc
$this->assertEquals('My mobile bokeh', $token->getClientId());
}
}
+
+
+
+
+class Scenario_MobileApplication_UserAccountWithTokenTest extends Scenario_MobileApplication_UserAccountTestCase {
+ protected
+ $_json;
+
+ public function setUp() {
+ parent::setUp();
+
+ $this->dispatch('/api/user/account',
+ true,
+ ["Authorization" => "Bearer nonos" ,
+ "Content-Type" => "application/json"]);
+ $this->_json = json_decode($this->_response->getBody(), true);
+ }
+
+
+ /** @test */
+ public function responseShouldContainsCardValidityAndLabel() {
+ $this->assertEquals(['label' => 'Puppy',
+ 'card' => [
+ 'id' => '234',
+ 'expire_at' => '2018-02-12']
+ ],
+ $this->_json['account']);
+ }
+}
?>
\ No newline at end of file
--
GitLab