From 931453304805b59751c5d3dffef42b8692b6fe65 Mon Sep 17 00:00:00 2001
From: Bharat Mediratta <bharat@menalto.com>
Date: Fri, 5 Mar 2010 21:42:39 -0800
Subject: Update tests to reflect the fact that you have to be logged in to do
 anything.

---
 modules/rest/tests/Rest_Controller_Test.php | 32 ++++++++++++++++++-----------
 1 file changed, 20 insertions(+), 12 deletions(-)

(limited to 'modules/rest/tests/Rest_Controller_Test.php')

diff --git a/modules/rest/tests/Rest_Controller_Test.php b/modules/rest/tests/Rest_Controller_Test.php
index a5c7dda6..21be8300 100644
--- a/modules/rest/tests/Rest_Controller_Test.php
+++ b/modules/rest/tests/Rest_Controller_Test.php
@@ -20,6 +20,9 @@
 class Rest_Controller_Test extends Gallery_Unit_Test_Case {
   public function setup() {
     $this->_save = array($_GET, $_POST, $_SERVER);
+
+    $key = rest::get_access_token(1);  // admin user
+    $_SERVER["HTTP_X_GALLERY_REQUEST_KEY"] = $key->access_key;
   }
 
   public function teardown() {
@@ -60,24 +63,26 @@ class Rest_Controller_Test extends Gallery_Unit_Test_Case {
   }
 
   public function get_test() {
+    unset($_SERVER["HTTP_X_GALLERY_REQUEST_KEY"]);
+
     $_SERVER["REQUEST_METHOD"] = "GET";
     $_GET["key"] = "value";
 
-    $this->assert_array_equal_to_json(
-      array("params" => array("key" => "value"),
-            "method" => "get",
-            "access_token" => null,
-            "url" => "http://./index.php/gallery_unit_test"),
-      test::call_and_capture(array(new Rest_Controller(), "mock")));
+    try {
+      test::call_and_capture(array(new Rest_Controller(), "mock"));
+    } catch (Rest_Exception $e) {
+      $this->assert_same(403, $e->getCode());
+      return;
+    }
+
+    $this->assert_true(false, "Should be forbidden");
   }
 
   public function get_with_access_key_test() {
-    $key = rest::get_access_token(1);  // admin user
-
     $_SERVER["REQUEST_METHOD"] = "GET";
-    $_SERVER["HTTP_X_GALLERY_REQUEST_KEY"] = $key->access_key;
     $_GET["key"] = "value";
 
+    $key = rest::get_access_token(1);  // admin user
     $this->assert_array_equal_to_json(
       array("params" => array("key" => "value"),
             "method" => "get",
@@ -90,10 +95,11 @@ class Rest_Controller_Test extends Gallery_Unit_Test_Case {
     $_SERVER["REQUEST_METHOD"] = "POST";
     $_POST["key"] = "value";
 
+    $key = rest::get_access_token(1);  // admin user
     $this->assert_array_equal_to_json(
       array("params" => array("key" => "value"),
             "method" => "post",
-            "access_token" => null,
+            "access_token" => $key->access_key,
             "url" => "http://./index.php/gallery_unit_test"),
       test::call_and_capture(array(new Rest_Controller(), "mock")));
   }
@@ -103,10 +109,11 @@ class Rest_Controller_Test extends Gallery_Unit_Test_Case {
     $_SERVER["HTTP_X_GALLERY_REQUEST_METHOD"] = "put";
     $_POST["key"] = "value";
 
+    $key = rest::get_access_token(1);  // admin user
     $this->assert_array_equal_to_json(
       array("params" => array("key" => "value"),
             "method" => "put",
-            "access_token" => null,
+            "access_token" => $key->access_key,
             "url" => "http://./index.php/gallery_unit_test"),
       test::call_and_capture(array(new Rest_Controller(), "mock")));
   }
@@ -116,10 +123,11 @@ class Rest_Controller_Test extends Gallery_Unit_Test_Case {
     $_SERVER["HTTP_X_GALLERY_REQUEST_METHOD"] = "delete";
     $_POST["key"] = "value";
 
+    $key = rest::get_access_token(1);  // admin user
     $this->assert_array_equal_to_json(
       array("params" => array("key" => "value"),
             "method" => "delete",
-            "access_token" => null,
+            "access_token" => $key->access_key,
             "url" => "http://./index.php/gallery_unit_test"),
       test::call_and_capture(array(new Rest_Controller(), "mock")));
   }
-- 
cgit v1.2.3


From 9b788674275c843947d44934a50dd395b515737a Mon Sep 17 00:00:00 2001
From: Bharat Mediratta <bharat@menalto.com>
Date: Fri, 18 Jun 2010 20:43:14 -0700
Subject: Simplify rest::get_access_key($user) to rest::access_key() that
 returns just the access key string for the active user.  That's how we use
 the API, so keep it simple.

---
 modules/organize/controllers/organize.php   |  2 +-
 modules/rest/controllers/rest.php           |  3 +--
 modules/rest/helpers/rest.php               |  7 ++++---
 modules/rest/tests/Rest_Controller_Test.php | 15 +++++----------
 4 files changed, 11 insertions(+), 16 deletions(-)

(limited to 'modules/rest/tests/Rest_Controller_Test.php')

diff --git a/modules/organize/controllers/organize.php b/modules/organize/controllers/organize.php
index 732ac3f6..135a6fc9 100644
--- a/modules/organize/controllers/organize.php
+++ b/modules/organize/controllers/organize.php
@@ -39,7 +39,7 @@ class Organize_Controller extends Controller {
     $v = new View("organize_dialog.html");
     $v->album = $album;
     $v->domain = $input->server("SERVER_NAME");
-    $v->access_key = rest::get_access_key($user->id)->access_key;
+    $v->access_key = rest::access_key();
     $v->file_filter = addslashes($file_filter);
     $v->sort_order = addslashes(json_encode($sort_order));
     $v->sort_fields = addslashes(json_encode($sort_fields));
diff --git a/modules/rest/controllers/rest.php b/modules/rest/controllers/rest.php
index acc4a7df..ccccc762 100644
--- a/modules/rest/controllers/rest.php
+++ b/modules/rest/controllers/rest.php
@@ -34,8 +34,7 @@ class Rest_Controller extends Controller {
 
     auth::login($user);
 
-    $key = rest::get_access_key($user->id);
-    rest::reply($key->access_key);
+    rest::reply(rest::access_key());
   }
 
   public function __call($function, $args) {
diff --git a/modules/rest/helpers/rest.php b/modules/rest/helpers/rest.php
index b382cb29..0bad58f6 100644
--- a/modules/rest/helpers/rest.php
+++ b/modules/rest/helpers/rest.php
@@ -66,9 +66,9 @@ class rest_Core {
     identity::set_active_user($user);
   }
 
-  static function get_access_key($user_id) {
+  static function access_key() {
     $key = ORM::factory("user_access_key")
-      ->where("user_id", "=", $user_id)
+      ->where("user_id", "=", identity::active_user()->id)
       ->find();
 
     if (!$key->loaded()) {
@@ -76,7 +76,8 @@ class rest_Core {
       $key->access_key = md5(md5(uniqid(mt_rand(), true) . access::private_key()));
       $key->save();
     }
-    return $key;
+
+    return $key->access_key;
   }
 
   /**
diff --git a/modules/rest/tests/Rest_Controller_Test.php b/modules/rest/tests/Rest_Controller_Test.php
index fe83283d..0c8a4a98 100644
--- a/modules/rest/tests/Rest_Controller_Test.php
+++ b/modules/rest/tests/Rest_Controller_Test.php
@@ -21,8 +21,7 @@ class Rest_Controller_Test extends Gallery_Unit_Test_Case {
   public function setup() {
     $this->_save = array($_GET, $_POST, $_SERVER);
 
-    $key = rest::get_access_key(1);  // admin user
-    $_SERVER["HTTP_X_GALLERY_REQUEST_KEY"] = $key->access_key;
+    $_SERVER["HTTP_X_GALLERY_REQUEST_KEY"] = rest::access_key();
   }
 
   public function teardown() {
@@ -83,11 +82,10 @@ class Rest_Controller_Test extends Gallery_Unit_Test_Case {
     $_SERVER["REQUEST_METHOD"] = "GET";
     $_GET["key"] = "value";
 
-    $key = rest::get_access_key(1);  // admin user
     $this->assert_array_equal_to_json(
       array("params" => array("key" => "value"),
             "method" => "get",
-            "access_key" => $key->access_key,
+            "access_key" => rest::access_key(),
             "url" => "http://./index.php/gallery_unit_test"),
       test::call_and_capture(array(new Rest_Controller(), "mock")));
   }
@@ -96,11 +94,10 @@ class Rest_Controller_Test extends Gallery_Unit_Test_Case {
     $_SERVER["REQUEST_METHOD"] = "POST";
     $_POST["key"] = "value";
 
-    $key = rest::get_access_key(1);  // admin user
     $this->assert_array_equal_to_json(
       array("params" => array("key" => "value"),
             "method" => "post",
-            "access_key" => $key->access_key,
+            "access_key" => rest::access_key(),
             "url" => "http://./index.php/gallery_unit_test"),
       test::call_and_capture(array(new Rest_Controller(), "mock")));
   }
@@ -110,11 +107,10 @@ class Rest_Controller_Test extends Gallery_Unit_Test_Case {
     $_SERVER["HTTP_X_GALLERY_REQUEST_METHOD"] = "put";
     $_POST["key"] = "value";
 
-    $key = rest::get_access_key(1);  // admin user
     $this->assert_array_equal_to_json(
       array("params" => array("key" => "value"),
             "method" => "put",
-            "access_key" => $key->access_key,
+            "access_key" => rest::access_key(),
             "url" => "http://./index.php/gallery_unit_test"),
       test::call_and_capture(array(new Rest_Controller(), "mock")));
   }
@@ -124,11 +120,10 @@ class Rest_Controller_Test extends Gallery_Unit_Test_Case {
     $_SERVER["HTTP_X_GALLERY_REQUEST_METHOD"] = "delete";
     $_POST["key"] = "value";
 
-    $key = rest::get_access_key(1);  // admin user
     $this->assert_array_equal_to_json(
       array("params" => array("key" => "value"),
             "method" => "delete",
-            "access_key" => $key->access_key,
+            "access_key" => rest::access_key(),
             "url" => "http://./index.php/gallery_unit_test"),
       test::call_and_capture(array(new Rest_Controller(), "mock")));
   }
-- 
cgit v1.2.3