3 # This file is part of Koha.
5 # Koha is free software; you can redistribute it and/or modify it under the
6 # terms of the GNU General Public License as published by the Free Software
7 # Foundation; either version 3 of the License, or (at your option) any later
10 # Koha is distributed in the hope that it will be useful, but WITHOUT ANY
11 # WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR
12 # A PARTICULAR PURPOSE. See the GNU General Public License for more details.
14 # You should have received a copy of the GNU General Public License along
15 # with Koha; if not, write to the Free Software Foundation, Inc.,
16 # 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
20 use Test::More tests => 5;
24 use t::lib::TestBuilder;
27 use Data::Printer colored => 1;
33 my $schema = Koha::Database->new->schema;
34 my $builder = t::lib::TestBuilder->new;
35 # FIXME: sessionStorage defaults to mysql, but it seems to break transaction handling
36 # this affects the other REST api tests
37 t::lib::Mocks::mock_preference( 'SessionStorage', 'tmp' );
39 my $remote_address = '127.0.0.1';
40 my $t = Test::Mojo->new('Koha::REST::V1');
42 subtest 'list() tests' => sub {
46 $schema->storage->txn_begin;
48 Koha::Cities->search->delete;
49 my ( $borrowernumber, $session_id ) =
50 create_user_and_session( { authorized => 0 } );
52 ## Authorized user tests
53 # No cities, so empty array should be returned
54 my $tx = $t->ua->build_tx( GET => '/api/v1/cities' );
55 $tx->req->cookies( { name => 'CGISESSID', value => $session_id } );
56 $tx->req->env( { REMOTE_ADDR => $remote_address } );
57 $t->request_ok($tx)->status_is(200)->json_is( [] );
59 my $city_country = 'France';
60 my $city = $builder->build(
61 { source => 'City', value => { city_country => $city_country } } );
63 # One city created, should get returned
64 $tx = $t->ua->build_tx( GET => '/api/v1/cities' );
65 $tx->req->cookies( { name => 'CGISESSID', value => $session_id } );
66 $tx->req->env( { REMOTE_ADDR => $remote_address } );
67 $t->request_ok($tx)->status_is(200)->json_is( [$city] );
69 my $another_city = $builder->build(
70 { source => 'City', value => { city_country => $city_country } } );
71 my $city_with_another_country = $builder->build( { source => 'City' } );
73 # Two cities created, they should both be returned
74 $tx = $t->ua->build_tx( GET => '/api/v1/cities' );
75 $tx->req->cookies( { name => 'CGISESSID', value => $session_id } );
76 $tx->req->env( { REMOTE_ADDR => $remote_address } );
77 $t->request_ok($tx)->status_is(200)
78 ->json_is( [ $city, $another_city, $city_with_another_country ] );
80 # Filtering works, two cities sharing city_country
82 $t->ua->build_tx( GET => "/api/v1/cities?city_country=" . $city_country );
83 $tx->req->cookies( { name => 'CGISESSID', value => $session_id } );
84 $tx->req->env( { REMOTE_ADDR => $remote_address } );
85 $t->request_ok($tx)->status_is(200)->json_is( [ $city, $another_city ] );
87 $tx = $t->ua->build_tx(
88 GET => "/api/v1/cities?city_name=" . $city->{city_name} );
89 $tx->req->cookies( { name => 'CGISESSID', value => $session_id } );
90 $tx->req->env( { REMOTE_ADDR => $remote_address } );
91 $t->request_ok($tx)->status_is(200)->json_is( [$city] );
93 $tx = $t->ua->build_tx( GET => '/api/v1/cities?city_blah=blah' );
94 $tx->req->cookies( { name => 'CGISESSID', value => $session_id } );
95 $tx->req->env( { REMOTE_ADDR => $remote_address } );
98 $t->request_ok($tx)->status_is(500)
99 ->json_like( '/error' => qr/Unknown column/ );
101 qr/Unknown column/, 'Wrong parameters raise warnings';
103 $schema->storage->txn_rollback;
106 subtest 'get() tests' => sub {
110 $schema->storage->txn_begin;
112 my $city = $builder->build( { source => 'City' } );
113 my ( $borrowernumber, $session_id ) =
114 create_user_and_session( { authorized => 0 } );
116 my $tx = $t->ua->build_tx( GET => "/api/v1/cities/" . $city->{cityid} );
117 $tx->req->cookies( { name => 'CGISESSID', value => $session_id } );
118 $tx->req->env( { REMOTE_ADDR => $remote_address } );
119 $t->request_ok($tx)->status_is(200)->json_is($city);
121 my $non_existent_id = $city->{cityid} + 1;
122 $tx = $t->ua->build_tx( GET => "/api/v1/cities/" . $non_existent_id );
123 $tx->req->cookies( { name => 'CGISESSID', value => $session_id } );
124 $tx->req->env( { REMOTE_ADDR => $remote_address } );
125 $t->request_ok($tx)->status_is(404)
126 ->json_is( '/error' => 'City not found' );
128 $schema->storage->txn_rollback;
131 subtest 'add() tests' => sub {
135 $schema->storage->txn_begin;
137 my ( $unauthorized_borrowernumber, $unauthorized_session_id ) =
138 create_user_and_session( { authorized => 0 } );
139 my ( $authorized_borrowernumber, $authorized_session_id ) =
140 create_user_and_session( { authorized => 1 } );
142 city_name => "City Name",
143 city_state => "City State",
144 city_zipcode => "City Zipcode",
145 city_country => "City Country"
148 # Unauthorized attempt to write
149 my $tx = $t->ua->build_tx( POST => "/api/v1/cities/" => json => $city );
151 { name => 'CGISESSID', value => $unauthorized_session_id } );
152 $tx->req->env( { REMOTE_ADDR => $remote_address } );
153 $t->request_ok($tx)->status_is(403);
155 # Authorized attempt to write
156 $tx = $t->ua->build_tx( POST => "/api/v1/cities/" => json => $city );
158 { name => 'CGISESSID', value => $authorized_session_id } );
159 $tx->req->env( { REMOTE_ADDR => $remote_address } );
160 $t->request_ok($tx)->status_is(200)
161 ->json_is( '/city_name' => $city->{city_name} )
162 ->json_is( '/city_state' => $city->{city_state} )
163 ->json_is( '/city_zipcode' => $city->{city_zipcode} )
164 ->json_is( '/city_country' => $city->{city_country} );
166 my $city_with_invalid_field = {
167 city_blah => "City Blah",
168 city_state => "City State",
169 city_zipcode => "City Zipcode",
170 city_country => "City Country"
173 # Authorized attempt to write invalid data
174 $tx = $t->ua->build_tx(
175 POST => "/api/v1/cities/" => json => $city_with_invalid_field );
177 { name => 'CGISESSID', value => $authorized_session_id } );
178 $tx->req->env( { REMOTE_ADDR => $remote_address } );
179 $t->request_ok($tx)->status_is(500);
181 $schema->storage->txn_rollback;
184 subtest 'update() tests' => sub {
188 $schema->storage->txn_begin;
190 my ( $unauthorized_borrowernumber, $unauthorized_session_id ) =
191 create_user_and_session( { authorized => 0 } );
192 my ( $authorized_borrowernumber, $authorized_session_id ) =
193 create_user_and_session( { authorized => 1 } );
195 my $city_id = $builder->build( { source => 'City' } )->{cityid};
197 # Unauthorized attempt to update
198 my $tx = $t->ua->build_tx( PUT => "/api/v1/cities/$city_id" => json =>
199 { city_name => 'New unauthorized name change' } );
201 { name => 'CGISESSID', value => $unauthorized_session_id } );
202 $tx->req->env( { REMOTE_ADDR => $remote_address } );
203 $t->request_ok($tx)->status_is(403);
205 $tx = $t->ua->build_tx(
206 PUT => "/api/v1/cities/$city_id" => json => { city_name => 'New name' }
209 { name => 'CGISESSID', value => $authorized_session_id } );
210 $tx->req->env( { REMOTE_ADDR => $remote_address } );
211 $t->request_ok($tx)->status_is(200)->json_is( '/city_name' => 'New name' );
213 $tx = $t->ua->build_tx(
214 PUT => "/api/v1/cities/$city_id" => json => { city_blah => 'New blah' }
217 { name => 'CGISESSID', value => $authorized_session_id } );
218 $tx->req->env( { REMOTE_ADDR => $remote_address } );
219 $t->request_ok($tx)->status_is(500)
220 ->json_is( '/error' => "No method city_blah for Koha::City" );
222 my $non_existent_id = $city_id + 1;
223 $tx = $t->ua->build_tx( PUT => "/api/v1/cities/$non_existent_id" => json =>
224 { city_name => 'New name' } );
226 { name => 'CGISESSID', value => $authorized_session_id } );
227 $tx->req->env( { REMOTE_ADDR => $remote_address } );
228 $t->request_ok($tx)->status_is(404);
230 $schema->storage->txn_rollback;
233 subtest 'delete() tests' => sub {
237 $schema->storage->txn_begin;
239 my ( $unauthorized_borrowernumber, $unauthorized_session_id ) =
240 create_user_and_session( { authorized => 0 } );
241 my ( $authorized_borrowernumber, $authorized_session_id ) =
242 create_user_and_session( { authorized => 1 } );
244 my $city_id = $builder->build( { source => 'City' } )->{cityid};
246 # Unauthorized attempt to update
247 my $tx = $t->ua->build_tx( DELETE => "/api/v1/cities/$city_id" );
249 { name => 'CGISESSID', value => $unauthorized_session_id } );
250 $tx->req->env( { REMOTE_ADDR => $remote_address } );
251 $t->request_ok($tx)->status_is(403);
253 $tx = $t->ua->build_tx( DELETE => "/api/v1/cities/$city_id" );
255 { name => 'CGISESSID', value => $authorized_session_id } );
256 $tx->req->env( { REMOTE_ADDR => $remote_address } );
257 $t->request_ok($tx)->status_is(200)->content_is('');
259 $tx = $t->ua->build_tx( DELETE => "/api/v1/cities/$city_id" );
261 { name => 'CGISESSID', value => $authorized_session_id } );
262 $tx->req->env( { REMOTE_ADDR => $remote_address } );
263 $t->request_ok($tx)->status_is(404);
265 $schema->storage->txn_rollback;
268 sub create_user_and_session {
271 my $flags = ( $args->{authorized} ) ? $args->{authorized} : 0;
272 my $dbh = C4::Context->dbh;
274 my $user = $builder->build(
276 source => 'Borrower',
283 # Create a session for the authorized user
284 my $session = C4::Auth::get_session('');
285 $session->param( 'number', $user->{borrowernumber} );
286 $session->param( 'id', $user->{userid} );
287 $session->param( 'ip', '127.0.0.1' );
288 $session->param( 'lasttime', time() );
291 if ( $args->{authorized} ) {
293 INSERT INTO user_permissions (borrowernumber,module_bit,code)
294 VALUES (?,3,'parameters_remaining_permissions')", undef,
295 $user->{borrowernumber} );
298 return ( $user->{borrowernumber}, $session->id );