2 /*********************************************************************************
3 * SugarCRM Community Edition is a customer relationship management program developed by
4 * SugarCRM, Inc. Copyright (C) 2004-2013 SugarCRM Inc.
6 * This program is free software; you can redistribute it and/or modify it under
7 * the terms of the GNU Affero General Public License version 3 as published by the
8 * Free Software Foundation with the addition of the following permission added
9 * to Section 15 as permitted in Section 7(a): FOR ANY PART OF THE COVERED WORK
10 * IN WHICH THE COPYRIGHT IS OWNED BY SUGARCRM, SUGARCRM DISCLAIMS THE WARRANTY
11 * OF NON INFRINGEMENT OF THIRD PARTY RIGHTS.
13 * This program is distributed in the hope that it will be useful, but WITHOUT
14 * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
15 * FOR A PARTICULAR PURPOSE. See the GNU Affero General Public License for more
18 * You should have received a copy of the GNU Affero General Public License along with
19 * this program; if not, see http://www.gnu.org/licenses or write to the Free
20 * Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
23 * You can contact SugarCRM, Inc. headquarters at 10050 North Wolfe Road,
24 * SW2-130, Cupertino, CA 95014, USA. or at email address contact@sugarcrm.com.
26 * The interactive user interfaces in modified source and object code versions
27 * of this program must display Appropriate Legal Notices, as required under
28 * Section 5 of the GNU Affero General Public License version 3.
30 * In accordance with Section 7(b) of the GNU Affero General Public License version 3,
31 * these Appropriate Legal Notices must retain the display of the "Powered by
32 * SugarCRM" logo. If the display of the logo is not reasonably feasible for
33 * technical reasons, the Appropriate Legal Notices must display the words
34 * "Powered by SugarCRM".
35 ********************************************************************************/
38 require_once('tests/service/APIv3Helper.php');
39 require_once 'include/SugarOAuthServer.php';
41 class OAuthTest extends Sugar_PHPUnit_Framework_TestCase
43 protected static $_user;
44 protected static $_consumer;
45 protected $_admin_user;
46 protected $_lastRawResponse;
48 private static $helperObject;
53 public static function setUpBeforeClass()
57 require('include/modules.php');
58 $GLOBALS['beanList'] = $beanList;
59 $GLOBALS['beanFiles'] = $beanFiles;
61 //Reload langauge strings
62 $GLOBALS['app_strings'] = return_application_language($GLOBALS['current_language']);
63 $GLOBALS['app_list_strings'] = return_app_list_strings_language($GLOBALS['current_language']);
64 $GLOBALS['mod_strings'] = return_module_language($GLOBALS['current_language'], 'Accounts');
65 //Create an anonymous user for login purposes/
66 $GLOBALS['current_user'] = self::$_user = SugarTestUserUtilities::createAnonymousUser();
68 self::$helperObject = new APIv3Helper();
69 // create our own customer key
70 $GLOBALS['db']->query("DELETE FROM oauth_consumer where c_key='TESTCUSTOMER'");
71 $GLOBALS['db']->query("DELETE FROM oauth_nonce where conskey='TESTCUSTOMER'");
72 self::$_consumer = new OAuthKey();
73 self::$_consumer->c_key = "TESTCUSTOMER";
74 self::$_consumer->c_secret = "TESTSECRET";
75 self::$_consumer->save();
76 self::$_consumer->db->commit();
79 public static function tearDownAfterClass()
81 unset($GLOBALS['beanList']);
82 unset($GLOBALS['beanFiles']);
83 unset($GLOBALS['app_list_strings']);
84 unset($GLOBALS['app_strings']);
85 unset($GLOBALS['mod_strings']);
86 unset($GLOBALS['current_user']);
87 $GLOBALS['db']->query("DELETE FROM oauth_consumer where c_key='TESTCUSTOMER'");
88 $GLOBALS['db']->query("DELETE FROM oauth_nonce where conskey='TESTCUSTOMER'");
89 $GLOBALS['db']->query("DELETE FROM oauth_tokens where consumer='".self::$_consumer->id."'");
90 SugarTestUserUtilities::removeAllCreatedAnonymousUsers();
93 public function setUp()
95 if(!SugarOAuthServer::enabled() || !extension_loaded('oauth')) {
96 $this->markTestSkipped("No OAuth support");
98 $this->oauth = new OAuth('TESTCUSTOMER','TESTSECRET',OAUTH_SIG_METHOD_HMACSHA1,OAUTH_AUTH_TYPE_URI);
99 $this->url = rtrim($GLOBALS['sugar_config']['site_url'],'/').'/service/v4/rest.php';
100 $GLOBALS['current_user'] = self::$_user;
103 protected function _returnLastRawResponse()
105 return "Error in web services call. Response was: {$this->_lastRawResponse}";
108 public function testOauthRequestToken()
110 $request_token_info = $this->oauth->getRequestToken($this->url."?method=oauth_request_token");
111 $this->assertEquals(rtrim($GLOBALS['sugar_config']['site_url'],'/').'/index.php?module=OAuthTokens&action=authorize', $request_token_info["authorize_url"]);
112 $this->assertEquals("true", $request_token_info["oauth_callback_confirmed"]);
113 $this->assertNotEmpty($request_token_info['oauth_token']);
114 $this->assertNotEmpty($request_token_info['oauth_token_secret']);
115 $rtoken = OAuthToken::load($request_token_info['oauth_token']);
116 $this->assertInstanceOf('OAuthToken', $rtoken);
117 $this->assertEquals(OAuthToken::REQUEST, $rtoken->tstate);
120 public function testOauthAccessToken()
122 global $current_user;
123 $request_token_info = $this->oauth->getRequestToken($this->url."?method=oauth_request_token");
124 $this->assertNotEmpty($request_token_info['oauth_token']);
125 $this->assertNotEmpty($request_token_info['oauth_token_secret']);
126 $token = $request_token_info['oauth_token'];
127 $secret = $request_token_info['oauth_token_secret'];
129 $c_token = OAuthToken::load($token);
130 $this->assertInstanceOf('OAuthToken', $c_token);
131 // check token is in the right state
132 $this->assertEquals(OAuthToken::REQUEST, $c_token->tstate, "Request token has wrong state");
133 $verify = $c_token->authorize(array("user" => $current_user->id));
134 $c_token->db->commit();
136 $this->oauth->setToken($token, $secret);
137 $access_token_info = $this->oauth->getAccessToken($this->url."?method=oauth_access_token&oauth_verifier=$verify");
138 $this->assertNotEmpty($access_token_info['oauth_token']);
139 $this->assertNotEmpty($access_token_info['oauth_token_secret']);
141 $atoken = OAuthToken::load($access_token_info['oauth_token']);
142 $this->assertInstanceOf('OAuthToken', $atoken);
143 $this->assertEquals($current_user->id, $atoken->assigned_user_id);
144 // check this is an access token
145 $this->assertEquals(OAuthToken::ACCESS, $atoken->tstate, "Access token has wrong state");
146 // check old token was invalidated
147 $rtoken = OAuthToken::load($token);
148 $this->assertInstanceOf('OAuthToken', $rtoken);
149 $this->assertEquals(OAuthToken::INVALID, $rtoken->tstate, "Request token was not invalidated");
152 protected function _makeRESTCall($method,$parameters)
154 // specify the REST web service to interact with
155 $url = $GLOBALS['sugar_config']['site_url'].'/service/v4/rest.php';
156 // Open a curl session for making the call
157 $curl = curl_init($url);
158 // set URL and other appropriate options
159 curl_setopt($curl, CURLOPT_URL, $url);
160 curl_setopt($curl, CURLOPT_POST, 1);
161 curl_setopt($curl, CURLOPT_HEADER, 0);
162 curl_setopt($curl, CURLOPT_SSL_VERIFYPEER, 0);
163 curl_setopt($curl, CURLOPT_RETURNTRANSFER, 1);
164 curl_setopt($curl, CURLOPT_FOLLOWLOCATION, 0);
165 curl_setopt($curl, CURLOPT_HTTP_VERSION, CURL_HTTP_VERSION_1_0 );
166 // build the request URL
167 $json = json_encode($parameters);
168 $postArgs = "method=$method&input_type=JSON&response_type=JSON&rest_data=$json";
169 curl_setopt($curl, CURLOPT_POSTFIELDS, $postArgs);
170 // Make the REST call, returning the result
171 $response = curl_exec($curl);
172 // Close the connection
175 $this->_lastRawResponse = $response;
177 // Convert the result from JSON format to a PHP array
178 return json_decode($response,true);
181 public function testOauthServiceAccess()
183 global $current_user;
184 $request_token_info = $this->oauth->getRequestToken($this->url."?method=oauth_request_token");
185 $token = $request_token_info['oauth_token'];
186 $secret = $request_token_info['oauth_token_secret'];
188 $c_token = OAuthToken::load($token);
189 $this->assertInstanceOf('OAuthToken', $c_token, 'Token not loaded');
190 $verify = $c_token->authorize(array("user" => $current_user->id));
191 $c_token->db->commit();
193 $this->oauth->setToken($token, $secret);
194 $access_token_info = $this->oauth->getAccessToken($this->url."?method=oauth_access_token&oauth_verifier=$verify");
195 $token = $access_token_info['oauth_token'];
196 $secret = $access_token_info['oauth_token_secret'];
197 $this->oauth->setToken($token, $secret);
199 $res = $this->oauth->fetch($this->url."?method=oauth_access&input_type=JSON&response_type=JSON");
200 $this->assertTrue($res);
201 $session = json_decode($this->oauth->getLastResponse(), true);
202 $this->assertNotEmpty($session["id"]);
204 // test fetch through OAuth
205 $res = $this->oauth->fetch($this->url."?method=get_user_id&input_type=JSON&response_type=JSON");
206 $this->assertTrue($res);
207 $id = json_decode($this->oauth->getLastResponse(), true);
208 $this->assertEquals($current_user->id, $id);
209 // test fetch through session initiated by OAuth
210 $id2 = $this->_makeRESTCall('get_user_id', array("session" => $session["id"]));
211 $this->assertEquals($current_user->id, $id2);