3 # This file is part of Koha.
5 # Koha is free software; you can redistribute it and/or modify it under the
6 # terms of the GNU General Public License as published by the Free Software
7 # Foundation; either version 3 of the License, or (at your option) any later
10 # Koha is distributed in the hope that it will be useful, but WITHOUT ANY
11 # WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR
12 # A PARTICULAR PURPOSE. See the GNU General Public License for more details.
14 # You should have received a copy of the GNU General Public License along
15 # with Koha; if not, write to the Free Software Foundation, Inc.,
16 # 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
20 use Test
::More tests
=> 5;
24 use t
::lib
::TestBuilder
;
29 use Koha
::Patron
::Debarments qw
/AddDebarment/;
31 my $schema = Koha
::Database
->new->schema;
32 my $builder = t
::lib
::TestBuilder
->new;
34 # FIXME: sessionStorage defaults to mysql, but it seems to break transaction handling
35 # this affects the other REST api tests
36 t
::lib
::Mocks
::mock_preference
( 'SessionStorage', 'tmp' );
38 my $remote_address = '127.0.0.1';
39 my $t = Test
::Mojo
->new('Koha::REST::V1');
41 subtest
'list() tests' => sub {
44 $schema->storage->txn_begin;
45 unauthorized_access_tests
('GET', undef, undef);
46 $schema->storage->txn_rollback;
48 subtest
'librarian access tests' => sub {
51 $schema->storage->txn_begin;
53 my ( $patron_id, $session_id ) = create_user_and_session
({ authorized
=> 1 });
54 my $patron = Koha
::Patrons
->find($patron_id);
56 my $tx = $t->ua->build_tx(GET
=> '/api/v1/patrons');
57 $tx->req->cookies({ name
=> 'CGISESSID', value
=> $session_id });
58 $tx->req->env({ REMOTE_ADDR
=> '127.0.0.1' });
62 $tx = $t->ua->build_tx(GET
=> '/api/v1/patrons?cardnumber=' . $patron->cardnumber);
63 $tx->req->cookies({ name
=> 'CGISESSID', value
=> $session_id });
64 $tx->req->env({ REMOTE_ADDR
=> '127.0.0.1' });
67 ->json_is('/0/cardnumber' => $patron->cardnumber);
69 $tx = $t->ua->build_tx(GET
=> '/api/v1/patrons?address2='.
71 $tx->req->cookies({ name
=> 'CGISESSID', value
=> $session_id });
72 $tx->req->env({ REMOTE_ADDR
=> '127.0.0.1' });
75 ->json_is('/0/address2' => $patron->address2);
77 my $patron_2 = $builder->build_object({ class => 'Koha::Patrons' });
78 AddDebarment
({ borrowernumber
=> $patron_2->id });
80 $patron_2->discard_changes;
81 my $ub = $patron_2->unblessed;
83 $tx = $t->ua->build_tx( GET
=> '/api/v1/patrons?restricted=' . Mojo
::JSON
->true );
84 $tx->req->cookies({ name
=> 'CGISESSID', value
=> $session_id });
85 $tx->req->env({ REMOTE_ADDR
=> '127.0.0.1' });
88 ->json_has('/0/restricted')
89 ->json_is( '/0/restricted' => Mojo
::JSON
->true )
92 $schema->storage->txn_rollback;
96 subtest
'get() tests' => sub {
99 $schema->storage->txn_begin;
100 unauthorized_access_tests
('GET', -1, undef);
101 $schema->storage->txn_rollback;
103 subtest
'access own object tests' => sub {
106 $schema->storage->txn_begin;
108 my ( $patron_id, $session_id ) = create_user_and_session
({ authorized
=> 0 });
110 # Access patron's own data even though they have no borrowers flag
111 my $tx = $t->ua->build_tx(GET
=> "/api/v1/patrons/" . $patron_id);
112 $tx->req->cookies({ name
=> 'CGISESSID', value
=> $session_id });
113 $tx->req->env({ REMOTE_ADDR
=> '127.0.0.1' });
117 my $guarantee = $builder->build_object({
118 class => 'Koha::Patrons',
120 guarantorid
=> $patron_id,
124 # Access guarantee's data even though guarantor has no borrowers flag
125 $tx = $t->ua->build_tx(GET
=> "/api/v1/patrons/" . $guarantee->id );
126 $tx->req->cookies({ name
=> 'CGISESSID', value
=> $session_id });
127 $tx->req->env({ REMOTE_ADDR
=> '127.0.0.1' });
131 $schema->storage->txn_rollback;
134 subtest
'librarian access tests' => sub {
137 $schema->storage->txn_begin;
139 my $patron = $builder->build_object({ class => 'Koha::Patrons' });
140 my ( undef, $session_id ) = create_user_and_session
({ authorized
=> 1 });
142 my $tx = $t->ua->build_tx(GET
=> "/api/v1/patrons/" . $patron->id);
143 $tx->req->cookies({ name
=> 'CGISESSID', value
=> $session_id });
146 ->json_is('/patron_id' => $patron->id)
147 ->json_is('/category_id' => $patron->categorycode )
148 ->json_is('/surname' => $patron->surname)
149 ->json_is('/patron_card_lost' => Mojo
::JSON
->false );
151 $schema->storage->txn_rollback;
155 subtest
'add() tests' => sub {
158 $schema->storage->txn_begin;
160 my $patron = Koha
::REST
::V1
::Patrons
::_to_api
(
161 $builder->build_object( { class => 'Koha::Patrons' } )->TO_JSON );
163 unauthorized_access_tests
('POST', undef, $patron);
165 $schema->storage->txn_rollback;
167 subtest
'librarian access tests' => sub {
170 $schema->storage->txn_begin;
172 my $patron = $builder->build_object({ class => 'Koha::Patrons' });
173 my $newpatron = Koha
::REST
::V1
::Patrons
::_to_api
( $patron->TO_JSON );
174 # delete RO attributes
175 delete $newpatron->{patron_id
};
176 delete $newpatron->{restricted
};
178 # Create a library just to make sure its ID doesn't exist on the DB
179 my $library_to_delete = $builder->build_object({ class => 'Koha::Libraries' });
180 my $deleted_library_id = $library_to_delete->id;
182 $library_to_delete->delete;
184 my ( undef, $session_id ) = create_user_and_session
({ authorized
=> 1 });
186 $newpatron->{library_id
} = $deleted_library_id;
187 my $tx = $t->ua->build_tx(POST
=> "/api/v1/patrons" => json
=> $newpatron );
188 $tx->req->cookies({ name
=> 'CGISESSID', value
=> $session_id });
192 ->json_is('/error' => "Duplicate ID"); }
193 qr/^DBD::mysql::st execute failed: Duplicate entry/;
195 $newpatron->{library_id
} = $patron->branchcode;
197 # Create a library just to make sure its ID doesn't exist on the DB
198 my $category_to_delete = $builder->build_object({ class => 'Koha::Patron::Categories' });
199 my $deleted_category_id = $category_to_delete->id;
201 $category_to_delete->delete;
203 $newpatron->{category_id
} = $deleted_category_id; # Test invalid patron category
204 $tx = $t->ua->build_tx(POST
=> "/api/v1/patrons" => json
=> $newpatron);
205 $tx->req->cookies({ name
=> 'CGISESSID', value
=> $session_id });
208 ->json_is('/error' => "Given category_id does not exist");
209 $newpatron->{category_id
} = $patron->categorycode;
211 $newpatron->{falseproperty
} = "Non existent property";
212 $tx = $t->ua->build_tx(POST
=> "/api/v1/patrons" => json
=> $newpatron);
213 $tx->req->cookies({ name
=> 'CGISESSID', value
=> $session_id });
216 delete $newpatron->{falseproperty
};
218 my $patron_to_delete = $builder->build_object({ class => 'Koha::Patrons' });
219 $newpatron = Koha
::REST
::V1
::Patrons
::_to_api
($patron_to_delete->TO_JSON);
220 # delete RO attributes
221 delete $newpatron->{patron_id
};
222 delete $newpatron->{restricted
};
223 $patron_to_delete->delete;
225 $tx = $t->ua->build_tx(POST
=> "/api/v1/patrons" => json
=> $newpatron);
226 $tx->req->cookies({ name
=> 'CGISESSID', value
=> $session_id });
228 ->status_is(201, 'Patron created successfully')
229 ->json_has('/patron_id', 'got a patron_id')
230 ->json_is( '/cardnumber' => $newpatron->{ cardnumber
})
231 ->json_is( '/surname' => $newpatron->{ surname
})
232 ->json_is( '/firstname' => $newpatron->{ firstname
});
234 $tx = $t->ua->build_tx(POST
=> "/api/v1/patrons" => json
=> $newpatron);
235 $tx->req->cookies({name
=> 'CGISESSID', value
=> $session_id});
239 ->json_has( '/error', 'Fails when trying to POST duplicate cardnumber' )
240 ->json_has( '/conflict', 'cardnumber' ); }
241 qr/^DBD::mysql::st execute failed: Duplicate entry '(.*?)' for key 'cardnumber'/;
243 $schema->storage->txn_rollback;
247 subtest
'update() tests' => sub {
250 $schema->storage->txn_begin;
251 unauthorized_access_tests
('PUT', 123, {email
=> 'nobody@example.com'});
252 $schema->storage->txn_rollback;
254 subtest
'librarian access tests' => sub {
257 $schema->storage->txn_begin;
259 t
::lib
::Mocks
::mock_preference
('minPasswordLength', 1);
260 my ( $patron_id_1, $session_id ) = create_user_and_session
({ authorized
=> 1 });
261 my ( $patron_id_2, undef ) = create_user_and_session
({ authorized
=> 0 });
263 my $patron_1 = Koha
::Patrons
->find($patron_id_1);
264 my $patron_2 = Koha
::Patrons
->find($patron_id_2);
265 my $newpatron = Koha
::REST
::V1
::Patrons
::_to_api
($patron_2->TO_JSON);
266 # delete RO attributes
267 delete $newpatron->{patron_id
};
268 delete $newpatron->{restricted
};
270 my $tx = $t->ua->build_tx(PUT
=> "/api/v1/patrons/-1" => json
=> $newpatron );
271 $tx->req->cookies({name
=> 'CGISESSID', value
=> $session_id});
274 ->json_has('/error', 'Fails when trying to PUT nonexistent patron');
276 # Create a library just to make sure its ID doesn't exist on the DB
277 my $category_to_delete = $builder->build_object({ class => 'Koha::Patron::Categories' });
278 my $deleted_category_id = $category_to_delete->id;
280 $category_to_delete->delete;
282 $newpatron->{category_id
} = $deleted_category_id;
283 $tx = $t->ua->build_tx(PUT
=> "/api/v1/patrons/$patron_id_2" => json
=> $newpatron );
284 $tx->req->cookies({name
=> 'CGISESSID', value
=> $session_id});
287 ->json_is('/error' => "Given category_id does not exist");
288 $newpatron->{category_id
} = $patron_2->categorycode;
290 # Create a library just to make sure its ID doesn't exist on the DB
291 my $library_to_delete = $builder->build_object({ class => 'Koha::Libraries' });
292 my $deleted_library_id = $library_to_delete->id;
294 $library_to_delete->delete;
296 $newpatron->{library_id
} = $deleted_library_id;
297 $tx = $t->ua->build_tx(PUT
=> "/api/v1/patrons/" . $patron_2->id => json
=> $newpatron );
298 $tx->req->cookies({name
=> 'CGISESSID', value
=> $session_id});
302 ->json_is('/error' => "Given library_id does not exist"); }
303 qr/^DBD::mysql::st execute failed: Cannot add or update a child row: a foreign key constraint fails/;
304 $newpatron->{library_id
} = $patron_2->branchcode;
306 $newpatron->{falseproperty
} = "Non existent property";
307 $tx = $t->ua->build_tx(PUT
=> "/api/v1/patrons/" . $patron_2->id => json
=> $newpatron );
308 $tx->req->cookies({name
=> 'CGISESSID', value
=> $session_id});
311 ->json_is('/errors/0/message' =>
312 'Properties not allowed: falseproperty.');
313 delete $newpatron->{falseproperty
};
315 # Set both cardnumber and userid to already existing values
316 $newpatron->{cardnumber
} = $patron_1->cardnumber;
317 $newpatron->{userid
} = $patron_1->userid;
319 $tx = $t->ua->build_tx( PUT
=> "/api/v1/patrons/" . $patron_2->id => json
=> $newpatron );
320 $tx->req->cookies({ name
=> 'CGISESSID', value
=> $session_id });
324 ->json_has( '/error' => "Fails when trying to update to an existing cardnumber or userid")
325 ->json_is( '/conflict', 'cardnumber' ); }
326 qr/^DBD::mysql::st execute failed: Duplicate entry '(.*?)' for key 'cardnumber'/;
328 $newpatron->{ cardnumber
} = $patron_id_1.$patron_id_2;
329 $newpatron->{ userid
} = "user".$patron_id_1.$patron_id_2;
330 $newpatron->{ surname
} = "user".$patron_id_1.$patron_id_2;
332 $tx = $t->ua->build_tx(PUT
=> "/api/v1/patrons/" . $patron_2->id => json
=> $newpatron);
333 $tx->req->cookies({name
=> 'CGISESSID', value
=> $session_id});
335 ->status_is(200, 'Patron updated successfully')
336 ->json_has($newpatron);
337 is
(Koha
::Patrons
->find( $patron_2->id )->cardnumber,
338 $newpatron->{ cardnumber
}, 'Patron is really updated!');
340 $schema->storage->txn_rollback;
344 subtest
'delete() tests' => sub {
347 $schema->storage->txn_begin;
348 unauthorized_access_tests
('DELETE', 123, undef);
349 $schema->storage->txn_rollback;
351 subtest
'librarian access test' => sub {
354 $schema->storage->txn_begin;
356 my ( undef, $session_id ) = create_user_and_session
({ authorized
=> 1 });
357 my ( $patron_id, undef ) = create_user_and_session
({ authorized
=> 0 });
359 my $tx = $t->ua->build_tx(DELETE
=> "/api/v1/patrons/-1");
360 $tx->req->cookies({ name
=> 'CGISESSID', value
=> $session_id });
362 ->status_is(404, 'Patron not found');
364 $tx = $t->ua->build_tx(DELETE
=> "/api/v1/patrons/$patron_id");
365 $tx->req->cookies({ name
=> 'CGISESSID', value
=> $session_id });
367 ->status_is(200, 'Patron deleted successfully');
369 $schema->storage->txn_rollback;
373 # Centralized tests for 401s and 403s assuming the endpoint requires
374 # borrowers flag for access
375 sub unauthorized_access_tests
{
376 my ($verb, $patron_id, $json) = @_;
378 my $endpoint = '/api/v1/patrons';
379 $endpoint .= ($patron_id) ?
"/$patron_id" : '';
381 subtest
'unauthorized access tests' => sub {
384 my $tx = $t->ua->build_tx($verb => $endpoint => json
=> $json);
388 my ($borrowernumber, $session_id) = create_user_and_session
({
391 $tx = $t->ua->build_tx($verb => $endpoint => json
=> $json);
392 $tx->req->cookies({name
=> 'CGISESSID', value
=> $session_id});
395 ->json_has('/required_permissions');
399 sub create_user_and_session
{
402 my $flags = ( $args->{authorized
} ) ?
16 : 0;
404 my $user = $builder->build(
406 source
=> 'Borrower',
411 email
=> 'nobody@example.com',
412 emailpro
=> 'nobody@example.com',
413 B_email
=> 'nobody@example.com'
418 # Create a session for the authorized user
419 my $session = C4
::Auth
::get_session
('');
420 $session->param( 'number', $user->{borrowernumber
} );
421 $session->param( 'id', $user->{userid
} );
422 $session->param( 'ip', '127.0.0.1' );
423 $session->param( 'lasttime', time() );
426 return ( $user->{borrowernumber
}, $session->id );