]> git.defcon.no Git - hermes/commitdiff
git.defcon.no / hermes / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 49718d3)
Changed from GET to POST on all parameter passing. Fixed a nasty bug in previous...
authorJon Langseth <jon.langseth@lilug.no>
Sat, 21 Jan 2012 20:23:56 +0000 (21:23 +0100)
committerJon Langseth <jon.langseth@lilug.no>
Sat, 21 Jan 2012 20:23:56 +0000 (21:23 +0100)
12 files changed:
api/alias.php patch | blob | history
api/auth.php patch | blob | history
api/domain.php patch | blob | history
api/lib/auth_base.php patch | blob | history
api/lib/user_functions.php patch | blob | history
api/numbers.php patch | blob | history
api/phone.php patch | blob | history
api/t/auth.t patch | blob | history
api/t/run_tests.sh [new file with mode: 0755] patch | blob
api/t/tests_common.pm patch | blob | history
api/user.php patch | blob | history
doc/api-nodes.txt patch | blob | history

diff --git a/api/alias.php b/api/alias.php
index 5bbdbf2c4a9e93b696b1f77c20284d5efb2d73fc..6a5981e9915c7d3ac028c2c092fe29086b375665 100644 (file)
--- a/api/alias.php
+++ b/api/alias.php
@@ -34,9 +34,9 @@ token_auth();
                        $dest_username = "";
                        $dest_domain   = "";
                        $e164_only = false;
-                       if ( array_key_exists( 'destination', $_GET) )
+                       if ( array_key_exists( 'destination', $_POST) )
                        {
-                               $tmp = split_sipaddress($_GET['destination']);
+                               $tmp = split_sipaddress($_POST['destination']);
                                if ( !$tmp )
                                {
                                        print json_encode ( array( 'response' => 'failed', 'cause' => 'invalid', 'detail' => 'Invalid SIP address') );
@@ -44,9 +44,9 @@ token_auth();
                                }
                                list ( $dest_username, $dest_domain ) = $tmp;
 
-                               if ( array_key_exists( 'e164', $_GET ) )
+                               if ( array_key_exists( 'e164', $_POST ) )
                                {
-                                       if ( strtolower($_GET['e164']) == "true" ) $e164_only = true;
+                                       if ( strtolower($_POST['e164']) == "true" ) $e164_only = true;
                                        $list = get_e164_alias( $dest_username, $dest_domain );
                                }
                                else if ( $dest_username && $dest_domain )
@@ -54,9 +54,9 @@ token_auth();
                                        $list = get_aliases( $dest_username, $dest_domain );
                                }
                        }
-                       else if ( array_key_exists( 'alias', $_GET) )
+                       else if ( array_key_exists( 'alias', $_POST) )
                        {
-                               $tmp = split_sipaddress($_GET['alias']);
+                               $tmp = split_sipaddress($_POST['alias']);
                                if ( !$tmp )
                                {
                                        print json_encode ( array( 'response' => 'failed', 'cause' => 'invalid', 'detail' => 'Invalid SIP address') );
@@ -73,19 +73,19 @@ token_auth();
                        print json_encode ( array( 'response' => 'ok', 'aliases' => $list ) );
                        break;
                case "/add":
-                       if ( array_key_exists( 'destination', $_GET) 
-                               && ( ( array_key_exists( 'alias_username', $_GET) && array_key_exists( 'alias_domain', $_GET ) ) || array_key_exists('alias', $_GET) ) )
+                       if ( array_key_exists( 'destination', $_POST) 
+                               && ( ( array_key_exists( 'alias_username', $_POST) && array_key_exists( 'alias_domain', $_POST ) ) || array_key_exists('alias', $_POST) ) )
                        {
                                $alias_username = "";
                                $alias_domain = "";
-                               if ( array_key_exists('alias_username', $_GET) )
+                               if ( array_key_exists('alias_username', $_POST) )
                                {
-                                       $alias_username = $_GET['alias_username'];
-                                       $alias_domain = $_GET['alias_domain'];
+                                       $alias_username = $_POST['alias_username'];
+                                       $alias_domain = $_POST['alias_domain'];
                                }
                                else
                                {
-                                       $alias = split_sipaddress($_GET['alias']);
+                                       $alias = split_sipaddress($_POST['alias']);
                                        if ( !$alias )
                                        {
                                                print json_encode ( array( 'response' => 'failed', 'cause' => 'invalid', 'detail' => 'Invalid SIP address') );
@@ -94,7 +94,7 @@ token_auth();
                                        list ( $alias_username, $alias_domain ) = $alias;
                                }
 
-                               if ( !verify_sipadress($_GET['destination']) ) 
+                               if ( !verify_sipadress($_POST['destination']) ) 
                                {
                                        // TODO: Provide a better response..
                                        print json_encode ( array( 'response' => 'invalid', 'cause' => 'destination' ) );
@@ -114,7 +114,7 @@ token_auth();
                                        break;
                                }
 
-                               list ( $dest_username, $dest_domain ) = split_sipaddress( $_GET['destination']);
+                               list ( $dest_username, $dest_domain ) = split_sipaddress( $_POST['destination']);
 
                                if ( (!$dest_username)||(!$dest_domain))
                                {
@@ -166,18 +166,18 @@ token_auth();
                        }       
                        break;
                case "/remove":
-                       if ( ( array_key_exists( 'alias_username', $_GET) && array_key_exists( 'alias_domain', $_GET ) ) || array_key_exists('alias', $_GET) )
+                       if ( ( array_key_exists( 'alias_username', $_POST) && array_key_exists( 'alias_domain', $_POST ) ) || array_key_exists('alias', $_POST) )
                        {
                                $alias_username = "";
                                $alias_domain = "";
-                               if ( array_key_exists('alias_username', $_GET) )
+                               if ( array_key_exists('alias_username', $_POST) )
                                {
-                                       $alias_username = $_GET['alias_username'];
-                                       $alias_domain = $_GET['alias_domain'];
+                                       $alias_username = $_POST['alias_username'];
+                                       $alias_domain = $_POST['alias_domain'];
                                }
                                else
                                {
-                                       $alias = split_sipaddress($_GET['alias']);
+                                       $alias = split_sipaddress($_POST['alias']);
                                        if ( !$alias )
                                        {
                                                print json_encode ( array( 'response' => 'failed', 'cause' => 'invalid', 'detail' => 'Invalid SIP address') );
diff --git a/api/auth.php b/api/auth.php
index 50050e515dc695c55edf9a300a5ae5b2f8f21e45..ad8650f0ac70426fa88d4f1226f426cf121d4b46 100644 (file)
--- a/api/auth.php
+++ b/api/auth.php
@@ -32,13 +32,13 @@ if ( ( $_SERVER['PATH_INFO'] == "/login" ) || ( $_SERVER['PATH_INFO'] == "/logou
                        $type = false;
                        $authid = false;
 
-                       if ( array_key_exists('username', $_GET) 
-                               && array_key_exists('password', $_GET) )
+                       if ( array_key_exists('username', $_POST) 
+                               && array_key_exists('password', $_POST) )
                        {
-                               if ( 1 == authuser_verify( sql_clean($_GET['username']), sql_clean($_GET['password'])))
+                               if ( 1 == authuser_verify( sql_clean($_POST['username']), sql_clean($_POST['password'])))
                                {
                                        $type = "user";
-                                       $authid = $_GET['username'];
+                                       $authid = $_POST['username'];
                                }
                                else
                                {
@@ -46,12 +46,12 @@ if ( ( $_SERVER['PATH_INFO'] == "/login" ) || ( $_SERVER['PATH_INFO'] == "/logou
                                        exit;
                                }
                        }
-                       else if ( array_key_exists('api_key', $_GET) )
+                       else if ( array_key_exists('api_key', $_POST) )
                        {
-                               if ( verify_apikey( sql_clean( $_GET['api_key'] ) ) == 1 )
+                               if ( verify_apikey( sql_clean( $_POST['api_key'] ) ) == 1 )
                                {
                                        $type = "key";
-                                       $authid = $_GET['api_key'];
+                                       $authid = $_POST['api_key'];
                                }
                                else
                                {
@@ -72,8 +72,8 @@ if ( ( $_SERVER['PATH_INFO'] == "/login" ) || ( $_SERVER['PATH_INFO'] == "/logou
                        // De-authenticate/deauthorize the ongoing session.
                        // I.e. destroy session data, remove session cookies.
                        $session_name = "";
-                       if ( array_key_exists('session', $_GET ) )
-                               $session_name = $_GET['session'];
+                       if ( array_key_exists('session', $_POST ) )
+                               $session_name = $_POST['session'];
                        session_name($session_name);
                        session_start();
                        clear_credentials($session_name);
@@ -101,7 +101,7 @@ else
                        // The ping required a valid session...
                        // A successful ping returns a 'response' => 'pong'
                        // along with the new auth_key.
-                       $session_name = $_GET['session'];
+                       $session_name = $_POST['session'];
                        $authid = $_SESSION['authid'];
                        $auth_key = update_authkey( $session_name, $authid );
                        print json_encode( array( 'response' => 'pong', 'auth_key' => $auth_key ));
@@ -112,11 +112,11 @@ else
                        if ( ! can_write() )
                                simple_authfail();
 
-                       if ( array_key_exists('host_ip', $_GET )
-                               && array_key_exists('access', $_GET ))
+                       if ( array_key_exists('host_ip', $_POST )
+                               && array_key_exists('access', $_POST ))
                        {
-                               $host = $_GET['host_ip'];
-                               $access = $_GET['access'];
+                               $host = $_POST['host_ip'];
+                               $access = $_POST['access'];
 
                                if (! preg_match("/^[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}$/", $host) || ! authlevel_value( $access ) )
                                {
@@ -141,9 +141,9 @@ else
                        if ( ! can_write() )
                                simple_authfail();
 
-                       if ( array_key_exists('api_key', $_GET ) )
+                       if ( array_key_exists('api_key', $_POST ) )
                        {
-                               $key = sql_clean( $_GET['api_key'] );
+                               $key = sql_clean( $_POST['api_key'] );
                                // Perform a key-verification, skipping host/remote-address check.
                                if ( ! verify_apikey( $key, true ) )
                                {
@@ -178,11 +178,11 @@ else
                        if ( ! can_write() )
                                simple_authfail();
 
-                       if ( array_key_exists('username', $_GET )
-                               && array_key_exists('access', $_GET ))
+                       if ( array_key_exists('username', $_POST )
+                               && array_key_exists('access', $_POST ))
                        {
-                               $user = $_GET['username'];
-                               $access = $_GET['access'];
+                               $user = $_POST['username'];
+                               $access = $_POST['access'];
                                $level = authlevel_value( $access );
 
                                if ( ! $level )
@@ -215,9 +215,9 @@ else
                        if ( ! can_write() )
                                simple_authfail();
 
-                       if ( array_key_exists('username', $_GET ))
+                       if ( array_key_exists('username', $_POST ))
                        {
-                               $user = $_GET['username'];
+                               $user = $_POST['username'];
 
                                $t_level = get_authorization( "user", $user ); 
 
diff --git a/api/domain.php b/api/domain.php
index 7c8a797b6067dd84339ad9a08032a7b6d61e3966..08629b80cb51eb51ef9e6c3c2c4831020d68c2ec 100644 (file)
--- a/api/domain.php
+++ b/api/domain.php
@@ -32,9 +32,9 @@ token_auth();
                                print json_encode ( array( 'response' => 'ok', 'list' => $domains ) );
                        break;
                case "/get_servers":
-                       if ( array_key_exists('domain', $_GET))
+                       if ( array_key_exists('domain', $_POST))
                        {
-                               $domain = $_GET['domain'];
+                               $domain = $_POST['domain'];
                                if ( !$domain || $domain == "" )
                                        print json_encode ( array( 'response' => 'invalid', 'cause' => 'parameters') );
 
@@ -52,19 +52,19 @@ token_auth();
                        break;
                        
                case "/set_servers":
-                       if (    array_key_exists('domain', $_GET)
-                               && array_key_exists('registrar', $_GET)
-                               && array_key_exists('r_port', $_GET)
-                               && array_key_exists('proxy', $_GET)
-                               && array_key_exists('p_port', $_GET)
-                               && array_key_exists('prov_url', $_GET))
+                       if (    array_key_exists('domain', $_POST)
+                               && array_key_exists('registrar', $_POST)
+                               && array_key_exists('r_port', $_POST)
+                               && array_key_exists('proxy', $_POST)
+                               && array_key_exists('p_port', $_POST)
+                               && array_key_exists('prov_url', $_POST))
                        {
-                               $domain = $_GET['domain'];
-                               $registrar = $_GET['registrar'];
-                               $r_port = $_GET['r_port'];
-                               $proxy = $_GET['proxy'];
-                               $p_port = $_GET['p_port'];
-                               $prov_url = $_GET['prov_url'];
+                               $domain = $_POST['domain'];
+                               $registrar = $_POST['registrar'];
+                               $r_port = $_POST['r_port'];
+                               $proxy = $_POST['proxy'];
+                               $p_port = $_POST['p_port'];
+                               $prov_url = $_POST['prov_url'];
 
                                if (!($domain && $registrar && $r_port && $proxy && $p_port && $prov_url ))
                                {
diff --git a/api/lib/auth_base.php b/api/lib/auth_base.php
index bb3c26fa411e8931be33454f140ea6f0313d66d6..e2ed932ea664be131a388927a827af787482da97 100644 (file)
--- a/api/lib/auth_base.php
+++ b/api/lib/auth_base.php
@@ -73,17 +73,17 @@ function simple_authfail()
 
 function token_auth( )
 {
-       global $_GET;
+       global $_POST;
 
        // TODO: Part of ping/pong requirement.
        // Run a function to clear all authkeys older than 5 minutes.
        expire_authkeys();
 
-       if ( array_key_exists('session', $_GET ) 
-            && array_key_exists('auth_key', $_GET ) )
+       if ( array_key_exists('session', $_POST ) 
+            && array_key_exists('auth_key', $_POST ) )
        { 
-               if ( ! check_session($_GET['session'] ) ) simple_authfail();
-               if ( ! check_authkey($_GET['auth_key'] ) ) simple_authfail(); 
+               if ( ! check_session($_POST['session'] ) ) simple_authfail();
+               if ( ! check_authkey($_POST['auth_key'] ) ) simple_authfail(); 
        }
        else simple_authfail();
 }
diff --git a/api/lib/user_functions.php b/api/lib/user_functions.php
index 5aa1cfbe113bcb3574989c6cb791d97c1cdbba66..a1a9b0c6ee3cd7fbcc0783d72d0ba0a59f7fc748 100644 (file)
--- a/api/lib/user_functions.php
+++ b/api/lib/user_functions.php
@@ -13,7 +13,7 @@ function generate_password( $length = 24 )
         while ( strlen( $string ) < $length )
         {
                $string .= crypt(substr(md5(rand().rand()), 0, $length+1));
-               $string = preg_replace( '/\W/', '', $string+1);
+               $string = preg_replace( '/\W/', '', $string);
         }
        return substr( $string, 1, $length );
 
@@ -240,9 +240,9 @@ function list_users ( $search = null )
        global $config;
        $query = sprintf("SELECT CONCAT(username, '@', domain), displayname FROM %s ORDER BY username,domain", $config['provision_users_table'] );
 
-       if ( array_key_exists ( 'search', $_GET ) )
+       if ( array_key_exists ( 'search', $_POST ) )
        {
-               $search = $_GET['search']; // TODO: Add some sanitation and input validation!
+               $search = $_POST['search']; // TODO: Add some sanitation and input validation!
                $query = sprintf("SELECT CONCAT(username, '@', domain) FROM %s WHERE CONCAT(username, '@', domain) LIKE '%%%s%%' ORDER BY username,domain", $config['provision_users_table'], sql_clean( $search ) );
        }
 
diff --git a/api/numbers.php b/api/numbers.php
index 7874394a1a98a65a685cffc0552ddcdf93e27658..9f2410709ec1b25d3b53e16b30c372ba840b4ac3 100644 (file)
--- a/api/numbers.php
+++ b/api/numbers.php
@@ -28,12 +28,12 @@ token_auth();
                        $limit = 0;
                        $random = false;
                        $search = null;
-                       if ( array_key_exists('limit', $_GET ) && is_numeric( $_GET['limit']))
-                               $limit = $_GET['limit'];
+                       if ( array_key_exists('limit', $_POST ) && is_numeric( $_POST['limit']))
+                               $limit = $_POST['limit'];
 
-                       if ( array_key_exists('search', $_GET ) )
-                               $search = $_GET['search'];
-                       else if ( array_key_exists('random', $_GET ) && (strtolower( $_GET['random'] ) === 'true'))
+                       if ( array_key_exists('search', $_POST ) )
+                               $search = $_POST['search'];
+                       else if ( array_key_exists('random', $_POST ) && (strtolower( $_POST['random'] ) === 'true'))
                                $random = true;
 
                        $numbers = null;
@@ -55,10 +55,10 @@ token_auth();
                        print json_encode( array( 'response' => 'failed', 'cause' => 'empty', 'detail' => 'Empty result.' ));
                        break;
                case "/add_range":
-                       if ( array_key_exists('start', $_GET) && array_key_exists('end', $_GET) )
+                       if ( array_key_exists('start', $_POST) && array_key_exists('end', $_POST) )
                        {
-                               $start = $_GET['start'];
-                               $end = sql_clean( $_GET['end'] );
+                               $start = $_POST['start'];
+                               $end = sql_clean( $_POST['end'] );
                                $result = add_range( $start, $end );
                                if ( $result === 'ok' )
                                {
@@ -73,9 +73,9 @@ token_auth();
                case "/add":
                        // TODO: This should return better responses!
                        //  Currently, it will fail with "invalid"
-                       if ( array_key_exists('number', $_GET))
+                       if ( array_key_exists('number', $_POST))
                        {
-                               $number = $_GET['number'];
+                               $number = $_POST['number'];
 
                                if (! verify_e164( $number ) )
                                {
@@ -102,9 +102,9 @@ token_auth();
                        print json_encode ( array( 'response' => 'invalid') );
                        break;
                case "/remove":
-                       if ( array_key_exists('number', $_GET))
+                       if ( array_key_exists('number', $_POST))
                        {
-                               $number = $_GET['number'];
+                               $number = $_POST['number'];
 
                                if (! verify_e164( $number ) )
                                {
@@ -127,9 +127,9 @@ token_auth();
                        print json_encode ( array( 'response' => 'invalid') );
                        break;
                case "/inpool":
-                       if ( array_key_exists('number', $_GET))
+                       if ( array_key_exists('number', $_POST))
                        {
-                               $number = $_GET['number'];
+                               $number = $_POST['number'];
                                if ( number_inpool( $number ) )
                                        print  json_encode ( array( 'response' => 'ok', 'number' => $number ) );
                                else
diff --git a/api/phone.php b/api/phone.php
index a47c4946ff9883924a16cf39bfd621adbf934c05..12ae05702da72152eda3fb9fc69acecb79d4ab37 100644 (file)
--- a/api/phone.php
+++ b/api/phone.php
@@ -27,9 +27,9 @@ token_auth();
                        // Required GET parameters:
                        // user: authentication username, SIP-username without domain component
                        // domain: Domain/realm of the user. username + '@' + domain == SIP address.
-                       if ( array_key_exists( 'mac', $_GET) )
+                       if ( array_key_exists( 'mac', $_POST) )
                        {
-                               $mac = $_GET['mac'];
+                               $mac = $_POST['mac'];
                                $relations = get_phone_users ( $mac );
                                if ( $relations )
                                {
@@ -37,18 +37,18 @@ token_auth();
                                }
                                else print json_encode( array ( 'response' => 'failed', 'cause' => 'nonexistant', 'detail' => 'No results.'));
                        }
-                       else if ( ( array_key_exists( 'username', $_GET) && array_key_exists( 'domain', $_GET ) ) || array_key_exists('user', $_GET) )
+                       else if ( ( array_key_exists( 'username', $_POST) && array_key_exists( 'domain', $_POST ) ) || array_key_exists('user', $_POST) )
                        {
                                $username = "";
                                $domain = "";
-                               if ( array_key_exists('username', $_GET) )
+                               if ( array_key_exists('username', $_POST) )
                                {
-                                       $username = $_GET['username'];
-                                       $domain = $_GET['domain'];
+                                       $username = $_POST['username'];
+                                       $domain = $_POST['domain'];
                                }
                                else
                                {
-                                       $user = split_sipaddress($_GET['user']);
+                                       $user = split_sipaddress($_POST['user']);
                                        if ( !$user )
                                        {
                                                print json_encode ( array( 'response' => 'failed', 'cause' => 'invalid', 'detail' => 'Invalid SIP address') );
@@ -71,8 +71,8 @@ token_auth();
                case "/list":
                        // List all (distinct) phone MAC-adresses registered...
                        $search = null;
-                       if ( array_key_exists('search', $_GET ) )
-                               $search = $_GET['search'];
+                       if ( array_key_exists('search', $_POST ) )
+                               $search = $_POST['search'];
 
                        $phones = list_phones( $search );
                        print json_encode( array( 'response' => 'ok', 'list' => $phones ));
@@ -89,20 +89,20 @@ token_auth();
                                domain    A valid domain .. to form a registered user@domain combo :)
 
                        */
-                       if ( array_key_exists('mac', $_GET ) &&
-                               ( array_key_exists('user', $_GET) ||
-                                       ( array_key_exists('username', $_GET) && array_key_exists('domain', $_GET ))))
+                       if ( array_key_exists('mac', $_POST ) &&
+                               ( array_key_exists('user', $_POST) ||
+                                       ( array_key_exists('username', $_POST) && array_key_exists('domain', $_POST ))))
                        {
                                $username = "";
                                $domain = "";
-                               if ( array_key_exists('username', $_GET) )
+                               if ( array_key_exists('username', $_POST) )
                                {
-                                       $username = $_GET['username'];
-                                       $domain = $_GET['domain'];
+                                       $username = $_POST['username'];
+                                       $domain = $_POST['domain'];
                                }
                                else
                                {
-                                       $user = split_sipaddress($_GET['user']);
+                                       $user = split_sipaddress($_POST['user']);
                                        if ( !$user )
                                        {
                                                print json_encode ( array( 'response' => 'failed', 'cause' => 'invalid', 'detail' => 'Invalid SIP address') );
@@ -110,7 +110,7 @@ token_auth();
                                        }
                                        list ( $username, $domain ) = $user;
                                }
-                               $mac = clean_mac($_GET['mac']);
+                               $mac = clean_mac($_POST['mac']);
                                if ( !$mac )
                                {
                                        print json_encode ( array( 'response' => 'failed', 'cause' => 'invalid', 'detail' => 'No valid MAC address given.') );
@@ -159,20 +159,20 @@ token_auth();
                                domain    A valid domain .. to form a registered user@domain combo :)
 
                        */
-                       if ( array_key_exists('mac', $_GET ) &&
-                               ( array_key_exists('user', $_GET) ||
-                                       ( array_key_exists('username', $_GET) && array_key_exists('domain', $_GET ))))
+                       if ( array_key_exists('mac', $_POST ) &&
+                               ( array_key_exists('user', $_POST) ||
+                                       ( array_key_exists('username', $_POST) && array_key_exists('domain', $_POST ))))
                        {
                                $username = "";
                                $domain = "";
-                               if ( array_key_exists('username', $_GET) )
+                               if ( array_key_exists('username', $_POST) )
                                {
-                                       $username = $_GET['username'];
-                                       $domain = $_GET['domain'];
+                                       $username = $_POST['username'];
+                                       $domain = $_POST['domain'];
                                }
                                else
                                {
-                                       $user = split_sipaddress($_GET['user']);
+                                       $user = split_sipaddress($_POST['user']);
                                        if ( !$user )
                                        {
                                                print json_encode ( array( 'response' => 'failed', 'cause' => 'invalid', 'detail' => 'Invalid SIP address') );
@@ -180,7 +180,7 @@ token_auth();
                                        }
                                        list ( $username, $domain ) = $user;
                                }
-                               $mac = clean_mac($_GET['mac']);
+                               $mac = clean_mac($_POST['mac']);
                                if ( !$mac )
                                {
                                        print json_encode ( array( 'response' => 'failed', 'cause' => 'invalid', 'detail' => 'No valid MAC address given.') );
diff --git a/api/t/auth.t b/api/t/auth.t
index d01c52ba8d94ad213d2ac6217bd9c83be7cb168b..4ff72df599e995db66c8d98661d712005c1d9778 100644 (file)
--- a/api/t/auth.t
+++ b/api/t/auth.t
@@ -92,7 +92,7 @@ logout();
 ok( !$session,                         'logged out, session cleared');
 login_apikey();
 
-$data = exec_apinode("auth/remove_user", { "&username" => $test_username });
+$data = exec_apinode("auth/remove_user", { "username" => $test_username });
 is( $data->{'response'}, 'ok',                 'auth/remove_user as user ok');
 is( $data->{'user'}, $test_username,   'auth/remove_user removed ' . $test_username);
 undef $data;
diff --git a/api/t/run_tests.sh b/api/t/run_tests.sh
new file mode 100755 (executable)
index 0000000..d11b8d8
--- /dev/null
+++ b/api/t/run_tests.sh
@@ -0,0 +1,7 @@
+#!/bin/bash -xe
+
+perl auth.t
+perl user.t
+perl domain.t
+perl alias.t
+perl numbers.t
diff --git a/api/t/tests_common.pm b/api/t/tests_common.pm
index 9c2ec83266683cc68612be6476ad258c5fdfda4a..59a43e88e94d590074a4a2a14ec4260b6ef331e2 100644 (file)
--- a/api/t/tests_common.pm
+++ b/api/t/tests_common.pm
@@ -40,15 +40,12 @@ sub exec_apinode($$)
 
        $session = "" if not defined $session;
        $auth_key = "" if not defined $auth_key;
-       my $url = $api_base . $node . 
-               "?session=" . $session .
-               "&auth_key=" . $auth_key;
+       my $url = $api_base . $node;
 
-       foreach my $key ( keys %$param )
-       {
-               $url .= "&" . $key . "=" . $param->{$key};
-       }
-       $response = $g_ua->get( $url );
+       $param->{'session'} = $session;
+       $param->{'auth_key'} = $auth_key;
+
+       $response = $g_ua->post( $url, $param );
        if ( $response->is_success )
        {
                if ( $response->content =~ m/\s*{/ )
@@ -66,8 +63,9 @@ sub exec_apinode($$)
 
 sub login_apikey
 {
-       my $response = $g_ua->get( $api_base . "auth/login" .
-                       "?api_key=" . $api_key );
+       my $response = $g_ua->post( $api_base . "auth/login",
+               [ "api_key" => $api_key ] );
+
        ok ($response->is_success,              'login_apikey request is_success');
        my $data = decode_json( $response->content) if $response->is_success;
        die("HTTP error") unless $response->is_success;
@@ -89,9 +87,10 @@ sub login_apikey
 
 sub login_user
 {
-       my $response = $g_ua->get( $api_base . "auth/login" .
-               "?username=" . $test_username .
-               "&password=" . $test_password );
+       my $response = $g_ua->post( $api_base . "auth/login",
+               [ "username" => $test_username,
+                 "password" => $test_password ] );
+
 
        ok ($response->is_success,              'login_user request is_success');
        my $data = decode_json( $response->content) if $response->is_success;
@@ -114,8 +113,8 @@ sub login_user
 
 sub logout
 {
-       my $response = $g_ua->get( $api_base . "auth/logout" .
-               "?session=" . $session );
+       my $response = $g_ua->post( $api_base . "auth/logout",
+               [ "session" => $session ] );
 
        ok ($response->is_success,              'logout request is_success');
        die("HTTP error") unless $response->is_success;
diff --git a/api/user.php b/api/user.php
index a601d77fbff1ce9dbffc2436c5f0de0373e0cf2f..c5926bcfe3992e14a940c3a4d874f5680c858640 100644 (file)
--- a/api/user.php
+++ b/api/user.php
@@ -29,19 +29,19 @@ token_auth();
                        // user: authentication username, SIP-username without domain component
                        // domain: Domain/realm of the user. username + '@' + domain == SIP address.
 
-                       if ( array_key_exists('user', $_GET) ||
-                               ( array_key_exists('username', $_GET) && array_key_exists('domain', $_GET )))
+                       if ( array_key_exists('user', $_POST) ||
+                               ( array_key_exists('username', $_POST) && array_key_exists('domain', $_POST )))
                        {
                                $username = "";
                                $domain = "";
-                               if ( array_key_exists('username', $_GET) )
+                               if ( array_key_exists('username', $_POST) )
                                {
-                                       $username = $_GET['username'];
-                                       $domain = $_GET['domain'];
+                                       $username = $_POST['username'];
+                                       $domain = $_POST['domain'];
                                }
                                else
                                {
-                                       $user = split_sipaddress($_GET['user']);
+                                       $user = split_sipaddress($_POST['user']);
                                        if ( !$user )
                                        {
                                                print json_encode ( array( 'response' => 'failed', 'cause' => 'invalid', 'detail' => 'Invalid SIP address') );
@@ -87,8 +87,8 @@ token_auth();
                           * SQL SELECT CONCAT() WHERE CONCAT() must be used *shrug*
                           */
                        $search = null;
-                       if ( array_key_exists ( 'search', $_GET ) ) 
-                               $search = $_GET['search']; // TODO: Add some sanitation and input validation!
+                       if ( array_key_exists ( 'search', $_POST ) ) 
+                               $search = $_POST['search']; // TODO: Add some sanitation and input validation!
                        $list = list_users( $search );
                        print json_encode( array( 'response' => 'ok', 'list' => $list ));
                        break;
@@ -124,20 +124,20 @@ token_auth();
                        */
                        // Test required parameters:
                        if ( 
-                               ( ( array_key_exists( 'username', $_GET) && array_key_exists( 'domain', $_GET ) ) || array_key_exists('user', $_GET) )
-                               && array_key_exists( 'displayname', $_GET ) 
-                               && array_key_exists( 'email', $_GET ) )
+                               ( ( array_key_exists( 'username', $_POST) && array_key_exists( 'domain', $_POST ) ) || array_key_exists('user', $_POST) )
+                               && array_key_exists( 'displayname', $_POST ) 
+                               && array_key_exists( 'email', $_POST ) )
                        {
                                $username = "";
                                $domain = "";
-                               if ( array_key_exists('username', $_GET) )
+                               if ( array_key_exists('username', $_POST) )
                                {
-                                       $username = $_GET['username'];
-                                       $domain = $_GET['domain'];
+                                       $username = $_POST['username'];
+                                       $domain = $_POST['domain'];
                                }
                                else
                                {
-                                       $user = split_sipaddress($_GET['user']);
+                                       $user = split_sipaddress($_POST['user']);
                                        if ( !$user )
                                        {
                                                print json_encode ( array( 'response' => 'failed', 'cause' => 'invalid', 'detail' => 'Invalid SIP address') );
@@ -147,8 +147,8 @@ token_auth();
                                }
 
                                $password = generate_password();
-                               $displayname = $_GET['displayname'];
-                               $email = $_GET['email'];
+                               $displayname = $_POST['displayname'];
+                               $email = $_POST['email'];
 
                                if (  !is_kamailio_domain( $domain ) )
                                {
@@ -257,21 +257,21 @@ token_auth();
 
                        // Test required parameters:
                        if ( 
-                               ( ( array_key_exists( 'username', $_GET) && array_key_exists( 'domain', $_GET ) ) || array_key_exists('user', $_GET) )
-                               && array_key_exists( 'displayname', $_GET )
-                               && array_key_exists( 'password', $_GET )
-                               && array_key_exists( 'registrar', $_GET ) )
+                               ( ( array_key_exists( 'username', $_POST) && array_key_exists( 'domain', $_POST ) ) || array_key_exists('user', $_POST) )
+                               && array_key_exists( 'displayname', $_POST )
+                               && array_key_exists( 'password', $_POST )
+                               && array_key_exists( 'registrar', $_POST ) )
                        {
                                $username = "";
                                $domain = "";
-                               if ( array_key_exists('username', $_GET) )
+                               if ( array_key_exists('username', $_POST) )
                                {
-                                       $username = $_GET['username'];
-                                       $domain = $_GET['domain'];
+                                       $username = $_POST['username'];
+                                       $domain = $_POST['domain'];
                                }
                                else
                                {
-                                       $user = split_sipaddress($_GET['user']);
+                                       $user = split_sipaddress($_POST['user']);
                                        if ( !$user )
                                        {
                                                print json_encode ( array( 'response' => 'failed', 'cause' => 'invalid', 'detail' => 'Invalid SIP address') );
@@ -280,16 +280,16 @@ token_auth();
                                        list ( $username, $domain ) = $user;
                                }
 
-                               $password = $_GET['password'];
-                               $displayname = $_GET['displayname'];
-                               $registrar = $_GET['registrar'];
-                               $r_port = ( array_key_exists('r_port', $_GET) ) ? $_GET['r_port'] : 5060;
+                               $password = $_POST['password'];
+                               $displayname = $_POST['displayname'];
+                               $registrar = $_POST['registrar'];
+                               $r_port = ( array_key_exists('r_port', $_POST) ) ? $_POST['r_port'] : 5060;
 
-                               $proxy = ( array_key_exists('proxy', $_GET) ) ? $_GET['proxy'] : $registrar;
-                               $p_port = ( array_key_exists('p_port', $_GET) ) ? $_GET['p_port'] : $r_port;
-                               $authid = ( array_key_exists('authid', $_GET) ) ? $_GET['authid'] : $username;
-                               $dialplan = ( array_key_exists('dialplan', $_GET) ) ? $_GET['dialplan'] : $config['standard_dialplan'];
-                               $linetext = ( array_key_exists('linetext', $_GET) ) ? $_GET['linetext'] : $username . '@' . $domain;
+                               $proxy = ( array_key_exists('proxy', $_POST) ) ? $_POST['proxy'] : $registrar;
+                               $p_port = ( array_key_exists('p_port', $_POST) ) ? $_POST['p_port'] : $r_port;
+                               $authid = ( array_key_exists('authid', $_POST) ) ? $_POST['authid'] : $username;
+                               $dialplan = ( array_key_exists('dialplan', $_POST) ) ? $_POST['dialplan'] : $config['standard_dialplan'];
+                               $linetext = ( array_key_exists('linetext', $_POST) ) ? $_POST['linetext'] : $username . '@' . $domain;
 
                                if ( is_kamailio_domain( $domain ) )
                                {
@@ -354,20 +354,20 @@ token_auth();
                        * If no such user exists, return 'response' => 'failed' with 'cause' => 'nonexistant'
                        * On other failures, return 'response' => 'failed' with 'cause' => 'error' (may set 'detail' => 'message')
                        */
-                       if ( ( array_key_exists( 'username', $_GET) && array_key_exists( 'domain', $_GET ) ) 
-                               || array_key_exists('user', $_GET) )
+                       if ( ( array_key_exists( 'username', $_POST) && array_key_exists( 'domain', $_POST ) ) 
+                               || array_key_exists('user', $_POST) )
 
                        {
                                $username = "";
                                $domain = "";
-                               if ( array_key_exists('username', $_GET) )
+                               if ( array_key_exists('username', $_POST) )
                                {
-                                       $username = $_GET['username'];
-                                       $domain = $_GET['domain'];
+                                       $username = $_POST['username'];
+                                       $domain = $_POST['domain'];
                                }
                                else
                                {
-                                       $user = split_sipaddress($_GET['user']);
+                                       $user = split_sipaddress($_POST['user']);
                                        if ( !$user )
                                        {
                                                print json_encode ( array( 'response' => 'failed', 'cause' => 'invalid', 'detail' => 'Invalid SIP address') );
@@ -413,21 +413,21 @@ token_auth();
                        * Update user passwords in 'provision' and 'kamailio' as appropriate
                        * On other failures, return 'response' => 'failed' with 'cause' => 'error' (may set 'detail' => 'message')
                        */
-                       if (    array_key_exists('password', $_GET) &&
-                               ( ( array_key_exists( 'username', $_GET) && array_key_exists( 'domain', $_GET ) ) 
-                                       || array_key_exists('user', $_GET) ))
+                       if (    array_key_exists('password', $_POST) &&
+                               ( ( array_key_exists( 'username', $_POST) && array_key_exists( 'domain', $_POST ) ) 
+                                       || array_key_exists('user', $_POST) ))
 
                        {
                                $username = "";
                                $domain = "";
-                               if ( array_key_exists('username', $_GET) )
+                               if ( array_key_exists('username', $_POST) )
                                {
-                                       $username = $_GET['username'];
-                                       $domain = $_GET['domain'];
+                                       $username = $_POST['username'];
+                                       $domain = $_POST['domain'];
                                }
                                else
                                {
-                                       $user = split_sipaddress($_GET['user']);
+                                       $user = split_sipaddress($_POST['user']);
                                        if ( !$user )
                                        {
                                                print json_encode ( array( 'response' => 'failed', 'cause' => 'invalid', 'detail' => 'Invalid SIP address') );
@@ -435,7 +435,7 @@ token_auth();
                                        }
                                        list ( $username, $domain ) = $user;
                                }
-                               $password = $_GET['password'];
+                               $password = $_POST['password'];
 
                                // Check compatibility of password? TODO...
                                // Fetch old password for rollback? TODO...
@@ -478,21 +478,21 @@ token_auth();
                                ( username & domain ) | user
                                email
                        */
-                       if (    array_key_exists('email', $_GET) &&
-                               ( ( array_key_exists( 'username', $_GET) && array_key_exists( 'domain', $_GET ) ) 
-                                       || array_key_exists('user', $_GET) ))
+                       if (    array_key_exists('email', $_POST) &&
+                               ( ( array_key_exists( 'username', $_POST) && array_key_exists( 'domain', $_POST ) ) 
+                                       || array_key_exists('user', $_POST) ))
 
                        {
                                $username = "";
                                $domain = "";
-                               if ( array_key_exists('username', $_GET) )
+                               if ( array_key_exists('username', $_POST) )
                                {
-                                       $username = $_GET['username'];
-                                       $domain = $_GET['domain'];
+                                       $username = $_POST['username'];
+                                       $domain = $_POST['domain'];
                                }
                                else
                                {
-                                       $user = split_sipaddress($_GET['user']);
+                                       $user = split_sipaddress($_POST['user']);
                                        if ( !$user )
                                        {
                                                print json_encode ( array( 'response' => 'failed', 'cause' => 'invalid', 'detail' => 'Invalid SIP address') );
@@ -500,7 +500,7 @@ token_auth();
                                        }
                                        list ( $username, $domain ) = $user;
                                }
-                               $email = $_GET['email'];
+                               $email = $_POST['email'];
 
                                // Check for user in kamailio
                                if ( is_kamailio_subscriber( $username, $domain ) )
@@ -538,20 +538,20 @@ token_auth();
                        * Get update parameters, and change as appropriate ;)
                        * On other failures, return 'response' => 'failed' with 'cause' => 'error' (may set 'detail' => 'message')
                        */
-                       if ( ( array_key_exists( 'username', $_GET) && array_key_exists( 'domain', $_GET ) ) 
-                               || array_key_exists('user', $_GET) )
+                       if ( ( array_key_exists( 'username', $_POST) && array_key_exists( 'domain', $_POST ) ) 
+                               || array_key_exists('user', $_POST) )
 
                        {
                                $username = "";
                                $domain = "";
-                               if ( array_key_exists('username', $_GET) )
+                               if ( array_key_exists('username', $_POST) )
                                {
-                                       $username = $_GET['username'];
-                                       $domain = $_GET['domain'];
+                                       $username = $_POST['username'];
+                                       $domain = $_POST['domain'];
                                }
                                else
                                {
-                                       $user = split_sipaddress($_GET['user']);
+                                       $user = split_sipaddress($_POST['user']);
                                        if ( !$user )
                                        {
                                                print json_encode ( array( 'response' => 'failed', 'cause' => 'invalid', 'detail' => 'Invalid SIP address') );
@@ -571,9 +571,9 @@ token_auth();
                                $params = array('displayname', 'dialplan', 'linetext', 'registrar', 'r_port', 'proxy', 'p_port');
                                foreach ( $params as $p )
                                {
-                                       if ( array_key_exists($p, $_GET ) )
+                                       if ( array_key_exists($p, $_POST ) )
                                        {
-                                               $data = $_GET[$p];
+                                               $data = $_POST[$p];
                                                $t = update_provision_data($p, $username, $domain, $data);
                                                if ( $t != true )
                                                {
@@ -617,20 +617,20 @@ token_auth();
                                print json_encode( array( 'response' => 'invalid', 'cause' => 'parameters' ) );
                        break;
                case "/available":
-                       if ( ( array_key_exists( 'username', $_GET) && array_key_exists( 'domain', $_GET ) ) 
-                               || array_key_exists('user', $_GET) )
+                       if ( ( array_key_exists( 'username', $_POST) && array_key_exists( 'domain', $_POST ) ) 
+                               || array_key_exists('user', $_POST) )
 
                        {
                                $username = "";
                                $domain = "";
-                               if ( array_key_exists('username', $_GET) )
+                               if ( array_key_exists('username', $_POST) )
                                {
-                                       $username = $_GET['username'];
-                                       $domain = $_GET['domain'];
+                                       $username = $_POST['username'];
+                                       $domain = $_POST['domain'];
                                }
                                else
                                {
-                                       $user = split_sipaddress($_GET['user']);
+                                       $user = split_sipaddress($_POST['user']);
                                        if ( !$user )
                                        {
                                                print json_encode ( array( 'response' => 'failed', 'cause' => 'invalid', 'detail' => 'Invalid SIP address') );
diff --git a/doc/api-nodes.txt b/doc/api-nodes.txt
index fd8d3b9c0ec165d8ce14a4f54c2058c3f383b9dd..03b82b6f867627e8d94dda5c729f35a6f4c6da71 100644 (file)
--- a/doc/api-nodes.txt
+++ b/doc/api-nodes.txt
@@ -1,6 +1,6 @@
 General description on API protocol:
 =========================================================================
-All API nodes currently use GET requests for all parameters.
+All API nodes currently use POST requests for all parameters.
 All API nodes return JSON data unless explicitly noted , 
 and all JSON results will contain  a 'response' element.
 The 'response' may be set to:
@@ -706,10 +706,6 @@ Some TODO's listed above ...
 
 Permissions! (user/permissions?user=...)
 
-Change all GET to POST
-
-Implement test-tool for POST-based communication ;)
-
 Improve robustness of change_pw: fetch old password for rollback/testing.
 
 Check for locations where sql_dbexec_rows is more appropriate/correct than sql_dbexec
Hermes is a framework for managing a Kamailio SIP VoIP infrastructure.