add functional tests

Author: orthagh

.docker/test/Dockerfile

@@ -0,0 +1,13 @@
+FROM php:7.4-cli-bullseye
+
+RUN apt-get update -q \
+ && apt-get install -y -q --no-install-recommends \
+      git unzip libssl-dev libcurl4-openssl-dev libzip-dev \
+ && docker-php-ext-install pdo pdo_mysql \
+ && docker-php-ext-configure curl \
+ && docker-php-ext-install curl \
+ && rm -rf /var/lib/apt/lists/*
+
+COPY --from=composer:2 /usr/bin/composer /usr/bin/composer
+
+WORKDIR /app

.github/workflows/tests_phpunit.yml

@@ -7,6 +7,9 @@ on:
     branches: [ master ]
 
 jobs:
+  # ---------------------------------------------------------------------------
+  # Unit tests — no database required
+  # ---------------------------------------------------------------------------
   unit:
     name: Unit tests (PHP ${{ matrix.php }})
     runs-on: ubuntu-latest
@@ -31,4 +34,25 @@ jobs:
 
       - name: Run unit tests
         working-directory: api
-        run: vendor/bin/phpunit --configuration phpunit.xml
+        run: vendor/bin/phpunit --configuration phpunit.xml --testsuite Unit
+
+  # ---------------------------------------------------------------------------
+  # Functional tests — Apache/PHP 7.4 + MySQL 8.0 via Docker Compose
+  # ---------------------------------------------------------------------------
+  functional:
+    name: Functional tests
+    runs-on: ubuntu-latest
+    needs: unit
+
+    steps:
+      - uses: actions/checkout@v4
+
+      - name: Build test images
+        run: docker compose -f docker-compose.test.yml build
+
+      - name: Run functional tests
+        run: docker compose -f docker-compose.test.yml run --rm phpunit
+
+      - name: Tear down
+        if: always()
+        run: docker compose -f docker-compose.test.yml down -v

api/src/core/Tool.php

@@ -46,7 +46,13 @@ public static function endWithJson($_payload, $code = 200) {
 
       $payload = self::getPayload($_payload);
       $app->response->headers->set('Content-Type', 'application/json');
-      $app->halt($code, json_encode($payload));
+      // If the payload is a PaginatedCollection, getPayload() already called
+      // setStatus() on $app->response (e.g. 206 for partial range, 400 for
+      // out-of-range start). Respect that status instead of always using 200.
+      $effectiveCode = ($_payload instanceof \API\Core\PaginatedCollection)
+                       ? $app->response->getStatus()
+                       : $code;
+      $app->halt($effectiveCode, json_encode($payload));
    }
 
    /**
@@ -105,7 +111,7 @@ public static function endWithRSS($_payload, $feed_title = '', $code = 200) {
                   break;
                }
             }
-            if (empty($description)) {
+            if (empty($description) && count($plugin['descriptions']) > 0) {
                $description = $plugin['descriptions'][0]['long_description'];
             }
 
@@ -160,7 +166,7 @@ public static function makeEndpoint($callable) {
             try {
                call_user_func_array($callable, $args);
             }
-            catch (\Exception $e) {
+            catch (\Throwable $e) {
                global $app;
                if (!preg_match('/^API\\\\Exception/', get_class($e))) {
                   switch (get_class($e)) {
@@ -316,7 +322,8 @@ public static function getRequestLang() {
    public static $config = null;
    public static function getConfig() {
       if (!self::$config) {
-         require dirname(__FILE__) . '/../../config.php';
+         $configFile = getenv('APP_CONFIG_FILE') ?: dirname(__FILE__) . '/../../config.php';
+         require $configFile;
          self::$config = $config;
       }
       return self::$config;

api/src/endpoints/App.php

@@ -68,7 +68,7 @@
       throw new InvalidField('name');
    } else if (App::where('user_id', '=', $user_id)
                  ->where('name', '=', $body->name)->first() != null) {
-      throw new UnavailableName('app', $name);
+      throw new UnavailableName('app', $body->name);
    }
    else {
      $app->name = $body->name;

api/src/endpoints/Author.php

@@ -74,6 +74,7 @@
                                        ->withAverageNote()
                                        ->descWithLang(Tool::getRequestLang())
                                        ->whereAuthor($author->id)
+                                       ->where('active', '=', 1)
                      )
    );
 });

api/src/endpoints/Message.php

@@ -22,8 +22,6 @@
 use \API\Exception\MissingField;
 use \API\Exception\InvalidRecaptcha;
 
-require dirname(__FILE__) . '/../../config.php';
-
 $send = Tool::makeEndpoint(function() use($app) {
    OAuthHelper::needsScopes(['message']);
 
@@ -32,7 +30,7 @@
    $fields = ['firstname', 'lastname', 'email', 'subject', 'message'];
 
    $recaptcha = new ReCaptcha(Tool::getConfig()['recaptcha_secret']);
-   $resp = $recaptcha->verify($body->recaptcha_response);
+   $resp = $recaptcha->verify($body->recaptcha_response ?? null);
    if (!$resp->isSuccess()) {
       throw new InvalidRecaptcha();
    }

api/src/endpoints/Plugin.php

@@ -146,7 +146,7 @@
    if (isset($body->xml_url)) {
       // We check if the URL is a correct URI
       if (!filter_var($body->xml_url, FILTER_VALIDATE_URL)) {
-         throw new InvalidField;
+         throw new InvalidField('xml_url');
       }
 
       // We check if we can fetch the file via HTTP
@@ -530,7 +530,7 @@
    $body = Tool::getBody();
 
    $recaptcha = new ReCaptcha(Tool::getConfig()['recaptcha_secret']);
-   $resp = $recaptcha->verify($body->recaptcha_response);
+   $resp = $recaptcha->verify($body->recaptcha_response ?? null);
    if (!$resp->isSuccess()) {
       throw new InvalidRecaptcha;
    }

api/src/endpoints/User.php

@@ -34,6 +34,8 @@
 use API\Exception\InvalidCredentials;
 use API\Exception\InvalidXML;
 use API\Exception\WrongPasswordResetToken;
+use API\Exception\AccountNotFound;
+use API\Exception\ResourceNotFound;
 
 use League\OAuth2\Server\Util\SecureKey;
 use API\OAuthServer\AuthorizationServer;
@@ -471,7 +473,7 @@
     $user->setPassword($body->password);
     $user->save();
     // Deleting the ResetPasswordToken objects for this user
-    $user->passwordResetTokens()->truncate();
+    $user->passwordResetTokens()->delete();
     $app->halt(200);
 });
 

api/src/endpoints/Version.php

@@ -1,21 +1,15 @@
 <?php
-
-use \Illuminate\Database\Capsule\Manager as DB;
 use \API\Core\Tool;
 use \API\Model\Plugin;
-
 use \API\OAuthServer\OAuthHelper;
-
 $version_plugins = Tool::makeEndpoint(function($version) {
    OAuthHelper::needsScopes(['version', 'plugins']);
-
    $plugins = Tool::paginateCollection(Plugin::short()
-                                             ->with('authors', 'versions', 'descriptions')
-                                             ->withAverageNote()
-                                             ->descWithLang(Tool::getRequestLang())
-                                             ->withGlpiVersion($version));
+                                         ->with('authors', 'versions', 'descriptions')
+                                         ->withAverageNote()
+                                         ->descWithLang(Tool::getRequestLang())
+                                         ->withGlpiVersion($version));
    Tool::endWithJson($plugins);
 });
-
-$app->get('/version/:version/plugin', $version_plugins);
-$app->options('/version/:version/plugin', function() {});
+$app->get("/version/:version/plugin", $version_plugins);
+$app->options("/version/:version/plugin", function() {});

api/src/oauthserver/AuthorizationServer.php

@@ -53,6 +53,9 @@ public function __construct() {
             return false;
          } else {
             $user = $user->first();
+            if (!$user->active) {
+               return false;
+            }
             if ($user->assertPasswordIs($password)) {
                return $user->id;
             } else {