X-Git-Url: http://git.heureux-cyclage.org/?a=blobdiff_plain;f=tests%2Fphpunit%2Fincludes%2Fapi%2FApiLoginTest.php;h=d382c83c189adf9d5e6dd31788754a9e910317d9;hb=a8bdc1685629bee543fcf215482c2a78aa1b9727;hp=97681eb76f224f0d229c05bbe787ebefb7f13797;hpb=ffa16cf8ae23d1007f99e322b7d5ab93eb5624ac;p=lhc%2Fweb%2Fwiklou.git

diff --git a/tests/phpunit/includes/api/ApiLoginTest.php b/tests/phpunit/includes/api/ApiLoginTest.php
index 97681eb76f..d382c83c18 100644
--- a/tests/phpunit/includes/api/ApiLoginTest.php
+++ b/tests/phpunit/includes/api/ApiLoginTest.php
@@ -1,5 +1,7 @@
 <?php
 
+use Wikimedia\TestingAccessWrapper;
+
 /**
  * @group API
  * @group Database
@@ -140,7 +142,7 @@ class ApiLoginTest extends ApiTestCase {
 		libxml_use_internal_errors( true );
 		$sxe = simplexml_load_string( $req->getContent() );
 		$this->assertNotInternalType( "bool", $sxe );
-		$this->assertThat( $sxe, $this->isInstanceOf( "SimpleXMLElement" ) );
+		$this->assertThat( $sxe, $this->isInstanceOf( SimpleXMLElement::class ) );
 		$this->assertNotInternalType( "null", $sxe->login[0] );
 
 		$a = $sxe->login[0]->attributes()->result[0];
@@ -188,7 +190,6 @@ class ApiLoginTest extends ApiTestCase {
 		$this->assertArrayHasKey( "login", $data[0] );
 		$this->assertArrayHasKey( "result", $data[0]['login'] );
 		$this->assertEquals( "Success", $data[0]['login']['result'] );
-		$this->assertArrayHasKey( 'lgtoken', $data[0]['login'] );
 	}
 
 	public function testBotPassword() {
@@ -281,4 +282,20 @@ class ApiLoginTest extends ApiTestCase {
 		$this->assertEquals( 'Success', $a );
 	}
 
+	public function testLoginWithNoSameOriginSecurity() {
+		$this->setTemporaryHook( 'RequestHasSameOriginSecurity',
+			function () {
+				return false;
+			}
+		);
+
+		$result = $this->doApiRequest( [
+			'action' => 'login',
+		] )[0]['login'];
+
+		$this->assertSame( [
+			'result' => 'Aborted',
+			'reason' => 'Cannot log in when the same-origin policy is not applied.',
+		], $result );
+	}
 }