+
+ $this->assertSame(
+ [ 'warnings' => ApiErrorFormatter::stripMarkup( wfMessage(
+ 'apiwarn-deprecation-login-' . ( $enableBotPasswords ? '' : 'no' ) . 'botpw' )
+ ->text() ) ],
+ $ret[0]['warnings']['login']
+ );
+ $this->assertSame(
+ [
+ 'result' => 'Success',
+ 'lguserid' => $user->getUser()->getId(),
+ 'lgusername' => $user->getUser()->getName(),
+ ],
+ $ret[0]['login']
+ );
+ }
+
+ /**
+ * Attempts to log in with the given name and password, retrieves the returned token, and makes
+ * a second API request to actually log in with the token.
+ *
+ * @param string $name
+ * @param string $password
+ * @param array $params To pass to second request
+ * @return array Result of second doApiRequest
+ */
+ private function doUserLogin( $name, $password, array $params = [] ) {
+ $ret = $this->doApiRequest( [
+ 'action' => 'query',
+ 'meta' => 'tokens',
+ 'type' => 'login',
+ ] );
+
+ $this->assertArrayNotHasKey( 'warnings', $ret );
+
+ return $this->doApiRequest( array_merge(
+ [
+ 'action' => 'login',
+ 'lgtoken' => $ret[0]['query']['tokens']['logintoken'],
+ 'lgname' => $name,
+ 'lgpassword' => $password,
+ ], $params
+ ), $ret[2] );
+ }
+
+ public function testBadToken() {
+ $user = self::$users['sysop'];
+ $userName = $user->getUser()->getName();
+ $password = $user->getPassword();
+ $user->getUser()->logout();
+
+ $ret = $this->doUserLogin( $userName, $password, [ 'lgtoken' => 'invalid token' ] );
+
+ $this->assertSame( 'WrongToken', $ret[0]['login']['result'] );