dépôts / lhc / web / wiklou.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
history | raw | HEAD
Merge "Provide command to adjust phpunit.xml for code coverage"
[lhc/web/wiklou.git] / tests / phpunit / includes / Rest / BasicAccess / MWBasicRequestAuthorizerTest.php
1 <?php
2
3 namespace MediaWiki\Tests\Rest\BasicAccess;
4
5 use GuzzleHttp\Psr7\Uri;
6 use MediaWiki\MediaWikiServices;
7 use MediaWiki\Rest\BasicAccess\MWBasicAuthorizer;
8 use MediaWiki\Rest\Handler;
9 use MediaWiki\Rest\RequestData;
10 use MediaWiki\Rest\ResponseFactory;
11 use MediaWiki\Rest\Router;
12 use MediaWiki\Rest\Validator\Validator;
13 use MediaWikiTestCase;
14 use Psr\Container\ContainerInterface;
15 use User;
16 use Wikimedia\ObjectFactory;
17
18 /**
19 * @group Database
20 *
21 * @covers \MediaWiki\Rest\BasicAccess\BasicAuthorizerBase
22 * @covers \MediaWiki\Rest\BasicAccess\MWBasicAuthorizer
23 * @covers \MediaWiki\Rest\BasicAccess\BasicRequestAuthorizer
24 * @covers \MediaWiki\Rest\BasicAccess\MWBasicRequestAuthorizer
25 */
26 class MWBasicRequestAuthorizerTest extends MediaWikiTestCase {
27 private function createRouter( $userRights, $request ) {
28 $user = User::newFromName( 'Test user' );
29 // Don't allow the rights to everybody so that user rights kick in.
30 $this->mergeMwGlobalArrayValue( 'wgGroupPermissions', [ '*' => $userRights ] );
31 $this->overrideUserPermissions(
32 $user,
33 array_keys( array_filter( $userRights ), function ( $value ) {
34 return $value === true;
35 } )
36 );
37
38 global $IP;
39
40 $objectFactory = new ObjectFactory(
41 $this->getMockForAbstractClass( ContainerInterface::class )
42 );
43
44 return new Router(
45 [ "$IP/tests/phpunit/unit/includes/Rest/testRoutes.json" ],
46 [],
47 '/rest',
48 new \EmptyBagOStuff(),
49 new ResponseFactory(),
50 new MWBasicAuthorizer( $user, MediaWikiServices::getInstance()->getPermissionManager() ),
51 $objectFactory,
52 new Validator( $objectFactory, $request, $user )
53 );
54 }
55
56 public function testReadDenied() {
57 $request = new RequestData( [ 'uri' => new Uri( '/rest/user/joe/hello' ) ] );
58 $router = $this->createRouter( [ 'read' => false ], $request );
59 $response = $router->execute( $request );
60 $this->assertSame( 403, $response->getStatusCode() );
61
62 $body = $response->getBody();
63 $body->rewind();
64 $data = json_decode( $body->getContents(), true );
65 $this->assertSame( 'rest-read-denied', $data['error'] );
66 }
67
68 public function testReadAllowed() {
69 $request = new RequestData( [ 'uri' => new Uri( '/rest/user/joe/hello' ) ] );
70 $router = $this->createRouter( [ 'read' => true ], $request );
71 $response = $router->execute( $request );
72 $this->assertSame( 200, $response->getStatusCode() );
73 }
74
75 public static function writeHandlerFactory() {
76 return new class extends Handler {
77 public function needsWriteAccess() {
78 return true;
79 }
80
81 public function execute() {
82 return '';
83 }
84 };
85 }
86
87 public function testWriteDenied() {
88 $request = new RequestData( [
89 'uri' => new Uri( '/rest/mock/MWBasicRequestAuthorizerTest/write' )
90 ] );
91 $router = $this->createRouter( [ 'read' => true, 'writeapi' => false ], $request );
92 $response = $router->execute( $request );
93 $this->assertSame( 403, $response->getStatusCode() );
94
95 $body = $response->getBody();
96 $body->rewind();
97 $data = json_decode( $body->getContents(), true );
98 $this->assertSame( 'rest-write-denied', $data['error'] );
99 }
100
101 public function testWriteAllowed() {
102 $request = new RequestData( [
103 'uri' => new Uri( '/rest/mock/MWBasicRequestAuthorizerTest/write' )
104 ] );
105 $router = $this->createRouter( [ 'read' => true, 'writeapi' => true ], $request );
106 $response = $router->execute( $request );
107
108 $this->assertSame( 200, $response->getStatusCode() );
109 }
110 }
Wiklou, le Wiki du Wiklou