dépôts / lhc / web / wiklou.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
history | raw | HEAD
Merge "FauxRequest: don’t override getValues()"
[lhc/web/wiklou.git] / tests / phpunit / includes / Rest / BasicAccess / MWBasicRequestAuthorizerTest.php
1 <?php
2
3 namespace MediaWiki\Tests\Rest\BasicAccess;
4
5 use GuzzleHttp\Psr7\Uri;
6 use MediaWiki\Permissions\PermissionManager;
7 use MediaWiki\Rest\BasicAccess\MWBasicAuthorizer;
8 use MediaWiki\Rest\Handler;
9 use MediaWiki\Rest\RequestData;
10 use MediaWiki\Rest\ResponseFactory;
11 use MediaWiki\Rest\Router;
12 use MediaWiki\Rest\Validator\Validator;
13 use MediaWikiTestCase;
14 use Psr\Container\ContainerInterface;
15 use User;
16 use Wikimedia\ObjectFactory;
17
18 /**
19 * @group Database
20 *
21 * @covers \MediaWiki\Rest\BasicAccess\BasicAuthorizerBase
22 * @covers \MediaWiki\Rest\BasicAccess\MWBasicAuthorizer
23 * @covers \MediaWiki\Rest\BasicAccess\BasicRequestAuthorizer
24 * @covers \MediaWiki\Rest\BasicAccess\MWBasicRequestAuthorizer
25 */
26 class MWBasicRequestAuthorizerTest extends MediaWikiTestCase {
27 private function createRouter( $userRights, $request ) {
28 $user = User::newFromName( 'Test user' );
29 $objectFactory = new ObjectFactory(
30 $this->getMockForAbstractClass( ContainerInterface::class )
31 );
32 $permissionManager = $this->createMock( PermissionManager::class );
33 // Don't allow the rights to everybody so that user rights kick in.
34 $permissionManager->method( 'isEveryoneAllowed' )->willReturn( false );
35 $permissionManager->method( 'userHasRight' )
36 ->will( $this->returnCallback( function ( $user, $action ) use ( $userRights ) {
37 return isset( $userRights[$action] ) && $userRights[$action];
38 } ) );
39
40 global $IP;
41
42 return new Router(
43 [ "$IP/tests/phpunit/unit/includes/Rest/testRoutes.json" ],
44 [],
45 '/rest',
46 new \EmptyBagOStuff(),
47 new ResponseFactory( [] ),
48 new MWBasicAuthorizer( $user, $permissionManager ),
49 $objectFactory,
50 new Validator( $objectFactory, $permissionManager, $request, $user )
51 );
52 }
53
54 public function testReadDenied() {
55 $request = new RequestData( [ 'uri' => new Uri( '/rest/user/joe/hello' ) ] );
56 $router = $this->createRouter( [ 'read' => false ], $request );
57 $response = $router->execute( $request );
58 $this->assertSame( 403, $response->getStatusCode() );
59
60 $body = $response->getBody();
61 $body->rewind();
62 $data = json_decode( $body->getContents(), true );
63 $this->assertSame( 'rest-read-denied', $data['error'] );
64 }
65
66 public function testReadAllowed() {
67 $request = new RequestData( [ 'uri' => new Uri( '/rest/user/joe/hello' ) ] );
68 $router = $this->createRouter( [ 'read' => true ], $request );
69 $response = $router->execute( $request );
70 $this->assertSame( 200, $response->getStatusCode() );
71 }
72
73 public static function writeHandlerFactory() {
74 return new class extends Handler {
75 public function needsWriteAccess() {
76 return true;
77 }
78
79 public function execute() {
80 return '';
81 }
82 };
83 }
84
85 public function testWriteDenied() {
86 $request = new RequestData( [
87 'uri' => new Uri( '/rest/mock/MWBasicRequestAuthorizerTest/write' )
88 ] );
89 $router = $this->createRouter( [ 'read' => true, 'writeapi' => false ], $request );
90 $response = $router->execute( $request );
91 $this->assertSame( 403, $response->getStatusCode() );
92
93 $body = $response->getBody();
94 $body->rewind();
95 $data = json_decode( $body->getContents(), true );
96 $this->assertSame( 'rest-write-denied', $data['error'] );
97 }
98
99 public function testWriteAllowed() {
100 $request = new RequestData( [
101 'uri' => new Uri( '/rest/mock/MWBasicRequestAuthorizerTest/write' )
102 ] );
103 $router = $this->createRouter( [ 'read' => true, 'writeapi' => true ], $request );
104 $response = $router->execute( $request );
105
106 $this->assertSame( 200, $response->getStatusCode() );
107 }
108 }
Wiklou, le Wiki du Wiklou