tests/phpunit/includes/api/ApiLogoutTest.php

   1 <?php
   2
   3 /**
   4  * @group API
   5  * @group Database
   6  * @group medium
   7  *
   8  * @covers ApiLogout
   9  */
  10 class ApiLogoutTest extends ApiTestCase {
  11
  12         protected function setUp() {
  13                 global $wgRequest, $wgUser;
  14
  15                 parent::setUp();
  16
  17                 // Link the user to the Session properly so User::doLogout() doesn't complain.
  18                 $wgRequest->getSession()->setUser( $wgUser );
  19                 $wgUser = User::newFromSession( $wgRequest );
  20                 $this->apiContext->setUser( $wgUser );
  21         }
  22
  23         public function testUserLogoutBadToken() {
  24                 global $wgUser;
  25
  26                 $this->setExpectedApiException( 'apierror-badtoken' );
  27
  28                 try {
  29                         $token = 'invalid token';
  30                         $this->doUserLogout( $token );
  31                 } finally {
  32                         $this->assertTrue( $wgUser->isLoggedIn(), 'not logged out' );
  33                 }
  34         }
  35
  36         public function testUserLogout() {
  37                 global $wgUser;
  38
  39                 $this->assertTrue( $wgUser->isLoggedIn(), 'sanity check' );
  40                 $token = $this->getUserCsrfTokenFromApi();
  41                 $this->doUserLogout( $token );
  42                 $this->assertFalse( $wgUser->isLoggedIn() );
  43         }
  44
  45         public function testUserLogoutWithWebToken() {
  46                 global $wgUser, $wgRequest;
  47
  48                 $this->assertTrue( $wgUser->isLoggedIn(), 'sanity check' );
  49
  50                 // Logic copied from SkinTemplate.
  51                 $token = $wgUser->getEditToken( 'logoutToken', $wgRequest );
  52
  53                 $this->doUserLogout( $token );
  54                 $this->assertFalse( $wgUser->isLoggedIn() );
  55         }
  56
  57         private function getUserCsrfTokenFromApi() {
  58                 $retToken = $this->doApiRequest( [
  59                         'action' => 'query',
  60                         'meta' => 'tokens',
  61                         'type' => 'csrf'
  62                 ] );
  63
  64                 $this->assertArrayNotHasKey( 'warnings', $retToken );
  65
  66                 return $retToken[0]['query']['tokens']['csrftoken'];
  67         }
  68
  69         private function doUserLogout( $logoutToken ) {
  70                 return $this->doApiRequest( [
  71                         'action' => 'logout',
  72                         'token' => $logoutToken
  73                 ] );
  74         }
  75 }