dépôts / lhc / web / wiklou.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
history | raw | HEAD
Merge "Type hint against LinkTarget in WatchedItemStore"
[lhc/web/wiklou.git] / tests / phpunit / includes / api / ApiMainTest.php
1 <?php
2
3 use Wikimedia\Rdbms\DBQueryError;
4 use Wikimedia\TestingAccessWrapper;
5
6 /**
7 * @group API
8 * @group Database
9 * @group medium
10 *
11 * @covers ApiMain
12 */
13 class ApiMainTest extends ApiTestCase {
14
15 /**
16 * Test that the API will accept a FauxRequest and execute.
17 */
18 public function testApi() {
19 $api = new ApiMain(
20 new FauxRequest( [ 'action' => 'query', 'meta' => 'siteinfo' ] )
21 );
22 $api->execute();
23 $data = $api->getResult()->getResultData();
24 $this->assertInternalType( 'array', $data );
25 $this->assertArrayHasKey( 'query', $data );
26 }
27
28 public function testApiNoParam() {
29 $api = new ApiMain();
30 $api->execute();
31 $data = $api->getResult()->getResultData();
32 $this->assertInternalType( 'array', $data );
33 }
34
35 /**
36 * ApiMain behaves differently if passed a FauxRequest (mInternalMode set
37 * to true) or a proper WebRequest (mInternalMode false). For most tests
38 * we can just set mInternalMode to false using TestingAccessWrapper, but
39 * this doesn't work for the constructor. This method returns an ApiMain
40 * that's been set up in non-internal mode.
41 *
42 * Note that calling execute() will print to the console. Wrap it in
43 * ob_start()/ob_end_clean() to prevent this.
44 *
45 * @param array $requestData Query parameters for the WebRequest
46 * @param array $headers Headers for the WebRequest
47 */
48 private function getNonInternalApiMain( array $requestData, array $headers = [] ) {
49 $req = $this->getMockBuilder( WebRequest::class )
50 ->setMethods( [ 'response', 'getRawIP' ] )
51 ->getMock();
52 $response = new FauxResponse();
53 $req->method( 'response' )->willReturn( $response );
54 $req->method( 'getRawIP' )->willReturn( '127.0.0.1' );
55
56 $wrapper = TestingAccessWrapper::newFromObject( $req );
57 $wrapper->data = $requestData;
58 if ( $headers ) {
59 $wrapper->headers = $headers;
60 }
61
62 return new ApiMain( $req );
63 }
64
65 public function testUselang() {
66 global $wgLang;
67
68 $api = $this->getNonInternalApiMain( [
69 'action' => 'query',
70 'meta' => 'siteinfo',
71 'uselang' => 'fr',
72 ] );
73
74 ob_start();
75 $api->execute();
76 ob_end_clean();
77
78 $this->assertSame( 'fr', $wgLang->getCode() );
79 }
80
81 public function testNonWhitelistedCorsWithCookies() {
82 $logFile = $this->getNewTempFile();
83
84 $this->mergeMwGlobalArrayValue( '_COOKIE', [ 'forceHTTPS' => '1' ] );
85 $logger = new TestLogger( true );
86 $this->setLogger( 'cors', $logger );
87
88 $api = $this->getNonInternalApiMain( [
89 'action' => 'query',
90 'meta' => 'siteinfo',
91 // For some reason multiple origins (which are not allowed in the
92 // WHATWG Fetch spec that supersedes the RFC) are always considered to
93 // be problematic.
94 ], [ 'ORIGIN' => 'https://www.example.com https://www.com.example' ] );
95
96 $this->assertSame(
97 [ [ Psr\Log\LogLevel::WARNING, 'Non-whitelisted CORS request with session cookies' ] ],
98 $logger->getBuffer()
99 );
100 }
101
102 public function testSuppressedLogin() {
103 global $wgUser;
104 $origUser = $wgUser;
105
106 $api = $this->getNonInternalApiMain( [
107 'action' => 'query',
108 'meta' => 'siteinfo',
109 'origin' => '*',
110 ] );
111
112 ob_start();
113 $api->execute();
114 ob_end_clean();
115
116 $this->assertNotSame( $origUser, $wgUser );
117 $this->assertSame( 'true', $api->getContext()->getRequest()->response()
118 ->getHeader( 'MediaWiki-Login-Suppressed' ) );
119 }
120
121 public function testSetContinuationManager() {
122 $api = new ApiMain();
123 $manager = $this->createMock( ApiContinuationManager::class );
124 $api->setContinuationManager( $manager );
125 $this->assertTrue( true, 'No exception' );
126 return [ $api, $manager ];
127 }
128
129 /**
130 * @depends testSetContinuationManager
131 */
132 public function testSetContinuationManagerTwice( $args ) {
133 $this->setExpectedException( UnexpectedValueException::class,
134 'ApiMain::setContinuationManager: tried to set manager from ' .
135 'when a manager is already set from ' );
136
137 list( $api, $manager ) = $args;
138 $api->setContinuationManager( $manager );
139 }
140
141 public function testSetCacheModeUnrecognized() {
142 $api = new ApiMain();
143 $api->setCacheMode( 'unrecognized' );
144 $this->resetServices();
145 $this->assertSame(
146 'private',
147 TestingAccessWrapper::newFromObject( $api )->mCacheMode,
148 'Unrecognized params must be silently ignored'
149 );
150 }
151
152 public function testSetCacheModePrivateWiki() {
153 $this->setGroupPermissions( '*', 'read', false );
154 $wrappedApi = TestingAccessWrapper::newFromObject( new ApiMain() );
155 $wrappedApi->setCacheMode( 'public' );
156 $this->assertSame( 'private', $wrappedApi->mCacheMode );
157 $wrappedApi->setCacheMode( 'anon-public-user-private' );
158 $this->assertSame( 'private', $wrappedApi->mCacheMode );
159 }
160
161 public function testAddRequestedFieldsRequestId() {
162 $req = new FauxRequest( [
163 'action' => 'query',
164 'meta' => 'siteinfo',
165 'requestid' => '123456',
166 ] );
167 $api = new ApiMain( $req );
168 $api->execute();
169 $this->assertSame( '123456', $api->getResult()->getResultData()['requestid'] );
170 }
171
172 public function testAddRequestedFieldsCurTimestamp() {
173 $req = new FauxRequest( [
174 'action' => 'query',
175 'meta' => 'siteinfo',
176 'curtimestamp' => '',
177 ] );
178 $api = new ApiMain( $req );
179 $api->execute();
180 $timestamp = $api->getResult()->getResultData()['curtimestamp'];
181 $this->assertLessThanOrEqual( 1, abs( strtotime( $timestamp ) - time() ) );
182 }
183
184 public function testAddRequestedFieldsResponseLangInfo() {
185 $req = new FauxRequest( [
186 'action' => 'query',
187 'meta' => 'siteinfo',
188 // errorlang is ignored if errorformat is not specified
189 'errorformat' => 'plaintext',
190 'uselang' => 'FR',
191 'errorlang' => 'ja',
192 'responselanginfo' => '',
193 ] );
194 $api = new ApiMain( $req );
195 $api->execute();
196 $data = $api->getResult()->getResultData();
197 $this->assertSame( 'fr', $data['uselang'] );
198 $this->assertSame( 'ja', $data['errorlang'] );
199 }
200
201 public function testSetupModuleUnknown() {
202 $this->setExpectedException( ApiUsageException::class,
203 'Unrecognized value for parameter "action": unknownaction.' );
204
205 $req = new FauxRequest( [ 'action' => 'unknownaction' ] );
206 $api = new ApiMain( $req );
207 $api->execute();
208 }
209
210 public function testSetupModuleNoTokenProvided() {
211 $this->setExpectedException( ApiUsageException::class,
212 'The "token" parameter must be set.' );
213
214 $req = new FauxRequest( [
215 'action' => 'edit',
216 'title' => 'New page',
217 'text' => 'Some text',
218 ] );
219 $api = new ApiMain( $req );
220 $api->execute();
221 }
222
223 public function testSetupModuleInvalidTokenProvided() {
224 $this->setExpectedException( ApiUsageException::class, 'Invalid CSRF token.' );
225
226 $req = new FauxRequest( [
227 'action' => 'edit',
228 'title' => 'New page',
229 'text' => 'Some text',
230 'token' => "This isn't a real token!",
231 ] );
232 $api = new ApiMain( $req );
233 $api->execute();
234 }
235
236 public function testSetupModuleNeedsTokenTrue() {
237 $this->setExpectedException( MWException::class,
238 "Module 'testmodule' must be updated for the new token handling. " .
239 "See documentation for ApiBase::needsToken for details." );
240
241 $mock = $this->createMock( ApiBase::class );
242 $mock->method( 'getModuleName' )->willReturn( 'testmodule' );
243 $mock->method( 'needsToken' )->willReturn( true );
244
245 $api = new ApiMain( new FauxRequest( [ 'action' => 'testmodule' ] ) );
246 $api->getModuleManager()->addModule( 'testmodule', 'action', get_class( $mock ),
247 function () use ( $mock ) {
248 return $mock;
249 }
250 );
251 $api->execute();
252 }
253
254 public function testSetupModuleNeedsTokenNeedntBePosted() {
255 $this->setExpectedException( MWException::class,
256 "Module 'testmodule' must require POST to use tokens." );
257
258 $mock = $this->createMock( ApiBase::class );
259 $mock->method( 'getModuleName' )->willReturn( 'testmodule' );
260 $mock->method( 'needsToken' )->willReturn( 'csrf' );
261 $mock->method( 'mustBePosted' )->willReturn( false );
262
263 $api = new ApiMain( new FauxRequest( [ 'action' => 'testmodule' ] ) );
264 $api->getModuleManager()->addModule( 'testmodule', 'action', get_class( $mock ),
265 function () use ( $mock ) {
266 return $mock;
267 }
268 );
269 $api->execute();
270 }
271
272 public function testCheckMaxLagFailed() {
273 // It's hard to mock the LoadBalancer properly, so instead we'll mock
274 // checkMaxLag (which is tested directly in other tests below).
275 $req = new FauxRequest( [
276 'action' => 'query',
277 'meta' => 'siteinfo',
278 ] );
279
280 $mock = $this->getMockBuilder( ApiMain::class )
281 ->setConstructorArgs( [ $req ] )
282 ->setMethods( [ 'checkMaxLag' ] )
283 ->getMock();
284 $mock->method( 'checkMaxLag' )->willReturn( false );
285
286 $mock->execute();
287
288 $this->assertArrayNotHasKey( 'query', $mock->getResult()->getResultData() );
289 }
290
291 public function testCheckConditionalRequestHeadersFailed() {
292 // The detailed checking of all cases of checkConditionalRequestHeaders
293 // is below in testCheckConditionalRequestHeaders(), which calls the
294 // method directly. Here we just check that it will stop execution if
295 // it does fail.
296 $now = time();
297
298 $this->setMwGlobals( 'wgCacheEpoch', '20030516000000' );
299
300 $mock = $this->createMock( ApiBase::class );
301 $mock->method( 'getModuleName' )->willReturn( 'testmodule' );
302 $mock->method( 'getConditionalRequestData' )
303 ->willReturn( wfTimestamp( TS_MW, $now - 3600 ) );
304 $mock->expects( $this->exactly( 0 ) )->method( 'execute' );
305
306 $req = new FauxRequest( [
307 'action' => 'testmodule',
308 ] );
309 $req->setHeader( 'If-Modified-Since', wfTimestamp( TS_RFC2822, $now - 3600 ) );
310 $req->setRequestURL( "http://localhost" );
311
312 $api = new ApiMain( $req );
313 $api->getModuleManager()->addModule( 'testmodule', 'action', get_class( $mock ),
314 function () use ( $mock ) {
315 return $mock;
316 }
317 );
318
319 $wrapper = TestingAccessWrapper::newFromObject( $api );
320 $wrapper->mInternalMode = false;
321
322 ob_start();
323 $api->execute();
324 ob_end_clean();
325 }
326
327 private function doTestCheckMaxLag( $lag ) {
328 $mockLB = $this->getMockBuilder( LoadBalancer::class )
329 ->disableOriginalConstructor()
330 ->setMethods( [ 'getMaxLag', '__destruct' ] )
331 ->getMock();
332 $mockLB->method( 'getMaxLag' )->willReturn( [ 'somehost', $lag ] );
333 $this->setService( 'DBLoadBalancer', $mockLB );
334
335 $req = new FauxRequest();
336
337 $api = new ApiMain( $req );
338 $wrapper = TestingAccessWrapper::newFromObject( $api );
339
340 $mockModule = $this->createMock( ApiBase::class );
341 $mockModule->method( 'shouldCheckMaxLag' )->willReturn( true );
342
343 try {
344 $wrapper->checkMaxLag( $mockModule, [ 'maxlag' => 3 ] );
345 } finally {
346 if ( $lag > 3 ) {
347 $this->assertSame( '5', $req->response()->getHeader( 'Retry-After' ) );
348 $this->assertSame( (string)$lag, $req->response()->getHeader( 'X-Database-Lag' ) );
349 }
350 }
351 }
352
353 public function testCheckMaxLagOkay() {
354 $this->doTestCheckMaxLag( 3 );
355
356 // No exception, we're happy
357 $this->assertTrue( true );
358 }
359
360 public function testCheckMaxLagExceeded() {
361 $this->setExpectedException( ApiUsageException::class,
362 'Waiting for a database server: 4 seconds lagged.' );
363
364 $this->setMwGlobals( 'wgShowHostnames', false );
365
366 $this->doTestCheckMaxLag( 4 );
367 }
368
369 public function testCheckMaxLagExceededWithHostNames() {
370 $this->setExpectedException( ApiUsageException::class,
371 'Waiting for somehost: 4 seconds lagged.' );
372
373 $this->setMwGlobals( 'wgShowHostnames', true );
374
375 $this->doTestCheckMaxLag( 4 );
376 }
377
378 public static function provideAssert() {
379 return [
380 [ false, [], 'user', 'assertuserfailed' ],
381 [ true, [], 'user', false ],
382 [ true, [], 'bot', 'assertbotfailed' ],
383 [ true, [ 'bot' ], 'user', false ],
384 [ true, [ 'bot' ], 'bot', false ],
385 ];
386 }
387
388 /**
389 * Tests the assert={user|bot} functionality
390 *
391 * @dataProvider provideAssert
392 * @param bool $registered
393 * @param array $rights
394 * @param string $assert
395 * @param string|bool $error False if no error expected
396 */
397 public function testAssert( $registered, $rights, $assert, $error ) {
398 if ( $registered ) {
399 $user = $this->getMutableTestUser()->getUser();
400 $user->load(); // load before setting mRights
401 } else {
402 $user = new User();
403 }
404 $this->overrideUserPermissions( $user, $rights );
405 try {
406 $this->doApiRequest( [
407 'action' => 'query',
408 'assert' => $assert,
409 ], null, null, $user );
410 $this->assertFalse( $error ); // That no error was expected
411 } catch ( ApiUsageException $e ) {
412 $this->assertTrue( self::apiExceptionHasCode( $e, $error ),
413 "Error '{$e->getMessage()}' matched expected '$error'" );
414 }
415 }
416
417 /**
418 * Tests the assertuser= functionality
419 */
420 public function testAssertUser() {
421 $user = $this->getTestUser()->getUser();
422 $this->doApiRequest( [
423 'action' => 'query',
424 'assertuser' => $user->getName(),
425 ], null, null, $user );
426
427 try {
428 $this->doApiRequest( [
429 'action' => 'query',
430 'assertuser' => $user->getName() . 'X',
431 ], null, null, $user );
432 $this->fail( 'Expected exception not thrown' );
433 } catch ( ApiUsageException $e ) {
434 $this->assertTrue( self::apiExceptionHasCode( $e, 'assertnameduserfailed' ) );
435 }
436 }
437
438 /**
439 * Test that 'assert' is processed before module errors
440 */
441 public function testAssertBeforeModule() {
442 // Sanity check that the query without assert throws too-many-titles
443 try {
444 $this->doApiRequest( [
445 'action' => 'query',
446 'titles' => implode( '|', range( 1, ApiBase::LIMIT_SML1 + 1 ) ),
447 ], null, null, new User );
448 $this->fail( 'Expected exception not thrown' );
449 } catch ( ApiUsageException $e ) {
450 $this->assertTrue( self::apiExceptionHasCode( $e, 'too-many-titles' ), 'sanity check' );
451 }
452
453 // Now test that the assert happens first
454 try {
455 $this->doApiRequest( [
456 'action' => 'query',
457 'titles' => implode( '|', range( 1, ApiBase::LIMIT_SML1 + 1 ) ),
458 'assert' => 'user',
459 ], null, null, new User );
460 $this->fail( 'Expected exception not thrown' );
461 } catch ( ApiUsageException $e ) {
462 $this->assertTrue( self::apiExceptionHasCode( $e, 'assertuserfailed' ),
463 "Error '{$e->getMessage()}' matched expected 'assertuserfailed'" );
464 }
465 }
466
467 /**
468 * Test if all classes in the main module manager exists
469 */
470 public function testClassNamesInModuleManager() {
471 $api = new ApiMain(
472 new FauxRequest( [ 'action' => 'query', 'meta' => 'siteinfo' ] )
473 );
474 $modules = $api->getModuleManager()->getNamesWithClasses();
475
476 foreach ( $modules as $name => $class ) {
477 $this->assertTrue(
478 class_exists( $class ),
479 'Class ' . $class . ' for api module ' . $name . ' does not exist (with exact case)'
480 );
481 }
482 }
483
484 /**
485 * Test HTTP precondition headers
486 *
487 * @dataProvider provideCheckConditionalRequestHeaders
488 * @param array $headers HTTP headers
489 * @param array $conditions Return data for ApiBase::getConditionalRequestData
490 * @param int $status Expected response status
491 * @param array $options Array of options:
492 * post => true Request is a POST
493 * cdn => true CDN is enabled ($wgUseCdn)
494 */
495 public function testCheckConditionalRequestHeaders(
496 $headers, $conditions, $status, $options = []
497 ) {
498 $request = new FauxRequest(
499 [ 'action' => 'query', 'meta' => 'siteinfo' ],
500 !empty( $options['post'] )
501 );
502 $request->setHeaders( $headers );
503 $request->response()->statusHeader( 200 ); // Why doesn't it default?
504
505 $context = $this->apiContext->newTestContext( $request, null );
506 $api = new ApiMain( $context );
507 $priv = TestingAccessWrapper::newFromObject( $api );
508 $priv->mInternalMode = false;
509
510 if ( !empty( $options['cdn'] ) ) {
511 $this->setMwGlobals( 'wgUseCdn', true );
512 }
513
514 // Can't do this in TestSetup.php because Setup.php will override it
515 $this->setMwGlobals( 'wgCacheEpoch', '20030516000000' );
516
517 $module = $this->getMockBuilder( ApiBase::class )
518 ->setConstructorArgs( [ $api, 'mock' ] )
519 ->setMethods( [ 'getConditionalRequestData' ] )
520 ->getMockForAbstractClass();
521 $module->expects( $this->any() )
522 ->method( 'getConditionalRequestData' )
523 ->will( $this->returnCallback( function ( $condition ) use ( $conditions ) {
524 return $conditions[$condition] ?? null;
525 } ) );
526
527 $ret = $priv->checkConditionalRequestHeaders( $module );
528
529 $this->assertSame( $status, $request->response()->getStatusCode() );
530 $this->assertSame( $status === 200, $ret );
531 }
532
533 public static function provideCheckConditionalRequestHeaders() {
534 global $wgCdnMaxAge;
535 $now = time();
536
537 return [
538 // Non-existing from module is ignored
539 'If-None-Match' => [ [ 'If-None-Match' => '"foo", "bar"' ], [], 200 ],
540 'If-Modified-Since' =>
541 [ [ 'If-Modified-Since' => 'Tue, 18 Aug 2015 00:00:00 GMT' ], [], 200 ],
542
543 // No headers
544 'No headers' => [ [], [ 'etag' => '""', 'last-modified' => '20150815000000', ], 200 ],
545
546 // Basic If-None-Match
547 'If-None-Match with matching etag' =>
548 [ [ 'If-None-Match' => '"foo", "bar"' ], [ 'etag' => '"bar"' ], 304 ],
549 'If-None-Match with non-matching etag' =>
550 [ [ 'If-None-Match' => '"foo", "bar"' ], [ 'etag' => '"baz"' ], 200 ],
551 'Strong If-None-Match with weak matching etag' =>
552 [ [ 'If-None-Match' => '"foo"' ], [ 'etag' => 'W/"foo"' ], 304 ],
553 'Weak If-None-Match with strong matching etag' =>
554 [ [ 'If-None-Match' => 'W/"foo"' ], [ 'etag' => '"foo"' ], 304 ],
555 'Weak If-None-Match with weak matching etag' =>
556 [ [ 'If-None-Match' => 'W/"foo"' ], [ 'etag' => 'W/"foo"' ], 304 ],
557
558 // Pointless for GET, but supported
559 'If-None-Match: *' => [ [ 'If-None-Match' => '*' ], [], 304 ],
560
561 // Basic If-Modified-Since
562 'If-Modified-Since, modified one second earlier' =>
563 [ [ 'If-Modified-Since' => wfTimestamp( TS_RFC2822, $now ) ],
564 [ 'last-modified' => wfTimestamp( TS_MW, $now - 1 ) ], 304 ],
565 'If-Modified-Since, modified now' =>
566 [ [ 'If-Modified-Since' => wfTimestamp( TS_RFC2822, $now ) ],
567 [ 'last-modified' => wfTimestamp( TS_MW, $now ) ], 304 ],
568 'If-Modified-Since, modified one second later' =>
569 [ [ 'If-Modified-Since' => wfTimestamp( TS_RFC2822, $now ) ],
570 [ 'last-modified' => wfTimestamp( TS_MW, $now + 1 ) ], 200 ],
571
572 // If-Modified-Since ignored when If-None-Match is given too
573 'Non-matching If-None-Match and matching If-Modified-Since' =>
574 [ [ 'If-None-Match' => '""',
575 'If-Modified-Since' => wfTimestamp( TS_RFC2822, $now ) ],
576 [ 'etag' => '"x"', 'last-modified' => wfTimestamp( TS_MW, $now - 1 ) ], 200 ],
577 'Non-matching If-None-Match and matching If-Modified-Since with no ETag' =>
578 [
579 [
580 'If-None-Match' => '""',
581 'If-Modified-Since' => wfTimestamp( TS_RFC2822, $now )
582 ],
583 [ 'last-modified' => wfTimestamp( TS_MW, $now - 1 ) ],
584 304
585 ],
586
587 // Ignored for POST
588 'Matching If-None-Match with POST' =>
589 [ [ 'If-None-Match' => '"foo", "bar"' ], [ 'etag' => '"bar"' ], 200,
590 [ 'post' => true ] ],
591 'Matching If-Modified-Since with POST' =>
592 [ [ 'If-Modified-Since' => wfTimestamp( TS_RFC2822, $now ) ],
593 [ 'last-modified' => wfTimestamp( TS_MW, $now - 1 ) ], 200,
594 [ 'post' => true ] ],
595
596 // Other date formats allowed by the RFC
597 'If-Modified-Since with alternate date format 1' =>
598 [ [ 'If-Modified-Since' => gmdate( 'l, d-M-y H:i:s', $now ) . ' GMT' ],
599 [ 'last-modified' => wfTimestamp( TS_MW, $now - 1 ) ], 304 ],
600 'If-Modified-Since with alternate date format 2' =>
601 [ [ 'If-Modified-Since' => gmdate( 'D M j H:i:s Y', $now ) ],
602 [ 'last-modified' => wfTimestamp( TS_MW, $now - 1 ) ], 304 ],
603
604 // Old browser extension to HTTP/1.0
605 'If-Modified-Since with length' =>
606 [ [ 'If-Modified-Since' => wfTimestamp( TS_RFC2822, $now ) . '; length=123' ],
607 [ 'last-modified' => wfTimestamp( TS_MW, $now - 1 ) ], 304 ],
608
609 // Invalid date formats should be ignored
610 'If-Modified-Since with invalid date format' =>
611 [ [ 'If-Modified-Since' => gmdate( 'Y-m-d H:i:s', $now ) . ' GMT' ],
612 [ 'last-modified' => wfTimestamp( TS_MW, $now - 1 ) ], 200 ],
613 'If-Modified-Since with entirely unparseable date' =>
614 [ [ 'If-Modified-Since' => 'a potato' ],
615 [ 'last-modified' => wfTimestamp( TS_MW, $now - 1 ) ], 200 ],
616
617 // Anything before $wgCdnMaxAge seconds ago should be considered
618 // expired.
619 'If-Modified-Since with CDN post-expiry' =>
620 [ [ 'If-Modified-Since' => wfTimestamp( TS_RFC2822, $now - $wgCdnMaxAge * 2 ) ],
621 [ 'last-modified' => wfTimestamp( TS_MW, $now - $wgCdnMaxAge * 3 ) ],
622 200, [ 'cdn' => true ] ],
623 'If-Modified-Since with CDN pre-expiry' =>
624 [ [ 'If-Modified-Since' => wfTimestamp( TS_RFC2822, $now - $wgCdnMaxAge / 2 ) ],
625 [ 'last-modified' => wfTimestamp( TS_MW, $now - $wgCdnMaxAge * 3 ) ],
626 304, [ 'cdn' => true ] ],
627 ];
628 }
629
630 /**
631 * Test conditional headers output
632 * @dataProvider provideConditionalRequestHeadersOutput
633 * @param array $conditions Return data for ApiBase::getConditionalRequestData
634 * @param array $headers Expected output headers
635 * @param bool $isError $isError flag
636 * @param bool $post Request is a POST
637 */
638 public function testConditionalRequestHeadersOutput(
639 $conditions, $headers, $isError = false, $post = false
640 ) {
641 $request = new FauxRequest( [ 'action' => 'query', 'meta' => 'siteinfo' ], $post );
642 $response = $request->response();
643
644 $api = new ApiMain( $request );
645 $priv = TestingAccessWrapper::newFromObject( $api );
646 $priv->mInternalMode = false;
647
648 $module = $this->getMockBuilder( ApiBase::class )
649 ->setConstructorArgs( [ $api, 'mock' ] )
650 ->setMethods( [ 'getConditionalRequestData' ] )
651 ->getMockForAbstractClass();
652 $module->expects( $this->any() )
653 ->method( 'getConditionalRequestData' )
654 ->will( $this->returnCallback( function ( $condition ) use ( $conditions ) {
655 return $conditions[$condition] ?? null;
656 } ) );
657 $priv->mModule = $module;
658
659 $priv->sendCacheHeaders( $isError );
660
661 foreach ( [ 'Last-Modified', 'ETag' ] as $header ) {
662 $this->assertEquals(
663 $headers[$header] ?? null,
664 $response->getHeader( $header ),
665 $header
666 );
667 }
668 }
669
670 public static function provideConditionalRequestHeadersOutput() {
671 return [
672 [
673 [],
674 []
675 ],
676 [
677 [ 'etag' => '"foo"' ],
678 [ 'ETag' => '"foo"' ]
679 ],
680 [
681 [ 'last-modified' => '20150818000102' ],
682 [ 'Last-Modified' => 'Tue, 18 Aug 2015 00:01:02 GMT' ]
683 ],
684 [
685 [ 'etag' => '"foo"', 'last-modified' => '20150818000102' ],
686 [ 'ETag' => '"foo"', 'Last-Modified' => 'Tue, 18 Aug 2015 00:01:02 GMT' ]
687 ],
688 [
689 [ 'etag' => '"foo"', 'last-modified' => '20150818000102' ],
690 [],
691 true,
692 ],
693 [
694 [ 'etag' => '"foo"', 'last-modified' => '20150818000102' ],
695 [],
696 false,
697 true,
698 ],
699 ];
700 }
701
702 public function testCheckExecutePermissionsReadProhibited() {
703 $this->setExpectedException( ApiUsageException::class,
704 'You need read permission to use this module.' );
705
706 $this->setGroupPermissions( '*', 'read', false );
707
708 $main = new ApiMain( new FauxRequest( [ 'action' => 'query', 'meta' => 'siteinfo' ] ) );
709 $main->execute();
710 }
711
712 public function testCheckExecutePermissionWriteDisabled() {
713 $this->setExpectedException( ApiUsageException::class,
714 'Editing of this wiki through the API is disabled. Make sure the ' .
715 '"$wgEnableWriteAPI=true;" statement is included in the wiki\'s ' .
716 '"LocalSettings.php" file.' );
717 $main = new ApiMain( new FauxRequest( [
718 'action' => 'edit',
719 'title' => 'Some page',
720 'text' => 'Some text',
721 'token' => '+\\',
722 ] ) );
723 $main->execute();
724 }
725
726 public function testCheckExecutePermissionWriteApiProhibited() {
727 $this->setExpectedException( ApiUsageException::class,
728 "You're not allowed to edit this wiki through the API." );
729 $this->setGroupPermissions( '*', 'writeapi', false );
730
731 $main = new ApiMain( new FauxRequest( [
732 'action' => 'edit',
733 'title' => 'Some page',
734 'text' => 'Some text',
735 'token' => '+\\',
736 ] ), /* enableWrite = */ true );
737 $main->execute();
738 }
739
740 public function testCheckExecutePermissionPromiseNonWrite() {
741 $this->setExpectedException( ApiUsageException::class,
742 'The "Promise-Non-Write-API-Action" HTTP header cannot be sent ' .
743 'to write-mode API modules.' );
744
745 $req = new FauxRequest( [
746 'action' => 'edit',
747 'title' => 'Some page',
748 'text' => 'Some text',
749 'token' => '+\\',
750 ] );
751 $req->setHeaders( [ 'Promise-Non-Write-API-Action' => '1' ] );
752 $main = new ApiMain( $req, /* enableWrite = */ true );
753 $main->execute();
754 }
755
756 public function testCheckExecutePermissionHookAbort() {
757 $this->setExpectedException( ApiUsageException::class, 'Main Page' );
758
759 $this->setTemporaryHook( 'ApiCheckCanExecute', function ( $unused1, $unused2, &$message ) {
760 $message = 'mainpage';
761 return false;
762 } );
763
764 $main = new ApiMain( new FauxRequest( [
765 'action' => 'edit',
766 'title' => 'Some page',
767 'text' => 'Some text',
768 'token' => '+\\',
769 ] ), /* enableWrite = */ true );
770 $main->execute();
771 }
772
773 public function testGetValUnsupportedArray() {
774 $main = new ApiMain( new FauxRequest( [
775 'action' => 'query',
776 'meta' => 'siteinfo',
777 'siprop' => [ 'general', 'namespaces' ],
778 ] ) );
779 $this->assertSame( 'myDefault', $main->getVal( 'siprop', 'myDefault' ) );
780 $main->execute();
781 $this->assertSame( 'Parameter "siprop" uses unsupported PHP array syntax.',
782 $main->getResult()->getResultData()['warnings']['main']['warnings'] );
783 }
784
785 public function testReportUnusedParams() {
786 $main = new ApiMain( new FauxRequest( [
787 'action' => 'query',
788 'meta' => 'siteinfo',
789 'unusedparam' => 'unusedval',
790 'anotherunusedparam' => 'anotherval',
791 ] ) );
792 $main->execute();
793 $this->assertSame( 'Unrecognized parameters: unusedparam, anotherunusedparam.',
794 $main->getResult()->getResultData()['warnings']['main']['warnings'] );
795 }
796
797 public function testLacksSameOriginSecurity() {
798 // Basic test
799 $main = new ApiMain( new FauxRequest( [ 'action' => 'query', 'meta' => 'siteinfo' ] ) );
800 $this->assertFalse( $main->lacksSameOriginSecurity(), 'Basic test, should have security' );
801
802 // JSONp
803 $main = new ApiMain(
804 new FauxRequest( [ 'action' => 'query', 'format' => 'xml', 'callback' => 'foo' ] )
805 );
806 $this->assertTrue( $main->lacksSameOriginSecurity(), 'JSONp, should lack security' );
807
808 // Header
809 $request = new FauxRequest( [ 'action' => 'query', 'meta' => 'siteinfo' ] );
810 $request->setHeader( 'TrEaT-As-UnTrUsTeD', '' ); // With falsey value!
811 $main = new ApiMain( $request );
812 $this->assertTrue( $main->lacksSameOriginSecurity(), 'Header supplied, should lack security' );
813
814 // Hook
815 $this->mergeMwGlobalArrayValue( 'wgHooks', [
816 'RequestHasSameOriginSecurity' => [ function () {
817 return false;
818 } ]
819 ] );
820 $main = new ApiMain( new FauxRequest( [ 'action' => 'query', 'meta' => 'siteinfo' ] ) );
821 $this->assertTrue( $main->lacksSameOriginSecurity(), 'Hook, should lack security' );
822 }
823
824 /**
825 * Test proper creation of the ApiErrorFormatter
826 *
827 * @dataProvider provideApiErrorFormatterCreation
828 * @param array $request Request parameters
829 * @param array $expect Expected data
830 * - uselang: ApiMain language
831 * - class: ApiErrorFormatter class
832 * - lang: ApiErrorFormatter language
833 * - format: ApiErrorFormatter format
834 * - usedb: ApiErrorFormatter use-database flag
835 */
836 public function testApiErrorFormatterCreation( array $request, array $expect ) {
837 $context = new RequestContext();
838 $context->setRequest( new FauxRequest( $request ) );
839 $context->setLanguage( 'ru' );
840
841 $main = new ApiMain( $context );
842 $formatter = $main->getErrorFormatter();
843 $wrappedFormatter = TestingAccessWrapper::newFromObject( $formatter );
844
845 $this->assertSame( $expect['uselang'], $main->getLanguage()->getCode() );
846 $this->assertInstanceOf( $expect['class'], $formatter );
847 $this->assertSame( $expect['lang'], $formatter->getLanguage()->getCode() );
848 $this->assertSame( $expect['format'], $wrappedFormatter->format );
849 $this->assertSame( $expect['usedb'], $wrappedFormatter->useDB );
850 }
851
852 public static function provideApiErrorFormatterCreation() {
853 return [
854 'Default (BC)' => [ [], [
855 'uselang' => 'ru',
856 'class' => ApiErrorFormatter_BackCompat::class,
857 'lang' => 'en',
858 'format' => 'none',
859 'usedb' => false,
860 ] ],
861 'BC ignores fields' => [ [ 'errorlang' => 'de', 'errorsuselocal' => 1 ], [
862 'uselang' => 'ru',
863 'class' => ApiErrorFormatter_BackCompat::class,
864 'lang' => 'en',
865 'format' => 'none',
866 'usedb' => false,
867 ] ],
868 'Explicit BC' => [ [ 'errorformat' => 'bc' ], [
869 'uselang' => 'ru',
870 'class' => ApiErrorFormatter_BackCompat::class,
871 'lang' => 'en',
872 'format' => 'none',
873 'usedb' => false,
874 ] ],
875 'Basic' => [ [ 'errorformat' => 'wikitext' ], [
876 'uselang' => 'ru',
877 'class' => ApiErrorFormatter::class,
878 'lang' => 'ru',
879 'format' => 'wikitext',
880 'usedb' => false,
881 ] ],
882 'Follows uselang' => [ [ 'uselang' => 'fr', 'errorformat' => 'plaintext' ], [
883 'uselang' => 'fr',
884 'class' => ApiErrorFormatter::class,
885 'lang' => 'fr',
886 'format' => 'plaintext',
887 'usedb' => false,
888 ] ],
889 'Explicitly follows uselang' => [
890 [ 'uselang' => 'fr', 'errorlang' => 'uselang', 'errorformat' => 'plaintext' ],
891 [
892 'uselang' => 'fr',
893 'class' => ApiErrorFormatter::class,
894 'lang' => 'fr',
895 'format' => 'plaintext',
896 'usedb' => false,
897 ]
898 ],
899 'uselang=content' => [
900 [ 'uselang' => 'content', 'errorformat' => 'plaintext' ],
901 [
902 'uselang' => 'en',
903 'class' => ApiErrorFormatter::class,
904 'lang' => 'en',
905 'format' => 'plaintext',
906 'usedb' => false,
907 ]
908 ],
909 'errorlang=content' => [
910 [ 'errorlang' => 'content', 'errorformat' => 'plaintext' ],
911 [
912 'uselang' => 'ru',
913 'class' => ApiErrorFormatter::class,
914 'lang' => 'en',
915 'format' => 'plaintext',
916 'usedb' => false,
917 ]
918 ],
919 'Explicit parameters' => [
920 [ 'errorlang' => 'de', 'errorformat' => 'html', 'errorsuselocal' => 1 ],
921 [
922 'uselang' => 'ru',
923 'class' => ApiErrorFormatter::class,
924 'lang' => 'de',
925 'format' => 'html',
926 'usedb' => true,
927 ]
928 ],
929 'Explicit parameters override uselang' => [
930 [ 'errorlang' => 'de', 'uselang' => 'fr', 'errorformat' => 'raw' ],
931 [
932 'uselang' => 'fr',
933 'class' => ApiErrorFormatter::class,
934 'lang' => 'de',
935 'format' => 'raw',
936 'usedb' => false,
937 ]
938 ],
939 'Bogus language doesn\'t explode' => [
940 [ 'errorlang' => '<bogus1>', 'uselang' => '<bogus2>', 'errorformat' => 'none' ],
941 [
942 'uselang' => 'en',
943 'class' => ApiErrorFormatter::class,
944 'lang' => 'en',
945 'format' => 'none',
946 'usedb' => false,
947 ]
948 ],
949 'Bogus format doesn\'t explode' => [ [ 'errorformat' => 'bogus' ], [
950 'uselang' => 'ru',
951 'class' => ApiErrorFormatter_BackCompat::class,
952 'lang' => 'en',
953 'format' => 'none',
954 'usedb' => false,
955 ] ],
956 ];
957 }
958
959 /**
960 * @dataProvider provideExceptionErrors
961 * @param Exception $exception
962 * @param array $expectReturn
963 * @param array $expectResult
964 */
965 public function testExceptionErrors( $error, $expectReturn, $expectResult ) {
966 $context = new RequestContext();
967 $context->setRequest( new FauxRequest( [ 'errorformat' => 'plaintext' ] ) );
968 $context->setLanguage( 'en' );
969 $context->setConfig( new MultiConfig( [
970 new HashConfig( [
971 'ShowHostnames' => true, 'ShowExceptionDetails' => true,
972 ] ),
973 $context->getConfig()
974 ] ) );
975
976 $main = new ApiMain( $context );
977 $main->addWarning( new RawMessage( 'existing warning' ), 'existing-warning' );
978 $main->addError( new RawMessage( 'existing error' ), 'existing-error' );
979
980 $ret = TestingAccessWrapper::newFromObject( $main )->substituteResultWithError( $error );
981 $this->assertSame( $expectReturn, $ret );
982
983 // PHPUnit sometimes adds some SplObjectStorage garbage to the arrays,
984 // so let's try ->assertEquals().
985 $this->assertEquals(
986 $expectResult,
987 $main->getResult()->getResultData( [], [ 'Strip' => 'all' ] )
988 );
989 }
990
991 // Not static so $this can be used
992 public function provideExceptionErrors() {
993 $reqId = WebRequest::getRequestId();
994 $doclink = wfExpandUrl( wfScript( 'api' ) );
995
996 $ex = new InvalidArgumentException( 'Random exception' );
997 $trace = wfMessage( 'api-exception-trace',
998 get_class( $ex ),
999 $ex->getFile(),
1000 $ex->getLine(),
1001 MWExceptionHandler::getRedactedTraceAsString( $ex )
1002 )->inLanguage( 'en' )->useDatabase( false )->text();
1003
1004 $dbex = new DBQueryError(
1005 $this->createMock( \Wikimedia\Rdbms\IDatabase::class ),
1006 'error', 1234, 'SELECT 1', __METHOD__ );
1007 $dbtrace = wfMessage( 'api-exception-trace',
1008 get_class( $dbex ),
1009 $dbex->getFile(),
1010 $dbex->getLine(),
1011 MWExceptionHandler::getRedactedTraceAsString( $dbex )
1012 )->inLanguage( 'en' )->useDatabase( false )->text();
1013
1014 // The specific exception doesn't matter, as long as it's namespaced.
1015 $nsex = new MediaWiki\ShellDisabledError();
1016 $nstrace = wfMessage( 'api-exception-trace',
1017 get_class( $nsex ),
1018 $nsex->getFile(),
1019 $nsex->getLine(),
1020 MWExceptionHandler::getRedactedTraceAsString( $nsex )
1021 )->inLanguage( 'en' )->useDatabase( false )->text();
1022
1023 $apiEx1 = new ApiUsageException( null,
1024 StatusValue::newFatal( new ApiRawMessage( 'An error', 'sv-error1' ) ) );
1025 TestingAccessWrapper::newFromObject( $apiEx1 )->modulePath = 'foo+bar';
1026 $apiEx1->getStatusValue()->warning( new ApiRawMessage( 'A warning', 'sv-warn1' ) );
1027 $apiEx1->getStatusValue()->warning( new ApiRawMessage( 'Another warning', 'sv-warn2' ) );
1028 $apiEx1->getStatusValue()->fatal( new ApiRawMessage( 'Another error', 'sv-error2' ) );
1029
1030 $badMsg = $this->getMockBuilder( ApiRawMessage::class )
1031 ->setConstructorArgs( [ 'An error', 'ignored' ] )
1032 ->setMethods( [ 'getApiCode' ] )
1033 ->getMock();
1034 $badMsg->method( 'getApiCode' )->willReturn( "bad\nvalue" );
1035 $apiEx2 = new ApiUsageException( null, StatusValue::newFatal( $badMsg ) );
1036
1037 return [
1038 [
1039 $ex,
1040 [ 'existing-error', 'internal_api_error_InvalidArgumentException' ],
1041 [
1042 'warnings' => [
1043 [ 'code' => 'existing-warning', 'text' => 'existing warning', 'module' => 'main' ],
1044 ],
1045 'errors' => [
1046 [ 'code' => 'existing-error', 'text' => 'existing error', 'module' => 'main' ],
1047 [
1048 'code' => 'internal_api_error_InvalidArgumentException',
1049 'text' => "[$reqId] Exception caught: Random exception",
1050 'data' => [
1051 'errorclass' => InvalidArgumentException::class,
1052 ],
1053 ]
1054 ],
1055 'trace' => $trace,
1056 'servedby' => wfHostname(),
1057 ]
1058 ],
1059 [
1060 $dbex,
1061 [ 'existing-error', 'internal_api_error_DBQueryError' ],
1062 [
1063 'warnings' => [
1064 [ 'code' => 'existing-warning', 'text' => 'existing warning', 'module' => 'main' ],
1065 ],
1066 'errors' => [
1067 [ 'code' => 'existing-error', 'text' => 'existing error', 'module' => 'main' ],
1068 [
1069 'code' => 'internal_api_error_DBQueryError',
1070 'text' => "[$reqId] Exception caught: A database query error has occurred. " .
1071 "This may indicate a bug in the software.",
1072 'data' => [
1073 'errorclass' => DBQueryError::class,
1074 ],
1075 ]
1076 ],
1077 'trace' => $dbtrace,
1078 'servedby' => wfHostname(),
1079 ]
1080 ],
1081 [
1082 $nsex,
1083 [ 'existing-error', 'internal_api_error_MediaWiki\ShellDisabledError' ],
1084 [
1085 'warnings' => [
1086 [ 'code' => 'existing-warning', 'text' => 'existing warning', 'module' => 'main' ],
1087 ],
1088 'errors' => [
1089 [ 'code' => 'existing-error', 'text' => 'existing error', 'module' => 'main' ],
1090 [
1091 'code' => 'internal_api_error_MediaWiki\ShellDisabledError',
1092 'text' => "[$reqId] Exception caught: " . $nsex->getMessage(),
1093 'data' => [
1094 'errorclass' => MediaWiki\ShellDisabledError::class,
1095 ],
1096 ]
1097 ],
1098 'trace' => $nstrace,
1099 'servedby' => wfHostname(),
1100 ]
1101 ],
1102 [
1103 $apiEx1,
1104 [ 'existing-error', 'sv-error1', 'sv-error2' ],
1105 [
1106 'warnings' => [
1107 [ 'code' => 'existing-warning', 'text' => 'existing warning', 'module' => 'main' ],
1108 [ 'code' => 'sv-warn1', 'text' => 'A warning', 'module' => 'foo+bar' ],
1109 [ 'code' => 'sv-warn2', 'text' => 'Another warning', 'module' => 'foo+bar' ],
1110 ],
1111 'errors' => [
1112 [ 'code' => 'existing-error', 'text' => 'existing error', 'module' => 'main' ],
1113 [ 'code' => 'sv-error1', 'text' => 'An error', 'module' => 'foo+bar' ],
1114 [ 'code' => 'sv-error2', 'text' => 'Another error', 'module' => 'foo+bar' ],
1115 ],
1116 'docref' => "See $doclink for API usage. Subscribe to the mediawiki-api-announce mailing " .
1117 "list at &lt;https://lists.wikimedia.org/mailman/listinfo/mediawiki-api-announce&gt; " .
1118 "for notice of API deprecations and breaking changes.",
1119 'servedby' => wfHostname(),
1120 ]
1121 ],
1122 [
1123 $apiEx2,
1124 [ 'existing-error', '<invalid-code>' ],
1125 [
1126 'warnings' => [
1127 [ 'code' => 'existing-warning', 'text' => 'existing warning', 'module' => 'main' ],
1128 ],
1129 'errors' => [
1130 [ 'code' => 'existing-error', 'text' => 'existing error', 'module' => 'main' ],
1131 [ 'code' => "bad\nvalue", 'text' => 'An error' ],
1132 ],
1133 'docref' => "See $doclink for API usage. Subscribe to the mediawiki-api-announce mailing " .
1134 "list at &lt;https://lists.wikimedia.org/mailman/listinfo/mediawiki-api-announce&gt; " .
1135 "for notice of API deprecations and breaking changes.",
1136 'servedby' => wfHostname(),
1137 ]
1138 ]
1139 ];
1140 }
1141
1142 public function testPrinterParameterValidationError() {
1143 $api = $this->getNonInternalApiMain( [
1144 'action' => 'query', 'meta' => 'siteinfo', 'format' => 'json', 'formatversion' => 'bogus',
1145 ] );
1146
1147 ob_start();
1148 $api->execute();
1149 $txt = ob_get_clean();
1150
1151 // Test that the actual output is valid JSON, not just the format of the ApiResult.
1152 $data = FormatJson::decode( $txt, true );
1153 $this->assertInternalType( 'array', $data );
1154 $this->assertArrayHasKey( 'error', $data );
1155 $this->assertArrayHasKey( 'code', $data['error'] );
1156 $this->assertSame( 'unknown_formatversion', $data['error']['code'] );
1157 }
1158 }
Wiklou, le Wiki du Wiklou