dépôts / lhc / web / wiklou.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
history | raw | HEAD
API: Add assertuser parameter
[lhc/web/wiklou.git] / tests / phpunit / includes / api / ApiMainTest.php
1 <?php
2
3 /**
4 * @group API
5 * @group medium
6 *
7 * @covers ApiMain
8 */
9 class ApiMainTest extends ApiTestCase {
10
11 /**
12 * Test that the API will accept a FauxRequest and execute.
13 */
14 public function testApi() {
15 $api = new ApiMain(
16 new FauxRequest( [ 'action' => 'query', 'meta' => 'siteinfo' ] )
17 );
18 $api->execute();
19 $data = $api->getResult()->getResultData();
20 $this->assertInternalType( 'array', $data );
21 $this->assertArrayHasKey( 'query', $data );
22 }
23
24 public static function provideAssert() {
25 return [
26 [ false, [], 'user', 'assertuserfailed' ],
27 [ true, [], 'user', false ],
28 [ true, [], 'bot', 'assertbotfailed' ],
29 [ true, [ 'bot' ], 'user', false ],
30 [ true, [ 'bot' ], 'bot', false ],
31 ];
32 }
33
34 /**
35 * Tests the assert={user|bot} functionality
36 *
37 * @covers ApiMain::checkAsserts
38 * @dataProvider provideAssert
39 * @param bool $registered
40 * @param array $rights
41 * @param string $assert
42 * @param string|bool $error False if no error expected
43 */
44 public function testAssert( $registered, $rights, $assert, $error ) {
45 $user = new User();
46 if ( $registered ) {
47 $user->setId( 1 );
48 }
49 $user->mRights = $rights;
50 try {
51 $this->doApiRequest( [
52 'action' => 'query',
53 'assert' => $assert,
54 ], null, null, $user );
55 $this->assertFalse( $error ); // That no error was expected
56 } catch ( UsageException $e ) {
57 $this->assertEquals( $e->getCodeString(), $error );
58 }
59 }
60
61 /**
62 * Tests the assertuser= functionality
63 *
64 * @covers ApiMain::checkAsserts
65 */
66 public function testAssertUser() {
67 $user = $this->getTestUser()->getUser();
68 $this->doApiRequest( [
69 'action' => 'query',
70 'assertuser' => $user->getName(),
71 ], null, null, $user );
72
73 try {
74 $this->doApiRequest( [
75 'action' => 'query',
76 'assertuser' => $user->getName() . 'X',
77 ], null, null, $user );
78 $this->fail( 'Expected exception not thrown' );
79 } catch ( UsageException $e ) {
80 $this->assertEquals( $e->getCodeString(), 'assertnameduserfailed' );
81 }
82 }
83
84 /**
85 * Test if all classes in the main module manager exists
86 */
87 public function testClassNamesInModuleManager() {
88 global $wgAutoloadLocalClasses, $wgAutoloadClasses;
89
90 // wgAutoloadLocalClasses has precedence, just like in includes/AutoLoader.php
91 $classes = $wgAutoloadLocalClasses + $wgAutoloadClasses;
92
93 $api = new ApiMain(
94 new FauxRequest( [ 'action' => 'query', 'meta' => 'siteinfo' ] )
95 );
96 $modules = $api->getModuleManager()->getNamesWithClasses();
97 foreach ( $modules as $name => $class ) {
98 $this->assertArrayHasKey(
99 $class,
100 $classes,
101 'Class ' . $class . ' for api module ' . $name . ' not in autoloader (with exact case)'
102 );
103 }
104 }
105
106 /**
107 * Test HTTP precondition headers
108 *
109 * @covers ApiMain::checkConditionalRequestHeaders
110 * @dataProvider provideCheckConditionalRequestHeaders
111 * @param array $headers HTTP headers
112 * @param array $conditions Return data for ApiBase::getConditionalRequestData
113 * @param int $status Expected response status
114 * @param bool $post Request is a POST
115 */
116 public function testCheckConditionalRequestHeaders(
117 $headers, $conditions, $status, $post = false
118 ) {
119 $request = new FauxRequest( [ 'action' => 'query', 'meta' => 'siteinfo' ], $post );
120 $request->setHeaders( $headers );
121 $request->response()->statusHeader( 200 ); // Why doesn't it default?
122
123 $context = $this->apiContext->newTestContext( $request, null );
124 $api = new ApiMain( $context );
125 $priv = TestingAccessWrapper::newFromObject( $api );
126 $priv->mInternalMode = false;
127
128 $module = $this->getMockBuilder( 'ApiBase' )
129 ->setConstructorArgs( [ $api, 'mock' ] )
130 ->setMethods( [ 'getConditionalRequestData' ] )
131 ->getMockForAbstractClass();
132 $module->expects( $this->any() )
133 ->method( 'getConditionalRequestData' )
134 ->will( $this->returnCallback( function ( $condition ) use ( $conditions ) {
135 return isset( $conditions[$condition] ) ? $conditions[$condition] : null;
136 } ) );
137
138 $ret = $priv->checkConditionalRequestHeaders( $module );
139
140 $this->assertSame( $status, $request->response()->getStatusCode() );
141 $this->assertSame( $status === 200, $ret );
142 }
143
144 public static function provideCheckConditionalRequestHeaders() {
145 $now = time();
146
147 return [
148 // Non-existing from module is ignored
149 [ [ 'If-None-Match' => '"foo", "bar"' ], [], 200 ],
150 [ [ 'If-Modified-Since' => 'Tue, 18 Aug 2015 00:00:00 GMT' ], [], 200 ],
151
152 // No headers
153 [
154 [],
155 [
156 'etag' => '""',
157 'last-modified' => '20150815000000',
158 ],
159 200
160 ],
161
162 // Basic If-None-Match
163 [ [ 'If-None-Match' => '"foo", "bar"' ], [ 'etag' => '"bar"' ], 304 ],
164 [ [ 'If-None-Match' => '"foo", "bar"' ], [ 'etag' => '"baz"' ], 200 ],
165 [ [ 'If-None-Match' => '"foo"' ], [ 'etag' => 'W/"foo"' ], 304 ],
166 [ [ 'If-None-Match' => 'W/"foo"' ], [ 'etag' => '"foo"' ], 304 ],
167 [ [ 'If-None-Match' => 'W/"foo"' ], [ 'etag' => 'W/"foo"' ], 304 ],
168
169 // Pointless, but supported
170 [ [ 'If-None-Match' => '*' ], [], 304 ],
171
172 // Basic If-Modified-Since
173 [ [ 'If-Modified-Since' => wfTimestamp( TS_RFC2822, $now ) ],
174 [ 'last-modified' => wfTimestamp( TS_MW, $now - 1 ) ], 304 ],
175 [ [ 'If-Modified-Since' => wfTimestamp( TS_RFC2822, $now ) ],
176 [ 'last-modified' => wfTimestamp( TS_MW, $now ) ], 304 ],
177 [ [ 'If-Modified-Since' => wfTimestamp( TS_RFC2822, $now ) ],
178 [ 'last-modified' => wfTimestamp( TS_MW, $now + 1 ) ], 200 ],
179
180 // If-Modified-Since ignored when If-None-Match is given too
181 [ [ 'If-None-Match' => '""', 'If-Modified-Since' => wfTimestamp( TS_RFC2822, $now ) ],
182 [ 'etag' => '"x"', 'last-modified' => wfTimestamp( TS_MW, $now - 1 ) ], 200 ],
183 [ [ 'If-None-Match' => '""', 'If-Modified-Since' => wfTimestamp( TS_RFC2822, $now ) ],
184 [ 'last-modified' => wfTimestamp( TS_MW, $now - 1 ) ], 304 ],
185
186 // Ignored for POST
187 [ [ 'If-None-Match' => '"foo", "bar"' ], [ 'etag' => '"bar"' ], 200, true ],
188 [ [ 'If-Modified-Since' => wfTimestamp( TS_RFC2822, $now ) ],
189 [ 'last-modified' => wfTimestamp( TS_MW, $now - 1 ) ], 200, true ],
190
191 // Other date formats allowed by the RFC
192 [ [ 'If-Modified-Since' => gmdate( 'l, d-M-y H:i:s', $now ) . ' GMT' ],
193 [ 'last-modified' => wfTimestamp( TS_MW, $now - 1 ) ], 304 ],
194 [ [ 'If-Modified-Since' => gmdate( 'D M j H:i:s Y', $now ) ],
195 [ 'last-modified' => wfTimestamp( TS_MW, $now - 1 ) ], 304 ],
196
197 // Old browser extension to HTTP/1.0
198 [ [ 'If-Modified-Since' => wfTimestamp( TS_RFC2822, $now ) . '; length=123' ],
199 [ 'last-modified' => wfTimestamp( TS_MW, $now - 1 ) ], 304 ],
200
201 // Invalid date formats should be ignored
202 [ [ 'If-Modified-Since' => gmdate( 'Y-m-d H:i:s', $now ) . ' GMT' ],
203 [ 'last-modified' => wfTimestamp( TS_MW, $now - 1 ) ], 200 ],
204 ];
205 }
206
207 /**
208 * Test conditional headers output
209 * @dataProvider provideConditionalRequestHeadersOutput
210 * @param array $conditions Return data for ApiBase::getConditionalRequestData
211 * @param array $headers Expected output headers
212 * @param bool $isError $isError flag
213 * @param bool $post Request is a POST
214 */
215 public function testConditionalRequestHeadersOutput(
216 $conditions, $headers, $isError = false, $post = false
217 ) {
218 $request = new FauxRequest( [ 'action' => 'query', 'meta' => 'siteinfo' ], $post );
219 $response = $request->response();
220
221 $api = new ApiMain( $request );
222 $priv = TestingAccessWrapper::newFromObject( $api );
223 $priv->mInternalMode = false;
224
225 $module = $this->getMockBuilder( 'ApiBase' )
226 ->setConstructorArgs( [ $api, 'mock' ] )
227 ->setMethods( [ 'getConditionalRequestData' ] )
228 ->getMockForAbstractClass();
229 $module->expects( $this->any() )
230 ->method( 'getConditionalRequestData' )
231 ->will( $this->returnCallback( function ( $condition ) use ( $conditions ) {
232 return isset( $conditions[$condition] ) ? $conditions[$condition] : null;
233 } ) );
234 $priv->mModule = $module;
235
236 $priv->sendCacheHeaders( $isError );
237
238 foreach ( [ 'Last-Modified', 'ETag' ] as $header ) {
239 $this->assertEquals(
240 isset( $headers[$header] ) ? $headers[$header] : null,
241 $response->getHeader( $header ),
242 $header
243 );
244 }
245 }
246
247 public static function provideConditionalRequestHeadersOutput() {
248 return [
249 [
250 [],
251 []
252 ],
253 [
254 [ 'etag' => '"foo"' ],
255 [ 'ETag' => '"foo"' ]
256 ],
257 [
258 [ 'last-modified' => '20150818000102' ],
259 [ 'Last-Modified' => 'Tue, 18 Aug 2015 00:01:02 GMT' ]
260 ],
261 [
262 [ 'etag' => '"foo"', 'last-modified' => '20150818000102' ],
263 [ 'ETag' => '"foo"', 'Last-Modified' => 'Tue, 18 Aug 2015 00:01:02 GMT' ]
264 ],
265 [
266 [ 'etag' => '"foo"', 'last-modified' => '20150818000102' ],
267 [],
268 true,
269 ],
270 [
271 [ 'etag' => '"foo"', 'last-modified' => '20150818000102' ],
272 [],
273 false,
274 true,
275 ],
276 ];
277 }
278
279 /**
280 * @covers ApiMain::lacksSameOriginSecurity
281 */
282 public function testLacksSameOriginSecurity() {
283 // Basic test
284 $main = new ApiMain( new FauxRequest( [ 'action' => 'query', 'meta' => 'siteinfo' ] ) );
285 $this->assertFalse( $main->lacksSameOriginSecurity(), 'Basic test, should have security' );
286
287 // JSONp
288 $main = new ApiMain(
289 new FauxRequest( [ 'action' => 'query', 'format' => 'xml', 'callback' => 'foo' ] )
290 );
291 $this->assertTrue( $main->lacksSameOriginSecurity(), 'JSONp, should lack security' );
292
293 // Header
294 $request = new FauxRequest( [ 'action' => 'query', 'meta' => 'siteinfo' ] );
295 $request->setHeader( 'TrEaT-As-UnTrUsTeD', '' ); // With falsey value!
296 $main = new ApiMain( $request );
297 $this->assertTrue( $main->lacksSameOriginSecurity(), 'Header supplied, should lack security' );
298
299 // Hook
300 $this->mergeMwGlobalArrayValue( 'wgHooks', [
301 'RequestHasSameOriginSecurity' => [ function () {
302 return false;
303 } ]
304 ] );
305 $main = new ApiMain( new FauxRequest( [ 'action' => 'query', 'meta' => 'siteinfo' ] ) );
306 $this->assertTrue( $main->lacksSameOriginSecurity(), 'Hook, should lack security' );
307 }
308 }
Wiklou, le Wiki du Wiklou