dépôts / lhc / web / wiklou.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 1231395)
API: Add assertuser parameter
authorBrad Jorsch <bjorsch@wikimedia.org>
Wed, 5 Oct 2016 14:35:47 +0000 (10:35 -0400)
committerBrad Jorsch <bjorsch@wikimedia.org>
Wed, 5 Oct 2016 20:32:39 +0000 (16:32 -0400)
This was requested for the use of scripts that are concerned about the
possibility that the user might log in with a different account in
another browser window, thereby changing the expected user out from
underneath the script.

Bug: T146770
Change-Id: I94e0421cb263a418e86649f0d22ece4cfec6a395

RELEASE-NOTES-1.28 patch | blob | history
includes/api/ApiMain.php patch | blob | history
includes/api/i18n/en.json patch | blob | history
includes/api/i18n/qqq.json patch | blob | history
tests/phpunit/includes/api/ApiMainTest.php patch | blob | history

diff --git a/RELEASE-NOTES-1.28 b/RELEASE-NOTES-1.28
index 8b7dced..a078e09 100644 (file)
--- a/RELEASE-NOTES-1.28
+++ b/RELEASE-NOTES-1.28
@@ -114,6 +114,8 @@ production.
   indicated by a 'fromencoded' boolean alongside the existing 'from' parameter.
 * (T28680) action=paraminfo can now return info about all submodules of a
   module without listing them all explicitly.
   indicated by a 'fromencoded' boolean alongside the existing 'from' parameter.
 * (T28680) action=paraminfo can now return info about all submodules of a
   module without listing them all explicitly.
+* (T146770) It is now possible to assert that the current user is a specific
+  named user, using the 'assertuser' parameter.
 
 === Action API internal changes in 1.28 ===
 * Added a new hook, 'ApiMakeParserOptions', to allow extensions to better
 
 === Action API internal changes in 1.28 ===
 * Added a new hook, 'ApiMakeParserOptions', to allow extensions to better
diff --git a/includes/api/ApiMain.php b/includes/api/ApiMain.php
index 8d5af59..c8f4460 100644 (file)
--- a/includes/api/ApiMain.php
+++ b/includes/api/ApiMain.php
@@ -1361,6 +1361,15 @@ class ApiMain extends ApiBase {
                                        break;
                        }
                }
                                        break;
                        }
                }
+               if ( isset( $params['assertuser'] ) ) {
+                       $assertUser = User::newFromName( $params['assertuser'], false );
+                       if ( !$assertUser || !$this->getUser()->equals( $assertUser ) ) {
+                               $this->dieUsage(
+                                       'Assertion that the user is "' . $params['assertuser'] . '" failed',
+                                       'assertnameduserfailed'
+                               );
+                       }
+               }
        }
 
        /**
        }
 
        /**
@@ -1661,6 +1670,9 @@ class ApiMain extends ApiBase {
                        'assert' => [
                                ApiBase::PARAM_TYPE => [ 'user', 'bot' ]
                        ],
                        'assert' => [
                                ApiBase::PARAM_TYPE => [ 'user', 'bot' ]
                        ],
+                       'assertuser' => [
+                               ApiBase::PARAM_TYPE => 'user',
+                       ],
                        'requestid' => null,
                        'servedby' => false,
                        'curtimestamp' => false,
                        'requestid' => null,
                        'servedby' => false,
                        'curtimestamp' => false,
diff --git a/includes/api/i18n/en.json b/includes/api/i18n/en.json
index 40388f9..05f606d 100644 (file)
--- a/includes/api/i18n/en.json
+++ b/includes/api/i18n/en.json
@@ -13,6 +13,7 @@
        "apihelp-main-param-smaxage": "Set the <code>s-maxage</code> HTTP cache control header to this many seconds. Errors are never cached.",
        "apihelp-main-param-maxage": "Set the <code>max-age</code> HTTP cache control header to this many seconds. Errors are never cached.",
        "apihelp-main-param-assert": "Verify the user is logged in if set to <kbd>user</kbd>, or has the bot user right if <kbd>bot</kbd>.",
        "apihelp-main-param-smaxage": "Set the <code>s-maxage</code> HTTP cache control header to this many seconds. Errors are never cached.",
        "apihelp-main-param-maxage": "Set the <code>max-age</code> HTTP cache control header to this many seconds. Errors are never cached.",
        "apihelp-main-param-assert": "Verify the user is logged in if set to <kbd>user</kbd>, or has the bot user right if <kbd>bot</kbd>.",
+       "apihelp-main-param-assertuser": "Verify the current user is the named user.",
        "apihelp-main-param-requestid": "Any value given here will be included in the response. May be used to distinguish requests.",
        "apihelp-main-param-servedby": "Include the hostname that served the request in the results.",
        "apihelp-main-param-curtimestamp": "Include the current timestamp in the result.",
        "apihelp-main-param-requestid": "Any value given here will be included in the response. May be used to distinguish requests.",
        "apihelp-main-param-servedby": "Include the hostname that served the request in the results.",
        "apihelp-main-param-curtimestamp": "Include the current timestamp in the result.",
diff --git a/includes/api/i18n/qqq.json b/includes/api/i18n/qqq.json
index caa89b5..8deda75 100644 (file)
--- a/includes/api/i18n/qqq.json
+++ b/includes/api/i18n/qqq.json
@@ -22,6 +22,7 @@
        "apihelp-main-param-smaxage": "{{doc-apihelp-param|main|smaxage}}",
        "apihelp-main-param-maxage": "{{doc-apihelp-param|main|maxage}}",
        "apihelp-main-param-assert": "{{doc-apihelp-param|main|assert}}",
        "apihelp-main-param-smaxage": "{{doc-apihelp-param|main|smaxage}}",
        "apihelp-main-param-maxage": "{{doc-apihelp-param|main|maxage}}",
        "apihelp-main-param-assert": "{{doc-apihelp-param|main|assert}}",
+       "apihelp-main-param-assertuser": "{{doc-apihelp-param|main|assertuser}}",
        "apihelp-main-param-requestid": "{{doc-apihelp-param|main|requestid}}",
        "apihelp-main-param-servedby": "{{doc-apihelp-param|main|servedby}}",
        "apihelp-main-param-curtimestamp": "{{doc-apihelp-param|main|curtimestamp}}",
        "apihelp-main-param-requestid": "{{doc-apihelp-param|main|requestid}}",
        "apihelp-main-param-servedby": "{{doc-apihelp-param|main|servedby}}",
        "apihelp-main-param-curtimestamp": "{{doc-apihelp-param|main|curtimestamp}}",
diff --git a/tests/phpunit/includes/api/ApiMainTest.php b/tests/phpunit/includes/api/ApiMainTest.php
index 334e3b8..c111949 100644 (file)
--- a/tests/phpunit/includes/api/ApiMainTest.php
+++ b/tests/phpunit/includes/api/ApiMainTest.php
@@ -58,6 +58,29 @@ class ApiMainTest extends ApiTestCase {
                }
        }
 
                }
        }
 
+       /**
+        * Tests the assertuser= functionality
+        *
+        * @covers ApiMain::checkAsserts
+        */
+       public function testAssertUser() {
+               $user = $this->getTestUser()->getUser();
+               $this->doApiRequest( [
+                       'action' => 'query',
+                       'assertuser' => $user->getName(),
+               ], null, null, $user );
+
+               try {
+                       $this->doApiRequest( [
+                               'action' => 'query',
+                               'assertuser' => $user->getName() . 'X',
+                       ], null, null, $user );
+                       $this->fail( 'Expected exception not thrown' );
+               } catch ( UsageException $e ) {
+                       $this->assertEquals( $e->getCodeString(), 'assertnameduserfailed' );
+               }
+       }
+
        /**
         * Test if all classes in the main module manager exists
         */
        /**
         * Test if all classes in the main module manager exists
         */
Wiklou, le Wiki du Wiklou