jenkins-bot has submitted this change and it was merged. ( https://gerrit.wikimedia.org/r/401192 )
Change subject: Add tests for ApiCheckToken ...................................................................... Add tests for ApiCheckToken Bug: T183768 Change-Id: I63ab0413252c7333f73b881995869454c4881a57 --- A tests/phpunit/includes/api/ApiCheckTokenTest.php 1 file changed, 95 insertions(+), 0 deletions(-) Approvals: Legoktm: Looks good to me, approved jenkins-bot: Verified diff --git a/tests/phpunit/includes/api/ApiCheckTokenTest.php b/tests/phpunit/includes/api/ApiCheckTokenTest.php new file mode 100644 index 0000000..f1d95d0 --- /dev/null +++ b/tests/phpunit/includes/api/ApiCheckTokenTest.php @@ -0,0 +1,95 @@ +<?php + +use MediaWiki\Session\Token; + +/** + * @group API + * @group medium + * @covers ApiCheckToken + */ +class ApiCheckTokenTest extends ApiTestCase { + + /** + * Test result of checking previously queried token (should be valid) + */ + public function testCheckTokenValid() { + // Query token which will be checked later + $tokens = $this->doApiRequest( [ + 'action' => 'query', + 'meta' => 'tokens', + ] ); + + $data = $this->doApiRequest( [ + 'action' => 'checktoken', + 'type' => 'csrf', + 'token' => $tokens[0]['query']['tokens']['csrftoken'], + ], $tokens[1]->getSessionArray() ); + + $this->assertEquals( 'valid', $data[0]['checktoken']['result'] ); + $this->assertArrayHasKey( 'generated', $data[0]['checktoken'] ); + } + + /** + * Test result of checking invalid token + */ + public function testCheckTokenInvalid() { + $session = []; + $data = $this->doApiRequest( [ + 'action' => 'checktoken', + 'type' => 'csrf', + 'token' => 'invalid_token', + ], $session ); + + $this->assertEquals( 'invalid', $data[0]['checktoken']['result'] ); + } + + /** + * Test result of checking token with negative max age (should be expired) + */ + public function testCheckTokenExpired() { + // Query token which will be checked later + $tokens = $this->doApiRequest( [ + 'action' => 'query', + 'meta' => 'tokens', + ] ); + + $data = $this->doApiRequest( [ + 'action' => 'checktoken', + 'type' => 'csrf', + 'token' => $tokens[0]['query']['tokens']['csrftoken'], + 'maxtokenage' => -1, + ], $tokens[1]->getSessionArray() ); + + $this->assertEquals( 'expired', $data[0]['checktoken']['result'] ); + $this->assertArrayHasKey( 'generated', $data[0]['checktoken'] ); + } + + /** + * Test if using token with incorrect suffix will produce a warning + */ + public function testCheckTokenSuffixWarning() { + // Query token which will be checked later + $tokens = $this->doApiRequest( [ + 'action' => 'query', + 'meta' => 'tokens', + ] ); + + // Get token and change the suffix + $token = $tokens[0]['query']['tokens']['csrftoken']; + $token = substr( $token, 0, -strlen( Token::SUFFIX ) ) . urldecode( Token::SUFFIX ); + + $data = $this->doApiRequest( [ + 'action' => 'checktoken', + 'type' => 'csrf', + 'token' => $token, + 'errorformat' => 'raw', + ], $tokens[1]->getSessionArray() ); + + $this->assertEquals( 'invalid', $data[0]['checktoken']['result'] ); + $this->assertArrayHasKey( 'warnings', $data[0] ); + $this->assertCount( 1, $data[0]['warnings'] ); + $this->assertEquals( 'checktoken', $data[0]['warnings'][0]['module'] ); + $this->assertEquals( 'checktoken-percentencoding', $data[0]['warnings'][0]['code'] ); + } + +} -- To view, visit https://gerrit.wikimedia.org/r/401192 To unsubscribe, visit https://gerrit.wikimedia.org/r/settings Gerrit-MessageType: merged Gerrit-Change-Id: I63ab0413252c7333f73b881995869454c4881a57 Gerrit-PatchSet: 5 Gerrit-Project: mediawiki/core Gerrit-Branch: master Gerrit-Owner: Phantom42 <nikita...@gmail.com> Gerrit-Reviewer: Legoktm <lego...@member.fsf.org> Gerrit-Reviewer: Phantom42 <nikita...@gmail.com> Gerrit-Reviewer: jenkins-bot <> _______________________________________________ MediaWiki-commits mailing list MediaWiki-commits@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits