jenkins-bot has submitted this change and it was merged. (
https://gerrit.wikimedia.org/r/401192 )
Change subject: Add tests for ApiCheckToken
......................................................................
Add tests for ApiCheckToken
Bug: T183768
Change-Id: I63ab0413252c7333f73b881995869454c4881a57
---
A tests/phpunit/includes/api/ApiCheckTokenTest.php
1 file changed, 95 insertions(+), 0 deletions(-)
Approvals:
Legoktm: Looks good to me, approved
jenkins-bot: Verified
diff --git a/tests/phpunit/includes/api/ApiCheckTokenTest.php
b/tests/phpunit/includes/api/ApiCheckTokenTest.php
new file mode 100644
index 0000000..f1d95d0
--- /dev/null
+++ b/tests/phpunit/includes/api/ApiCheckTokenTest.php
@@ -0,0 +1,95 @@
+<?php
+
+use MediaWiki\Session\Token;
+
+/**
+ * @group API
+ * @group medium
+ * @covers ApiCheckToken
+ */
+class ApiCheckTokenTest extends ApiTestCase {
+
+ /**
+ * Test result of checking previously queried token (should be valid)
+ */
+ public function testCheckTokenValid() {
+ // Query token which will be checked later
+ $tokens = $this->doApiRequest( [
+ 'action' => 'query',
+ 'meta' => 'tokens',
+ ] );
+
+ $data = $this->doApiRequest( [
+ 'action' => 'checktoken',
+ 'type' => 'csrf',
+ 'token' => $tokens[0]['query']['tokens']['csrftoken'],
+ ], $tokens[1]->getSessionArray() );
+
+ $this->assertEquals( 'valid', $data[0]['checktoken']['result']
);
+ $this->assertArrayHasKey( 'generated', $data[0]['checktoken'] );
+ }
+
+ /**
+ * Test result of checking invalid token
+ */
+ public function testCheckTokenInvalid() {
+ $session = [];
+ $data = $this->doApiRequest( [
+ 'action' => 'checktoken',
+ 'type' => 'csrf',
+ 'token' => 'invalid_token',
+ ], $session );
+
+ $this->assertEquals( 'invalid',
$data[0]['checktoken']['result'] );
+ }
+
+ /**
+ * Test result of checking token with negative max age (should be
expired)
+ */
+ public function testCheckTokenExpired() {
+ // Query token which will be checked later
+ $tokens = $this->doApiRequest( [
+ 'action' => 'query',
+ 'meta' => 'tokens',
+ ] );
+
+ $data = $this->doApiRequest( [
+ 'action' => 'checktoken',
+ 'type' => 'csrf',
+ 'token' => $tokens[0]['query']['tokens']['csrftoken'],
+ 'maxtokenage' => -1,
+ ], $tokens[1]->getSessionArray() );
+
+ $this->assertEquals( 'expired',
$data[0]['checktoken']['result'] );
+ $this->assertArrayHasKey( 'generated', $data[0]['checktoken'] );
+ }
+
+ /**
+ * Test if using token with incorrect suffix will produce a warning
+ */
+ public function testCheckTokenSuffixWarning() {
+ // Query token which will be checked later
+ $tokens = $this->doApiRequest( [
+ 'action' => 'query',
+ 'meta' => 'tokens',
+ ] );
+
+ // Get token and change the suffix
+ $token = $tokens[0]['query']['tokens']['csrftoken'];
+ $token = substr( $token, 0, -strlen( Token::SUFFIX ) ) .
urldecode( Token::SUFFIX );
+
+ $data = $this->doApiRequest( [
+ 'action' => 'checktoken',
+ 'type' => 'csrf',
+ 'token' => $token,
+ 'errorformat' => 'raw',
+ ], $tokens[1]->getSessionArray() );
+
+ $this->assertEquals( 'invalid',
$data[0]['checktoken']['result'] );
+ $this->assertArrayHasKey( 'warnings', $data[0] );
+ $this->assertCount( 1, $data[0]['warnings'] );
+ $this->assertEquals( 'checktoken',
$data[0]['warnings'][0]['module'] );
+ $this->assertEquals( 'checktoken-percentencoding',
$data[0]['warnings'][0]['code'] );
+ }
+
+}
--
To view, visit https://gerrit.wikimedia.org/r/401192
To unsubscribe, visit https://gerrit.wikimedia.org/r/settings
Gerrit-MessageType: merged
Gerrit-Change-Id: I63ab0413252c7333f73b881995869454c4881a57
Gerrit-PatchSet: 5
Gerrit-Project: mediawiki/core
Gerrit-Branch: master
Gerrit-Owner: Phantom42 <nikita...@gmail.com>
Gerrit-Reviewer: Legoktm <lego...@member.fsf.org>
Gerrit-Reviewer: Phantom42 <nikita...@gmail.com>
Gerrit-Reviewer: jenkins-bot <>
_______________________________________________
MediaWiki-commits mailing list
MediaWiki-commits@lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits
