56 lines
1.2 KiB
PHP
56 lines
1.2 KiB
PHP
|
<?php
|
||
|
|
|
||
|
|
/**
|
||
|
|
* @group API
|
||
|
|
* @group Database
|
||
|
|
* @group medium
|
||
|
|
*
|
||
|
|
* @covers ApiLogout
|
||
|
|
*/
|
||
|
|
class ApiLogoutTest extends ApiTestCase {
|
||
|
|
public function setUp() {
|
||
|
|
parent::setUp();
|
||
|
|
}
|
||
|
|
|
||
|
|
public function testUserLogoutBadToken() {
|
||
|
|
try {
|
||
|
|
$token = 'invalid token';
|
||
|
|
$retLogout = $this->doUserLogout( $token );
|
||
|
|
}
|
||
|
|
catch ( ApiUsageException $e ) {
|
||
|
|
$exceptionMsg = $e->getMessage();
|
||
|
|
}
|
||
|
|
|
||
|
|
$this->assertSame( "Invalid CSRF token.", $exceptionMsg );
|
||
|
|
}
|
||
|
|
|
||
|
|
public function testUserLogout() {
|
||
|
|
// TODO: there has to be a cleaner way to make User::doLogout happy
|
||
|
|
global $wgUser;
|
||
|
|
$wgUser = User::newFromId( '127.0.0.1' );
|
||
|
|
|
||
|
|
$token = $this->getUserCsrfTokenFromApi();
|
||
|
|
$retLogout = $this->doUserLogout( $token );
|
||
|
|
$this->assertFalse( $wgUser->isLoggedIn() );
|
||
|
|
}
|
||
|
|
|
||
|
|
public function getUserCsrfTokenFromApi() {
|
||
|
|
$retToken = $this->doApiRequest( [
|
||
|
|
'action' => 'query',
|
||
|
|
'meta' => 'tokens',
|
||
|
|
'type' => 'csrf'
|
||
|
|
] );
|
||
|
|
|
||
|
|
$this->assertArrayNotHasKey( 'warnings', $retToken );
|
||
|
|
|
||
|
|
return $retToken[0]['query']['tokens']['csrftoken'];
|
||
|
|
}
|
||
|
|
|
||
|
|
public function doUserLogout( $logoutToken ) {
|
||
|
|
return $this->doApiRequest( [
|
||
|
|
'action' => 'logout',
|
||
|
|
'token' => $logoutToken
|
||
|
|
] );
|
||
|
|
}
|
||
|
|
}
|