Thijs/wiki.techinc.nl
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
wiki.techinc.nl/tests/phpunit/includes/api/ApiLoginTest.php

302 lines
8 KiB
PHP
Raw Normal View History

Per wikitech-l discussion: Move tests from maintenance/tests/ to tests/. They're not strictly maintenance scripts, and some people want to do a selective checkout that doesn't include the tests. There's still debate on whether we should include these in the release downloads, but we had a pretty firm consensus to move this.
2010-12-14 16:26:35 +00:00
<?php
Switch to librarized version of TestingAccessWrapper Replaces \TestingAccessWrapper (defined in core) with \Wikimedia\TestingAccessWrapper (defined in the composer package wikimedia/testing-access-wrapper). See https://gerrit.wikimedia.org/r/#/q/topic:librarize-testing-access-wrapper for downstream patches. The core version of the class is kept around for a while to avoid circular dependency problems. Bug: T163434 Change-Id: I52cc257e593da3d6c3b01a909e554a950225aec8
2017-04-19 19:37:35 +00:00
use Wikimedia\TestingAccessWrapper;
Per wikitech-l discussion: Move tests from maintenance/tests/ to tests/. They're not strictly maintenance scripts, and some people want to do a selective checkout that doesn't include the tests. There's still debate on whether we should include these in the release downloads, but we had a pretty firm consensus to move this.
2010-12-14 16:26:35 +00:00
/**
Regroup all API tests in the 'API' PHPUnit group That will let us tests all the API tests by using PHPUnit group filtering such as: php phpunit.php --group API Also cleaned some whitespaces Patchset-4: skipped files that had only whitespace changes Change-Id: I51e03d910521b061f505e3a9b11a08c7b95f1538
2012-04-02 13:33:43 +00:00
* @group API
Per wikitech-l discussion: Move tests from maintenance/tests/ to tests/. They're not strictly maintenance scripts, and some people want to do a selective checkout that doesn't include the tests. There's still debate on whether we should include these in the release downloads, but we had a pretty firm consensus to move this.
2010-12-14 16:26:35 +00:00
* @group Database
(bug 43762) Mark slow unit test as @group medium All tests based on APITestCase can be slow. I've also seen more than one Jenkins failure due to GlobalTest::testMerge timing out. Also, added a meta-test on APITestCase to make sure that all its subclasses are marked with @group medium or @group large, to prevent new tests from re-causing the bug. Change-Id: I48630736a3d06574876fd1fa3d90899cfbc48012
2013-01-18 19:02:28 +00:00
* @group medium
Split ApiTest class into seperate module classes Also! - adds @covers tags Change-Id: I6d4f98f75cd3c2a52c982ece6dd295a4bf84a6fa
2013-10-23 15:36:40 +00:00
*
* @covers ApiLogin
Per wikitech-l discussion: Move tests from maintenance/tests/ to tests/. They're not strictly maintenance scripts, and some people want to do a selective checkout that doesn't include the tests. There's still debate on whether we should include these in the release downloads, but we had a pretty firm consensus to move this.
2010-12-14 16:26:35 +00:00
*/
Split ApiTest class into seperate module classes Also! - adds @covers tags Change-Id: I6d4f98f75cd3c2a52c982ece6dd295a4bf84a6fa
2013-10-23 15:36:40 +00:00
class ApiLoginTest extends ApiTestCase {
Per wikitech-l discussion: Move tests from maintenance/tests/ to tests/. They're not strictly maintenance scripts, and some people want to do a selective checkout that doesn't include the tests. There's still debate on whether we should include these in the release downloads, but we had a pretty firm consensus to move this.
2010-12-14 16:26:35 +00:00
/**
* Test result of attempted login with an empty username
*/
Fix scope on all /phpunit test methods Change-Id: I3ce92463d485a0fb23e464e9a8059330f32d79af
2013-10-23 22:51:31 +00:00
public function testApiLoginNoName() {
Convert all array() syntax to [] Per wikitech-l consensus: https://lists.wikimedia.org/pipermail/wikitech-l/2016-February/084821.html Notes: * Disabled CallTimePassByReference due to false positives (T127163) Change-Id: I2c8ce713ce6600a0bb7bf67537c87044c7a45c4b
2016-02-17 09:09:32 +00:00
$session = [
'wsTokenSecrets' => [ 'login' => 'foobar' ],
];
$data = $this->doApiRequest( [ 'action' => 'login',
Remove uses of deprecated TestUser properties Change-Id: Ib44c66492e27516dfe205a5e428ebfd6b0fcdfd9
2016-05-06 15:06:46 +00:00
'lgname' => '', 'lgpassword' => self::$users['sysop']->getPassword(),
Revert "Remove SessionManager, temporarily" This reverts commit 823db5d63dd5200d04c63da50ba6bf16f928e70b. Change-Id: Ibb3e023e4eb6715295586dea87d0725c344a8271
2016-02-01 20:44:03 +00:00
'lgtoken' => (string)( new MediaWiki\Session\Token( 'foobar', '' ) )
Convert all array() syntax to [] Per wikitech-l consensus: https://lists.wikimedia.org/pipermail/wikitech-l/2016-February/084821.html Notes: * Disabled CallTimePassByReference due to false positives (T127163) Change-Id: I2c8ce713ce6600a0bb7bf67537c87044c7a45c4b
2016-02-17 09:09:32 +00:00
], $session );
Remove $wgDisableAuthManager Change-Id: I2b2c9693a275fcc026916bd97f303e7a5c8df341
2016-04-01 16:49:26 +00:00
$this->assertEquals( 'Failed', $data[0]['login']['result'] );
Per wikitech-l discussion: Move tests from maintenance/tests/ to tests/. They're not strictly maintenance scripts, and some people want to do a selective checkout that doesn't include the tests. There's still debate on whether we should include these in the release downloads, but we had a pretty firm consensus to move this.
2010-12-14 16:26:35 +00:00
}
Fix scope on all /phpunit test methods Change-Id: I3ce92463d485a0fb23e464e9a8059330f32d79af
2013-10-23 22:51:31 +00:00
public function testApiLoginBadPass() {
Remove $wgDisableAuthManager Change-Id: I2b2c9693a275fcc026916bd97f303e7a5c8df341
2016-04-01 16:49:26 +00:00
global $wgServer;
Per wikitech-l discussion: Move tests from maintenance/tests/ to tests/. They're not strictly maintenance scripts, and some people want to do a selective checkout that doesn't include the tests. There's still debate on whether we should include these in the release downloads, but we had a pretty firm consensus to move this.
2010-12-14 16:26:35 +00:00
Merge ApiTestSetup into ApiTestCase and update all subclasses. The amount of duplication here was nasty, and also lets us get rid of a bunch of useless require_once()s. ./phpunit.php --filter Api currently gives me: Tests: 24, Assertions: 107, Incomplete: 1, Skipped: 2.
2011-07-01 16:34:02 +00:00
$user = self::$users['sysop'];
Remove uses of deprecated TestUser properties Change-Id: Ib44c66492e27516dfe205a5e428ebfd6b0fcdfd9
2016-05-06 15:06:46 +00:00
$userName = $user->getUser()->getName();
Fix numerous class/function casing Change-Id: I23982bfa0548c9ea3bdb432be7982f1563930715
2016-03-18 13:55:54 +00:00
$user->getUser()->logout();
Per wikitech-l discussion: Move tests from maintenance/tests/ to tests/. They're not strictly maintenance scripts, and some people want to do a selective checkout that doesn't include the tests. There's still debate on whether we should include these in the release downloads, but we had a pretty firm consensus to move this.
2010-12-14 16:26:35 +00:00
if ( !isset( $wgServer ) ) {
$this->markTestIncomplete( 'This test needs $wgServer to be set in LocalSettings.php' );
}
Convert all array() syntax to [] Per wikitech-l consensus: https://lists.wikimedia.org/pipermail/wikitech-l/2016-February/084821.html Notes: * Disabled CallTimePassByReference due to false positives (T127163) Change-Id: I2c8ce713ce6600a0bb7bf67537c87044c7a45c4b
2016-02-17 09:09:32 +00:00
$ret = $this->doApiRequest( [
Per wikitech-l discussion: Move tests from maintenance/tests/ to tests/. They're not strictly maintenance scripts, and some people want to do a selective checkout that doesn't include the tests. There's still debate on whether we should include these in the release downloads, but we had a pretty firm consensus to move this.
2010-12-14 16:26:35 +00:00
"action" => "login",
Remove uses of deprecated TestUser properties Change-Id: Ib44c66492e27516dfe205a5e428ebfd6b0fcdfd9
2016-05-06 15:06:46 +00:00
"lgname" => $userName,
Per wikitech-l discussion: Move tests from maintenance/tests/ to tests/. They're not strictly maintenance scripts, and some people want to do a selective checkout that doesn't include the tests. There's still debate on whether we should include these in the release downloads, but we had a pretty firm consensus to move this.
2010-12-14 16:26:35 +00:00
"lgpassword" => "bad",
Convert all array() syntax to [] Per wikitech-l consensus: https://lists.wikimedia.org/pipermail/wikitech-l/2016-February/084821.html Notes: * Disabled CallTimePassByReference due to false positives (T127163) Change-Id: I2c8ce713ce6600a0bb7bf67537c87044c7a45c4b
2016-02-17 09:09:32 +00:00
] );
Per wikitech-l discussion: Move tests from maintenance/tests/ to tests/. They're not strictly maintenance scripts, and some people want to do a selective checkout that doesn't include the tests. There's still debate on whether we should include these in the release downloads, but we had a pretty firm consensus to move this.
2010-12-14 16:26:35 +00:00
$result = $ret[0];
assertType() is deprecated, switching usages tp assertInternalType() and assertInstanceOf()
2010-12-28 15:13:42 +00:00
$this->assertNotInternalType( "bool", $result );
Per wikitech-l discussion: Move tests from maintenance/tests/ to tests/. They're not strictly maintenance scripts, and some people want to do a selective checkout that doesn't include the tests. There's still debate on whether we should include these in the release downloads, but we had a pretty firm consensus to move this.
2010-12-14 16:26:35 +00:00
$a = $result["login"]["result"];
$this->assertEquals( "NeedToken", $a );
$token = $result["login"]["token"];
Update formatting 3 of n. Change-Id: I62ad009018c54da6cf081c334e44eb98a3c72695
2013-02-14 11:56:23 +00:00
$ret = $this->doApiRequest(
Convert all array() syntax to [] Per wikitech-l consensus: https://lists.wikimedia.org/pipermail/wikitech-l/2016-February/084821.html Notes: * Disabled CallTimePassByReference due to false positives (T127163) Change-Id: I2c8ce713ce6600a0bb7bf67537c87044c7a45c4b
2016-02-17 09:09:32 +00:00
[
Update formatting 3 of n. Change-Id: I62ad009018c54da6cf081c334e44eb98a3c72695
2013-02-14 11:56:23 +00:00
"action" => "login",
"lgtoken" => $token,
Remove uses of deprecated TestUser properties Change-Id: Ib44c66492e27516dfe205a5e428ebfd6b0fcdfd9
2016-05-06 15:06:46 +00:00
"lgname" => $userName,
Update formatting 3 of n. Change-Id: I62ad009018c54da6cf081c334e44eb98a3c72695
2013-02-14 11:56:23 +00:00
"lgpassword" => "badnowayinhell",
Convert all array() syntax to [] Per wikitech-l consensus: https://lists.wikimedia.org/pipermail/wikitech-l/2016-February/084821.html Notes: * Disabled CallTimePassByReference due to false positives (T127163) Change-Id: I2c8ce713ce6600a0bb7bf67537c87044c7a45c4b
2016-02-17 09:09:32 +00:00
],
Update formatting 3 of n. Change-Id: I62ad009018c54da6cf081c334e44eb98a3c72695
2013-02-14 11:56:23 +00:00
$ret[2]
Per wikitech-l discussion: Move tests from maintenance/tests/ to tests/. They're not strictly maintenance scripts, and some people want to do a selective checkout that doesn't include the tests. There's still debate on whether we should include these in the release downloads, but we had a pretty firm consensus to move this.
2010-12-14 16:26:35 +00:00
);
$result = $ret[0];
assertType() is deprecated, switching usages tp assertInternalType() and assertInstanceOf()
2010-12-28 15:13:42 +00:00
$this->assertNotInternalType( "bool", $result );
Per wikitech-l discussion: Move tests from maintenance/tests/ to tests/. They're not strictly maintenance scripts, and some people want to do a selective checkout that doesn't include the tests. There's still debate on whether we should include these in the release downloads, but we had a pretty firm consensus to move this.
2010-12-14 16:26:35 +00:00
$a = $result["login"]["result"];
Remove $wgDisableAuthManager Change-Id: I2b2c9693a275fcc026916bd97f303e7a5c8df341
2016-04-01 16:49:26 +00:00
$this->assertEquals( 'Failed', $a );
Per wikitech-l discussion: Move tests from maintenance/tests/ to tests/. They're not strictly maintenance scripts, and some people want to do a selective checkout that doesn't include the tests. There's still debate on whether we should include these in the release downloads, but we had a pretty firm consensus to move this.
2010-12-14 16:26:35 +00:00
}
Fix scope on all /phpunit test methods Change-Id: I3ce92463d485a0fb23e464e9a8059330f32d79af
2013-10-23 22:51:31 +00:00
public function testApiLoginGoodPass() {
Per wikitech-l discussion: Move tests from maintenance/tests/ to tests/. They're not strictly maintenance scripts, and some people want to do a selective checkout that doesn't include the tests. There's still debate on whether we should include these in the release downloads, but we had a pretty firm consensus to move this.
2010-12-14 16:26:35 +00:00
global $wgServer;
if ( !isset( $wgServer ) ) {
$this->markTestIncomplete( 'This test needs $wgServer to be set in LocalSettings.php' );
}
Merge ApiTestSetup into ApiTestCase and update all subclasses. The amount of duplication here was nasty, and also lets us get rid of a bunch of useless require_once()s. ./phpunit.php --filter Api currently gives me: Tests: 24, Assertions: 107, Incomplete: 1, Skipped: 2.
2011-07-01 16:34:02 +00:00
$user = self::$users['sysop'];
Remove uses of deprecated TestUser properties Change-Id: Ib44c66492e27516dfe205a5e428ebfd6b0fcdfd9
2016-05-06 15:06:46 +00:00
$userName = $user->getUser()->getName();
$password = $user->getPassword();
Fix numerous class/function casing Change-Id: I23982bfa0548c9ea3bdb432be7982f1563930715
2016-03-18 13:55:54 +00:00
$user->getUser()->logout();
Per wikitech-l discussion: Move tests from maintenance/tests/ to tests/. They're not strictly maintenance scripts, and some people want to do a selective checkout that doesn't include the tests. There's still debate on whether we should include these in the release downloads, but we had a pretty firm consensus to move this.
2010-12-14 16:26:35 +00:00
Convert all array() syntax to [] Per wikitech-l consensus: https://lists.wikimedia.org/pipermail/wikitech-l/2016-February/084821.html Notes: * Disabled CallTimePassByReference due to false positives (T127163) Change-Id: I2c8ce713ce6600a0bb7bf67537c87044c7a45c4b
2016-02-17 09:09:32 +00:00
$ret = $this->doApiRequest( [
Update formatting 3 of n. Change-Id: I62ad009018c54da6cf081c334e44eb98a3c72695
2013-02-14 11:56:23 +00:00
"action" => "login",
Remove uses of deprecated TestUser properties Change-Id: Ib44c66492e27516dfe205a5e428ebfd6b0fcdfd9
2016-05-06 15:06:46 +00:00
"lgname" => $userName,
"lgpassword" => $password,
Convert all array() syntax to [] Per wikitech-l consensus: https://lists.wikimedia.org/pipermail/wikitech-l/2016-February/084821.html Notes: * Disabled CallTimePassByReference due to false positives (T127163) Change-Id: I2c8ce713ce6600a0bb7bf67537c87044c7a45c4b
2016-02-17 09:09:32 +00:00
]
Per wikitech-l discussion: Move tests from maintenance/tests/ to tests/. They're not strictly maintenance scripts, and some people want to do a selective checkout that doesn't include the tests. There's still debate on whether we should include these in the release downloads, but we had a pretty firm consensus to move this.
2010-12-14 16:26:35 +00:00
);
$result = $ret[0];
assertType() is deprecated, switching usages tp assertInternalType() and assertInstanceOf()
2010-12-28 15:13:42 +00:00
$this->assertNotInternalType( "bool", $result );
$this->assertNotInternalType( "null", $result["login"] );
Per wikitech-l discussion: Move tests from maintenance/tests/ to tests/. They're not strictly maintenance scripts, and some people want to do a selective checkout that doesn't include the tests. There's still debate on whether we should include these in the release downloads, but we had a pretty firm consensus to move this.
2010-12-14 16:26:35 +00:00
$a = $result["login"]["result"];
$this->assertEquals( "NeedToken", $a );
$token = $result["login"]["token"];
Update formatting 3 of n. Change-Id: I62ad009018c54da6cf081c334e44eb98a3c72695
2013-02-14 11:56:23 +00:00
$ret = $this->doApiRequest(
Convert all array() syntax to [] Per wikitech-l consensus: https://lists.wikimedia.org/pipermail/wikitech-l/2016-February/084821.html Notes: * Disabled CallTimePassByReference due to false positives (T127163) Change-Id: I2c8ce713ce6600a0bb7bf67537c87044c7a45c4b
2016-02-17 09:09:32 +00:00
[
Update formatting 3 of n. Change-Id: I62ad009018c54da6cf081c334e44eb98a3c72695
2013-02-14 11:56:23 +00:00
"action" => "login",
"lgtoken" => $token,
Remove uses of deprecated TestUser properties Change-Id: Ib44c66492e27516dfe205a5e428ebfd6b0fcdfd9
2016-05-06 15:06:46 +00:00
"lgname" => $userName,
"lgpassword" => $password,
Convert all array() syntax to [] Per wikitech-l consensus: https://lists.wikimedia.org/pipermail/wikitech-l/2016-February/084821.html Notes: * Disabled CallTimePassByReference due to false positives (T127163) Change-Id: I2c8ce713ce6600a0bb7bf67537c87044c7a45c4b
2016-02-17 09:09:32 +00:00
],
Update formatting 3 of n. Change-Id: I62ad009018c54da6cf081c334e44eb98a3c72695
2013-02-14 11:56:23 +00:00
$ret[2]
Per wikitech-l discussion: Move tests from maintenance/tests/ to tests/. They're not strictly maintenance scripts, and some people want to do a selective checkout that doesn't include the tests. There's still debate on whether we should include these in the release downloads, but we had a pretty firm consensus to move this.
2010-12-14 16:26:35 +00:00
);
$result = $ret[0];
assertType() is deprecated, switching usages tp assertInternalType() and assertInstanceOf()
2010-12-28 15:13:42 +00:00
$this->assertNotInternalType( "bool", $result );
Per wikitech-l discussion: Move tests from maintenance/tests/ to tests/. They're not strictly maintenance scripts, and some people want to do a selective checkout that doesn't include the tests. There's still debate on whether we should include these in the release downloads, but we had a pretty firm consensus to move this.
2010-12-14 16:26:35 +00:00
$a = $result["login"]["result"];
$this->assertEquals( "Success", $a );
}
* ApiTest: mark testApiGotCookie() broken, since it is * ApiTest: partially cleanup testApiListPages() to make it not depend on broken testApiGotCookie(). Not sure what we're testing here, so still marking incomplete. * ApiWatchTest: mark testWatchClear() as broken rather than skipped due to failing testWatchEdit(). This class needs some love <3
2011-08-02 04:04:03 +00:00
/**
* @group Broken
*/
Split ApiTest class into seperate module classes Also! - adds @covers tags Change-Id: I6d4f98f75cd3c2a52c982ece6dd295a4bf84a6fa
2013-10-23 15:36:40 +00:00
public function testApiLoginGotCookie() {
Pass phpcs-strict on some test files (5/x) Change-Id: I690645cd8a9b1165dcc8271b201c695ea9391226
2014-04-24 15:05:10 +00:00
$this->markTestIncomplete( "The server can't do external HTTP requests, "
. "and the internal one won't give cookies" );
Per wikitech-l discussion: Move tests from maintenance/tests/ to tests/. They're not strictly maintenance scripts, and some people want to do a selective checkout that doesn't include the tests. There's still debate on whether we should include these in the release downloads, but we had a pretty firm consensus to move this.
2010-12-14 16:26:35 +00:00
global $wgServer, $wgScriptPath;
if ( !isset( $wgServer ) ) {
$this->markTestIncomplete( 'This test needs $wgServer to be set in LocalSettings.php' );
}
Merge ApiTestSetup into ApiTestCase and update all subclasses. The amount of duplication here was nasty, and also lets us get rid of a bunch of useless require_once()s. ./phpunit.php --filter Api currently gives me: Tests: 24, Assertions: 107, Incomplete: 1, Skipped: 2.
2011-07-01 16:34:02 +00:00
$user = self::$users['sysop'];
Remove uses of deprecated TestUser properties Change-Id: Ib44c66492e27516dfe205a5e428ebfd6b0fcdfd9
2016-05-06 15:06:46 +00:00
$userName = $user->getUser()->getName();
$password = $user->getPassword();
Merge ApiTestSetup into ApiTestCase and update all subclasses. The amount of duplication here was nasty, and also lets us get rid of a bunch of useless require_once()s. ./phpunit.php --filter Api currently gives me: Tests: 24, Assertions: 107, Incomplete: 1, Skipped: 2.
2011-07-01 16:34:02 +00:00
Per wikitech-l discussion: Move tests from maintenance/tests/ to tests/. They're not strictly maintenance scripts, and some people want to do a selective checkout that doesn't include the tests. There's still debate on whether we should include these in the release downloads, but we had a pretty firm consensus to move this.
2010-12-14 16:26:35 +00:00
$req = MWHttpRequest::factory( self::$apiUrl . "?action=login&format=xml",
Convert all array() syntax to [] Per wikitech-l consensus: https://lists.wikimedia.org/pipermail/wikitech-l/2016-February/084821.html Notes: * Disabled CallTimePassByReference due to false positives (T127163) Change-Id: I2c8ce713ce6600a0bb7bf67537c87044c7a45c4b
2016-02-17 09:09:32 +00:00
[ "method" => "POST",
"postData" => [
Remove uses of deprecated TestUser properties Change-Id: Ib44c66492e27516dfe205a5e428ebfd6b0fcdfd9
2016-05-06 15:06:46 +00:00
"lgname" => $userName,
"lgpassword" => $password
Convert all array() syntax to [] Per wikitech-l consensus: https://lists.wikimedia.org/pipermail/wikitech-l/2016-February/084821.html Notes: * Disabled CallTimePassByReference due to false positives (T127163) Change-Id: I2c8ce713ce6600a0bb7bf67537c87044c7a45c4b
2016-02-17 09:09:32 +00:00
]
],
Profile all external HTTP requests from MW Change-Id: Ie980b080da2ef21ec7d9fc32f1accc55710de140
2015-02-27 17:08:06 +00:00
__METHOD__
Update formatting 3 of n. Change-Id: I62ad009018c54da6cf081c334e44eb98a3c72695
2013-02-14 11:56:23 +00:00
);
Per wikitech-l discussion: Move tests from maintenance/tests/ to tests/. They're not strictly maintenance scripts, and some people want to do a selective checkout that doesn't include the tests. There's still debate on whether we should include these in the release downloads, but we had a pretty firm consensus to move this.
2010-12-14 16:26:35 +00:00
$req->execute();
libxml_use_internal_errors( true );
$sxe = simplexml_load_string( $req->getContent() );
assertType() is deprecated, switching usages tp assertInternalType() and assertInstanceOf()
2010-12-28 15:13:42 +00:00
$this->assertNotInternalType( "bool", $sxe );
Use ::class to resolve class names in tests This helps to find renamed or misspelled classes earlier. Phan will check the class names Change-Id: Ie541a7baae10ab6f5c13f95ac2ff6598b8f8950c
2018-01-13 00:02:09 +00:00
$this->assertThat( $sxe, $this->isInstanceOf( SimpleXMLElement::class ) );
assertType() is deprecated, switching usages tp assertInternalType() and assertInstanceOf()
2010-12-28 15:13:42 +00:00
$this->assertNotInternalType( "null", $sxe->login[0] );
Per wikitech-l discussion: Move tests from maintenance/tests/ to tests/. They're not strictly maintenance scripts, and some people want to do a selective checkout that doesn't include the tests. There's still debate on whether we should include these in the release downloads, but we had a pretty firm consensus to move this.
2010-12-14 16:26:35 +00:00
$a = $sxe->login[0]->attributes()->result[0];
$this->assertEquals( ' result="NeedToken"', $a->asXML() );
$token = (string)$sxe->login[0]->attributes()->token;
Convert all array() syntax to [] Per wikitech-l consensus: https://lists.wikimedia.org/pipermail/wikitech-l/2016-February/084821.html Notes: * Disabled CallTimePassByReference due to false positives (T127163) Change-Id: I2c8ce713ce6600a0bb7bf67537c87044c7a45c4b
2016-02-17 09:09:32 +00:00
$req->setData( [
Per wikitech-l discussion: Move tests from maintenance/tests/ to tests/. They're not strictly maintenance scripts, and some people want to do a selective checkout that doesn't include the tests. There's still debate on whether we should include these in the release downloads, but we had a pretty firm consensus to move this.
2010-12-14 16:26:35 +00:00
"lgtoken" => $token,
Remove uses of deprecated TestUser properties Change-Id: Ib44c66492e27516dfe205a5e428ebfd6b0fcdfd9
2016-05-06 15:06:46 +00:00
"lgname" => $userName,
"lgpassword" => $password ] );
Per wikitech-l discussion: Move tests from maintenance/tests/ to tests/. They're not strictly maintenance scripts, and some people want to do a selective checkout that doesn't include the tests. There's still debate on whether we should include these in the release downloads, but we had a pretty firm consensus to move this.
2010-12-14 16:26:35 +00:00
$req->execute();
$cj = $req->getCookieJar();
$serverName = parse_url( $wgServer, PHP_URL_HOST );
$this->assertNotEquals( false, $serverName );
$serializedCookie = $cj->serializeToHttpRequest( $wgScriptPath, $serverName );
$this->assertNotEquals( '', $serializedCookie );
Many more function case mismatches Change-Id: I5d3a5eb8adea1ecbf136415bb9fd7a162633ccca
2016-03-19 00:08:06 +00:00
$this->assertRegExp(
Pass phpcs-strict on some test files (5/x) Change-Id: I690645cd8a9b1165dcc8271b201c695ea9391226
2014-04-24 15:05:10 +00:00
'/_session=[^;]*; .*UserID=[0-9]*; .*UserName=' . $user->userName . '; .*Token=/',
$serializedCookie
);
Per wikitech-l discussion: Move tests from maintenance/tests/ to tests/. They're not strictly maintenance scripts, and some people want to do a selective checkout that doesn't include the tests. There's still debate on whether we should include these in the release downloads, but we had a pretty firm consensus to move this.
2010-12-14 16:26:35 +00:00
}
Less wild whitespace Change-Id: I3048b23b50aa284b3471dfb8033122c913909b01
2012-12-07 21:44:53 +00:00
Fix scope on all /phpunit test methods Change-Id: I3ce92463d485a0fb23e464e9a8059330f32d79af
2013-10-23 22:51:31 +00:00
public function testRunLogin() {
Remove uses of deprecated TestUser properties Change-Id: Ib44c66492e27516dfe205a5e428ebfd6b0fcdfd9
2016-05-06 15:06:46 +00:00
$user = self::$users['sysop'];
$userName = $user->getUser()->getName();
$password = $user->getPassword();
Convert all array() syntax to [] Per wikitech-l consensus: https://lists.wikimedia.org/pipermail/wikitech-l/2016-February/084821.html Notes: * Disabled CallTimePassByReference due to false positives (T127163) Change-Id: I2c8ce713ce6600a0bb7bf67537c87044c7a45c4b
2016-02-17 09:09:32 +00:00
$data = $this->doApiRequest( [
Refactor much of the API testing code. Old: ApiWatchTest not only tested the watch module, but also tested the login module, and the login module test was also used to log in to the API for the other tests. New: ApiWatchTest only contains watch-specific methods. The login testing has been moved to ApiTest. The code used to log in and get tokens have been moved to ApiSetup. Nice, organized, and much nicer than before. ApiUploadTest is still pretty fugly, though.
2011-01-02 05:52:00 +00:00
'action' => 'login',
Remove uses of deprecated TestUser properties Change-Id: Ib44c66492e27516dfe205a5e428ebfd6b0fcdfd9
2016-05-06 15:06:46 +00:00
'lgname' => $userName,
'lgpassword' => $password ] );
Refactor much of the API testing code. Old: ApiWatchTest not only tested the watch module, but also tested the login module, and the login module test was also used to log in to the API for the other tests. New: ApiWatchTest only contains watch-specific methods. The login testing has been moved to ApiTest. The code used to log in and get tokens have been moved to ApiSetup. Nice, organized, and much nicer than before. ApiUploadTest is still pretty fugly, though.
2011-01-02 05:52:00 +00:00
$this->assertArrayHasKey( "login", $data[0] );
$this->assertArrayHasKey( "result", $data[0]['login'] );
$this->assertEquals( "NeedToken", $data[0]['login']['result'] );
$token = $data[0]['login']['token'];
Convert all array() syntax to [] Per wikitech-l consensus: https://lists.wikimedia.org/pipermail/wikitech-l/2016-February/084821.html Notes: * Disabled CallTimePassByReference due to false positives (T127163) Change-Id: I2c8ce713ce6600a0bb7bf67537c87044c7a45c4b
2016-02-17 09:09:32 +00:00
$data = $this->doApiRequest( [
Refactor much of the API testing code. Old: ApiWatchTest not only tested the watch module, but also tested the login module, and the login module test was also used to log in to the API for the other tests. New: ApiWatchTest only contains watch-specific methods. The login testing has been moved to ApiTest. The code used to log in and get tokens have been moved to ApiSetup. Nice, organized, and much nicer than before. ApiUploadTest is still pretty fugly, though.
2011-01-02 05:52:00 +00:00
'action' => 'login',
"lgtoken" => $token,
Remove uses of deprecated TestUser properties Change-Id: Ib44c66492e27516dfe205a5e428ebfd6b0fcdfd9
2016-05-06 15:06:46 +00:00
"lgname" => $userName,
"lgpassword" => $password ], $data[2] );
Refactor much of the API testing code. Old: ApiWatchTest not only tested the watch module, but also tested the login module, and the login module test was also used to log in to the API for the other tests. New: ApiWatchTest only contains watch-specific methods. The login testing has been moved to ApiTest. The code used to log in and get tokens have been moved to ApiSetup. Nice, organized, and much nicer than before. ApiUploadTest is still pretty fugly, though.
2011-01-02 05:52:00 +00:00
$this->assertArrayHasKey( "login", $data[0] );
$this->assertArrayHasKey( "result", $data[0]['login'] );
$this->assertEquals( "Success", $data[0]['login']['result'] );
}
Less wild whitespace Change-Id: I3048b23b50aa284b3471dfb8033122c913909b01
2012-12-07 21:44:53 +00:00
Revert "Remove SessionManager, temporarily" This reverts commit 823db5d63dd5200d04c63da50ba6bf16f928e70b. Change-Id: Ibb3e023e4eb6715295586dea87d0725c344a8271
2016-02-01 20:44:03 +00:00
public function testBotPassword() {
global $wgServer, $wgSessionProviders;
if ( !isset( $wgServer ) ) {
$this->markTestIncomplete( 'This test needs $wgServer to be set in LocalSettings.php' );
}
Convert all array() syntax to [] Per wikitech-l consensus: https://lists.wikimedia.org/pipermail/wikitech-l/2016-February/084821.html Notes: * Disabled CallTimePassByReference due to false positives (T127163) Change-Id: I2c8ce713ce6600a0bb7bf67537c87044c7a45c4b
2016-02-17 09:09:32 +00:00
$this->setMwGlobals( [
'wgSessionProviders' => array_merge( $wgSessionProviders, [
[
Use ::class in place of string constants This takes advantage of namespacing, and avoids having double-backslashes all over the place. Change-Id: I450fe4e9b1c4cf4e24fced3932fe796cbbadf3a3
2016-03-28 18:53:04 +00:00
'class' => MediaWiki\Session\BotPasswordSessionProvider::class,
Convert all array() syntax to [] Per wikitech-l consensus: https://lists.wikimedia.org/pipermail/wikitech-l/2016-February/084821.html Notes: * Disabled CallTimePassByReference due to false positives (T127163) Change-Id: I2c8ce713ce6600a0bb7bf67537c87044c7a45c4b
2016-02-17 09:09:32 +00:00
'args' => [ [ 'priority' => 40 ] ],
]
] ),
Revert "Remove SessionManager, temporarily" This reverts commit 823db5d63dd5200d04c63da50ba6bf16f928e70b. Change-Id: Ibb3e023e4eb6715295586dea87d0725c344a8271
2016-02-01 20:44:03 +00:00
'wgEnableBotPasswords' => true,
'wgBotPasswordsDatabase' => false,
'wgCentralIdLookupProvider' => 'local',
Convert all array() syntax to [] Per wikitech-l consensus: https://lists.wikimedia.org/pipermail/wikitech-l/2016-February/084821.html Notes: * Disabled CallTimePassByReference due to false positives (T127163) Change-Id: I2c8ce713ce6600a0bb7bf67537c87044c7a45c4b
2016-02-17 09:09:32 +00:00
'wgGrantPermissions' => [
'test' => [ 'read' => true ],
],
] );
Revert "Remove SessionManager, temporarily" This reverts commit 823db5d63dd5200d04c63da50ba6bf16f928e70b. Change-Id: Ibb3e023e4eb6715295586dea87d0725c344a8271
2016-02-01 20:44:03 +00:00
// Make sure our session provider is present
$manager = TestingAccessWrapper::newFromObject( MediaWiki\Session\SessionManager::singleton() );
Use ::class in place of string constants This takes advantage of namespacing, and avoids having double-backslashes all over the place. Change-Id: I450fe4e9b1c4cf4e24fced3932fe796cbbadf3a3
2016-03-28 18:53:04 +00:00
if ( !isset( $manager->sessionProviders[MediaWiki\Session\BotPasswordSessionProvider::class] ) ) {
Revert "Remove SessionManager, temporarily" This reverts commit 823db5d63dd5200d04c63da50ba6bf16f928e70b. Change-Id: Ibb3e023e4eb6715295586dea87d0725c344a8271
2016-02-01 20:44:03 +00:00
$tmp = $manager->sessionProviders;
$manager->sessionProviders = null;
$manager->sessionProviders = $tmp + $manager->getProviders();
}
$this->assertNotNull(
MediaWiki\Session\SessionManager::singleton()->getProvider(
Use ::class in place of string constants This takes advantage of namespacing, and avoids having double-backslashes all over the place. Change-Id: I450fe4e9b1c4cf4e24fced3932fe796cbbadf3a3
2016-03-28 18:53:04 +00:00
MediaWiki\Session\BotPasswordSessionProvider::class
Revert "Remove SessionManager, temporarily" This reverts commit 823db5d63dd5200d04c63da50ba6bf16f928e70b. Change-Id: Ibb3e023e4eb6715295586dea87d0725c344a8271
2016-02-01 20:44:03 +00:00
),
'sanity check'
);
$user = self::$users['sysop'];
$centralId = CentralIdLookup::factory()->centralIdFromLocalUser( $user->getUser() );
$this->assertNotEquals( 0, $centralId, 'sanity check' );
Fix login API for users with @ in their usernames An @ in the username caused the password to be treated as a bot password, but apparently some real usernames still contain it. Try both logins instead. Security considerations are the same as for the other bot password syntax: the length check makes sure we do not provide any information on a timing side channel about the password unless it is extremely long. Change-Id: I58f42544a08c3208c41f54cfae932632d9c5affa
2016-09-13 23:25:49 +00:00
$password = 'ngfhmjm64hv0854493hsj5nncjud2clk';
Revert "Remove SessionManager, temporarily" This reverts commit 823db5d63dd5200d04c63da50ba6bf16f928e70b. Change-Id: Ibb3e023e4eb6715295586dea87d0725c344a8271
2016-02-01 20:44:03 +00:00
$passwordFactory = new PasswordFactory();
$passwordFactory->init( RequestContext::getMain()->getConfig() );
// A is unsalted MD5 (thus fast) ... we don't care about security here, this is test only
Fix login API for users with @ in their usernames An @ in the username caused the password to be treated as a bot password, but apparently some real usernames still contain it. Try both logins instead. Security considerations are the same as for the other bot password syntax: the length check makes sure we do not provide any information on a timing side channel about the password unless it is extremely long. Change-Id: I58f42544a08c3208c41f54cfae932632d9c5affa
2016-09-13 23:25:49 +00:00
$passwordHash = $passwordFactory->newFromPlaintext( $password );
Revert "Remove SessionManager, temporarily" This reverts commit 823db5d63dd5200d04c63da50ba6bf16f928e70b. Change-Id: Ibb3e023e4eb6715295586dea87d0725c344a8271
2016-02-01 20:44:03 +00:00
$dbw = wfGetDB( DB_MASTER );
$dbw->insert(
'bot_passwords',
Convert all array() syntax to [] Per wikitech-l consensus: https://lists.wikimedia.org/pipermail/wikitech-l/2016-February/084821.html Notes: * Disabled CallTimePassByReference due to false positives (T127163) Change-Id: I2c8ce713ce6600a0bb7bf67537c87044c7a45c4b
2016-02-17 09:09:32 +00:00
[
Revert "Remove SessionManager, temporarily" This reverts commit 823db5d63dd5200d04c63da50ba6bf16f928e70b. Change-Id: Ibb3e023e4eb6715295586dea87d0725c344a8271
2016-02-01 20:44:03 +00:00
'bp_user' => $centralId,
'bp_app_id' => 'foo',
Speed up password-handling in the unit tests * Speed up password generation and verification by setting MWOldPassword as the default password type. Do this once, in MediaWikiTestCase::makeTestConfig(), rather than in five different places. * Rename '$pwhash' to '$passwordHash', for consistency. It's ugly to have both '$passwordFactory' and '$pwhash' in the same scope. * Make TestUser::setPasswordForUser() check first whether the desired password is already set. This is actually the common case, since the password is reset in the setup code for every test, but only a few tests actually change the password. Change-Id: I423f09ff7472b6cbde21cb709ea7c7ef9e298f18
2016-05-12 10:40:41 +00:00
'bp_password' => $passwordHash->toString(),
Revert "Remove SessionManager, temporarily" This reverts commit 823db5d63dd5200d04c63da50ba6bf16f928e70b. Change-Id: Ibb3e023e4eb6715295586dea87d0725c344a8271
2016-02-01 20:44:03 +00:00
'bp_token' => '',
'bp_restrictions' => MWRestrictions::newDefault()->toJson(),
'bp_grants' => '["test"]',
Convert all array() syntax to [] Per wikitech-l consensus: https://lists.wikimedia.org/pipermail/wikitech-l/2016-February/084821.html Notes: * Disabled CallTimePassByReference due to false positives (T127163) Change-Id: I2c8ce713ce6600a0bb7bf67537c87044c7a45c4b
2016-02-17 09:09:32 +00:00
],
Revert "Remove SessionManager, temporarily" This reverts commit 823db5d63dd5200d04c63da50ba6bf16f928e70b. Change-Id: Ibb3e023e4eb6715295586dea87d0725c344a8271
2016-02-01 20:44:03 +00:00
__METHOD__
);
Remove uses of deprecated TestUser properties Change-Id: Ib44c66492e27516dfe205a5e428ebfd6b0fcdfd9
2016-05-06 15:06:46 +00:00
$lgName = $user->getUser()->getName() . BotPassword::getSeparator() . 'foo';
Revert "Remove SessionManager, temporarily" This reverts commit 823db5d63dd5200d04c63da50ba6bf16f928e70b. Change-Id: Ibb3e023e4eb6715295586dea87d0725c344a8271
2016-02-01 20:44:03 +00:00
Convert all array() syntax to [] Per wikitech-l consensus: https://lists.wikimedia.org/pipermail/wikitech-l/2016-February/084821.html Notes: * Disabled CallTimePassByReference due to false positives (T127163) Change-Id: I2c8ce713ce6600a0bb7bf67537c87044c7a45c4b
2016-02-17 09:09:32 +00:00
$ret = $this->doApiRequest( [
Revert "Remove SessionManager, temporarily" This reverts commit 823db5d63dd5200d04c63da50ba6bf16f928e70b. Change-Id: Ibb3e023e4eb6715295586dea87d0725c344a8271
2016-02-01 20:44:03 +00:00
'action' => 'login',
'lgname' => $lgName,
Fix login API for users with @ in their usernames An @ in the username caused the password to be treated as a bot password, but apparently some real usernames still contain it. Try both logins instead. Security considerations are the same as for the other bot password syntax: the length check makes sure we do not provide any information on a timing side channel about the password unless it is extremely long. Change-Id: I58f42544a08c3208c41f54cfae932632d9c5affa
2016-09-13 23:25:49 +00:00
'lgpassword' => $password,
Convert all array() syntax to [] Per wikitech-l consensus: https://lists.wikimedia.org/pipermail/wikitech-l/2016-February/084821.html Notes: * Disabled CallTimePassByReference due to false positives (T127163) Change-Id: I2c8ce713ce6600a0bb7bf67537c87044c7a45c4b
2016-02-17 09:09:32 +00:00
] );
Revert "Remove SessionManager, temporarily" This reverts commit 823db5d63dd5200d04c63da50ba6bf16f928e70b. Change-Id: Ibb3e023e4eb6715295586dea87d0725c344a8271
2016-02-01 20:44:03 +00:00
$result = $ret[0];
$this->assertNotInternalType( 'bool', $result );
$this->assertNotInternalType( 'null', $result['login'] );
$a = $result['login']['result'];
$this->assertEquals( 'NeedToken', $a );
$token = $result['login']['token'];
Convert all array() syntax to [] Per wikitech-l consensus: https://lists.wikimedia.org/pipermail/wikitech-l/2016-February/084821.html Notes: * Disabled CallTimePassByReference due to false positives (T127163) Change-Id: I2c8ce713ce6600a0bb7bf67537c87044c7a45c4b
2016-02-17 09:09:32 +00:00
$ret = $this->doApiRequest( [
Revert "Remove SessionManager, temporarily" This reverts commit 823db5d63dd5200d04c63da50ba6bf16f928e70b. Change-Id: Ibb3e023e4eb6715295586dea87d0725c344a8271
2016-02-01 20:44:03 +00:00
'action' => 'login',
'lgtoken' => $token,
'lgname' => $lgName,
Fix login API for users with @ in their usernames An @ in the username caused the password to be treated as a bot password, but apparently some real usernames still contain it. Try both logins instead. Security considerations are the same as for the other bot password syntax: the length check makes sure we do not provide any information on a timing side channel about the password unless it is extremely long. Change-Id: I58f42544a08c3208c41f54cfae932632d9c5affa
2016-09-13 23:25:49 +00:00
'lgpassword' => $password,
Convert all array() syntax to [] Per wikitech-l consensus: https://lists.wikimedia.org/pipermail/wikitech-l/2016-February/084821.html Notes: * Disabled CallTimePassByReference due to false positives (T127163) Change-Id: I2c8ce713ce6600a0bb7bf67537c87044c7a45c4b
2016-02-17 09:09:32 +00:00
], $ret[2] );
Revert "Remove SessionManager, temporarily" This reverts commit 823db5d63dd5200d04c63da50ba6bf16f928e70b. Change-Id: Ibb3e023e4eb6715295586dea87d0725c344a8271
2016-02-01 20:44:03 +00:00
$result = $ret[0];
$this->assertNotInternalType( 'bool', $result );
$a = $result['login']['result'];
$this->assertEquals( 'Success', $a );
}
Improve test coverage for ApiLogin.php I only made one small addition, because I don't understand login/session code well enough to easily do more. Change-Id: I36c5ea8e31fb00d75da24c38381f74ba8a15f31a
2018-03-20 15:43:01 +00:00
public function testLoginWithNoSameOriginSecurity() {
$this->setTemporaryHook( 'RequestHasSameOriginSecurity',
function () {
return false;
}
);
$result = $this->doApiRequest( [
'action' => 'login',
] )[0]['login'];
$this->assertSame( [
'result' => 'Aborted',
'reason' => 'Cannot log in when the same-origin policy is not applied.',
], $result );
}
Per wikitech-l discussion: Move tests from maintenance/tests/ to tests/. They're not strictly maintenance scripts, and some people want to do a selective checkout that doesn't include the tests. There's still debate on whether we should include these in the release downloads, but we had a pretty firm consensus to move this.
2010-12-14 16:26:35 +00:00
}
Reference in a new issue Copy permalink