Per Platonides, fix for r82686: make ApiUploadTest work again
Added option request parameter to User::editToken() and User::matchEditToken() and use them where possible from the api. Also removed $_SESSION usage since it's no longer needed
This commit is contained in:
Alexandre Emsenhuber
parent
5c51397edb
commit
60f1302644
8 changed files with 28 additions and 17 deletions
|
|
@ -2855,18 +2855,22 @@ class User {
|
|||
* submission.
|
||||
*
|
||||
* @param $salt String|Array of Strings Optional function-specific data for hashing
|
||||
* @param $request WebRequest object to use or null to use $wgRequest
|
||||
* @return String The new edit token
|
||||
*/
|
||||
function editToken( $salt = '' ) {
|
||||
global $wgRequest;
|
||||
function editToken( $salt = '', $request = null ) {
|
||||
if ( $request == null ) {
|
||||
global $wgRequest;
|
||||
$request = $wgRequest;
|
||||
}
|
||||
|
||||
if ( $this->isAnon() ) {
|
||||
return EDIT_TOKEN_SUFFIX;
|
||||
} else {
|
||||
$token = $wgRequest->getSessionData( 'wsEditToken' );
|
||||
$token = $request->getSessionData( 'wsEditToken' );
|
||||
if ( $token === null ) {
|
||||
$token = self::generateToken();
|
||||
$wgRequest->setSessionData( 'wsEditToken', $token );
|
||||
$request->setSessionData( 'wsEditToken', $token );
|
||||
}
|
||||
if( is_array( $salt ) ) {
|
||||
$salt = implode( '|', $salt );
|
||||
|
|
@ -2894,10 +2898,11 @@ class User {
|
|||
*
|
||||
* @param $val String Input value to compare
|
||||
* @param $salt String Optional function-specific data for hashing
|
||||
* @param $request WebRequest object to use or null to use $wgRequest
|
||||
* @return Boolean: Whether the token matches
|
||||
*/
|
||||
function matchEditToken( $val, $salt = '' ) {
|
||||
$sessionToken = $this->editToken( $salt );
|
||||
function matchEditToken( $val, $salt = '', $request = null ) {
|
||||
$sessionToken = $this->editToken( $salt, $request );
|
||||
if ( $val != $sessionToken ) {
|
||||
wfDebug( "User::matchEditToken: broken session data\n" );
|
||||
}
|
||||
|
|
@ -2912,7 +2917,7 @@ class User {
|
|||
* @param $salt String Optional function-specific data for hashing
|
||||
* @return Boolean: Whether the token matches
|
||||
*/
|
||||
function matchEditTokenNoSuffix( $val, $salt = '' ) {
|
||||
function matchEditTokenNoSuffix( $val, $salt = '', $request = null ) {
|
||||
$sessionToken = $this->editToken( $salt );
|
||||
return substr( $sessionToken, 0, 32 ) == substr( $val, 0, 32 );
|
||||
}
|
||||
|
|
|
|||
|
|
@ -1024,6 +1024,10 @@ class FauxRequest extends WebRequest {
|
|||
$this->session[$key] = $data;
|
||||
}
|
||||
|
||||
public function getSessionArray() {
|
||||
return $this->session;
|
||||
}
|
||||
|
||||
public function isPathInfoBad() {
|
||||
return false;
|
||||
}
|
||||
|
|
|
|||
|
|
@ -52,7 +52,7 @@ class ApiBlock extends ApiBase {
|
|||
$params = $this->extractRequestParams();
|
||||
|
||||
if ( $params['gettoken'] ) {
|
||||
$res['blocktoken'] = $wgUser->editToken();
|
||||
$res['blocktoken'] = $wgUser->editToken( '', $this->getMain()->getRequest() );
|
||||
$this->getResult()->addValue( null, $this->getModuleName(), $res );
|
||||
return;
|
||||
}
|
||||
|
|
|
|||
|
|
@ -561,7 +561,7 @@ class ApiMain extends ApiBase {
|
|||
$this->dieUsageMsg( array( 'missingparam', 'token' ) );
|
||||
} else {
|
||||
global $wgUser;
|
||||
if ( !$wgUser->matchEditToken( $moduleParams['token'], $salt ) ) {
|
||||
if ( !$wgUser->matchEditToken( $moduleParams['token'], $salt, $this->getMain()->getRequest() ) ) {
|
||||
$this->dieUsageMsg( array( 'sessionfailure' ) );
|
||||
}
|
||||
}
|
||||
|
|
|
|||
|
|
@ -125,7 +125,7 @@ class ApiQueryDeletedrevs extends ApiQueryBase {
|
|||
|
||||
if ( $fld_token ) {
|
||||
// Undelete tokens are identical for all pages, so we cache one here
|
||||
$token = $wgUser->editToken();
|
||||
$token = $wgUser->editToken( '', $this->getMain()->getRequest() );
|
||||
}
|
||||
|
||||
// We need a custom WHERE clause that matches all titles.
|
||||
|
|
|
|||
|
|
@ -104,7 +104,7 @@ class ApiQueryUserInfo extends ApiQueryBase {
|
|||
if ( isset( $this->prop['preferencestoken'] ) &&
|
||||
is_null( $this->getMain()->getRequest()->getVal( 'callback' ) )
|
||||
) {
|
||||
$vals['preferencestoken'] = $wgUser->editToken();
|
||||
$vals['preferencestoken'] = $wgUser->editToken( '', $this->getMain()->getRequest() );
|
||||
}
|
||||
|
||||
if ( isset( $this->prop['editcount'] ) ) {
|
||||
|
|
|
|||
|
|
@ -49,7 +49,7 @@ class ApiUnblock extends ApiBase {
|
|||
$params = $this->extractRequestParams();
|
||||
|
||||
if ( $params['gettoken'] ) {
|
||||
$res['unblocktoken'] = $wgUser->editToken();
|
||||
$res['unblocktoken'] = $wgUser->editToken( '', $this->getMain()->getRequest() );
|
||||
$this->getResult()->addValue( null, $this->getModuleName(), $res );
|
||||
return;
|
||||
}
|
||||
|
|
|
|||
|
|
@ -106,13 +106,15 @@ abstract class ApiTestCase extends MediaWikiTestCase {
|
|||
}
|
||||
|
||||
protected function doApiRequest( $params, $session = null, $appendModule = false ) {
|
||||
$_SESSION = isset( $session ) ? $session : array();
|
||||
if ( is_null( $session ) ) {
|
||||
$session = array();
|
||||
}
|
||||
|
||||
$request = new FauxRequest( $params, true, $_SESSION );
|
||||
$request = new FauxRequest( $params, true, $session );
|
||||
$module = new ApiMain( $request, true );
|
||||
$module->execute();
|
||||
|
||||
return array( $module->getResultData(), $request, $_SESSION );
|
||||
return array( $module->getResultData(), $request, $request->getSessionArray() );
|
||||
}
|
||||
|
||||
/**
|
||||
|
|
@ -181,7 +183,7 @@ class ApiUploadTest extends ApiTestCase {
|
|||
'lgname' => $user->username,
|
||||
'lgpassword' => $user->password
|
||||
);
|
||||
list( $result, , ) = $this->doApiRequest( $params );
|
||||
list( $result, , $session ) = $this->doApiRequest( $params );
|
||||
$this->assertArrayHasKey( "login", $result );
|
||||
$this->assertArrayHasKey( "result", $result['login'] );
|
||||
$this->assertEquals( "NeedToken", $result['login']['result'] );
|
||||
|
|
@ -193,7 +195,7 @@ class ApiUploadTest extends ApiTestCase {
|
|||
'lgname' => $user->username,
|
||||
'lgpassword' => $user->password
|
||||
);
|
||||
list( $result, , $session ) = $this->doApiRequest( $params );
|
||||
list( $result, , $session ) = $this->doApiRequest( $params, $session );
|
||||
$this->assertArrayHasKey( "login", $result );
|
||||
$this->assertArrayHasKey( "result", $result['login'] );
|
||||
$this->assertEquals( "Success", $result['login']['result'] );
|
||||
|
|
|
|||
Loading…
Reference in a new issue