The current signature of the various execute methods only takes a
boolean parameter to determine if the session should be safe against
CSRF, but that does not give callers fine-grained control over the
Session object, including setting a specific token.
Also, do not use createNoOpMock in getSession(), since it implies
strong assertions on what methods are called. This way, getSession
can also be used to get a simple mock session that tests may further
manipulate.
Make $csrfSafe parameter of SessionHelperTestTrait::getSession
mandatory. This way, callers are forced to think what makes sense in
each use case. The various methods in HandlerTestTrait now default to
a session that is safe against CSRF. This assumes that most REST
handlers don't care about the session, and that any handler that does
care about the session and where someone needs to test the behaviour
in case of bad/missing token will explicitly provide a Session that
is NOT safe against CSRF.
Typehint the return value of Session(Backend)::getUser so that PHPUnit
will automatically make it return a mock User object even if the method
is not explicitly mocked. Remove a useless PHPUnit assertion -- setting
the return value to be X and then veryfing that is equal to X is a
tautology, and can only fail if the test itself is flawed (as was the
case, since it was using stdClass as the return type for all
methods). Remove the getUser test case altogether, there's no way to
make it work given the DummySessionBackend, and the test isn't that
helpful anyway. More and more methods will have the same issue as soon
as their return value is typehinted.
Follow-up: I2a9215bf909b83564247ded95ecdb4ead0615150
Change-Id: Ic51dc3e7bf47c81f2ac4705308bb9ecd8275bbaf
Simplify mocking common cases of the content handler factory
only support specific content models.
Change-Id: Ib7f4099a2b1655b1bfb4d90f03105c27d17042ed
All revision related classes are namespaced MediaWiki\Revision
instead of MediaWiki\Storage since 1.32. The old namespaced
class names are deprecated and only kept for backwards-compatibility.
Bug: T305784
Change-Id: I34e492d84d9fc4bc78481667202716d93b3c43cb
Move MockTitleTrait::makeMockTitleCodec to DummyServicesTrait, and
replace the two existing uses, which are in core. Add some new
uses instead of mocking each time.
Unfortunately, we cannot use an actual MediaWikiTitleCodec
for the tests in BadFileLookup, because those tests are unit tests
and a MalformedTitleException cannot be created in the context
of a unit test. BadFileLookupTest gets around this by using
a mock that throws a mock exception - add a comment inline
explaining why we cannot use a real MediaWikiTitleCodec.
Paired with adding of NamespaceInfo to make mocking the language
methods related to namespaces easier by matching the real
logic in the Language class to the extend possible. Update a few
tests to use the DummyServicesTrait for their NamespaceInfo services.
Change-Id: Ibd691ccf0e632e1bf0bc1f7e9ddc0c660d5cad32
The response from a null-edit should contain the current revision's
revision ID and timestamp, not the info from the edit's base revision.
Bug: T277601
Change-Id: I9d353cdc4cb9e3c1435c93ffe63ef4fef173ec4d
The functionality of creating title mocks is generally useful
and this will also allow to make HandlerTestTrait more narrow.
Bug: T264058
Change-Id: I76eca48dfcff65a6203fccde5366912a2d66c495
Page titles used in URL paths, such as the Location header returned
after a page was created, must use the correct encoding for spaces and
pluses.
Bug: T258606
Change-Id: I75e91ac8f8da4eb183a9c8f1a682ea08c2225227
CSRF tokens should only be required (and only be allowed) if
the current session isn't already inherently safe against
CSRF due to the way the authentication mechanism works.
This allows (and requires) tokens to be omitted for requests
that use an OAuth Authorization header.
Bug: T230843
Bug: T230842
Bug: T237852
Change-Id: Ib2922d556ff2470d4bf8c386c18986ca9f37d1b5
NOTE: once this is merged, also merge Ie7b47e6868cc on the OAuth repo,
to fix unit tests after a breaking change to Router's constructor
signature.
Bug: T230842
Change-Id: I8f5b92918a58e44a4f2d8c78d234d9f64c2d06bf
