Error messages are not guaranteed to be stable, and these tests
prevent us from improving them.
Error codes are supposed to be stable, so we should be asserting
that they do not change (especially since many of them are
dynamically generated by the dodgy code in ApiMessageTrait).
Introduce helpers assertApiErrorCode() and expectApiErrorCode()
to be used instead of the usual PHPUnit assertions/expectations
for this case.
Change-Id: I752f82f29bf5f9405ea117ebf9e5cf70335464ad
This implements getWebUITokenSalt(), as mentioned in T25227#2008199 and
implemented in F3328897. Somehow it didn't make it into Icb674095.
This also fixes some issues in the unit test:
* Properly link the user to the request's Session so User::doLogout()
won't log a warning. This also gives use to the otherwise-unneeded
implementation of setUp(), and lets us get rid of the broken call to
User::newFromId() that was passing an IP address rather than a user ID.
* Privatize some internal methods.
* Use setExpectedApiException() instead of manually catching and
hard-coding the English exception message.
* Also assert that the bad token error didn't result in a logout.
Bug: T25227
Change-Id: I2aecfba821cca3c367c5e7e8d188a88197fb82d2
Special:Userlogout now requires a token
Api action=logout requires a csrf token and the request to be POSTed
Patch author: bawolff
Bug: T25227
Change-Id: Icb674095956bb3f6c847c9553c53e404402ea774
