Thijs/wiki.techinc.nl
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
wiki.techinc.nl/tests/phpunit/unit/includes/Rest/BasicAccess/MWBasicRequestAuthorizerTest.php
daniel 13acba25a0 REST: gracefully handle all exceptions. 
ResponseFactory::createFromException already had support for arbitrary
exceptions, but Router was so far only using it for HttpExceptions,
leaving other kinds of exceptions uncaught.

In addition to catching all exceptions and generating an appropriate
JSON response for them, this patch introduces the ErrorReporter
interface, with an MWErrorReporter implementation which calls
MWExceptionHandler::rollbackMasterChangesAndLog(). This is how uncaught
errors are handled for requests coming in via api.php, so it seems
appropriate to use the same approach for requests coming in via
rest.php.

Bug: T285984
Change-Id: I0605a7693821ef58fac80ab67f51a742556a37fd
2021-11-02 20:33:13 +01:00

104 lines
3.1 KiB
PHP
Raw Blame History

<?php
namespace MediaWiki\Tests\Unit\Rest\BasicAccess;
use GuzzleHttp\Psr7\Uri;
use MediaWiki\Permissions\SimpleAuthority;
use MediaWiki\Rest\BasicAccess\MWBasicAuthorizer;
use MediaWiki\Rest\Handler;
use MediaWiki\Rest\Reporter\PHPErrorReporter;
use MediaWiki\Rest\RequestData;
use MediaWiki\Rest\ResponseFactory;
use MediaWiki\Rest\Router;
use MediaWiki\Rest\Validator\Validator;
use MediaWiki\User\UserIdentityValue;
use MediaWikiUnitTestCase;
use Psr\Container\ContainerInterface;
use Wikimedia\ObjectFactory;
/**
* @covers \MediaWiki\Rest\BasicAccess\BasicAuthorizerBase
* @covers \MediaWiki\Rest\BasicAccess\MWBasicAuthorizer
* @covers \MediaWiki\Rest\BasicAccess\BasicRequestAuthorizer
* @covers \MediaWiki\Rest\BasicAccess\MWBasicRequestAuthorizer
*/
class MWBasicRequestAuthorizerTest extends MediaWikiUnitTestCase {
private function createRouter( $userRights, $request ) {
$objectFactory = new ObjectFactory(
$this->getMockForAbstractClass( ContainerInterface::class )
);
$authority = new SimpleAuthority( new UserIdentityValue( 0, 'Test user' ), $userRights );
global $IP;
return new Router(
[ "$IP/tests/phpunit/unit/includes/Rest/testRoutes.json" ],
[],
'http://wiki.example.com',
'/rest',
new \EmptyBagOStuff(),
new ResponseFactory( [] ),
new MWBasicAuthorizer( $authority ),
$authority,
$objectFactory,
new Validator( $objectFactory, $request, $authority ),
new PHPErrorReporter(),
$this->createHookContainer()
);
}
public function testReadDenied() {
$request = new RequestData( [ 'uri' => new Uri( '/rest/mock/RouterTest/hello' ) ] );
$router = $this->createRouter( [], $request );
$response = $router->execute( $request );
$this->assertSame( 403, $response->getStatusCode() );
$body = $response->getBody();
$body->rewind();
$data = json_decode( $body->getContents(), true );
$this->assertSame( 'rest-read-denied', $data['error'] );
}
public function testReadAllowed() {
$request = new RequestData( [ 'uri' => new Uri( '/rest/mock/RouterTest/hello' ) ] );
$router = $this->createRouter( [ 'read' ], $request );
$response = $router->execute( $request );
$this->assertSame( 200, $response->getStatusCode() );
}
public static function writeHandlerFactory() {
return new class extends Handler {
public function needsWriteAccess() {
return true;
}
public function execute() {
return '';
}
};
}
public function testWriteDenied() {
$request = new RequestData( [
'uri' => new Uri( '/rest/mock/MWBasicRequestAuthorizerTest/write' )
] );
$router = $this->createRouter( [ 'read' ], $request );
$response = $router->execute( $request );
$this->assertSame( 403, $response->getStatusCode() );
$body = $response->getBody();
$body->rewind();
$data = json_decode( $body->getContents(), true );
$this->assertSame( 'rest-write-denied', $data['error'] );
}
public function testWriteAllowed() {
$request = new RequestData( [
'uri' => new Uri( '/rest/mock/MWBasicRequestAuthorizerTest/write' )
] );
$router = $this->createRouter( [ 'read', 'writeapi' ], $request );
$response = $router->execute( $request );
$this->assertSame( 200, $response->getStatusCode() );
}
}
Reference in a new issue View git blame Copy permalink