19f8127ef0
The current signature of the various execute methods only takes a boolean parameter to determine if the session should be safe against CSRF, but that does not give callers fine-grained control over the Session object, including setting a specific token. Also, do not use createNoOpMock in getSession(), since it implies strong assertions on what methods are called. This way, getSession can also be used to get a simple mock session that tests may further manipulate. Make $csrfSafe parameter of SessionHelperTestTrait::getSession mandatory. This way, callers are forced to think what makes sense in each use case. The various methods in HandlerTestTrait now default to a session that is safe against CSRF. This assumes that most REST handlers don't care about the session, and that any handler that does care about the session and where someone needs to test the behaviour in case of bad/missing token will explicitly provide a Session that is NOT safe against CSRF. Typehint the return value of Session(Backend)::getUser so that PHPUnit will automatically make it return a mock User object even if the method is not explicitly mocked. Remove a useless PHPUnit assertion -- setting the return value to be X and then veryfing that is equal to X is a tautology, and can only fail if the test itself is flawed (as was the case, since it was using stdClass as the return type for all methods). Remove the getUser test case altogether, there's no way to make it work given the DummySessionBackend, and the test isn't that helpful anyway. More and more methods will have the same issue as soon as their return value is typehinted. Follow-up: I2a9215bf909b83564247ded95ecdb4ead0615150 Change-Id: Ic51dc3e7bf47c81f2ac4705308bb9ecd8275bbaf
239 lines
7.3 KiB
PHP
239 lines
7.3 KiB
PHP
<?php
|
|
|
|
namespace MediaWiki\Tests\Rest\Handler;
|
|
|
|
use MediaWiki\HookContainer\HookContainer;
|
|
use MediaWiki\Permissions\Authority;
|
|
use MediaWiki\Rest\Handler;
|
|
use MediaWiki\Rest\HttpException;
|
|
use MediaWiki\Rest\RequestInterface;
|
|
use MediaWiki\Rest\Response;
|
|
use MediaWiki\Rest\ResponseFactory;
|
|
use MediaWiki\Rest\ResponseInterface;
|
|
use MediaWiki\Rest\Router;
|
|
use MediaWiki\Rest\Validator\Validator;
|
|
use MediaWiki\Session\Session;
|
|
use MediaWiki\Tests\Unit\Permissions\MockAuthorityTrait;
|
|
use PHPUnit\Framework\Assert;
|
|
use PHPUnit\Framework\MockObject\MockObject;
|
|
use Wikimedia\Message\ITextFormatter;
|
|
use Wikimedia\Message\MessageValue;
|
|
use Wikimedia\ObjectFactory\ObjectFactory;
|
|
use Wikimedia\Services\ServiceContainer;
|
|
|
|
/**
|
|
* A trait providing utility functions for testing Handler classes.
|
|
* This trait is intended to be used on subclasses of MediaWikiUnitTestCase
|
|
* or MediaWikiIntegrationTestCase.
|
|
*
|
|
* @stable to use
|
|
* @package MediaWiki\Tests\Rest\Handler
|
|
*/
|
|
trait HandlerTestTrait {
|
|
use MockAuthorityTrait;
|
|
use SessionHelperTestTrait;
|
|
|
|
/**
|
|
* Calls init() on the Handler, supplying a mock Router and ResponseFactory.
|
|
*
|
|
* @internal to the trait
|
|
* @param Handler $handler
|
|
* @param RequestInterface $request
|
|
* @param array $config
|
|
* @param HookContainer|array $hooks Hook container or array of hooks
|
|
* @param Authority|null $authority
|
|
* @param Session|null $session Defaults to `$this->getSession( true )`
|
|
*/
|
|
private function initHandler(
|
|
Handler $handler,
|
|
RequestInterface $request,
|
|
$config = [],
|
|
$hooks = [],
|
|
Authority $authority = null,
|
|
Session $session = null
|
|
) {
|
|
$formatter = new class implements ITextFormatter {
|
|
public function getLangCode() {
|
|
return 'qqx';
|
|
}
|
|
|
|
public function format( MessageValue $message ) {
|
|
return $message->dump();
|
|
}
|
|
};
|
|
|
|
/** @var ResponseFactory|MockObject $responseFactory */
|
|
$responseFactory = new ResponseFactory( [ 'qqx' => $formatter ] );
|
|
|
|
/** @var Router|MockObject $router */
|
|
$router = $this->createNoOpMock( Router::class, [ 'getRouteUrl' ] );
|
|
$router->method( 'getRouteUrl' )->willReturnCallback( static function ( $route, $path = [], $query = [] ) {
|
|
foreach ( $path as $param => $value ) {
|
|
$route = str_replace( '{' . $param . '}', urlencode( (string)$value ), $route );
|
|
}
|
|
return wfAppendQuery( 'https://wiki.example.com/rest' . $route, $query );
|
|
} );
|
|
|
|
$authority ??= $this->mockAnonUltimateAuthority();
|
|
$hookContainer = $hooks instanceof HookContainer ? $hooks : $this->createHookContainer( $hooks );
|
|
|
|
$session ??= $this->getSession( true );
|
|
$handler->init( $router, $request, $config, $authority, $responseFactory, $hookContainer, $session );
|
|
}
|
|
|
|
/**
|
|
* Calls validate() on the Handler, with an appropriate Validator supplied.
|
|
*
|
|
* @internal to the trait
|
|
* @param Handler $handler
|
|
* @param null|Validator $validator
|
|
* @throws HttpException
|
|
*/
|
|
private function validateHandler(
|
|
Handler $handler,
|
|
Validator $validator = null
|
|
) {
|
|
if ( !$validator ) {
|
|
/** @var ServiceContainer|MockObject $serviceContainer */
|
|
$serviceContainer = $this->createNoOpMock( ServiceContainer::class );
|
|
$objectFactory = new ObjectFactory( $serviceContainer );
|
|
$validator = new Validator( $objectFactory, $handler->getRequest(), $handler->getAuthority() );
|
|
}
|
|
$handler->validate( $validator );
|
|
}
|
|
|
|
/**
|
|
* Creates a mock Validator to bypass actual request query, path, and/or body param validation
|
|
*
|
|
* @internal to the trait
|
|
* @param array $queryPathParams
|
|
* @param array $bodyParams
|
|
* @return Validator|MockObject
|
|
*/
|
|
private function getMockValidator( array $queryPathParams, array $bodyParams ): Validator {
|
|
$validator = $this->createNoOpMock( Validator::class, [ 'validateParams', 'validateBody' ] );
|
|
if ( $queryPathParams ) {
|
|
$validator->method( 'validateParams' )->willReturn( $queryPathParams );
|
|
}
|
|
if ( $bodyParams ) {
|
|
$validator->method( 'validateBody' )->willReturn( $bodyParams );
|
|
}
|
|
return $validator;
|
|
}
|
|
|
|
/**
|
|
* Executes the given Handler on the given request.
|
|
*
|
|
* @param Handler $handler
|
|
* @param RequestInterface $request
|
|
* @param array $config
|
|
* @param HookContainer|array $hooks Hook container or array of hooks
|
|
* @param array $validatedParams Path/query params to return as already valid
|
|
* @param array $validatedBody Body params to return as already valid
|
|
* @param Authority|null $authority
|
|
* @param Session|null $session Defaults to `$this->getSession( true )`
|
|
* @return ResponseInterface
|
|
*/
|
|
private function executeHandler(
|
|
Handler $handler,
|
|
RequestInterface $request,
|
|
$config = [],
|
|
$hooks = [],
|
|
$validatedParams = [],
|
|
$validatedBody = [],
|
|
Authority $authority = null,
|
|
Session $session = null
|
|
): ResponseInterface {
|
|
// supply defaults for required fields in $config
|
|
$config += [ 'path' => '/test' ];
|
|
|
|
$this->initHandler( $handler, $request, $config, $hooks, $authority, $session );
|
|
$validator = null;
|
|
if ( $validatedParams || $validatedBody ) {
|
|
/** @var Validator|MockObject $validator */
|
|
$validator = $this->getMockValidator( $validatedParams, $validatedBody );
|
|
}
|
|
$this->validateHandler( $handler, $validator );
|
|
|
|
// Check conditional request headers
|
|
$earlyResponse = $handler->checkPreconditions();
|
|
if ( $earlyResponse ) {
|
|
return $earlyResponse;
|
|
}
|
|
|
|
$ret = $handler->execute();
|
|
|
|
$response = $ret instanceof Response ? $ret
|
|
: $handler->getResponseFactory()->createFromReturnValue( $ret );
|
|
|
|
// Set Last-Modified and ETag headers in the response if available
|
|
$handler->applyConditionalResponseHeaders( $response );
|
|
|
|
return $response;
|
|
}
|
|
|
|
/**
|
|
* Executes the given Handler on the given request, parses the response body as JSON,
|
|
* and returns the result.
|
|
*
|
|
* @param Handler $handler
|
|
* @param RequestInterface $request
|
|
* @param array $config
|
|
* @param HookContainer|array $hooks Hook container or array of hooks
|
|
* @param array $validatedParams
|
|
* @param array $validatedBody
|
|
* @param Authority|null $authority
|
|
* @param Session|null $session Defaults to `$this->getSession( true )`
|
|
* @return array
|
|
*/
|
|
private function executeHandlerAndGetBodyData(
|
|
Handler $handler,
|
|
RequestInterface $request,
|
|
$config = [],
|
|
$hooks = [],
|
|
$validatedParams = [],
|
|
$validatedBody = [],
|
|
Authority $authority = null,
|
|
Session $session = null
|
|
): array {
|
|
$response = $this->executeHandler( $handler, $request, $config, $hooks,
|
|
$validatedParams, $validatedBody, $authority, $session );
|
|
|
|
$this->assertTrue(
|
|
$response->getStatusCode() >= 200 && $response->getStatusCode() < 300,
|
|
'Status should be in 2xx range.'
|
|
);
|
|
$this->assertSame( 'application/json', $response->getHeaderLine( 'Content-Type' ) );
|
|
|
|
$data = json_decode( $response->getBody(), true );
|
|
$this->assertIsArray( $data, 'Body must be a JSON array' );
|
|
|
|
return $data;
|
|
}
|
|
|
|
/**
|
|
* Executes the given Handler on the given request, and returns the HttpException thrown.
|
|
* Fails if no HttpException is thrown.
|
|
*
|
|
* @param Handler $handler
|
|
* @param RequestInterface $request
|
|
* @param array $config
|
|
* @param HookContainer|array $hooks Hook container or array of hooks
|
|
*
|
|
* @return HttpException
|
|
*/
|
|
private function executeHandlerAndGetHttpException(
|
|
Handler $handler,
|
|
RequestInterface $request,
|
|
$config = [],
|
|
$hooks = []
|
|
): HttpException {
|
|
try {
|
|
$this->executeHandler( $handler, $request, $config, $hooks );
|
|
Assert::fail( 'Expected a HttpException to be thrown' );
|
|
} catch ( HttpException $ex ) {
|
|
return $ex;
|
|
}
|
|
}
|
|
|
|
}
|