From: Phantom42 <nikitav30@gmail.com>
Date: Sun, 31 Dec 2017 20:16:17 +0000 (+0200)
Subject: Add tests for ApiCheckToken
X-Git-Tag: 1.31.0-rc.0~1036^2
X-Git-Url: http://git.cyclocoop.org/%22.%24h.%22?a=commitdiff_plain;h=1cdcef8a32f5f8047e116442d107629026081aed;p=lhc%2Fweb%2Fwiklou.git

Add tests for ApiCheckToken

Bug: T183768
Change-Id: I63ab0413252c7333f73b881995869454c4881a57
---

diff --git a/tests/phpunit/includes/api/ApiCheckTokenTest.php b/tests/phpunit/includes/api/ApiCheckTokenTest.php
new file mode 100644
index 0000000000..f1d95d03d6
--- /dev/null
+++ b/tests/phpunit/includes/api/ApiCheckTokenTest.php
@@ -0,0 +1,95 @@
+<?php
+
+use MediaWiki\Session\Token;
+
+/**
+ * @group API
+ * @group medium
+ * @covers ApiCheckToken
+ */
+class ApiCheckTokenTest extends ApiTestCase {
+
+	/**
+	 * Test result of checking previously queried token (should be valid)
+	 */
+	public function testCheckTokenValid() {
+		// Query token which will be checked later
+		$tokens = $this->doApiRequest( [
+			'action' => 'query',
+			'meta' => 'tokens',
+		] );
+
+		$data = $this->doApiRequest( [
+			'action' => 'checktoken',
+			'type' => 'csrf',
+			'token' => $tokens[0]['query']['tokens']['csrftoken'],
+		], $tokens[1]->getSessionArray() );
+
+		$this->assertEquals( 'valid', $data[0]['checktoken']['result'] );
+		$this->assertArrayHasKey( 'generated', $data[0]['checktoken'] );
+	}
+
+	/**
+	 * Test result of checking invalid token
+	 */
+	public function testCheckTokenInvalid() {
+		$session = [];
+		$data = $this->doApiRequest( [
+			'action' => 'checktoken',
+			'type' => 'csrf',
+			'token' => 'invalid_token',
+		], $session );
+
+		$this->assertEquals( 'invalid', $data[0]['checktoken']['result'] );
+	}
+
+	/**
+	 * Test result of checking token with negative max age (should be expired)
+	 */
+	public function testCheckTokenExpired() {
+		// Query token which will be checked later
+		$tokens = $this->doApiRequest( [
+			'action' => 'query',
+			'meta' => 'tokens',
+		] );
+
+		$data = $this->doApiRequest( [
+			'action' => 'checktoken',
+			'type' => 'csrf',
+			'token' => $tokens[0]['query']['tokens']['csrftoken'],
+			'maxtokenage' => -1,
+		], $tokens[1]->getSessionArray() );
+
+		$this->assertEquals( 'expired', $data[0]['checktoken']['result'] );
+		$this->assertArrayHasKey( 'generated', $data[0]['checktoken'] );
+	}
+
+	/**
+	 * Test if using token with incorrect suffix will produce a warning
+	 */
+	public function testCheckTokenSuffixWarning() {
+		// Query token which will be checked later
+		$tokens = $this->doApiRequest( [
+			'action' => 'query',
+			'meta' => 'tokens',
+		] );
+
+		// Get token and change the suffix
+		$token = $tokens[0]['query']['tokens']['csrftoken'];
+		$token = substr( $token, 0, -strlen( Token::SUFFIX ) ) . urldecode( Token::SUFFIX );
+
+		$data = $this->doApiRequest( [
+			'action' => 'checktoken',
+			'type' => 'csrf',
+			'token' => $token,
+			'errorformat' => 'raw',
+		], $tokens[1]->getSessionArray() );
+
+		$this->assertEquals( 'invalid', $data[0]['checktoken']['result'] );
+		$this->assertArrayHasKey( 'warnings', $data[0] );
+		$this->assertCount( 1, $data[0]['warnings'] );
+		$this->assertEquals( 'checktoken', $data[0]['warnings'][0]['module'] );
+		$this->assertEquals( 'checktoken-percentencoding', $data[0]['warnings'][0]['code'] );
+	}
+
+}