Per Platonides, fix for r82686: make ApiUploadTest work again

Added option request parameter to User::editToken() and User::matchEditToken() and use them where possible from the api.
Also removed $_SESSION usage since it's no longer needed

diff --git a/includes/User.php b/includes/User.php
index 20aa43e..030aaa7 100644 (file)
--- a/includes/User.php
+++ b/includes/User.php
@@ -2855,18 +2855,22 @@ class User {
         * submission.
         *
         * @param $salt String|Array of Strings Optional function-specific data for hashing
+        * @param $request WebRequest object to use or null to use $wgRequest
         * @return String The new edit token
         */
-       function editToken( $salt = '' ) {
-               global $wgRequest;
+       function editToken( $salt = '', $request = null ) {
+               if ( $request == null ) {
+                       global $wgRequest;
+                       $request = $wgRequest;
+               }
 
                if ( $this->isAnon() ) {
                        return EDIT_TOKEN_SUFFIX;
                } else {
-                       $token = $wgRequest->getSessionData( 'wsEditToken' );
+                       $token = $request->getSessionData( 'wsEditToken' );
                        if ( $token === null ) {
                                $token = self::generateToken();
-                               $wgRequest->setSessionData( 'wsEditToken', $token );
+                               $request->setSessionData( 'wsEditToken', $token );
                        }
                        if( is_array( $salt ) ) {
                                $salt = implode( '|', $salt );
@@ -2894,10 +2898,11 @@ class User {
         *
         * @param $val String Input value to compare
         * @param $salt String Optional function-specific data for hashing
+        * @param $request WebRequest object to use or null to use $wgRequest
         * @return Boolean: Whether the token matches
         */
-       function matchEditToken( $val, $salt = '' ) {
-               $sessionToken = $this->editToken( $salt );
+       function matchEditToken( $val, $salt = '', $request = null ) {
+               $sessionToken = $this->editToken( $salt, $request );
                if ( $val != $sessionToken ) {
                        wfDebug( "User::matchEditToken: broken session data\n" );
                }
@@ -2912,7 +2917,7 @@ class User {
         * @param $salt String Optional function-specific data for hashing
         * @return Boolean: Whether the token matches
         */
-       function matchEditTokenNoSuffix( $val, $salt = '' ) {
+       function matchEditTokenNoSuffix( $val, $salt = '', $request = null ) {
                $sessionToken = $this->editToken( $salt );
                return substr( $sessionToken, 0, 32 ) == substr( $val, 0, 32 );
        }

diff --git a/includes/WebRequest.php b/includes/WebRequest.php
index 5035adf..a48cd79 100644 (file)
--- a/includes/WebRequest.php
+++ b/includes/WebRequest.php
@@ -1024,6 +1024,10 @@ class FauxRequest extends WebRequest {
                $this->session[$key] = $data;
        }
 
+       public function getSessionArray() {
+               return $this->session;
+       }
+
        public function isPathInfoBad() {
                return false;
        }

diff --git a/includes/api/ApiBlock.php b/includes/api/ApiBlock.php
index 8d4b909..37c6057 100644 (file)
--- a/includes/api/ApiBlock.php
+++ b/includes/api/ApiBlock.php
@@ -52,7 +52,7 @@ class ApiBlock extends ApiBase {
                $params = $this->extractRequestParams();
 
                if ( $params['gettoken'] ) {
-                       $res['blocktoken'] = $wgUser->editToken();
+                       $res['blocktoken'] = $wgUser->editToken( '', $this->getMain()->getRequest() );
                        $this->getResult()->addValue( null, $this->getModuleName(), $res );
                        return;
                }

diff --git a/includes/api/ApiMain.php b/includes/api/ApiMain.php
index 81a70de..7cf5386 100644 (file)
--- a/includes/api/ApiMain.php
+++ b/includes/api/ApiMain.php
@@ -561,7 +561,7 @@ class ApiMain extends ApiBase {
                                $this->dieUsageMsg( array( 'missingparam', 'token' ) );
                        } else {
                                global $wgUser;
-                               if ( !$wgUser->matchEditToken( $moduleParams['token'], $salt ) ) {
+                               if ( !$wgUser->matchEditToken( $moduleParams['token'], $salt, $this->getMain()->getRequest() ) ) {
                                        $this->dieUsageMsg( array( 'sessionfailure' ) );
                                }
                        }

diff --git a/includes/api/ApiQueryDeletedrevs.php b/includes/api/ApiQueryDeletedrevs.php
index ca24881..230b9de 100644 (file)
--- a/includes/api/ApiQueryDeletedrevs.php
+++ b/includes/api/ApiQueryDeletedrevs.php
@@ -125,7 +125,7 @@ class ApiQueryDeletedrevs extends ApiQueryBase {
 
                if ( $fld_token ) {
                        // Undelete tokens are identical for all pages, so we cache one here
-                       $token = $wgUser->editToken();
+                       $token = $wgUser->editToken( '', $this->getMain()->getRequest() );
                }
 
                // We need a custom WHERE clause that matches all titles.

diff --git a/includes/api/ApiQueryUserInfo.php b/includes/api/ApiQueryUserInfo.php
index a664331..d57548e 100644 (file)
--- a/includes/api/ApiQueryUserInfo.php
+++ b/includes/api/ApiQueryUserInfo.php
@@ -104,7 +104,7 @@ class ApiQueryUserInfo extends ApiQueryBase {
                if ( isset( $this->prop['preferencestoken'] ) &&
                        is_null( $this->getMain()->getRequest()->getVal( 'callback' ) )
                ) {
-                       $vals['preferencestoken'] = $wgUser->editToken();
+                       $vals['preferencestoken'] = $wgUser->editToken( '', $this->getMain()->getRequest() );
                }
 
                if ( isset( $this->prop['editcount'] ) ) {

diff --git a/includes/api/ApiUnblock.php b/includes/api/ApiUnblock.php
index f8d4909..d55fe4c 100644 (file)
--- a/includes/api/ApiUnblock.php
+++ b/includes/api/ApiUnblock.php
@@ -49,7 +49,7 @@ class ApiUnblock extends ApiBase {
                $params = $this->extractRequestParams();
 
                if ( $params['gettoken'] ) {
-                       $res['unblocktoken'] = $wgUser->editToken();
+                       $res['unblocktoken'] = $wgUser->editToken( '', $this->getMain()->getRequest() );
                        $this->getResult()->addValue( null, $this->getModuleName(), $res );
                        return;
                }

diff --git a/tests/phpunit/includes/api/ApiUploadTest.php b/tests/phpunit/includes/api/ApiUploadTest.php
index 54fccae..c6afde0 100644 (file)
--- a/tests/phpunit/includes/api/ApiUploadTest.php
+++ b/tests/phpunit/includes/api/ApiUploadTest.php
@@ -106,13 +106,15 @@ abstract class ApiTestCase extends MediaWikiTestCase {
        }
 
        protected function doApiRequest( $params, $session = null, $appendModule = false ) {
-               $_SESSION = isset( $session ) ? $session : array();
+               if ( is_null( $session ) ) {
+                       $session = array();
+               }
 
-               $request = new FauxRequest( $params, true, $_SESSION );
+               $request = new FauxRequest( $params, true, $session );
                $module = new ApiMain( $request, true );
                $module->execute();
 
-               return array( $module->getResultData(), $request, $_SESSION );
+               return array( $module->getResultData(), $request, $request->getSessionArray() );
        }
 
        /**
@@ -181,7 +183,7 @@ class ApiUploadTest extends ApiTestCase {
                        'lgname' => $user->username,
                        'lgpassword' => $user->password
                );
-               list( $result, , ) = $this->doApiRequest( $params );
+               list( $result, , $session ) = $this->doApiRequest( $params );
                $this->assertArrayHasKey( "login", $result );
                $this->assertArrayHasKey( "result", $result['login'] );
                $this->assertEquals( "NeedToken", $result['login']['result'] );
@@ -193,7 +195,7 @@ class ApiUploadTest extends ApiTestCase {
                        'lgname' => $user->username,
                        'lgpassword' => $user->password
                );
-               list( $result, , $session ) = $this->doApiRequest( $params );
+               list( $result, , $session ) = $this->doApiRequest( $params, $session );
                $this->assertArrayHasKey( "login", $result );
                $this->assertArrayHasKey( "result", $result['login'] );
                $this->assertEquals( "Success", $result['login']['result'] );