*/
public function testApi() {
$api = new ApiMain(
- new FauxRequest( array( 'action' => 'query', 'meta' => 'siteinfo' ) )
+ new FauxRequest( [ 'action' => 'query', 'meta' => 'siteinfo' ] )
);
$api->execute();
$data = $api->getResult()->getResultData();
}
public static function provideAssert() {
- return array(
- array( false, array(), 'user', 'assertuserfailed' ),
- array( true, array(), 'user', false ),
- array( true, array(), 'bot', 'assertbotfailed' ),
- array( true, array( 'bot' ), 'user', false ),
- array( true, array( 'bot' ), 'bot', false ),
- );
+ return [
+ [ false, [], 'user', 'assertuserfailed' ],
+ [ true, [], 'user', false ],
+ [ true, [], 'bot', 'assertbotfailed' ],
+ [ true, [ 'bot' ], 'user', false ],
+ [ true, [ 'bot' ], 'bot', false ],
+ ];
}
/**
}
$user->mRights = $rights;
try {
- $this->doApiRequest( array(
+ $this->doApiRequest( [
'action' => 'query',
'assert' => $assert,
- ), null, null, $user );
+ ], null, null, $user );
$this->assertFalse( $error ); // That no error was expected
} catch ( UsageException $e ) {
$this->assertEquals( $e->getCodeString(), $error );
$classes = $wgAutoloadLocalClasses + $wgAutoloadClasses;
$api = new ApiMain(
- new FauxRequest( array( 'action' => 'query', 'meta' => 'siteinfo' ) )
+ new FauxRequest( [ 'action' => 'query', 'meta' => 'siteinfo' ] )
);
$modules = $api->getModuleManager()->getNamesWithClasses();
foreach ( $modules as $name => $class ) {
public function testCheckConditionalRequestHeaders(
$headers, $conditions, $status, $post = false
) {
- $request = new FauxRequest( array( 'action' => 'query', 'meta' => 'siteinfo' ), $post );
+ $request = new FauxRequest( [ 'action' => 'query', 'meta' => 'siteinfo' ], $post );
$request->setHeaders( $headers );
$request->response()->statusHeader( 200 ); // Why doesn't it default?
$priv->mInternalMode = false;
$module = $this->getMockBuilder( 'ApiBase' )
- ->setConstructorArgs( array( $api, 'mock' ) )
- ->setMethods( array( 'getConditionalRequestData' ) )
+ ->setConstructorArgs( [ $api, 'mock' ] )
+ ->setMethods( [ 'getConditionalRequestData' ] )
->getMockForAbstractClass();
$module->expects( $this->any() )
->method( 'getConditionalRequestData' )
public static function provideCheckConditionalRequestHeaders() {
$now = time();
- return array(
+ return [
// Non-existing from module is ignored
- array( array( 'If-None-Match' => '"foo", "bar"' ), array(), 200 ),
- array( array( 'If-Modified-Since' => 'Tue, 18 Aug 2015 00:00:00 GMT' ), array(), 200 ),
+ [ [ 'If-None-Match' => '"foo", "bar"' ], [], 200 ],
+ [ [ 'If-Modified-Since' => 'Tue, 18 Aug 2015 00:00:00 GMT' ], [], 200 ],
// No headers
- array(
- array(),
- array(
+ [
+ [],
+ [
'etag' => '""',
'last-modified' => '20150815000000',
- ),
+ ],
200
- ),
+ ],
// Basic If-None-Match
- array( array( 'If-None-Match' => '"foo", "bar"' ), array( 'etag' => '"bar"' ), 304 ),
- array( array( 'If-None-Match' => '"foo", "bar"' ), array( 'etag' => '"baz"' ), 200 ),
- array( array( 'If-None-Match' => '"foo"' ), array( 'etag' => 'W/"foo"' ), 304 ),
- array( array( 'If-None-Match' => 'W/"foo"' ), array( 'etag' => '"foo"' ), 304 ),
- array( array( 'If-None-Match' => 'W/"foo"' ), array( 'etag' => 'W/"foo"' ), 304 ),
+ [ [ 'If-None-Match' => '"foo", "bar"' ], [ 'etag' => '"bar"' ], 304 ],
+ [ [ 'If-None-Match' => '"foo", "bar"' ], [ 'etag' => '"baz"' ], 200 ],
+ [ [ 'If-None-Match' => '"foo"' ], [ 'etag' => 'W/"foo"' ], 304 ],
+ [ [ 'If-None-Match' => 'W/"foo"' ], [ 'etag' => '"foo"' ], 304 ],
+ [ [ 'If-None-Match' => 'W/"foo"' ], [ 'etag' => 'W/"foo"' ], 304 ],
// Pointless, but supported
- array( array( 'If-None-Match' => '*' ), array(), 304 ),
+ [ [ 'If-None-Match' => '*' ], [], 304 ],
// Basic If-Modified-Since
- array( array( 'If-Modified-Since' => wfTimestamp( TS_RFC2822, $now ) ),
- array( 'last-modified' => wfTimestamp( TS_MW, $now - 1 ) ), 304 ),
- array( array( 'If-Modified-Since' => wfTimestamp( TS_RFC2822, $now ) ),
- array( 'last-modified' => wfTimestamp( TS_MW, $now ) ), 304 ),
- array( array( 'If-Modified-Since' => wfTimestamp( TS_RFC2822, $now ) ),
- array( 'last-modified' => wfTimestamp( TS_MW, $now + 1 ) ), 200 ),
+ [ [ 'If-Modified-Since' => wfTimestamp( TS_RFC2822, $now ) ],
+ [ 'last-modified' => wfTimestamp( TS_MW, $now - 1 ) ], 304 ],
+ [ [ 'If-Modified-Since' => wfTimestamp( TS_RFC2822, $now ) ],
+ [ 'last-modified' => wfTimestamp( TS_MW, $now ) ], 304 ],
+ [ [ 'If-Modified-Since' => wfTimestamp( TS_RFC2822, $now ) ],
+ [ 'last-modified' => wfTimestamp( TS_MW, $now + 1 ) ], 200 ],
// If-Modified-Since ignored when If-None-Match is given too
- array( array( 'If-None-Match' => '""', 'If-Modified-Since' => wfTimestamp( TS_RFC2822, $now ) ),
- array( 'etag' => '"x"', 'last-modified' => wfTimestamp( TS_MW, $now - 1 ) ), 200 ),
- array( array( 'If-None-Match' => '""', 'If-Modified-Since' => wfTimestamp( TS_RFC2822, $now ) ),
- array( 'last-modified' => wfTimestamp( TS_MW, $now - 1 ) ), 304 ),
+ [ [ 'If-None-Match' => '""', 'If-Modified-Since' => wfTimestamp( TS_RFC2822, $now ) ],
+ [ 'etag' => '"x"', 'last-modified' => wfTimestamp( TS_MW, $now - 1 ) ], 200 ],
+ [ [ 'If-None-Match' => '""', 'If-Modified-Since' => wfTimestamp( TS_RFC2822, $now ) ],
+ [ 'last-modified' => wfTimestamp( TS_MW, $now - 1 ) ], 304 ],
// Ignored for POST
- array( array( 'If-None-Match' => '"foo", "bar"' ), array( 'etag' => '"bar"' ), 200, true ),
- array( array( 'If-Modified-Since' => wfTimestamp( TS_RFC2822, $now ) ),
- array( 'last-modified' => wfTimestamp( TS_MW, $now - 1 ) ), 200, true ),
+ [ [ 'If-None-Match' => '"foo", "bar"' ], [ 'etag' => '"bar"' ], 200, true ],
+ [ [ 'If-Modified-Since' => wfTimestamp( TS_RFC2822, $now ) ],
+ [ 'last-modified' => wfTimestamp( TS_MW, $now - 1 ) ], 200, true ],
// Other date formats allowed by the RFC
- array( array( 'If-Modified-Since' => gmdate( 'l, d-M-y H:i:s', $now ) . ' GMT' ),
- array( 'last-modified' => wfTimestamp( TS_MW, $now - 1 ) ), 304 ),
- array( array( 'If-Modified-Since' => gmdate( 'D M j H:i:s Y', $now ) ),
- array( 'last-modified' => wfTimestamp( TS_MW, $now - 1 ) ), 304 ),
+ [ [ 'If-Modified-Since' => gmdate( 'l, d-M-y H:i:s', $now ) . ' GMT' ],
+ [ 'last-modified' => wfTimestamp( TS_MW, $now - 1 ) ], 304 ],
+ [ [ 'If-Modified-Since' => gmdate( 'D M j H:i:s Y', $now ) ],
+ [ 'last-modified' => wfTimestamp( TS_MW, $now - 1 ) ], 304 ],
// Old browser extension to HTTP/1.0
- array( array( 'If-Modified-Since' => wfTimestamp( TS_RFC2822, $now ) . '; length=123' ),
- array( 'last-modified' => wfTimestamp( TS_MW, $now - 1 ) ), 304 ),
+ [ [ 'If-Modified-Since' => wfTimestamp( TS_RFC2822, $now ) . '; length=123' ],
+ [ 'last-modified' => wfTimestamp( TS_MW, $now - 1 ) ], 304 ],
// Invalid date formats should be ignored
- array( array( 'If-Modified-Since' => gmdate( 'Y-m-d H:i:s', $now ) . ' GMT' ),
- array( 'last-modified' => wfTimestamp( TS_MW, $now - 1 ) ), 200 ),
- );
+ [ [ 'If-Modified-Since' => gmdate( 'Y-m-d H:i:s', $now ) . ' GMT' ],
+ [ 'last-modified' => wfTimestamp( TS_MW, $now - 1 ) ], 200 ],
+ ];
}
/**
public function testConditionalRequestHeadersOutput(
$conditions, $headers, $isError = false, $post = false
) {
- $request = new FauxRequest( array( 'action' => 'query', 'meta' => 'siteinfo' ), $post );
+ $request = new FauxRequest( [ 'action' => 'query', 'meta' => 'siteinfo' ], $post );
$response = $request->response();
$api = new ApiMain( $request );
$priv->mInternalMode = false;
$module = $this->getMockBuilder( 'ApiBase' )
- ->setConstructorArgs( array( $api, 'mock' ) )
- ->setMethods( array( 'getConditionalRequestData' ) )
+ ->setConstructorArgs( [ $api, 'mock' ] )
+ ->setMethods( [ 'getConditionalRequestData' ] )
->getMockForAbstractClass();
$module->expects( $this->any() )
->method( 'getConditionalRequestData' )
$priv->sendCacheHeaders( $isError );
- foreach ( array( 'Last-Modified', 'ETag' ) as $header ) {
+ foreach ( [ 'Last-Modified', 'ETag' ] as $header ) {
$this->assertEquals(
isset( $headers[$header] ) ? $headers[$header] : null,
$response->getHeader( $header ),
}
public static function provideConditionalRequestHeadersOutput() {
- return array(
- array(
- array(),
- array()
- ),
- array(
- array( 'etag' => '"foo"' ),
- array( 'ETag' => '"foo"' )
- ),
- array(
- array( 'last-modified' => '20150818000102' ),
- array( 'Last-Modified' => 'Tue, 18 Aug 2015 00:01:02 GMT' )
- ),
- array(
- array( 'etag' => '"foo"', 'last-modified' => '20150818000102' ),
- array( 'ETag' => '"foo"', 'Last-Modified' => 'Tue, 18 Aug 2015 00:01:02 GMT' )
- ),
- array(
- array( 'etag' => '"foo"', 'last-modified' => '20150818000102' ),
- array(),
+ return [
+ [
+ [],
+ []
+ ],
+ [
+ [ 'etag' => '"foo"' ],
+ [ 'ETag' => '"foo"' ]
+ ],
+ [
+ [ 'last-modified' => '20150818000102' ],
+ [ 'Last-Modified' => 'Tue, 18 Aug 2015 00:01:02 GMT' ]
+ ],
+ [
+ [ 'etag' => '"foo"', 'last-modified' => '20150818000102' ],
+ [ 'ETag' => '"foo"', 'Last-Modified' => 'Tue, 18 Aug 2015 00:01:02 GMT' ]
+ ],
+ [
+ [ 'etag' => '"foo"', 'last-modified' => '20150818000102' ],
+ [],
true,
- ),
- array(
- array( 'etag' => '"foo"', 'last-modified' => '20150818000102' ),
- array(),
+ ],
+ [
+ [ 'etag' => '"foo"', 'last-modified' => '20150818000102' ],
+ [],
false,
true,
- ),
- );
+ ],
+ ];
}
+ /**
+ * @covers ApiMain::lacksSameOriginSecurity
+ */
+ public function testLacksSameOriginSecurity() {
+ // Basic test
+ $main = new ApiMain( new FauxRequest( array( 'action' => 'query', 'meta' => 'siteinfo' ) ) );
+ $this->assertFalse( $main->lacksSameOriginSecurity(), 'Basic test, should have security' );
+
+ // JSONp
+ $main = new ApiMain(
+ new FauxRequest( array( 'action' => 'query', 'format' => 'xml', 'callback' => 'foo' ) )
+ );
+ $this->assertTrue( $main->lacksSameOriginSecurity(), 'JSONp, should lack security' );
+
+ // Header
+ $request = new FauxRequest( array( 'action' => 'query', 'meta' => 'siteinfo' ) );
+ $request->setHeader( 'TrEaT-As-UnTrUsTeD', '' ); // With falsey value!
+ $main = new ApiMain( $request );
+ $this->assertTrue( $main->lacksSameOriginSecurity(), 'Header supplied, should lack security' );
+
+ // Hook
+ $this->mergeMwGlobalArrayValue( 'wgHooks', array(
+ 'RequestHasSameOriginSecurity' => array( function () { return false; } )
+ ) );
+ $main = new ApiMain( new FauxRequest( array( 'action' => 'query', 'meta' => 'siteinfo' ) ) );
+ $this->assertTrue( $main->lacksSameOriginSecurity(), 'Hook, should lack security' );
+ }
}