I only made one small addition, because I don't understand login/session
code well enough to easily do more.
Change-Id: I36c5ea8e31fb00d75da24c38381f74ba8a15f31a
$this->assertEquals( 'Success', $a );
}
+ public function testLoginWithNoSameOriginSecurity() {
+ $this->setTemporaryHook( 'RequestHasSameOriginSecurity',
+ function () {
+ return false;
+ }
+ );
+
+ $result = $this->doApiRequest( [
+ 'action' => 'login',
+ ] )[0]['login'];
+
+ $this->assertSame( [
+ 'result' => 'Aborted',
+ 'reason' => 'Cannot log in when the same-origin policy is not applied.',
+ ], $result );
+ }
}