3 namespace MediaWiki\Tests\Rest\BasicAccess
;
5 use GuzzleHttp\Psr7\Uri
;
6 use MediaWiki\Permissions\PermissionManager
;
7 use MediaWiki\Rest\BasicAccess\MWBasicAuthorizer
;
8 use MediaWiki\Rest\Handler
;
9 use MediaWiki\Rest\RequestData
;
10 use MediaWiki\Rest\ResponseFactory
;
11 use MediaWiki\Rest\Router
;
12 use MediaWiki\Rest\Validator\Validator
;
13 use MediaWikiTestCase
;
14 use Psr\Container\ContainerInterface
;
16 use Wikimedia\ObjectFactory
;
21 * @covers \MediaWiki\Rest\BasicAccess\BasicAuthorizerBase
22 * @covers \MediaWiki\Rest\BasicAccess\MWBasicAuthorizer
23 * @covers \MediaWiki\Rest\BasicAccess\BasicRequestAuthorizer
24 * @covers \MediaWiki\Rest\BasicAccess\MWBasicRequestAuthorizer
26 class MWBasicRequestAuthorizerTest
extends MediaWikiTestCase
{
27 private function createRouter( $userRights, $request ) {
28 $user = User
::newFromName( 'Test user' );
29 $objectFactory = new ObjectFactory(
30 $this->getMockForAbstractClass( ContainerInterface
::class )
32 $permissionManager = $this->createMock( PermissionManager
::class );
33 // Don't allow the rights to everybody so that user rights kick in.
34 $permissionManager->method( 'isEveryoneAllowed' )->willReturn( false );
35 $permissionManager->method( 'userHasRight' )
36 ->will( $this->returnCallback( function ( $user, $action ) use ( $userRights ) {
37 return isset( $userRights[$action] ) && $userRights[$action];
43 [ "$IP/tests/phpunit/unit/includes/Rest/testRoutes.json" ],
46 new \
EmptyBagOStuff(),
47 new ResponseFactory( [] ),
48 new MWBasicAuthorizer( $user, $permissionManager ),
50 new Validator( $objectFactory, $permissionManager, $request, $user )
54 public function testReadDenied() {
55 $request = new RequestData( [ 'uri' => new Uri( '/rest/user/joe/hello' ) ] );
56 $router = $this->createRouter( [ 'read' => false ], $request );
57 $response = $router->execute( $request );
58 $this->assertSame( 403, $response->getStatusCode() );
60 $body = $response->getBody();
62 $data = json_decode( $body->getContents(), true );
63 $this->assertSame( 'rest-read-denied', $data['error'] );
66 public function testReadAllowed() {
67 $request = new RequestData( [ 'uri' => new Uri( '/rest/user/joe/hello' ) ] );
68 $router = $this->createRouter( [ 'read' => true ], $request );
69 $response = $router->execute( $request );
70 $this->assertSame( 200, $response->getStatusCode() );
73 public static function writeHandlerFactory() {
74 return new class extends Handler
{
75 public function needsWriteAccess() {
79 public function execute() {
85 public function testWriteDenied() {
86 $request = new RequestData( [
87 'uri' => new Uri( '/rest/mock/MWBasicRequestAuthorizerTest/write' )
89 $router = $this->createRouter( [ 'read' => true, 'writeapi' => false ], $request );
90 $response = $router->execute( $request );
91 $this->assertSame( 403, $response->getStatusCode() );
93 $body = $response->getBody();
95 $data = json_decode( $body->getContents(), true );
96 $this->assertSame( 'rest-write-denied', $data['error'] );
99 public function testWriteAllowed() {
100 $request = new RequestData( [
101 'uri' => new Uri( '/rest/mock/MWBasicRequestAuthorizerTest/write' )
103 $router = $this->createRouter( [ 'read' => true, 'writeapi' => true ], $request );
104 $response = $router->execute( $request );
106 $this->assertSame( 200, $response->getStatusCode() );