10 class ApiLogoutTest
extends ApiTestCase
{
12 protected function setUp() {
13 global $wgRequest, $wgUser;
17 // Link the user to the Session properly so User::doLogout() doesn't complain.
18 $wgRequest->getSession()->setUser( $wgUser );
19 $wgUser = User
::newFromSession( $wgRequest );
20 $this->apiContext
->setUser( $wgUser );
23 public function testUserLogoutBadToken() {
26 $this->setExpectedApiException( 'apierror-badtoken' );
29 $token = 'invalid token';
30 $this->doUserLogout( $token );
32 $this->assertTrue( $wgUser->isLoggedIn(), 'not logged out' );
36 public function testUserLogout() {
39 $this->assertTrue( $wgUser->isLoggedIn(), 'sanity check' );
40 $token = $this->getUserCsrfTokenFromApi();
41 $this->doUserLogout( $token );
42 $this->assertFalse( $wgUser->isLoggedIn() );
45 public function testUserLogoutWithWebToken() {
46 global $wgUser, $wgRequest;
48 $this->assertTrue( $wgUser->isLoggedIn(), 'sanity check' );
50 // Logic copied from SkinTemplate.
51 $token = $wgUser->getEditToken( 'logoutToken', $wgRequest );
53 $this->doUserLogout( $token );
54 $this->assertFalse( $wgUser->isLoggedIn() );
57 private function getUserCsrfTokenFromApi() {
58 $retToken = $this->doApiRequest( [
64 $this->assertArrayNotHasKey( 'warnings', $retToken );
66 return $retToken[0]['query']['tokens']['csrftoken'];
69 private function doUserLogout( $logoutToken ) {
70 return $this->doApiRequest( [
72 'token' => $logoutToken