From 60f1302644be8e601ed7bf0dacb8d198432077b8 Mon Sep 17 00:00:00 2001 From: Alexandre Emsenhuber Date: Wed, 2 Mar 2011 12:52:47 +0000 Subject: [PATCH] Per Platonides, fix for r82686: make ApiUploadTest work again Added option request parameter to User::editToken() and User::matchEditToken() and use them where possible from the api. Also removed $_SESSION usage since it's no longer needed --- includes/User.php | 19 ++++++++++++------- includes/WebRequest.php | 4 ++++ includes/api/ApiBlock.php | 2 +- includes/api/ApiMain.php | 2 +- includes/api/ApiQueryDeletedrevs.php | 2 +- includes/api/ApiQueryUserInfo.php | 2 +- includes/api/ApiUnblock.php | 2 +- tests/phpunit/includes/api/ApiUploadTest.php | 12 +++++++----- 8 files changed, 28 insertions(+), 17 deletions(-) diff --git a/includes/User.php b/includes/User.php index 20aa43e01e..030aaa733d 100644 --- a/includes/User.php +++ b/includes/User.php @@ -2855,18 +2855,22 @@ class User { * submission. * * @param $salt String|Array of Strings Optional function-specific data for hashing + * @param $request WebRequest object to use or null to use $wgRequest * @return String The new edit token */ - function editToken( $salt = '' ) { - global $wgRequest; + function editToken( $salt = '', $request = null ) { + if ( $request == null ) { + global $wgRequest; + $request = $wgRequest; + } if ( $this->isAnon() ) { return EDIT_TOKEN_SUFFIX; } else { - $token = $wgRequest->getSessionData( 'wsEditToken' ); + $token = $request->getSessionData( 'wsEditToken' ); if ( $token === null ) { $token = self::generateToken(); - $wgRequest->setSessionData( 'wsEditToken', $token ); + $request->setSessionData( 'wsEditToken', $token ); } if( is_array( $salt ) ) { $salt = implode( '|', $salt ); @@ -2894,10 +2898,11 @@ class User { * * @param $val String Input value to compare * @param $salt String Optional function-specific data for hashing + * @param $request WebRequest object to use or null to use $wgRequest * @return Boolean: Whether the token matches */ - function matchEditToken( $val, $salt = '' ) { - $sessionToken = $this->editToken( $salt ); + function matchEditToken( $val, $salt = '', $request = null ) { + $sessionToken = $this->editToken( $salt, $request ); if ( $val != $sessionToken ) { wfDebug( "User::matchEditToken: broken session data\n" ); } @@ -2912,7 +2917,7 @@ class User { * @param $salt String Optional function-specific data for hashing * @return Boolean: Whether the token matches */ - function matchEditTokenNoSuffix( $val, $salt = '' ) { + function matchEditTokenNoSuffix( $val, $salt = '', $request = null ) { $sessionToken = $this->editToken( $salt ); return substr( $sessionToken, 0, 32 ) == substr( $val, 0, 32 ); } diff --git a/includes/WebRequest.php b/includes/WebRequest.php index 5035adf1dd..a48cd797dd 100644 --- a/includes/WebRequest.php +++ b/includes/WebRequest.php @@ -1024,6 +1024,10 @@ class FauxRequest extends WebRequest { $this->session[$key] = $data; } + public function getSessionArray() { + return $this->session; + } + public function isPathInfoBad() { return false; } diff --git a/includes/api/ApiBlock.php b/includes/api/ApiBlock.php index 8d4b909523..37c6057180 100644 --- a/includes/api/ApiBlock.php +++ b/includes/api/ApiBlock.php @@ -52,7 +52,7 @@ class ApiBlock extends ApiBase { $params = $this->extractRequestParams(); if ( $params['gettoken'] ) { - $res['blocktoken'] = $wgUser->editToken(); + $res['blocktoken'] = $wgUser->editToken( '', $this->getMain()->getRequest() ); $this->getResult()->addValue( null, $this->getModuleName(), $res ); return; } diff --git a/includes/api/ApiMain.php b/includes/api/ApiMain.php index 81a70decc8..7cf5386329 100644 --- a/includes/api/ApiMain.php +++ b/includes/api/ApiMain.php @@ -561,7 +561,7 @@ class ApiMain extends ApiBase { $this->dieUsageMsg( array( 'missingparam', 'token' ) ); } else { global $wgUser; - if ( !$wgUser->matchEditToken( $moduleParams['token'], $salt ) ) { + if ( !$wgUser->matchEditToken( $moduleParams['token'], $salt, $this->getMain()->getRequest() ) ) { $this->dieUsageMsg( array( 'sessionfailure' ) ); } } diff --git a/includes/api/ApiQueryDeletedrevs.php b/includes/api/ApiQueryDeletedrevs.php index ca24881b7b..230b9de61a 100644 --- a/includes/api/ApiQueryDeletedrevs.php +++ b/includes/api/ApiQueryDeletedrevs.php @@ -125,7 +125,7 @@ class ApiQueryDeletedrevs extends ApiQueryBase { if ( $fld_token ) { // Undelete tokens are identical for all pages, so we cache one here - $token = $wgUser->editToken(); + $token = $wgUser->editToken( '', $this->getMain()->getRequest() ); } // We need a custom WHERE clause that matches all titles. diff --git a/includes/api/ApiQueryUserInfo.php b/includes/api/ApiQueryUserInfo.php index a6643319b0..d57548e1e5 100644 --- a/includes/api/ApiQueryUserInfo.php +++ b/includes/api/ApiQueryUserInfo.php @@ -104,7 +104,7 @@ class ApiQueryUserInfo extends ApiQueryBase { if ( isset( $this->prop['preferencestoken'] ) && is_null( $this->getMain()->getRequest()->getVal( 'callback' ) ) ) { - $vals['preferencestoken'] = $wgUser->editToken(); + $vals['preferencestoken'] = $wgUser->editToken( '', $this->getMain()->getRequest() ); } if ( isset( $this->prop['editcount'] ) ) { diff --git a/includes/api/ApiUnblock.php b/includes/api/ApiUnblock.php index f8d49099c0..d55fe4cee0 100644 --- a/includes/api/ApiUnblock.php +++ b/includes/api/ApiUnblock.php @@ -49,7 +49,7 @@ class ApiUnblock extends ApiBase { $params = $this->extractRequestParams(); if ( $params['gettoken'] ) { - $res['unblocktoken'] = $wgUser->editToken(); + $res['unblocktoken'] = $wgUser->editToken( '', $this->getMain()->getRequest() ); $this->getResult()->addValue( null, $this->getModuleName(), $res ); return; } diff --git a/tests/phpunit/includes/api/ApiUploadTest.php b/tests/phpunit/includes/api/ApiUploadTest.php index 54fccae5c6..c6afde0e8a 100644 --- a/tests/phpunit/includes/api/ApiUploadTest.php +++ b/tests/phpunit/includes/api/ApiUploadTest.php @@ -106,13 +106,15 @@ abstract class ApiTestCase extends MediaWikiTestCase { } protected function doApiRequest( $params, $session = null, $appendModule = false ) { - $_SESSION = isset( $session ) ? $session : array(); + if ( is_null( $session ) ) { + $session = array(); + } - $request = new FauxRequest( $params, true, $_SESSION ); + $request = new FauxRequest( $params, true, $session ); $module = new ApiMain( $request, true ); $module->execute(); - return array( $module->getResultData(), $request, $_SESSION ); + return array( $module->getResultData(), $request, $request->getSessionArray() ); } /** @@ -181,7 +183,7 @@ class ApiUploadTest extends ApiTestCase { 'lgname' => $user->username, 'lgpassword' => $user->password ); - list( $result, , ) = $this->doApiRequest( $params ); + list( $result, , $session ) = $this->doApiRequest( $params ); $this->assertArrayHasKey( "login", $result ); $this->assertArrayHasKey( "result", $result['login'] ); $this->assertEquals( "NeedToken", $result['login']['result'] ); @@ -193,7 +195,7 @@ class ApiUploadTest extends ApiTestCase { 'lgname' => $user->username, 'lgpassword' => $user->password ); - list( $result, , $session ) = $this->doApiRequest( $params ); + list( $result, , $session ) = $this->doApiRequest( $params, $session ); $this->assertArrayHasKey( "login", $result ); $this->assertArrayHasKey( "result", $result['login'] ); $this->assertEquals( "Success", $result['login']['result'] ); -- 2.20.1