Allow for time-limited tokens

[lhc/web/wiklou.git] / tests / phpunit / includes / api / ApiTestCase.php

diff --git a/tests/phpunit/includes/api/ApiTestCase.php b/tests/phpunit/includes/api/ApiTestCase.php
index cd14194..06acbaa 100644 (file)
--- a/tests/phpunit/includes/api/ApiTestCase.php
+++ b/tests/phpunit/includes/api/ApiTestCase.php
@@ -134,10 +134,14 @@ abstract class ApiTestCase extends MediaWikiLangTestCase {
                }
 
                if ( isset( $session['wsToken'] ) && $session['wsToken'] ) {
+                       // @todo Why does this directly mess with the session? Fix that.
                        // add edit token to fake session
                        $session['wsEditToken'] = $session['wsToken'];
                        // add token to request parameters
-                       $params['token'] = md5( $session['wsToken'] ) . User::EDIT_TOKEN_SUFFIX;
+                       $timestamp = wfTimestamp();
+                       $params['token'] = hash_hmac( 'md5', $timestamp, $session['wsToken'] ) .
+                               dechex( $timestamp ) .
+                               User::EDIT_TOKEN_SUFFIX;
 
                        return $this->doApiRequest( $params, $session, false, $user );
                } else {