3 namespace MediaWiki\Tests\Rest\BasicAccess
;
5 use GuzzleHttp\Psr7\Uri
;
6 use MediaWiki\MediaWikiServices
;
7 use MediaWiki\Rest\BasicAccess\MWBasicAuthorizer
;
8 use MediaWiki\Rest\Handler
;
9 use MediaWiki\Rest\RequestData
;
10 use MediaWiki\Rest\ResponseFactory
;
11 use MediaWiki\Rest\Router
;
12 use MediaWikiTestCase
;
18 * @covers \MediaWiki\Rest\BasicAccess\BasicAuthorizerBase
19 * @covers \MediaWiki\Rest\BasicAccess\MWBasicAuthorizer
20 * @covers \MediaWiki\Rest\BasicAccess\BasicRequestAuthorizer
21 * @covers \MediaWiki\Rest\BasicAccess\MWBasicRequestAuthorizer
23 class MWBasicRequestAuthorizerTest
extends MediaWikiTestCase
{
24 private function createRouter( $userRights ) {
25 $user = User
::newFromName( 'Test user' );
26 // Don't allow the rights to everybody so that user rights kick in.
27 $this->mergeMwGlobalArrayValue( 'wgGroupPermissions', [ '*' => $userRights ] );
28 $this->resetServices();
29 $this->overrideUserPermissions(
31 array_keys( array_filter( $userRights ), function ( $value ) {
32 return $value === true;
39 [ "$IP/tests/phpunit/unit/includes/Rest/testRoutes.json" ],
42 new \
EmptyBagOStuff(),
43 new ResponseFactory(),
44 new MWBasicAuthorizer( $user, MediaWikiServices
::getInstance()->getPermissionManager() ) );
47 public function testReadDenied() {
48 $router = $this->createRouter( [ 'read' => false ] );
49 $request = new RequestData( [ 'uri' => new Uri( '/rest/user/joe/hello' ) ] );
50 $response = $router->execute( $request );
51 $this->assertSame( 403, $response->getStatusCode() );
53 $body = $response->getBody();
55 $data = json_decode( $body->getContents(), true );
56 $this->assertSame( 'rest-read-denied', $data['error'] );
59 public function testReadAllowed() {
60 $router = $this->createRouter( [ 'read' => true ] );
61 $request = new RequestData( [ 'uri' => new Uri( '/rest/user/joe/hello' ) ] );
62 $response = $router->execute( $request );
63 $this->assertSame( 200, $response->getStatusCode() );
66 public static function writeHandlerFactory() {
67 return new class extends Handler
{
68 public function needsWriteAccess() {
72 public function execute() {
78 public function testWriteDenied() {
79 $router = $this->createRouter( [ 'read' => true, 'writeapi' => false ] );
80 $request = new RequestData( [
81 'uri' => new Uri( '/rest/mock/MWBasicRequestAuthorizerTest/write' )
83 $response = $router->execute( $request );
84 $this->assertSame( 403, $response->getStatusCode() );
86 $body = $response->getBody();
88 $data = json_decode( $body->getContents(), true );
89 $this->assertSame( 'rest-write-denied', $data['error'] );
92 public function testWriteAllowed() {
93 $router = $this->createRouter( [ 'read' => true, 'writeapi' => true ] );
94 $request = new RequestData( [
95 'uri' => new Uri( '/rest/mock/MWBasicRequestAuthorizerTest/write' )
97 $response = $router->execute( $request );
99 $this->assertSame( 200, $response->getStatusCode() );