MediaWiki REL1_33
ApiCheckTokenTest.php
Go to the documentation of this file.
1<?php
2
3use MediaWiki\Session\Token;
4
10class ApiCheckTokenTest extends ApiTestCase {
11
15 public function testCheckTokenValid() {
16 // Query token which will be checked later
17 $tokens = $this->doApiRequest( [
18 'action' => 'query',
19 'meta' => 'tokens',
20 ] );
21
22 $data = $this->doApiRequest( [
23 'action' => 'checktoken',
24 'type' => 'csrf',
25 'token' => $tokens[0]['query']['tokens']['csrftoken'],
26 ], $tokens[1]->getSessionArray() );
27
28 $this->assertEquals( 'valid', $data[0]['checktoken']['result'] );
29 $this->assertArrayHasKey( 'generated', $data[0]['checktoken'] );
30 }
31
35 public function testCheckTokenInvalid() {
36 $session = [];
37 $data = $this->doApiRequest( [
38 'action' => 'checktoken',
39 'type' => 'csrf',
40 'token' => 'invalid_token',
41 ], $session );
42
43 $this->assertEquals( 'invalid', $data[0]['checktoken']['result'] );
44 }
45
49 public function testCheckTokenExpired() {
50 // Query token which will be checked later
51 $tokens = $this->doApiRequest( [
52 'action' => 'query',
53 'meta' => 'tokens',
54 ] );
55
56 $data = $this->doApiRequest( [
57 'action' => 'checktoken',
58 'type' => 'csrf',
59 'token' => $tokens[0]['query']['tokens']['csrftoken'],
60 'maxtokenage' => -1,
61 ], $tokens[1]->getSessionArray() );
62
63 $this->assertEquals( 'expired', $data[0]['checktoken']['result'] );
64 $this->assertArrayHasKey( 'generated', $data[0]['checktoken'] );
65 }
66
70 public function testCheckTokenSuffixWarning() {
71 // Query token which will be checked later
72 $tokens = $this->doApiRequest( [
73 'action' => 'query',
74 'meta' => 'tokens',
75 ] );
76
77 // Get token and change the suffix
78 $token = $tokens[0]['query']['tokens']['csrftoken'];
79 $token = substr( $token, 0, -strlen( Token::SUFFIX ) ) . urldecode( Token::SUFFIX );
80
81 $data = $this->doApiRequest( [
82 'action' => 'checktoken',
83 'type' => 'csrf',
84 'token' => $token,
85 'errorformat' => 'raw',
86 ], $tokens[1]->getSessionArray() );
87
88 $this->assertEquals( 'invalid', $data[0]['checktoken']['result'] );
89 $this->assertArrayHasKey( 'warnings', $data[0] );
90 $this->assertCount( 1, $data[0]['warnings'] );
91 $this->assertEquals( 'checktoken', $data[0]['warnings'][0]['module'] );
92 $this->assertEquals( 'checktoken-percentencoding', $data[0]['warnings'][0]['code'] );
93 }
94
95}
and
and that you know you can do these things To protect your we need to make restrictions that forbid anyone to deny you these rights or to ask you to surrender the rights These restrictions translate to certain responsibilities for you if you distribute copies of the or if you modify it For if you distribute copies of such a whether gratis or for a you must give the recipients all the rights that you have You must make sure that receive or can get the source code And you must show them these terms so they know their rights We protect your rights with two and(2) offer you this license which gives you legal permission to copy
ApiCheckTokenTest
API medium ApiCheckToken.
Definition ApiCheckTokenTest.php:10
ApiCheckTokenTest\testCheckTokenSuffixWarning
testCheckTokenSuffixWarning()
Test if using token with incorrect suffix will produce a warning.
Definition ApiCheckTokenTest.php:70
ApiCheckTokenTest\testCheckTokenInvalid
testCheckTokenInvalid()
Test result of checking invalid token.
Definition ApiCheckTokenTest.php:35
ApiCheckTokenTest\testCheckTokenExpired
testCheckTokenExpired()
Test result of checking token with negative max age (should be expired)
Definition ApiCheckTokenTest.php:49
ApiCheckTokenTest\testCheckTokenValid
testCheckTokenValid()
Test result of checking previously queried token (should be valid)
Definition ApiCheckTokenTest.php:15
ApiTestCase\doApiRequest
doApiRequest(array $params, array $session=null, $appendModule=false, User $user=null, $tokenType=null)
Does the API request and returns the result.
Definition ApiTestCase.php:62
MediaWiki\Session\Token
Value object representing a CSRF token.
Definition Token.php:32
$data
$data
Utility to generate mapping file used in mw.Title (phpCharToUpper.json)
Definition generatePhpCharToUpperMappings.php:13
$tokens
$tokens
Definition mwdoc-filter.php:47