blob: 8254fdba7d94536135610d8d8e63dd15492863ce (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
|
<?php
/**
* @group API
* @group Database
* @group medium
*
* @covers ApiLogout
*/
class ApiLogoutTest extends ApiTestCase {
protected function setUp() {
global $wgRequest, $wgUser;
parent::setUp();
// Link the user to the Session properly so User::doLogout() doesn't complain.
$wgRequest->getSession()->setUser( $wgUser );
$wgUser = User::newFromSession( $wgRequest );
$this->apiContext->setUser( $wgUser );
}
public function testUserLogoutBadToken() {
global $wgUser;
$this->setExpectedApiException( 'apierror-badtoken' );
try {
$token = 'invalid token';
$this->doUserLogout( $token );
} finally {
$this->assertTrue( $wgUser->isLoggedIn(), 'not logged out' );
}
}
public function testUserLogout() {
global $wgUser;
$this->assertTrue( $wgUser->isLoggedIn(), 'sanity check' );
$token = $this->getUserCsrfTokenFromApi();
$this->doUserLogout( $token );
$this->assertFalse( $wgUser->isLoggedIn() );
}
public function testUserLogoutWithWebToken() {
global $wgUser, $wgRequest;
$this->assertTrue( $wgUser->isLoggedIn(), 'sanity check' );
// Logic copied from SkinTemplate.
$token = $wgUser->getEditToken( 'logoutToken', $wgRequest );
$this->doUserLogout( $token );
$this->assertFalse( $wgUser->isLoggedIn() );
}
private function getUserCsrfTokenFromApi() {
$retToken = $this->doApiRequest( [
'action' => 'query',
'meta' => 'tokens',
'type' => 'csrf'
] );
$this->assertArrayNotHasKey( 'warnings', $retToken );
return $retToken[0]['query']['tokens']['csrftoken'];
}
private function doUserLogout( $logoutToken ) {
return $this->doApiRequest( [
'action' => 'logout',
'token' => $logoutToken
] );
}
}
|