Drop action api token methods deprecated in 1.24

Removes deprecated API endpoints and modules for dealing with CSRF tokens. Note: i18n messages are removed in a followup for ease of revert. Bug: T280806 Depends-On: Ic83f44587db119ff2e3e6d5ff33a10894e0695e7 Change-Id: I58aedec6942ac5d3c21574cb0072f00ef365098c
author: Petr Pchelko <ppchelko@wikimedia.org> 2021-04-20 06:42:53 -0700
committer: Ppchelko <ppchelko@wikimedia.org> 2021-09-13 15:22:16 +0000
commit: 8d7201894ce2ad2b41a7672280d50d327f62cef1 (patch)
tree: 4582c30e97017e8e77868635e7279d3c3b278492 /tests/phpunit/includes/api
parent: 003af60ae63e99e63e2eb8d958ae822f8293172a (diff)
download: mediawikicore-8d7201894ce2ad2b41a7672280d50d327f62cef1.tar.gz
mediawikicore-8d7201894ce2ad2b41a7672280d50d327f62cef1.zip
4 files changed, 22 insertions, 137 deletions
diff --git a/tests/phpunit/includes/api/ApiBlockTest.php b/tests/phpunit/includes/api/ApiBlockTest.php
index c7a9eab439ac..7e769bf69330 100644
--- a/tests/phpunit/includes/api/ApiBlockTest.php
+++ b/tests/phpunit/includes/api/ApiBlockTest.php
@@ -5,7 +5,6 @@ use MediaWiki\Block\Restriction\ActionRestriction;
 use MediaWiki\Block\Restriction\NamespaceRestriction;
 use MediaWiki\Block\Restriction\PageRestriction;
 use MediaWiki\MediaWikiServices;
-use MediaWiki\Permissions\Authority;
 use MediaWiki\Tests\Unit\Permissions\MockAuthorityTrait;
 
 /**
@@ -34,34 +33,24 @@ class ApiBlockTest extends ApiTestCase {
 		] );
 	}
 
-	protected function getTokens() {
-		return $this->getTokenList( self::$users['sysop'] );
-	}
-
 	/**
 	 * @param array $extraParams Extra API parameters to pass to doApiRequest
-	 * @param Authority|null $blocker User to do the blocking, null to pick arbitrarily
+	 * @param User|null $blocker User to do the blocking, null to pick arbitrarily
 	 * @return array result of doApiRequest
 	 */
-	private function doBlock( array $extraParams = [], Authority $blocker = null ) {
-		$tokens = $this->getTokens();
-
+	private function doBlock( array $extraParams = [], User $blocker = null ) {
 		$this->assertNotNull( $this->mUser, 'Sanity check' );
 
-		$this->assertArrayHasKey( 'blocktoken', $tokens, 'Sanity check' );
-
 		$params = [
 			'action' => 'block',
 			'user' => $this->mUser->getName(),
 			'reason' => 'Some reason',
-			'token' => $tokens['blocktoken'],
 		];
 		if ( array_key_exists( 'userid', $extraParams ) ) {
 			// Make sure we don't have both user and userid
 			unset( $params['user'] );
 		}
-		$ret = $this->doApiRequest( array_merge( $params, $extraParams ), null,
-			false, $blocker );
+		$ret = $this->doApiRequestWithToken( array_merge( $params, $extraParams ), null, $blocker );
 
 		$block = DatabaseBlock::newFromTarget( $this->mUser->getName() );
 
@@ -162,9 +151,15 @@ class ApiBlockTest extends ApiTestCase {
 	}
 
 	public function testBlockWithHide() {
+		global $wgGroupPermissions;
+		$newPermissions = $wgGroupPermissions['sysop'];
+		$newPermissions['hideuser'] = true;
+		$this->mergeMwGlobalArrayValue( 'wgGroupPermissions',
+			[ 'sysop' => $newPermissions ] );
+
 		$res = $this->doBlock(
 			[ 'hidename' => '' ],
-			$this->mockRegisteredAuthorityWithPermissions( [ 'hideuser', 'writeapi', 'block' ] )
+			self::$users['sysop']->getUser()
 		);
 
 		$this->assertSame( '1', $this->db->selectField(
@@ -318,40 +313,32 @@ class ApiBlockTest extends ApiTestCase {
 	}
 
 	public function testBlockWithLargeRange() {
-		$tokens = $this->getTokens();
-
 		$this->expectException( ApiUsageException::class );
 		$this->expectExceptionMessage( 'Invalid value "127.0.0.1/64" for user parameter "user".' );
-		$this->doApiRequest(
+		$this->doApiRequestWithToken(
 			[
 				'action' => 'block',
 				'user' => '127.0.0.1/64',
 				'reason' => 'Some reason',
-				'token' => $tokens['blocktoken'],
 			],
 			null,
-			false,
 			self::$users['sysop']->getUser()
 		);
 	}
 
 	public function testBlockingTooManyPageRestrictions() {
-		$tokens = $this->getTokens();
-
 		$this->expectException( ApiUsageException::class );
 		$this->expectExceptionMessage(
 			"Too many values supplied for parameter \"pagerestrictions\". The limit is 10." );
-		$this->doApiRequest(
+		$this->doApiRequestWithToken(
 			[
 				'action' => 'block',
 				'user' => $this->mUser->getName(),
 				'reason' => 'Some reason',
 				'partial' => true,
 				'pagerestrictions' => 'One|Two|Three|Four|Five|Six|Seven|Eight|Nine|Ten|Eleven',
-				'token' => $tokens['blocktoken'],
 			],
 			null,
-			false,
 			self::$users['sysop']->getUser()
 		);
 	}
diff --git a/tests/phpunit/includes/api/ApiTestCase.php b/tests/phpunit/includes/api/ApiTestCase.php
index 69d8bc9d179c..a856db1b6152 100644
--- a/tests/phpunit/includes/api/ApiTestCase.php
+++ b/tests/phpunit/includes/api/ApiTestCase.php
@@ -22,8 +22,6 @@ abstract class ApiTestCase extends MediaWikiLangTestCase {
 		parent::setUp();
 		self::$apiUrl = $wgServer . wfScript( 'api' );
 
-		ApiQueryInfo::resetTokenCache(); // tokens are invalid because we cleared the session
-
 		self::$users = [
 			'sysop' => static::getTestSysop(),
 			'uploader' => static::getTestUser(),
@@ -151,19 +149,6 @@ abstract class ApiTestCase extends MediaWikiLangTestCase {
 		return $this->doApiRequest( $params, $session, false, $performer, $tokenType );
 	}
 
-	protected function getTokenList( TestUser $user, $session = null ) {
-		$data = $this->doApiRequest( [
-			'action' => 'tokens',
-			'type' => 'edit|delete|protect|move|block|unblock|watch'
-		], $session, false, $user->getUser() );
-
-		if ( !array_key_exists( 'tokens', $data[0] ) ) {
-			throw new MWException( 'Api failed to return a token list' );
-		}
-
-		return $data[0]['tokens'];
-	}
-
 	protected static function getErrorFormatter() {
 		if ( self::$errorFormatter === null ) {
 			self::$errorFormatter = new ApiErrorFormatter(
diff --git a/tests/phpunit/includes/api/ApiTokensTest.php b/tests/phpunit/includes/api/ApiTokensTest.php
deleted file mode 100644
index b4144fdd9c09..000000000000
--- a/tests/phpunit/includes/api/ApiTokensTest.php
+++ /dev/null
@@ -1,44 +0,0 @@
-<?php
-
-use MediaWiki\MediaWikiServices;
-
-/**
- * @group API
- * @group Database
- * @group medium
- *
- * @covers ApiTokens
- */
-class ApiTokensTest extends ApiTestCase {
-
-	public function testGettingToken() {
-		foreach ( self::$users as $user ) {
-			$this->runTokenTest( $user );
-		}
-	}
-
-	protected function runTokenTest( TestUser $user ) {
-		$tokens = $this->getTokenList( $user );
-
-		$rights = MediaWikiServices::getInstance()
-			->getPermissionManager()
-			->getUserPermissions( $user->getUser() );
-
-		$this->assertArrayHasKey( 'edittoken', $tokens );
-		$this->assertArrayHasKey( 'movetoken', $tokens );
-
-		if ( isset( $rights['delete'] ) ) {
-			$this->assertArrayHasKey( 'deletetoken', $tokens );
-		}
-
-		if ( isset( $rights['block'] ) ) {
-			$this->assertArrayHasKey( 'blocktoken', $tokens );
-			$this->assertArrayHasKey( 'unblocktoken', $tokens );
-		}
-
-		if ( isset( $rights['protect'] ) ) {
-			$this->assertArrayHasKey( 'protecttoken', $tokens );
-		}
-	}
-
-}
diff --git a/tests/phpunit/includes/api/ApiWatchTest.php b/tests/phpunit/includes/api/ApiWatchTest.php
index 7f31b61e10e7..dec59c14c0e5 100644
--- a/tests/phpunit/includes/api/ApiWatchTest.php
+++ b/tests/phpunit/includes/api/ApiWatchTest.php
@@ -27,10 +27,6 @@ class ApiWatchTest extends ApiTestCase {
 		] );
 	}
 
-	protected function getTokens() {
-		return $this->getTokenList( self::$users['sysop'] );
-	}
-
 	public function testWatch() {
 		// Watch for a duration greater than the max ($wgWatchlistExpiryMaxDuration),
 		// which should get changed to the max
@@ -120,13 +116,10 @@ class ApiWatchTest extends ApiTestCase {
 	}
 
 	public function testWatchEdit() {
-		$tokens = $this->getTokens();
-
-		$data = $this->doApiRequest( [
+		$data = $this->doApiRequestWithToken( [
 			'action' => 'edit',
 			'title' => 'Help:UTPage', // Help namespace is hopefully wikitext
 			'text' => 'new text',
-			'token' => $tokens['edittoken'],
 			'watchlist' => 'watch'
 		] );
 
@@ -141,8 +134,6 @@ class ApiWatchTest extends ApiTestCase {
 	 * @depends testWatchEdit
 	 */
 	public function testWatchClear() {
-		$tokens = $this->getTokens();
-
 		$data = $this->doApiRequest( [
 			'action' => 'query',
 			'wllimit' => 'max',
@@ -152,11 +143,11 @@ class ApiWatchTest extends ApiTestCase {
 			$wl = $data[0]['query']['watchlist'];
 
 			foreach ( $wl as $page ) {
-				$data = $this->doApiRequest( [
+				$data = $this->doApiRequestWithToken( [
 					'action' => 'watch',
 					'title' => $page['title'],
 					'unwatch' => true,
-					'token' => $tokens['watchtoken'] ] );
+				] );
 			}
 		}
 		$data = $this->doApiRequest( [
@@ -178,11 +169,8 @@ class ApiWatchTest extends ApiTestCase {
 	}
 
 	public function testWatchProtect() {
-		$tokens = $this->getTokens();
-
-		$data = $this->doApiRequest( [
+		$data = $this->doApiRequestWithToken( [
 			'action' => 'protect',
-			'token' => $tokens['protecttoken'],
 			'title' => 'Help:UTPage',
 			'protections' => 'edit=sysop',
 			'watchlist' => 'unwatch'
@@ -194,52 +182,21 @@ class ApiWatchTest extends ApiTestCase {
 		$this->assertArrayHasKey( 'edit', $data[0]['protect']['protections'][0] );
 	}
 
-	public function testGetRollbackToken() {
-		// Needs to be here to make sure the page definitely exists and to have
-		// rollback-able edit by a different user for the testWatchRollback() below.
-		$this->editPage( 'UTPage', __FUNCTION__, '', NS_HELP, $this->getTestUser()->getUser() );
-
-		$contextUser = self::$users['sysop']->getUser();
-
-		$data = $this->doApiRequest( [
-			'action' => 'query',
-			'prop' => 'revisions',
-			'titles' => 'Help:UTPage',
-			'rvtoken' => 'rollback'
-		], null, null, $contextUser );
-
-		$this->assertArrayHasKey( 'query', $data[0] );
-		$this->assertArrayHasKey( 'pages', $data[0]['query'] );
-		$keys = array_keys( $data[0]['query']['pages'] );
-		$key = array_pop( $keys );
-		$pageInfo = $data[0]['query']['pages'][$key];
-		$revInfo = $pageInfo['revisions'][0];
-
-		$this->assertArrayHasKey( 'pageid', $pageInfo );
-		$this->assertArrayHasKey( 'revisions', $pageInfo );
-		$this->assertArrayHasKey( 0, $pageInfo['revisions'] );
-		$this->assertArrayHasKey( 'rollbacktoken', $revInfo );
-
-		return [ $revInfo['user'], $contextUser ];
-	}
-
-	/**
-	 * @depends testGetRollbackToken
-	 */
-	public function testWatchRollback( $info ) {
-		list( $revUser, $contextUser ) = $info;
+	public function testWatchRollback() {
+		$this->editPage( 'UTPage', __FUNCTION__, '',
+			NS_HELP, $this->getTestUser()->getUser() );
 		$title = Title::makeTitle( NS_HELP, 'UTPage' );
 
 		$watchlistManager = $this->getServiceContainer()->getWatchlistManager();
+		$contextUser = $this->getTestSysop()->getUser();
 
 		// This (and assertTrue below) are mostly for completeness.
 		$this->assertFalse( $watchlistManager->isWatched( $contextUser, $title ) );
 
-		$data = $this->doApiRequest( [
+		$data = $this->doApiRequestWithToken( [
 			'action' => 'rollback',
 			'title' => 'Help:UTPage',
-			'user' => $revUser,
-			'token' => $contextUser->getEditToken( 'rollback' ),
+			'user' => $this->getTestUser()->getUser(),
 			'watchlist' => 'watch'
 		] );
author	Petr Pchelko <ppchelko@wikimedia.org>	2021-04-20 06:42:53 -0700
committer	Ppchelko <ppchelko@wikimedia.org>	2021-09-13 15:22:16 +0000
commit	8d7201894ce2ad2b41a7672280d50d327f62cef1 (patch)
tree	4582c30e97017e8e77868635e7279d3c3b278492 /tests/phpunit/includes/api
parent	003af60ae63e99e63e2eb8d958ae822f8293172a (diff)
download	mediawikicore-8d7201894ce2ad2b41a7672280d50d327f62cef1.tar.gz mediawikicore-8d7201894ce2ad2b41a7672280d50d327f62cef1.zip