aboutsummaryrefslogtreecommitdiffstats
path: root/tests/phpunit/includes/Rest
Commit message (Collapse)AuthorAgeFilesLines
* Use real type hints for services etc. in includes/Rest/Bartosz Dziewoński2024-06-111-4/+2
| | | | | | | | | | | | | | | | | Mostly used find-and-replace: Find: /\*[\*\s]+@var (I?[A-Z](\w+)(?:Interface)?)[\s\*]+/\s*(private|protected|public) (\$[a-z]\w+;\n)((?=\s*/\*[\*\s]+@var (I?[A-Z](\w+)(?:Interface)?))\n|) Replace with: \3 \1 \4 More could be done, but to keep this patch reasonably sized, I only changed the most obvious and unambiguously correct cases. In some cases, I also removed redundant doc comments on the constructor, and re-ordered the properties to match the constructor. Change-Id: Ifa710fdf4d8d44a2d7244798b787a1b2a58c35a7
* Introduce Modules into the REST frameworkdaniel2024-05-081-3/+2
| | | | | | | Modules group together endpoints by a shared prefix. The idea is that each module has its own version and can generated self-contained self-documentation. This allows clients to have clear expectations about the endpoints of each module, no matter what wiki they are accessing. So far, each wiki may be exposing a different set of endpoints, with no way to provide a spec that describes that set of endpoints in a way that would be consistent across wikis and stable over time. Bug: T362480 Change-Id: Iebcde4645d472d27eee5a30adb6eee12cc7d046b
* Merge "Rest: Turn Rest\EntryPoint into a MediaWikiEntryPoint subclass"jenkins-bot2024-03-121-45/+49
|\
| * Rest: Turn Rest\EntryPoint into a MediaWikiEntryPoint subclassdaniel2024-03-121-45/+49
| | | | | | | | | | | | | | | | The idea is for all entry points to use the MediaWikiEntryPoint base class, to improve consistency and testability. Bug: T354216 Change-Id: I3678afe32c7c1a313d2dcb1808286c25ecd167eb
* | REST: allow lower-case method namesdaniel2024-03-061-1/+5
|/ | | | | Bug: T359306 Change-Id: I660813cbd033e3d399c0d79f4714ef9854e013f3
* tests: Add more use statements in namespaced classesReedy2024-02-181-1/+2
| | | | Change-Id: I2629cfcb09fde6f18be824779a2c12c013ea0cb5
* Namespace includes/contextJames D. Forrester2024-02-081-1/+1
| | | | | Bug: T353458 Change-Id: I4dbef138fd0110c14c70214282519189d70c94fb
* Update tests for PHPUnit 9.6 (part 2)Daimona Eaytoy2024-01-171-6/+13
| | | | | | | - Avoid withConsecutive() Bug: T342110 Change-Id: Iedda49765cbceeb10ccd72d0248f3cda9241da1e
* tests: Prevent leaking $_SERVER in RequestFromGlobalsTestmainframe982023-07-191-0/+12
| | | | | | | | These tests modified $_SERVER, but did not restore it afterwards, which caused trouble for MediaWikiTest. Bug: T342192 Change-Id: If8084381b91f2a79fdaaf6d96dbf5fe625410297
* build: Updating mediawiki/mediawiki-codesniffer to 41.0.0libraryupgrader2023-03-111-2/+2
| | | | | | | The following sniffs are failing and were disabled: * MediaWiki.Usage.ForbiddenFunctions.eval Change-Id: I6fd0a9296c88a77c3abec6e5e8d568bb469c2d6e
* Reorg: Move WebResponse and FauxResponse to Request/Amir Sarabadani2023-03-011-1/+1
| | | | | Bug: T321882 Change-Id: Iae8b9e0170c67c1adf861a6d0da45178a7d3cca7
* tests: Simplify some nested ->will( $this->return assertionsReedy2022-11-121-1/+1
| | | | Change-Id: Ic861ce5604784b7fa600844d81387b84230bc0e1
* REST: introduce getPrivateRouteUrldaniel2022-07-141-35/+4
| | | | | | | | | | | We need a way to determine the URL of routes that are not public, and should be using $wgInternalServer rather than $wgCanonicalServer. This patch also refactors some test code to make changes to the constructor of the Router class less painful. Bug: T311867 Change-Id: If1878365d019434bb862c643c2350b63479c9844
* Allow REST API handlers to require csrf-safe session providersBill Pirkle2022-05-201-1/+4
| | | | | | Bug: T305043 Depends-On: Ic7c1b19b86e8a151e2d42aaec00ef0e89db77f08 Change-Id: Ic6bd48b400ecd839ef99b518ef955781470cd05c
* Use updated ObjectFactory namespaceAlexander Vorwerk2022-03-091-1/+1
| | | | | | | Depends-On: I99c5e5664d2401c36a9890f148eba7c25e6e8324 Depends-On: I48ab818b2965da14af15ef370aa83ad9455badd9 Depends-On: I018371e4b77911e56152ca7b2df734afc73f58a5 Change-Id: I04ebdb52102f6191d49a9cc70b1f98308299e72f
* Merge "REST: gracefully handle all exceptions."jenkins-bot2021-11-041-0/+2
|\
| * REST: gracefully handle all exceptions.daniel2021-11-021-0/+2
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | ResponseFactory::createFromException already had support for arbitrary exceptions, but Router was so far only using it for HttpExceptions, leaving other kinds of exceptions uncaught. In addition to catching all exceptions and generating an appropriate JSON response for them, this patch introduces the ErrorReporter interface, with an MWErrorReporter implementation which calls MWExceptionHandler::rollbackMasterChangesAndLog(). This is how uncaught errors are handled for requests coming in via api.php, so it seems appropriate to use the same approach for requests coming in via rest.php. Bug: T285984 Change-Id: I0605a7693821ef58fac80ab67f51a742556a37fd
* | Convert response to string & fix `assertEquals()` to `assertSame()`Derick Alangi2021-11-031-3/+1
|/ | | | | | | | Actually, `->getBody()` returns a stream interface and in order to get the body's content, just call `->getContent()` which will return the response's body content in string format. Change-Id: I9527c8a29c8da2342c8ac958c4e7bb6ba12fd613
* build: Updating dependencieslibraryupgrader2021-07-221-1/+1
| | | | | | | | | | | | | | composer: * mediawiki/mediawiki-codesniffer: 36.0.0 → 37.0.0 The following sniffs now pass and were enabled: * Generic.ControlStructures.InlineControlStructure * MediaWiki.PHPUnit.AssertCount.NotUsed npm: * svgo: 2.3.0 → 2.3.1 * https://npmjs.com/advisories/1754 (CVE-2021-33587) Change-Id: I2a9bbee2fecbf7259876d335f565ece4b3622426
* Fix order of parameters in assertionsDannyS7122021-05-031-23/+28
| | | | | | | | | Should be expected, and then actual Switched some assertEquals to assertSame to fix failing phpcs sniffs Change-Id: I7257c5afacd22fed78a58f3cc918b721ac11a46d
* Convert MWBasicRequestAuthorizerTest to a unit testDannyS7122021-04-231-104/+0
| | | | | | Already essentially a unit test, does not use any integration Change-Id: I705c9e5fb04103f305e26b7cd677cf68fc7b73b5
* Remove meaningless ->expects( $this->any() ) from all testsThiemo Kreuz2021-04-231-2/+1
| | | | | | | | | | | | | | | It is not entirely meaningless. It might be an indicator that the number of calls to a method is intentionally unlimited. This is similar to e.g. an @inheritDoc PHPDoc comment that marks a method as being "intentionally undocumented". However, what's the meaning of being "intentionally unconstrained"? Let's just not have any constraint then. I feel all these ->expects( $this->any() ) bloat the test code so much that it's never worth it. Change-Id: I9925e7706bd03e1666f6eb0b284cb42b0dd3be23
* Use UserIdentityValue in tests where possibleThiemo Kreuz2021-04-221-2/+2
| | | | | | | … instead of PHPUnit mocks. The tiny value class is made for this. Change-Id: Ie04cde57126fcafabf8906f9644c6e80345d8a48
* phpunit: Mass-replace setMethods with onlyMethods and adjustDaimona Eaytoy2021-04-161-1/+1
| | | | | | | | | | | | Ended up using grep -Prl '\->setMethods\(' . | xargs sed -r -i 's/setMethods\(/onlyMethods\(/g' special-casing setMethods( null ) -> onlyMethods( [] ) and then manual fix of failing test (from PS2 onwards). Bug: T278010 Change-Id: I012dca7ae774bb430c1c44d50991ba0b633353f1
* Remove $actor field from UsererIdentityValuedaniel2021-04-131-1/+1
| | | | | | | | | | | | | | | | | Code that needs to store an actor ID in the database to represent a UserIdentity, or needs to construct a UserIdentity based on an actor ID loaded from the database, should use the ActorNormalization service. Note: The getActorId() method is removed from the UserIdentity interface, but all concrete classes continue to support it for now. UsererIdentityValue::getActorId() is hard deprecated and should be removed in 1.37. It always returns 0. User::getActorId() is not deprecated at this point. Bug: T274179 Depends-On: Id2b3ddf6a2a7cdf90f8936a69148d2cce6fde237 Change-Id: I9925906d11e47efaec3c1f48d5cb3f9896a982c1
* Remove unused EntryPointTest::$mockHandlerDannyS7122021-03-141-1/+0
| | | | Change-Id: I253cdf9819828ea9ef13c9685fe92c6ed27ce9c4
* Rest: use Authority in all core handlersPetr Pchelko2021-01-211-3/+2
| | | | | Bug: T239753 Change-Id: Idf2229255f49514dd8b68bf63573c5b619b4f2f1
* Rest: inject Authority into HandlerPetr Pchelko2021-01-212-17/+13
| | | | | Bug: T239753 Change-Id: Iddde137c5a86786357d67458f28fe3e4d6e98710
* Handle CORS preflight request and prevent anon users from unsafe methodsDavid Barratt2020-09-211-5/+15
| | | | | | | | | | | | | | | Creates an OPTIONS handler that handles any OPTIONS requests that are not already handled by a handler. CORS has no mechanism to ensure the user is authenticated, so the Router will reject cross-origin requests from anon users. This change allows authenticated users to make cross-origin requests if they authenticate with OAuth or if $wgRestAllowCrossOriginCookieAuth is enabled. Bug: T232176 Bug: T262712 Change-Id: I128b4bdbec4f6bea35142153c951fd7b79617106
* Rest: Use try/catch to handle URIs with embedded colonC. Scott Ananian2020-09-041-1/+12
| | | | | | | | | | | | This is a follow up to a previous fix in 4079d328e7d4cd689f1d73e38f2b1584cec13d81 which used parse_url()==false as an indirect test to see if `new Uri()` would throw. Avoid the indirection and use a try/catch instead to be more robust against fixes in the Uri library and/or the parse_url() implementation. Bug: T256831 Bug: T261344 Change-Id: Ia52c5b2c77a4481afd82b468c2f7fb3c05996a91
* Add option to enable cross-origin resource sharing (CORS) in REST APIDavid Barratt2020-08-041-2/+7
| | | | | | | | | When MediaWiki is not behind an intranet, it is completely safe to add the Access-Control-Allow-Origin: * header to responses and allow cross-origin sites to access the REST API. Bug: T232176 Change-Id: Ic0658039a6a46ee4f50c76f5d100450fdef7525a
* Fix RequestFromGlobalsTest failing in Travis CIAmmar Abdulhamid2020-07-291-3/+2
| | | | | | | | | | | | | | Add the port to the 'REQUEST_URI' index to ensure the stubbed port is properly returned. Stubbing $_SERVER['SERVER_PORT'] directly apparently does not work because WebRequest::getGlobalRequestURL() does not ask for the port from that index. Follow-up: Ib829afc7b33419b01e69ababa147d33b30c0fbcb Bug: T259094 Change-Id: Iff8fab7b7eeb4c3f44072b83dc92c6dd895841c3
* Rest: Handle Uri constructor exceptionAmmar Abdulhamid2020-07-141-0/+9
| | | | | | | | | | | | | | | | | | | | | | All titles that contain a colon followed by a number cannot, currently, be accessed via the Rest endpoint. For example https://en.wikipedia.org/wiki/3:33 is a valid title/article on English Wikipedia and can be accessed there the index/api.php entry points. But the rest endpoint will fatal: https://en.wikipedia.org/w/rest.php/v1/page/3:33/history The exception is thrown in Uri constructor of GuzzleHttp library if parse_url() failed to parse the request URL. But parse_url() has an open bug of failing to parse URLs that contain the above pattern. The function returns false in such cases, (it previously raised warning see I2715607); To make our titles with this pattern accessible, we have to forestall this exception. Bug: T256831 Change-Id: Ib829afc7b33419b01e69ababa147d33b30c0fbcb
* MediaWikiTestCase to MediaWikiIntegrationTestCaseaddshore2020-06-303-4/+4
| | | | | | | | | | | | | The name change happened some time ago, and I think its about time to start using the name name! (Done with a find and replace) My personal motivation for doing this is that I have started trying out vscode as an IDE for mediawiki development, and right now it doesn't appear to handle php aliases very well or at all. Change-Id: I412235d91ae26e4c1c6a62e0dbb7e7cf3c5ed4a6
* Hooks::run() call site migrationTim Starling2020-05-302-2/+4
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Migrate all callers of Hooks::run() to use the new HookContainer/HookRunner system. General principles: * Use DI if it is already used. We're not changing the way state is managed in this patch. * HookContainer is always injected, not HookRunner. HookContainer is a service, it's a more generic interface, it is the only thing that provides isRegistered() which is needed in some cases, and a HookRunner can be efficiently constructed from it (confirmed by benchmark). Because HookContainer is needed for object construction, it is also needed by all factories. * "Ask your friendly local base class". Big hierarchies like SpecialPage and ApiBase have getHookContainer() and getHookRunner() methods in the base class, and classes that extend that base class are not expected to know or care where the base class gets its HookContainer from. * ProtectedHookAccessorTrait provides protected getHookContainer() and getHookRunner() methods, getting them from the global service container. The point of this is to ease migration to DI by ensuring that call sites ask their local friendly base class rather than getting a HookRunner from the service container directly. * Private $this->hookRunner. In some smaller classes where accessor methods did not seem warranted, there is a private HookRunner property which is accessed directly. Very rarely (two cases), there is a protected property, for consistency with code that conventionally assumes protected=private, but in cases where the class might actually be overridden, a protected accessor is preferred over a protected property. * The last resort: Hooks::runner(). Mostly for static, file-scope and global code. In a few cases it was used for objects with broken construction schemes, out of horror or laziness. Constructors with new required arguments: * AuthManager * BadFileLookup * BlockManager * ClassicInterwikiLookup * ContentHandlerFactory * ContentSecurityPolicy * DefaultOptionsManager * DerivedPageDataUpdater * FullSearchResultWidget * HtmlCacheUpdater * LanguageFactory * LanguageNameUtils * LinkRenderer * LinkRendererFactory * LocalisationCache * MagicWordFactory * MessageCache * NamespaceInfo * PageEditStash * PageHandlerFactory * PageUpdater * ParserFactory * PermissionManager * RevisionStore * RevisionStoreFactory * SearchEngineConfig * SearchEngineFactory * SearchFormWidget * SearchNearMatcher * SessionBackend * SpecialPageFactory * UserNameUtils * UserOptionsManager * WatchedItemQueryService * WatchedItemStore Constructors with new optional arguments: * DefaultPreferencesFactory * Language * LinkHolderArray * MovePage * Parser * ParserCache * PasswordReset * Router setHookContainer() now required after construction: * AuthenticationProvider * ResourceLoaderModule * SearchEngine Change-Id: Id442b0dbe43aba84bd5cf801d86dedc768b082c7
* WebRequest & RequestFromGlobals: get HTTP headers in one wayPablo Grass2020-04-031-4/+14
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | apache_request_headers() is a vendor-specific function - it got used when present and alternative code paths were exercised otherwise. These preserved certain "special" headers, e.g. Content-Type, only inconsistently. The function getallheaders() is an alias[1] for apache_request_headers() on systems where the latter is present. Alternatively, there is a polyfill (ralouphie/getallheaders) which is already installed in mediawiki-vendor[2] (by virtue of guzzle). Using getallheaders() exclusively, will make sure these "special" headers are consistently available alongside their "regular"[3] peers and helps MediaWiki code focus on its domain. The dependency to ralouphie/getallheaders is made explicit in the same version in which it is currently locked in mediawiki-vendor[4]. This surfaced because the deprecation warning for API POST requests without a Content-Type header, introduced in bba1a0f, appeared in my development system (somewhat dated addshore/mediawiki-docker-dev/) even though the client did a fine job. Interesting implementation detail: While WebRequest keeps track of headers using keys in all upper case, REST RequestFromGlobals does so in all lower case - but both use retrieval logic complementary to their respective approach however. In case of REST RequestFromGlobals this is encapsulated inside of HeaderContainer (setting and retrieving), while WebRequest does all of this by itself. Cf. [5] and [6] [1]: https://www.php.net/manual/en/function.getallheaders.php [2]: https://github.com/wikimedia/mediawiki-vendor/tree/8f2967d/ralouphie/getallheaders [3]: https://www.php.net/manual/en/reserved.variables.server.php#110763 [4]: https://github.com/wikimedia/mediawiki-vendor/blob/8f2967d/composer.lock#L3250 [5]: https://www.w3.org/Protocols/rfc2616/rfc2616-sec4.html#sec4.2 [6]: https://www.php.net/manual/en/function.apache-request-headers.php#124236 Bug: T245535 Change-Id: Iba52f152e15928473b729a2588c2462e76e85634
* Define POST handler for /page/: create pagedaniel2020-03-252-0/+2
| | | | | | | | | NOTE: once this is merged, also merge Ie7b47e6868cc on the OAuth repo, to fix unit tests after a breaking change to Router's constructor signature. Bug: T230842 Change-Id: I8f5b92918a58e44a4f2d8c78d234d9f64c2d06bf
* Remove sample REST API handlerClara Andrew-Wani2020-03-181-2/+2
| | | | | Bug: T237540 Change-Id: Ie0a6ecbf9af6e53ed65b92c3b4c7414ae6ae5441
* Add Content-Type to HeadersClara Andrew-Wani2020-02-141-0/+181
| | | | Change-Id: I197366ef6f490bb7676c21d99568e4ffd229673b
* Coding style: Auto-fix MediaWiki.Classes.UnsortedUseStatements.UnsortedUseJames D. Forrester2020-01-101-3/+3
| | | | Change-Id: I94a0ae83c65e8ee419bbd1ae1e86ab21ed4d8210
* Use UserIdentity instead of User in RESTPetr Pchelko2019-09-182-15/+15
| | | | Change-Id: Ia6a517c6a64664be2363492108f9497fc949f299
* Use TextFormatter in the REST APITim Starling2019-09-172-2/+2
| | | | | | | | | | | | | * Add ResponseFactory::createLocalizedHttpError(), which generates a JSON response body from a MessageValue * ResponseFactory::__construct() accepts an array of TextFormatter objects. For ease of testing, the array may be empty. The integrated ResponseFactory has a TextFormatter for English, and one for $wgContLang if that is different. * Use createLocalizedHttpError() to show helpful error messages for errors generated by Router. Change-Id: I897a0aee42227916c568333ab384966f1b87f599
* rest: Use ParamValidator library, add BodyValidatorBrad Jorsch2019-09-042-12/+36
| | | | | | | | | | | | | | | Parameter validation is based on parameter definitions like those in the Action API, using the new ParamValidator library. Handlers should use the provided Handler methods to access parameters rather than fetching them directly from the RequestInterface. Body validation allows the handler to have the (non-form-data) body of a request parsed and validated. The only validator included in this patch ignores the body entirely; future patches may implement validation for JSON bodies based on JSON schemas, or the like. Bug: T223239 Change-Id: I3c37ea2b432840514b6bff90007c8403989225d5
* Remove unneeded overrideMwServices/resetServicesAryeh Gregor2019-08-291-1/+0
| | | | Change-Id: If6cbdec05b8f310ef3a0b4649aaa16d9fb80a047
* REST: call MediaWiki::preOutputCommit and doPostOutputShutdownTim Starling2019-08-261-0/+96
| | | | | | | | | | | As in api.php. Among other things, this enables profiling. Move EntryPoint test out of unit/ so that it passes. Use ob_start()/ob_end_clean() instead of assuming an output buffer is open, so that EntryPoint::execute() can be run from CLI mode. Change-Id: I38162a9eac6fd5acfed2035b87cac4a97ffd50d6
* Convert PermissionManager constructor to use ServiceOptions.Petr Pchelko2019-08-211-20/+11
| | | | Change-Id: I36a3a2f338506ef14cc5d65b8bee2961a92d60da
* Load GlobalFunctions.php to tests/phpunit/bootstrap.phpAmir Sarabadani2019-07-141-146/+0
| | | | | | | That mostly enables testing global functions Bug: T87781 Change-Id: Ib42c56a67926ebcdba53f4c6c54a5bff98cb77a3
* REST: add write access checks to BasicAccessTim Starling2019-07-091-0/+37
| | | | | | | This is a stub implementation which just checks for the apiwrite permission. Change-Id: Ib84cd93e7f0f5e31cf620b2d30609035c4448c95
* REST: basic read restrictionsTim Starling2019-07-091-0/+73
| | | | | | | | | | | | | | Protect private wikis by providing basic read restrictions, closely following the example of the action API. The BasicAccess module provides a narrow interface for this functionality, without exposing the whole session/user concept to the router. Also, add RouterTest and fix a bug in Router::getRelativePath() thus discovered. Change-Id: I82319d56f08b2eec4a585ff6dbd348ccdbadc5b5
* Move trivial unit tests, round IIAmir Sarabadani2019-07-023-185/+0
| | | | Change-Id: I18e5a1514d7372b34f7fb460adf506a1ac65001f
generated by cgit v1.2.3 (git 2.25.1) at 2025-04-30 01:00:27 +0000