HomePhabricator
Diffusion MediaWiki 6cc1661bafbc

ApiLogout: Follow up Icb674095
6cc1661bafbcUnpublished
Actions

Tags
None
Referenced Files
F3328897: Require token to logout (PS2)
Apr 25 2019, 2:31 PM
Subscribers
None

Unpublished Commit · Learn More

Not On Permanent Ref: This commit is not an ancestor of any permanent ref.

Description

ApiLogout: Follow up Icb674095

This implements getWebUITokenSalt(), as mentioned in T25227#2008199 and
implemented in F3328897. Somehow it didn't make it into Icb674095.

This also fixes some issues in the unit test:

  • Properly link the user to the request's Session so User::doLogout() won't log a warning. This also gives use to the otherwise-unneeded implementation of setUp(), and lets us get rid of the broken call to User::newFromId() that was passing an IP address rather than a user ID.
  • Privatize some internal methods.
  • Use setExpectedApiException() instead of manually catching and hard-coding the English exception message.
  • Also assert that the bad token error didn't result in a logout.

Bug: T25227
Change-Id: I2aecfba821cca3c367c5e7e8d188a88197fb82d2

Details

Provenance
AnomieAuthored on Apr 25 2019, 1:49 PM
ReedyCommitted on Apr 25 2019, 2:20 PM
Parents
rMW12d4fa85f7df: [SECURITY] [API BREAKING CHANGE] Require logout token.
Branches
Unknown
Tags
Unknown
ChangeId
I2aecfba821cca3c367c5e7e8d188a88197fb82d2

Changes (2)

PathSize
includes/
api/
tests/
phpunit/
includes/
api/

rMW6cc1661bafbc

View Options

includes/api/ApiLogout.php

Loading...
View Options

tests/phpunit/includes/api/ApiLogoutTest.php

Loading...
Content licensed under Creative Commons Attribution-ShareAlike (CC BY-SA) 4.0 unless otherwise noted; code licensed under GNU General Public License (GPL) 2.0 or later and other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL