HomePhabricator
Diffusion MediaWiki f89973270efb

ApiLogout: Follow up Icb674095
f89973270efbUnpublished
Actions

Unpublished Commit · Learn More

Not On Permanent Ref: This commit is not an ancestor of any permanent ref.

Description

ApiLogout: Follow up Icb674095

This implements getWebUITokenSalt(), as mentioned in T25227#2008199 and
implemented in F3328897. Somehow it didn't make it into Icb674095.

This also fixes some issues in the unit test:

  • Properly link the user to the request's Session so User::doLogout() won't log a warning. This also gives use to the otherwise-unneeded implementation of setUp(), and lets us get rid of the broken call to User::newFromId() that was passing an IP address rather than a user ID.
  • Privatize some internal methods.
  • Use setExpectedApiException() instead of manually catching and hard-coding the English exception message.
  • Also assert that the bad token error didn't result in a logout.

Bug: T25227
Change-Id: I2aecfba821cca3c367c5e7e8d188a88197fb82d2

Details

Provenance
AnomieAuthored on Apr 25 2019, 1:49 PM
ReedyCommitted on Apr 25 2019, 9:02 PM
Parents
rMWbab71d2f60f0: [SECURITY] [API BREAKING CHANGE] Require logout token.
Branches
Unknown
Tags
Unknown
ChangeId
I2aecfba821cca3c367c5e7e8d188a88197fb82d2

Changes (1)

PathSize
includes/
api/

rMWf89973270efb

View Options

includes/api/ApiLogout.php

Loading...
Content licensed under Creative Commons Attribution-ShareAlike (CC BY-SA) 4.0 unless otherwise noted; code licensed under GNU General Public License (GPL) 2.0 or later and other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL