| 886 | |
| 887 | /** |
| 888 | * Refreshed nonce should not be present in header when an invalid nonce is passed for logged in user. |
| 889 | * |
| 890 | * @ticket 35662 |
| 891 | */ |
| 892 | function test_rest_send_refreshed_nonce_invalid_nonce() { |
| 893 | |
| 894 | // Create and set the current user and auth cookie. |
| 895 | $this->helper_setup_user_for_rest_send_refreshed_nonce_tests(); |
| 896 | |
| 897 | // Mock the nonce. |
| 898 | $_REQUEST['_wpnonce'] = 'random invalid nonce'; |
| 899 | |
| 900 | $headers = $this->helper_make_request_and_return_headers_for_rest_send_refreshed_nonce_tests(); |
| 901 | |
| 902 | // Run the assertions. |
| 903 | $this->assertArrayNotHasKey( 'X-WP-Nonce', $headers ); |
| 904 | } |
| 905 | |
| 906 | /** |
| 907 | * Refreshed nonce should be present in header when a valid nonce is passed for logged in/anonymous user |
| 908 | * and not present when nonce is not passed. |
| 909 | * |
| 910 | * @ticket 35662 |
| 911 | * |
| 912 | * @dataProvider data_rest_send_refreshed_nonce |
| 913 | * |
| 914 | * @param bool $has_logged_in_user Will there be a logged in user for this test. |
| 915 | * @param bool $has_nonce Are we passing the nonce. |
| 916 | */ |
| 917 | function test_rest_send_refreshed_nonce( $has_logged_in_user, $has_nonce ) { |
| 918 | if ( true == $has_logged_in_user ) { |
| 919 | |
| 920 | // Create and set the current user and auth cookie. |
| 921 | $this->helper_setup_user_for_rest_send_refreshed_nonce_tests(); |
| 922 | } |
| 923 | |
| 924 | if ( $has_nonce ) { |
| 925 | |
| 926 | // Mock the nonce. |
| 927 | $_REQUEST['_wpnonce'] = wp_create_nonce( 'wp_rest' ); |
| 928 | } |
| 929 | |
| 930 | $headers = $this->helper_make_request_and_return_headers_for_rest_send_refreshed_nonce_tests(); |
| 931 | |
| 932 | // Run the assertions. |
| 933 | if ( $has_nonce ) { |
| 934 | $this->assertArrayHasKey( 'X-WP-Nonce', $headers ); |
| 935 | } else { |
| 936 | $this->assertArrayNotHasKey( 'X-WP-Nonce', $headers ); |
| 937 | } |
| 938 | } |
| 939 | |
| 940 | /** |
| 941 | * @return array { |
| 942 | * @type array { |
| 943 | * @type bool $has_logged_in_user Are we registering a user for the test. |
| 944 | * @type bool $has_nonce Is the nonce passed. |
| 945 | * } |
| 946 | * } |
| 947 | */ |
| 948 | function data_rest_send_refreshed_nonce() { |
| 949 | return array( |
| 950 | array( true, true ), |
| 951 | array( true, false ), |
| 952 | array( false, true ), |
| 953 | array( false, false ), |
| 954 | ); |
| 955 | } |
| 956 | |
| 957 | /** |
| 958 | * Helper to setup a users and auth cookie global for the rest_send_refreshed_nonce related tests. |
| 959 | */ |
| 960 | function helper_setup_user_for_rest_send_refreshed_nonce_tests() { |
| 961 | |
| 962 | // Create and set the current user. |
| 963 | $author = self::factory()->user->create( array( 'role' => 'author' ) ); |
| 964 | wp_set_current_user( $author ); |
| 965 | |
| 966 | // Set rest auth cookie to true for logged in users. |
| 967 | global $wp_rest_auth_cookie; |
| 968 | $wp_rest_auth_cookie = true; |
| 969 | } |
| 970 | |
| 971 | /** |
| 972 | * Helper to make the request and get the headers for the rest_send_refreshed_nonce related tests. |
| 973 | * |
| 974 | * @return array |
| 975 | */ |
| 976 | function helper_make_request_and_return_headers_for_rest_send_refreshed_nonce_tests() { |
| 977 | $request = new WP_REST_Request( 'GET', '/', array() ); |
| 978 | $result = $this->server->serve_request( '/' ); |
| 979 | |
| 980 | return $this->server->sent_headers; |
| 981 | } |