| 648 | |
| 649 | |
| 650 | /** |
| 651 | * Baseline test for the rest_send_refreshed_nonce |
| 652 | * |
| 653 | * @ticket 35662 |
| 654 | */ |
| 655 | function test_rest_send_refreshed_nonce_logged_in_user() { |
| 656 | // Create and set the current user. |
| 657 | $this->helper_setup_user_for_rest_send_refreshed_nonce_tests(); |
| 658 | |
| 659 | // Fake the nonce we need. |
| 660 | $nonce = wp_create_nonce( 'wp_rest' ); |
| 661 | $_REQUEST['_wpnonce'] = $nonce; |
| 662 | |
| 663 | $headers = $this->helper_make_request_and_return_headers_for_rest_send_refreshed_nonce_tests(); |
| 664 | |
| 665 | $this->assertArrayHasKey( 'X-WP-Nonce', $headers ); |
| 666 | } |
| 667 | |
| 668 | /** |
| 669 | * Testing that the headers are not set for anonymous users |
| 670 | * |
| 671 | * @ticket 35662 |
| 672 | */ |
| 673 | function test_rest_send_refreshed_nonce_anonymous_user() { |
| 674 | // Make the request. |
| 675 | $headers = $this->helper_make_request_and_return_headers_for_rest_send_refreshed_nonce_tests(); |
| 676 | |
| 677 | // Run the assertions. |
| 678 | $this->assertArrayNotHasKey( 'X-WP-Nonce', $headers ); |
| 679 | } |
| 680 | |
| 681 | /** |
| 682 | * Testing the rest_send_refreshed_nonce filter. |
| 683 | * |
| 684 | * If the nonce is valid and the user is logged in, we're filtering as false so the header is not sent |
| 685 | * and vice-versa for the opposite setup. |
| 686 | * |
| 687 | * @ticket 35662 |
| 688 | * |
| 689 | * @dataProvider data_rest_send_refreshed_nonce_filtered |
| 690 | * |
| 691 | * @param bool $has_logged_in_user Will there be a logged in user for this test. |
| 692 | * @param string $filter_callback The callback to be used by the add_filter. |
| 693 | * @param bool $has_key Should the X-WP-Nonce key be in the sent_headers array. |
| 694 | */ |
| 695 | function test_rest_send_refreshed_nonce_filtered( $has_logged_in_user, $filter_callback, $has_key ) { |
| 696 | |
| 697 | if ( true === $has_logged_in_user ) { |
| 698 | // Creat and set the current user. |
| 699 | $this->helper_setup_user_for_rest_send_refreshed_nonce_tests(); |
| 700 | } |
| 701 | |
| 702 | // Make the request. |
| 703 | add_filter( 'rest_send_refreshed_nonce', $filter_callback ); |
| 704 | |
| 705 | $headers = $this->helper_make_request_and_return_headers_for_rest_send_refreshed_nonce_tests(); |
| 706 | |
| 707 | remove_filter( 'rest_send_refreshed_nonce', $filter_callback ); |
| 708 | |
| 709 | // Run the assertions. |
| 710 | if ( true === $has_key ) { |
| 711 | $this->assertArrayHasKey( 'X-WP-Nonce', $headers ); |
| 712 | } else { |
| 713 | $this->assertArrayNotHasKey( 'X-WP-Nonce', $headers ); |
| 714 | } |
| 715 | } |
| 716 | |
| 717 | /** |
| 718 | * Dataprovider to automate the filter tests. |
| 719 | * |
| 720 | * @return array { |
| 721 | * @type array { |
| 722 | * @type bool $has_logged_in_user Are we registering a user for the test. |
| 723 | * @type string $filter_callback The callback passed to the filter. |
| 724 | * } |
| 725 | * } |
| 726 | */ |
| 727 | function data_rest_send_refreshed_nonce_filtered() { |
| 728 | return array( |
| 729 | array( false, '__return_true', true ), |
| 730 | array( true, '__return_false', false ), |
| 731 | ); |
| 732 | } |
| 733 | |
| 734 | /** |
| 735 | * Helper to setup a users for the rest_send_refreshed_nonce related tests |
| 736 | */ |
| 737 | function helper_setup_user_for_rest_send_refreshed_nonce_tests() { |
| 738 | // Create and set the current user. |
| 739 | $author = self::factory()->user->create( array( 'role' => 'author' ) ); |
| 740 | wp_set_current_user( $author ); |
| 741 | } |
| 742 | |
| 743 | /** |
| 744 | * Helper to make the request and get the headers for the rest_send_refreshed_nonce related tests |
| 745 | * |
| 746 | * @return array |
| 747 | */ |
| 748 | function helper_make_request_and_return_headers_for_rest_send_refreshed_nonce_tests() { |
| 749 | $request = new WP_REST_Request( 'GET', '/', array() ); |
| 750 | $result = $this->server->serve_request( '/' ); |
| 751 | |
| 752 | return $this->server->sent_headers; |
| 753 | } |