| 886 | |
| 887 | /** |
| 888 | * Refreshed nonce should not be present in header when an invalid nonce is passed for logged in user |
| 889 | * |
| 890 | * @ticket 35662 |
| 891 | */ |
| 892 | function test_rest_send_refreshed_nonce_invalid_nonce() { |
| 893 | // Create and set the current user and auth cookie. |
| 894 | $this->helper_setup_user_for_rest_send_refreshed_nonce_tests(); |
| 895 | |
| 896 | // Mock the nonce. |
| 897 | $_REQUEST['_wpnonce'] = 'random invalid nonce'; |
| 898 | |
| 899 | $headers = $this->helper_make_request_and_return_headers_for_rest_send_refreshed_nonce_tests(); |
| 900 | |
| 901 | // Run the assertions. |
| 902 | $this->assertArrayNotHasKey( 'X-WP-Nonce', $headers ); |
| 903 | } |
| 904 | |
| 905 | /** |
| 906 | * Refreshed nonce should be present in header when a valid nonce is passed for logged in/anonymous user |
| 907 | * and not present when nonce is not passed |
| 908 | * |
| 909 | * @ticket 35662 |
| 910 | * |
| 911 | * @dataProvider data_rest_send_refreshed_nonce |
| 912 | * |
| 913 | * @param bool $has_logged_in_user Will there be a logged in user for this test. |
| 914 | * @param bool $has_nonce Are we passing the nonce. |
| 915 | */ |
| 916 | function test_rest_send_refreshed_nonce( $has_logged_in_user, $has_nonce ) { |
| 917 | if ( true == $has_logged_in_user ) { |
| 918 | // Create and set the current user and auth cookie. |
| 919 | $this->helper_setup_user_for_rest_send_refreshed_nonce_tests(); |
| 920 | } |
| 921 | |
| 922 | if ( $has_nonce ) { |
| 923 | // Mock the nonce. |
| 924 | $_REQUEST['_wpnonce'] = wp_create_nonce( 'wp_rest' ); |
| 925 | } |
| 926 | |
| 927 | $headers = $this->helper_make_request_and_return_headers_for_rest_send_refreshed_nonce_tests(); |
| 928 | |
| 929 | // Run the assertions. |
| 930 | if ( $has_nonce ) { |
| 931 | $this->assertArrayHasKey( 'X-WP-Nonce', $headers ); |
| 932 | } else { |
| 933 | $this->assertArrayNotHasKey( 'X-WP-Nonce', $headers ); |
| 934 | } |
| 935 | } |
| 936 | |
| 937 | /** |
| 938 | * @return array { |
| 939 | * @type array { |
| 940 | * @type bool $has_logged_in_user Are we registering a user for the test. |
| 941 | * @type bool $has_nonce Is the nonce passed. |
| 942 | * } |
| 943 | * } |
| 944 | */ |
| 945 | function data_rest_send_refreshed_nonce() { |
| 946 | return array( |
| 947 | array( true, true ), |
| 948 | array( true, false ), |
| 949 | array( false, true ), |
| 950 | array( false, false ), |
| 951 | ); |
| 952 | } |
| 953 | |
| 954 | /** |
| 955 | * Helper to setup a users and auth cookie global for the rest_send_refreshed_nonce related tests. |
| 956 | */ |
| 957 | function helper_setup_user_for_rest_send_refreshed_nonce_tests() { |
| 958 | // Create and set the current user. |
| 959 | $author = self::factory()->user->create( array( 'role' => 'author' ) ); |
| 960 | wp_set_current_user( $author ); |
| 961 | |
| 962 | // Set rest auth cookie to true for logged in users. |
| 963 | global $wp_rest_auth_cookie; |
| 964 | $wp_rest_auth_cookie = true; |
| 965 | } |
| 966 | |
| 967 | /** |
| 968 | * Helper to make the request and get the headers for the rest_send_refreshed_nonce related tests. |
| 969 | * |
| 970 | * @return array |
| 971 | */ |
| 972 | function helper_make_request_and_return_headers_for_rest_send_refreshed_nonce_tests() { |
| 973 | $request = new WP_REST_Request( 'GET', '/', array() ); |
| 974 | $result = $this->server->serve_request( '/' ); |
| 975 | |
| 976 | return $this->server->sent_headers; |
| 977 | } |