| | 886 | |
| | 887 | /** |
| | 888 | * Refreshed nonce should not be present in header when an invalid nonce is passed for logged in user |
| | 889 | * |
| | 890 | * @ticket 35662 |
| | 891 | */ |
| | 892 | function test_rest_send_refreshed_nonce_invalid_nonce() { |
| | 893 | // Create and set the current user and auth cookie. |
| | 894 | $this->helper_setup_user_for_rest_send_refreshed_nonce_tests(); |
| | 895 | |
| | 896 | // Mock the nonce. |
| | 897 | $_REQUEST['_wpnonce'] = 'random invalid nonce'; |
| | 898 | |
| | 899 | $headers = $this->helper_make_request_and_return_headers_for_rest_send_refreshed_nonce_tests(); |
| | 900 | |
| | 901 | // Run the assertions. |
| | 902 | $this->assertArrayNotHasKey( 'X-WP-Nonce', $headers ); |
| | 903 | } |
| | 904 | |
| | 905 | /** |
| | 906 | * Refreshed nonce should be present in header when a valid nonce is passed for logged in/anonymous user |
| | 907 | * and not present when nonce is not passed |
| | 908 | * |
| | 909 | * @ticket 35662 |
| | 910 | * |
| | 911 | * @dataProvider data_rest_send_refreshed_nonce |
| | 912 | * |
| | 913 | * @param bool $has_logged_in_user Will there be a logged in user for this test. |
| | 914 | * @param bool $has_nonce Are we passing the nonce. |
| | 915 | */ |
| | 916 | function test_rest_send_refreshed_nonce( $has_logged_in_user, $has_nonce ) { |
| | 917 | if ( true == $has_logged_in_user ) { |
| | 918 | // Create and set the current user and auth cookie. |
| | 919 | $this->helper_setup_user_for_rest_send_refreshed_nonce_tests(); |
| | 920 | } |
| | 921 | |
| | 922 | if ( $has_nonce ) { |
| | 923 | // Mock the nonce. |
| | 924 | $_REQUEST['_wpnonce'] = wp_create_nonce( 'wp_rest' ); |
| | 925 | } |
| | 926 | |
| | 927 | $headers = $this->helper_make_request_and_return_headers_for_rest_send_refreshed_nonce_tests(); |
| | 928 | |
| | 929 | // Run the assertions. |
| | 930 | if ( $has_nonce ) { |
| | 931 | $this->assertArrayHasKey( 'X-WP-Nonce', $headers ); |
| | 932 | } else { |
| | 933 | $this->assertArrayNotHasKey( 'X-WP-Nonce', $headers ); |
| | 934 | } |
| | 935 | } |
| | 936 | |
| | 937 | /** |
| | 938 | * @return array { |
| | 939 | * @type array { |
| | 940 | * @type bool $has_logged_in_user Are we registering a user for the test. |
| | 941 | * @type bool $has_nonce Is the nonce passed. |
| | 942 | * } |
| | 943 | * } |
| | 944 | */ |
| | 945 | function data_rest_send_refreshed_nonce() { |
| | 946 | return array( |
| | 947 | array( true, true ), |
| | 948 | array( true, false ), |
| | 949 | array( false, true ), |
| | 950 | array( false, false ), |
| | 951 | ); |
| | 952 | } |
| | 953 | |
| | 954 | /** |
| | 955 | * Helper to setup a users and auth cookie global for the rest_send_refreshed_nonce related tests. |
| | 956 | */ |
| | 957 | function helper_setup_user_for_rest_send_refreshed_nonce_tests() { |
| | 958 | // Create and set the current user. |
| | 959 | $author = self::factory()->user->create( array( 'role' => 'author' ) ); |
| | 960 | wp_set_current_user( $author ); |
| | 961 | |
| | 962 | // Set rest auth cookie to true for logged in users. |
| | 963 | global $wp_rest_auth_cookie; |
| | 964 | $wp_rest_auth_cookie = true; |
| | 965 | } |
| | 966 | |
| | 967 | /** |
| | 968 | * Helper to make the request and get the headers for the rest_send_refreshed_nonce related tests. |
| | 969 | * |
| | 970 | * @return array |
| | 971 | */ |
| | 972 | function helper_make_request_and_return_headers_for_rest_send_refreshed_nonce_tests() { |
| | 973 | $request = new WP_REST_Request( 'GET', '/', array() ); |
| | 974 | $result = $this->server->serve_request( '/' ); |
| | 975 | |
| | 976 | return $this->server->sent_headers; |
| | 977 | } |