Changeset 37905
- Timestamp:
- 06/29/2016 03:00:54 AM (8 years ago)
- Location:
- trunk
- Files:
-
- 2 edited
Legend:
- Unmodified
- Added
- Removed
-
trunk/src/wp-includes/rest-api.php
r37544 r37905 549 549 * @since 4.4.0 550 550 * 551 * @global mixed $wp_rest_auth_cookie 552 * 553 * @param WP_Error|mixed $result Error from another authentication handler, null if we should handle it, 554 * or another value if not. 551 * @global mixed $wp_rest_auth_cookie 552 * @global WP_REST_Server $wp_rest_server REST server instance. 553 * 554 * @param WP_Error|mixed $result Error from another authentication handler, 555 * null if we should handle it, or another value 556 * if not. 555 557 * @return WP_Error|mixed|bool WP_Error if the cookie is invalid, the $result, otherwise true. 556 558 */ … … 560 562 } 561 563 562 global $wp_rest_auth_cookie ;564 global $wp_rest_auth_cookie, $wp_rest_server; 563 565 564 566 /* … … 593 595 } 594 596 597 // Send a refreshed nonce in header. 598 $wp_rest_server->send_header( 'X-WP-Nonce', wp_create_nonce( 'wp_rest' ) ); 599 595 600 return true; 596 601 } -
trunk/tests/phpunit/tests/rest-api/rest-server.php
r37903 r37905 24 24 // Remove our temporary spy server 25 25 $GLOBALS['wp_rest_server'] = null; 26 unset( $_REQUEST['_wpnonce'] ); 26 27 27 28 parent::tearDown(); … … 894 895 return 'Spy_REST_Server'; 895 896 } 897 898 /** 899 * Refreshed nonce should not be present in header when an invalid nonce is passed for logged in user. 900 * 901 * @ticket 35662 902 */ 903 public function test_rest_send_refreshed_nonce_invalid_nonce() { 904 $this->helper_setup_user_for_rest_send_refreshed_nonce_tests(); 905 906 $_REQUEST['_wpnonce'] = 'random invalid nonce'; 907 908 $headers = $this->helper_make_request_and_return_headers_for_rest_send_refreshed_nonce_tests(); 909 910 $this->assertArrayNotHasKey( 'X-WP-Nonce', $headers ); 911 } 912 913 /** 914 * Refreshed nonce should be present in header when a valid nonce is 915 * passed for logged in/anonymous user and not present when nonce is not 916 * passed. 917 * 918 * @ticket 35662 919 * 920 * @dataProvider data_rest_send_refreshed_nonce 921 * 922 * @param bool $has_logged_in_user Will there be a logged in user for this test. 923 * @param bool $has_nonce Are we passing the nonce. 924 */ 925 public function test_rest_send_refreshed_nonce( $has_logged_in_user, $has_nonce ) { 926 if ( true === $has_logged_in_user ) { 927 $this->helper_setup_user_for_rest_send_refreshed_nonce_tests(); 928 } 929 930 if ( $has_nonce ) { 931 $_REQUEST['_wpnonce'] = wp_create_nonce( 'wp_rest' ); 932 } 933 934 $headers = $this->helper_make_request_and_return_headers_for_rest_send_refreshed_nonce_tests(); 935 936 if ( $has_nonce ) { 937 $this->assertArrayHasKey( 'X-WP-Nonce', $headers ); 938 } else { 939 $this->assertArrayNotHasKey( 'X-WP-Nonce', $headers ); 940 } 941 } 942 943 /** 944 * @return array { 945 * @type array { 946 * @type bool $has_logged_in_user Are we registering a user for the test. 947 * @type bool $has_nonce Is the nonce passed. 948 * } 949 * } 950 */ 951 function data_rest_send_refreshed_nonce() { 952 return array( 953 array( true, true ), 954 array( true, false ), 955 array( false, true ), 956 array( false, false ), 957 ); 958 } 959 960 /** 961 * Helper to setup a users and auth cookie global for the 962 * rest_send_refreshed_nonce related tests. 963 */ 964 protected function helper_setup_user_for_rest_send_refreshed_nonce_tests() { 965 $author = self::factory()->user->create( array( 'role' => 'author' ) ); 966 wp_set_current_user( $author ); 967 968 global $wp_rest_auth_cookie; 969 970 $wp_rest_auth_cookie = true; 971 } 972 973 /** 974 * Helper to make the request and get the headers for the 975 * rest_send_refreshed_nonce related tests. 976 * 977 * @return array 978 */ 979 protected function helper_make_request_and_return_headers_for_rest_send_refreshed_nonce_tests() { 980 $request = new WP_REST_Request( 'GET', '/', array() ); 981 $result = $this->server->serve_request( '/' ); 982 983 return $this->server->sent_headers; 984 } 896 985 }
Note: See TracChangeset
for help on using the changeset viewer.