Changeset 42423 for trunk

Timestamp:

01/01/2018 02:30:39 AM (6 years ago)

Author:

rachelbaker

Message:

REST API: Adjust unit testes to expect a 401 status code in error responses from permission callbacks when user is not authenticated.

Missed in [42421].

Fixes #42828.

Location:

trunk/tests/phpunit/tests/rest-api

Files:

• rest-attachments-controller.php (modified) (4 diffs)
• rest-posts-controller.php (modified) (4 diffs)
• rest-settings-controller.php (modified) (3 diffs)
• rest-taxonomies-controller.php (modified) (2 diffs)

trunk/tests/phpunit/tests/rest-api/rest-attachments-controller.php

@@ -525 +525 @@
     }
 
-    public function test_get_item_private_post() {
+    public function test_get_item_private_post_not_authenticated() {
         wp_set_current_user( 0 );
         $draft_post = $this->factory->post->create( array( 'post_status' => 'draft' ) );
@@ -536 +536 @@
         $request    = new WP_REST_Request( 'GET', '/wp/v2/media/' . $id1 );
         $response   = $this->server->dispatch( $request );
-        $this->assertEquals( 403, $response->get_status() );
+        $this->assertEquals( 401, $response->get_status() );
     }
 
@@ -554 +554 @@
     }
 
-    public function test_get_item_auto_status_with_invalid_parent_returns_error() {
+    public function test_get_item_auto_status_with_invalid_parent_not_authenticated_returns_error() {
         $attachment_id = $this->factory->attachment->create_object(
             $this->test_file, REST_TESTS_IMPOSSIBLY_HIGH_NUMBER, array(
@@ -565 +565 @@
         $response      = $this->server->dispatch( $request );
 
-        $this->assertErrorResponse( 'rest_forbidden', $response, 403 );
+        $this->assertErrorResponse( 'rest_forbidden', $response, 401 );
     }
 

trunk/tests/phpunit/tests/rest-api/rest-posts-controller.php

@@ -1328 +1328 @@
     }
 
-    public function test_get_post_without_permission() {
+    public function test_get_post_draft_status_not_authenicated() {
         $draft_id = $this->factory->post->create(
             array(
@@ -1339 +1339 @@
         $response = $this->server->dispatch( $request );
 
-        $this->assertErrorResponse( 'rest_forbidden', $response, 403 );
+        $this->assertErrorResponse( 'rest_forbidden', $response, 401 );
     }
 
@@ -1465 +1465 @@
     }
 
-    public function test_get_item_read_permission_custom_post_status() {
+    public function test_get_item_read_permission_custom_post_status_not_authenticated() {
         register_post_status( 'testpubstatus', array( 'public' => true ) );
         register_post_status( 'testprivtatus', array( 'public' => false ) );
@@ -1487 +1487 @@
         $request  = new WP_REST_Request( 'GET', sprintf( '/wp/v2/posts/%d', self::$post_id ) );
         $response = $this->server->dispatch( $request );
-        $this->assertEquals( 403, $response->get_status() );
+        $this->assertEquals( 401, $response->get_status() );
     }
 

trunk/tests/phpunit/tests/rest-api/rest-settings-controller.php

@@ -11 +11 @@
  */
 class WP_Test_REST_Settings_Controller extends WP_Test_REST_Controller_Testcase {
+    
     protected static $administrator;
+    protected static $author;
 
     public static function wpSetUpBeforeClass( $factory ) {
@@ -19 +21 @@
             )
         );
+
+        self::$author        = $factory->user->create(
+            array(
+                'role' => 'author',
+            )
+        );
     }
 
     public static function wpTearDownAfterClass() {
         self::delete_user( self::$administrator );
+        self::delete_user( self::$author );
     }
 
@@ -46 +55 @@
     }
 
-    public function test_get_item_is_not_public() {
+    public function test_get_item_is_not_public_not_authenticated() {
+        $request  = new WP_REST_Request( 'GET', '/wp/v2/settings' );
+        $response = $this->server->dispatch( $request );
+        $this->assertEquals( 401, $response->get_status() );
+    }
+
+    public function test_get_item_is_not_public_no_permission() {
+        wp_set_current_user( self::$author );
         $request  = new WP_REST_Request( 'GET', '/wp/v2/settings' );
         $response = $this->server->dispatch( $request );

trunk/tests/phpunit/tests/rest-api/rest-taxonomies-controller.php

@@ -11 +11 @@
  */
 class WP_Test_REST_Taxonomies_Controller extends WP_Test_REST_Controller_Testcase {
+
+    protected static $contributor_id;
+
+    public static function wpSetUpBeforeClass( $factory ) {
+        self::$contributor_id = $factory->user->create(
+            array(
+                'role' => 'contributor',
+            )
+        );
+    }
+
+    public static function wpTearDownAfterClass() {
+        self::delete_user( self::$contributor_id );
+    }
 
     public function test_register_routes() {
@@ -102 +116 @@
     }
 
-    public function test_get_non_public_taxonomy() {
+    public function test_get_non_public_taxonomy_not_authenticated() {
+        register_taxonomy( 'api-private', 'post', array( 'public' => false ) );
+
+        $request  = new WP_REST_Request( 'GET', '/wp/v2/taxonomies/api-private' );
+        $response = $this->server->dispatch( $request );
+        $this->assertErrorResponse( 'rest_forbidden', $response, 401 );
+    }
+
+        public function test_get_non_public_taxonomy_no_permission() {
+        wp_set_current_user( self::$contributor_id );
         register_taxonomy( 'api-private', 'post', array( 'public' => false ) );