Make WordPress Core

Changeset 42427


Ignore:
Timestamp:
01/06/2018 07:28:44 PM (7 years ago)
Author:
rachelbaker
Message:

EST API: Adjust unit testes to expect a 401 status code in error responses from permission callbacks when user is not authenticated.

Missed in [42421].

Merges [42423] to the 4.9 branch.
Fixes #42828.

Location:
branches/4.9
Files:
5 edited

Legend:

Unmodified
Added
Removed
  • branches/4.9

  • branches/4.9/tests/phpunit/tests/rest-api/rest-attachments-controller.php

    r40306 r42427  
    469469    }
    470470
    471     public function test_get_item_private_post() {
     471    public function test_get_item_private_post_not_authenticated() {
    472472        wp_set_current_user( 0 );
    473473        $draft_post = $this->factory->post->create( array( 'post_status' => 'draft' ) );
     
    478478        $request = new WP_REST_Request( 'GET', '/wp/v2/media/' . $id1 );
    479479        $response = $this->server->dispatch( $request );
    480         $this->assertEquals( 403, $response->get_status() );
     480        $this->assertEquals( 401, $response->get_status() );
    481481    }
    482482
     
    494494    }
    495495
    496     public function test_get_item_auto_status_with_invalid_parent_returns_error() {
     496    public function test_get_item_auto_status_with_invalid_parent_not_authenticated_returns_error() {
    497497        $attachment_id = $this->factory->attachment->create_object( $this->test_file, REST_TESTS_IMPOSSIBLY_HIGH_NUMBER, array(
    498498            'post_mime_type' => 'image/jpeg',
     
    503503        $response = $this->server->dispatch( $request );
    504504
    505         $this->assertErrorResponse( 'rest_forbidden', $response, 403 );
     505        $this->assertErrorResponse( 'rest_forbidden', $response, 401 );
    506506    }
    507507
  • branches/4.9/tests/phpunit/tests/rest-api/rest-posts-controller.php

    r42056 r42427  
    11301130    }
    11311131
    1132     public function test_get_post_without_permission() {
     1132    public function test_get_post_draft_status_not_authenicated() {
    11331133        $draft_id = $this->factory->post->create( array(
    11341134            'post_status' => 'draft',
     
    11391139        $response = $this->server->dispatch( $request );
    11401140
    1141         $this->assertErrorResponse( 'rest_forbidden', $response, 403 );
     1141        $this->assertErrorResponse( 'rest_forbidden', $response, 401 );
    11421142    }
    11431143
     
    12511251    }
    12521252
    1253     public function test_get_item_read_permission_custom_post_status() {
     1253    public function test_get_item_read_permission_custom_post_status_not_authenticated() {
    12541254        register_post_status( 'testpubstatus', array( 'public' => true ) );
    12551255        register_post_status( 'testprivtatus', array( 'public' => false ) );
     
    12631263        $request = new WP_REST_Request( 'GET', sprintf( '/wp/v2/posts/%d', self::$post_id ) );
    12641264        $response = $this->server->dispatch( $request );
    1265         $this->assertEquals( 403, $response->get_status() );
     1265        $this->assertEquals( 401, $response->get_status() );
    12661266    }
    12671267
  • branches/4.9/tests/phpunit/tests/rest-api/rest-settings-controller.php

    r42000 r42427  
    1111 */
    1212class WP_Test_REST_Settings_Controller extends WP_Test_REST_Controller_Testcase {
     13   
    1314    protected static $administrator;
     15    protected static $author;
    1416
    1517    public static function wpSetUpBeforeClass( $factory ) {
     
    1719            'role' => 'administrator',
    1820        ) );
     21
     22        self::$author        = $factory->user->create(
     23            array(
     24                'role' => 'author',
     25            )
     26        );
    1927    }
    2028
    2129    public static function wpTearDownAfterClass() {
    2230        self::delete_user( self::$administrator );
     31        self::delete_user( self::$author );
    2332    }
    2433
     
    4453    }
    4554
    46     public function test_get_item_is_not_public() {
    47         $request = new WP_REST_Request( 'GET', '/wp/v2/settings' );
     55    public function test_get_item_is_not_public_not_authenticated() {
     56        $request = new WP_REST_Request( 'GET', '/wp/v2/settings' );
     57        $response = $this->server->dispatch( $request );
     58        $this->assertEquals( 401, $response->get_status() );
     59    }
     60
     61    public function test_get_item_is_not_public_no_permission() {
     62        wp_set_current_user( self::$author );
     63        $request  = new WP_REST_Request( 'GET', '/wp/v2/settings' );
    4864        $response = $this->server->dispatch( $request );
    4965        $this->assertEquals( 403, $response->get_status() );
  • branches/4.9/tests/phpunit/tests/rest-api/rest-taxonomies-controller.php

    r41176 r42427  
    1111 */
    1212class WP_Test_REST_Taxonomies_Controller extends WP_Test_REST_Controller_Testcase {
     13
     14    protected static $contributor_id;
     15
     16    public static function wpSetUpBeforeClass( $factory ) {
     17        self::$contributor_id = $factory->user->create(
     18            array(
     19                'role' => 'contributor',
     20            )
     21        );
     22    }
     23
     24    public static function wpTearDownAfterClass() {
     25        self::delete_user( self::$contributor_id );
     26    }
    1327
    1428    public function test_register_routes() {
     
    102116    }
    103117
    104     public function test_get_non_public_taxonomy() {
     118    public function test_get_non_public_taxonomy_not_authenticated() {
    105119        register_taxonomy( 'api-private', 'post', array( 'public' => false ) );
    106120
    107121        $request = new WP_REST_Request( 'GET', '/wp/v2/taxonomies/api-private' );
     122        $response = $this->server->dispatch( $request );
     123        $this->assertErrorResponse( 'rest_forbidden', $response, 401 );
     124    }
     125
     126        public function test_get_non_public_taxonomy_no_permission() {
     127        wp_set_current_user( self::$contributor_id );
     128        register_taxonomy( 'api-private', 'post', array( 'public' => false ) );
     129
     130        $request  = new WP_REST_Request( 'GET', '/wp/v2/taxonomies/api-private' );
    108131        $response = $this->server->dispatch( $request );
    109132        $this->assertErrorResponse( 'rest_forbidden', $response, 403 );
Note: See TracChangeset for help on using the changeset viewer.