From ab58308a413912ea3bedc8ca4c464a2bc37984e2 Mon Sep 17 00:00:00 2001 From: Rachel Baker Date: Mon, 1 Jan 2018 02:30:39 +0000 Subject: [PATCH] REST API: Adjust unit testes to expect a 401 status code in error responses from permission callbacks when user is not authenticated. Missed in [42421]. Fixes #42828. git-svn-id: https://develop.svn.wordpress.org/trunk@42423 602fd350-edb4-49c9-b593-d223f7449a82 --- .../rest-api/rest-attachments-controller.php | 8 +++--- .../tests/rest-api/rest-posts-controller.php | 8 +++--- .../rest-api/rest-settings-controller.php | 18 ++++++++++++- .../rest-api/rest-taxonomies-controller.php | 25 ++++++++++++++++++- 4 files changed, 49 insertions(+), 10 deletions(-) diff --git a/tests/phpunit/tests/rest-api/rest-attachments-controller.php b/tests/phpunit/tests/rest-api/rest-attachments-controller.php index 02daded298..a25d31358a 100644 --- a/tests/phpunit/tests/rest-api/rest-attachments-controller.php +++ b/tests/phpunit/tests/rest-api/rest-attachments-controller.php @@ -524,7 +524,7 @@ class WP_Test_REST_Attachments_Controller extends WP_Test_REST_Post_Type_Control $this->assertFalse( isset( $data['media_details']['sizes']['rest-api-test']['source_url'] ) ); } - public function test_get_item_private_post() { + public function test_get_item_private_post_not_authenticated() { wp_set_current_user( 0 ); $draft_post = $this->factory->post->create( array( 'post_status' => 'draft' ) ); $id1 = $this->factory->attachment->create_object( @@ -535,7 +535,7 @@ class WP_Test_REST_Attachments_Controller extends WP_Test_REST_Post_Type_Control ); $request = new WP_REST_Request( 'GET', '/wp/v2/media/' . $id1 ); $response = $this->server->dispatch( $request ); - $this->assertEquals( 403, $response->get_status() ); + $this->assertEquals( 401, $response->get_status() ); } public function test_get_item_inherit_status_with_invalid_parent() { @@ -553,7 +553,7 @@ class WP_Test_REST_Attachments_Controller extends WP_Test_REST_Post_Type_Control $this->assertEquals( $attachment_id, $data['id'] ); } - public function test_get_item_auto_status_with_invalid_parent_returns_error() { + public function test_get_item_auto_status_with_invalid_parent_not_authenticated_returns_error() { $attachment_id = $this->factory->attachment->create_object( $this->test_file, REST_TESTS_IMPOSSIBLY_HIGH_NUMBER, array( 'post_mime_type' => 'image/jpeg', @@ -564,7 +564,7 @@ class WP_Test_REST_Attachments_Controller extends WP_Test_REST_Post_Type_Control $request = new WP_REST_Request( 'GET', sprintf( '/wp/v2/media/%d', $attachment_id ) ); $response = $this->server->dispatch( $request ); - $this->assertErrorResponse( 'rest_forbidden', $response, 403 ); + $this->assertErrorResponse( 'rest_forbidden', $response, 401 ); } public function test_create_item() { diff --git a/tests/phpunit/tests/rest-api/rest-posts-controller.php b/tests/phpunit/tests/rest-api/rest-posts-controller.php index e2c7bf7c89..b6cb4ce074 100644 --- a/tests/phpunit/tests/rest-api/rest-posts-controller.php +++ b/tests/phpunit/tests/rest-api/rest-posts-controller.php @@ -1327,7 +1327,7 @@ class WP_Test_REST_Posts_Controller extends WP_Test_REST_Post_Type_Controller_Te $this->assertEquals( rest_url( '/wp/v2/users/' . self::$author_id ), $links['author'][0]['href'] ); } - public function test_get_post_without_permission() { + public function test_get_post_draft_status_not_authenicated() { $draft_id = $this->factory->post->create( array( 'post_status' => 'draft', @@ -1338,7 +1338,7 @@ class WP_Test_REST_Posts_Controller extends WP_Test_REST_Post_Type_Controller_Te $request = new WP_REST_Request( 'GET', sprintf( '/wp/v2/posts/%d', $draft_id ) ); $response = $this->server->dispatch( $request ); - $this->assertErrorResponse( 'rest_forbidden', $response, 403 ); + $this->assertErrorResponse( 'rest_forbidden', $response, 401 ); } public function test_get_post_invalid_id() { @@ -1464,7 +1464,7 @@ class WP_Test_REST_Posts_Controller extends WP_Test_REST_Post_Type_Controller_Te $this->assertTrue( $data['excerpt']['protected'] ); } - public function test_get_item_read_permission_custom_post_status() { + public function test_get_item_read_permission_custom_post_status_not_authenticated() { register_post_status( 'testpubstatus', array( 'public' => true ) ); register_post_status( 'testprivtatus', array( 'public' => false ) ); // Public status @@ -1486,7 +1486,7 @@ class WP_Test_REST_Posts_Controller extends WP_Test_REST_Post_Type_Controller_Te ); $request = new WP_REST_Request( 'GET', sprintf( '/wp/v2/posts/%d', self::$post_id ) ); $response = $this->server->dispatch( $request ); - $this->assertEquals( 403, $response->get_status() ); + $this->assertEquals( 401, $response->get_status() ); } public function test_prepare_item() { diff --git a/tests/phpunit/tests/rest-api/rest-settings-controller.php b/tests/phpunit/tests/rest-api/rest-settings-controller.php index dcf2d57af3..97670a21c0 100644 --- a/tests/phpunit/tests/rest-api/rest-settings-controller.php +++ b/tests/phpunit/tests/rest-api/rest-settings-controller.php @@ -10,7 +10,9 @@ * @group restapi */ class WP_Test_REST_Settings_Controller extends WP_Test_REST_Controller_Testcase { + protected static $administrator; + protected static $author; public static function wpSetUpBeforeClass( $factory ) { self::$administrator = $factory->user->create( @@ -18,10 +20,17 @@ class WP_Test_REST_Settings_Controller extends WP_Test_REST_Controller_Testcase 'role' => 'administrator', ) ); + + self::$author = $factory->user->create( + array( + 'role' => 'author', + ) + ); } public static function wpTearDownAfterClass() { self::delete_user( self::$administrator ); + self::delete_user( self::$author ); } public function setUp() { @@ -45,7 +54,14 @@ class WP_Test_REST_Settings_Controller extends WP_Test_REST_Controller_Testcase public function test_context_param() { } - public function test_get_item_is_not_public() { + public function test_get_item_is_not_public_not_authenticated() { + $request = new WP_REST_Request( 'GET', '/wp/v2/settings' ); + $response = $this->server->dispatch( $request ); + $this->assertEquals( 401, $response->get_status() ); + } + + public function test_get_item_is_not_public_no_permission() { + wp_set_current_user( self::$author ); $request = new WP_REST_Request( 'GET', '/wp/v2/settings' ); $response = $this->server->dispatch( $request ); $this->assertEquals( 403, $response->get_status() ); diff --git a/tests/phpunit/tests/rest-api/rest-taxonomies-controller.php b/tests/phpunit/tests/rest-api/rest-taxonomies-controller.php index 205a041f23..5a736086aa 100644 --- a/tests/phpunit/tests/rest-api/rest-taxonomies-controller.php +++ b/tests/phpunit/tests/rest-api/rest-taxonomies-controller.php @@ -11,6 +11,20 @@ */ class WP_Test_REST_Taxonomies_Controller extends WP_Test_REST_Controller_Testcase { + protected static $contributor_id; + + public static function wpSetUpBeforeClass( $factory ) { + self::$contributor_id = $factory->user->create( + array( + 'role' => 'contributor', + ) + ); + } + + public static function wpTearDownAfterClass() { + self::delete_user( self::$contributor_id ); + } + public function test_register_routes() { $routes = $this->server->get_routes(); @@ -101,7 +115,16 @@ class WP_Test_REST_Taxonomies_Controller extends WP_Test_REST_Controller_Testcas $this->assertErrorResponse( 'rest_taxonomy_invalid', $response, 404 ); } - public function test_get_non_public_taxonomy() { + public function test_get_non_public_taxonomy_not_authenticated() { + register_taxonomy( 'api-private', 'post', array( 'public' => false ) ); + + $request = new WP_REST_Request( 'GET', '/wp/v2/taxonomies/api-private' ); + $response = $this->server->dispatch( $request ); + $this->assertErrorResponse( 'rest_forbidden', $response, 401 ); + } + + public function test_get_non_public_taxonomy_no_permission() { + wp_set_current_user( self::$contributor_id ); register_taxonomy( 'api-private', 'post', array( 'public' => false ) ); $request = new WP_REST_Request( 'GET', '/wp/v2/taxonomies/api-private' );