REST API: Adjust unit testes to expect a 401 status code in error responses from permission callbacks when user is not authenticated.

Missed in [42421].

Fixes #42828.

git-svn-id: https://develop.svn.wordpress.org/trunk@42423 602fd350-edb4-49c9-b593-d223f7449a82
This commit is contained in:
Rachel Baker 2018-01-01 02:30:39 +00:00
parent 24b3f5e77c
commit ab58308a41
4 changed files with 49 additions and 10 deletions

View File

@ -524,7 +524,7 @@ class WP_Test_REST_Attachments_Controller extends WP_Test_REST_Post_Type_Control
$this->assertFalse( isset( $data['media_details']['sizes']['rest-api-test']['source_url'] ) ); $this->assertFalse( isset( $data['media_details']['sizes']['rest-api-test']['source_url'] ) );
} }
public function test_get_item_private_post() { public function test_get_item_private_post_not_authenticated() {
wp_set_current_user( 0 ); wp_set_current_user( 0 );
$draft_post = $this->factory->post->create( array( 'post_status' => 'draft' ) ); $draft_post = $this->factory->post->create( array( 'post_status' => 'draft' ) );
$id1 = $this->factory->attachment->create_object( $id1 = $this->factory->attachment->create_object(
@ -535,7 +535,7 @@ class WP_Test_REST_Attachments_Controller extends WP_Test_REST_Post_Type_Control
); );
$request = new WP_REST_Request( 'GET', '/wp/v2/media/' . $id1 ); $request = new WP_REST_Request( 'GET', '/wp/v2/media/' . $id1 );
$response = $this->server->dispatch( $request ); $response = $this->server->dispatch( $request );
$this->assertEquals( 403, $response->get_status() ); $this->assertEquals( 401, $response->get_status() );
} }
public function test_get_item_inherit_status_with_invalid_parent() { public function test_get_item_inherit_status_with_invalid_parent() {
@ -553,7 +553,7 @@ class WP_Test_REST_Attachments_Controller extends WP_Test_REST_Post_Type_Control
$this->assertEquals( $attachment_id, $data['id'] ); $this->assertEquals( $attachment_id, $data['id'] );
} }
public function test_get_item_auto_status_with_invalid_parent_returns_error() { public function test_get_item_auto_status_with_invalid_parent_not_authenticated_returns_error() {
$attachment_id = $this->factory->attachment->create_object( $attachment_id = $this->factory->attachment->create_object(
$this->test_file, REST_TESTS_IMPOSSIBLY_HIGH_NUMBER, array( $this->test_file, REST_TESTS_IMPOSSIBLY_HIGH_NUMBER, array(
'post_mime_type' => 'image/jpeg', 'post_mime_type' => 'image/jpeg',
@ -564,7 +564,7 @@ class WP_Test_REST_Attachments_Controller extends WP_Test_REST_Post_Type_Control
$request = new WP_REST_Request( 'GET', sprintf( '/wp/v2/media/%d', $attachment_id ) ); $request = new WP_REST_Request( 'GET', sprintf( '/wp/v2/media/%d', $attachment_id ) );
$response = $this->server->dispatch( $request ); $response = $this->server->dispatch( $request );
$this->assertErrorResponse( 'rest_forbidden', $response, 403 ); $this->assertErrorResponse( 'rest_forbidden', $response, 401 );
} }
public function test_create_item() { public function test_create_item() {

View File

@ -1327,7 +1327,7 @@ class WP_Test_REST_Posts_Controller extends WP_Test_REST_Post_Type_Controller_Te
$this->assertEquals( rest_url( '/wp/v2/users/' . self::$author_id ), $links['author'][0]['href'] ); $this->assertEquals( rest_url( '/wp/v2/users/' . self::$author_id ), $links['author'][0]['href'] );
} }
public function test_get_post_without_permission() { public function test_get_post_draft_status_not_authenicated() {
$draft_id = $this->factory->post->create( $draft_id = $this->factory->post->create(
array( array(
'post_status' => 'draft', 'post_status' => 'draft',
@ -1338,7 +1338,7 @@ class WP_Test_REST_Posts_Controller extends WP_Test_REST_Post_Type_Controller_Te
$request = new WP_REST_Request( 'GET', sprintf( '/wp/v2/posts/%d', $draft_id ) ); $request = new WP_REST_Request( 'GET', sprintf( '/wp/v2/posts/%d', $draft_id ) );
$response = $this->server->dispatch( $request ); $response = $this->server->dispatch( $request );
$this->assertErrorResponse( 'rest_forbidden', $response, 403 ); $this->assertErrorResponse( 'rest_forbidden', $response, 401 );
} }
public function test_get_post_invalid_id() { public function test_get_post_invalid_id() {
@ -1464,7 +1464,7 @@ class WP_Test_REST_Posts_Controller extends WP_Test_REST_Post_Type_Controller_Te
$this->assertTrue( $data['excerpt']['protected'] ); $this->assertTrue( $data['excerpt']['protected'] );
} }
public function test_get_item_read_permission_custom_post_status() { public function test_get_item_read_permission_custom_post_status_not_authenticated() {
register_post_status( 'testpubstatus', array( 'public' => true ) ); register_post_status( 'testpubstatus', array( 'public' => true ) );
register_post_status( 'testprivtatus', array( 'public' => false ) ); register_post_status( 'testprivtatus', array( 'public' => false ) );
// Public status // Public status
@ -1486,7 +1486,7 @@ class WP_Test_REST_Posts_Controller extends WP_Test_REST_Post_Type_Controller_Te
); );
$request = new WP_REST_Request( 'GET', sprintf( '/wp/v2/posts/%d', self::$post_id ) ); $request = new WP_REST_Request( 'GET', sprintf( '/wp/v2/posts/%d', self::$post_id ) );
$response = $this->server->dispatch( $request ); $response = $this->server->dispatch( $request );
$this->assertEquals( 403, $response->get_status() ); $this->assertEquals( 401, $response->get_status() );
} }
public function test_prepare_item() { public function test_prepare_item() {

View File

@ -10,7 +10,9 @@
* @group restapi * @group restapi
*/ */
class WP_Test_REST_Settings_Controller extends WP_Test_REST_Controller_Testcase { class WP_Test_REST_Settings_Controller extends WP_Test_REST_Controller_Testcase {
protected static $administrator; protected static $administrator;
protected static $author;
public static function wpSetUpBeforeClass( $factory ) { public static function wpSetUpBeforeClass( $factory ) {
self::$administrator = $factory->user->create( self::$administrator = $factory->user->create(
@ -18,10 +20,17 @@ class WP_Test_REST_Settings_Controller extends WP_Test_REST_Controller_Testcase
'role' => 'administrator', 'role' => 'administrator',
) )
); );
self::$author = $factory->user->create(
array(
'role' => 'author',
)
);
} }
public static function wpTearDownAfterClass() { public static function wpTearDownAfterClass() {
self::delete_user( self::$administrator ); self::delete_user( self::$administrator );
self::delete_user( self::$author );
} }
public function setUp() { public function setUp() {
@ -45,7 +54,14 @@ class WP_Test_REST_Settings_Controller extends WP_Test_REST_Controller_Testcase
public function test_context_param() { public function test_context_param() {
} }
public function test_get_item_is_not_public() { public function test_get_item_is_not_public_not_authenticated() {
$request = new WP_REST_Request( 'GET', '/wp/v2/settings' );
$response = $this->server->dispatch( $request );
$this->assertEquals( 401, $response->get_status() );
}
public function test_get_item_is_not_public_no_permission() {
wp_set_current_user( self::$author );
$request = new WP_REST_Request( 'GET', '/wp/v2/settings' ); $request = new WP_REST_Request( 'GET', '/wp/v2/settings' );
$response = $this->server->dispatch( $request ); $response = $this->server->dispatch( $request );
$this->assertEquals( 403, $response->get_status() ); $this->assertEquals( 403, $response->get_status() );

View File

@ -11,6 +11,20 @@
*/ */
class WP_Test_REST_Taxonomies_Controller extends WP_Test_REST_Controller_Testcase { class WP_Test_REST_Taxonomies_Controller extends WP_Test_REST_Controller_Testcase {
protected static $contributor_id;
public static function wpSetUpBeforeClass( $factory ) {
self::$contributor_id = $factory->user->create(
array(
'role' => 'contributor',
)
);
}
public static function wpTearDownAfterClass() {
self::delete_user( self::$contributor_id );
}
public function test_register_routes() { public function test_register_routes() {
$routes = $this->server->get_routes(); $routes = $this->server->get_routes();
@ -101,7 +115,16 @@ class WP_Test_REST_Taxonomies_Controller extends WP_Test_REST_Controller_Testcas
$this->assertErrorResponse( 'rest_taxonomy_invalid', $response, 404 ); $this->assertErrorResponse( 'rest_taxonomy_invalid', $response, 404 );
} }
public function test_get_non_public_taxonomy() { public function test_get_non_public_taxonomy_not_authenticated() {
register_taxonomy( 'api-private', 'post', array( 'public' => false ) );
$request = new WP_REST_Request( 'GET', '/wp/v2/taxonomies/api-private' );
$response = $this->server->dispatch( $request );
$this->assertErrorResponse( 'rest_forbidden', $response, 401 );
}
public function test_get_non_public_taxonomy_no_permission() {
wp_set_current_user( self::$contributor_id );
register_taxonomy( 'api-private', 'post', array( 'public' => false ) ); register_taxonomy( 'api-private', 'post', array( 'public' => false ) );
$request = new WP_REST_Request( 'GET', '/wp/v2/taxonomies/api-private' ); $request = new WP_REST_Request( 'GET', '/wp/v2/taxonomies/api-private' );