REST API: Adjust unit testes to expect a 401 status code in error responses from permission callbacks when user is not authenticated.
Missed in [42421]. Fixes #42828. git-svn-id: https://develop.svn.wordpress.org/trunk@42423 602fd350-edb4-49c9-b593-d223f7449a82
This commit is contained in:
Rachel Baker
parent
24b3f5e77c
commit
ab58308a41
|
|
@ -524,7 +524,7 @@ class WP_Test_REST_Attachments_Controller extends WP_Test_REST_Post_Type_Control
|
|||
$this->assertFalse( isset( $data['media_details']['sizes']['rest-api-test']['source_url'] ) );
|
||||
}
|
||||
|
||||
public function test_get_item_private_post() {
|
||||
public function test_get_item_private_post_not_authenticated() {
|
||||
wp_set_current_user( 0 );
|
||||
$draft_post = $this->factory->post->create( array( 'post_status' => 'draft' ) );
|
||||
$id1 = $this->factory->attachment->create_object(
|
||||
|
|
@ -535,7 +535,7 @@ class WP_Test_REST_Attachments_Controller extends WP_Test_REST_Post_Type_Control
|
|||
);
|
||||
$request = new WP_REST_Request( 'GET', '/wp/v2/media/' . $id1 );
|
||||
$response = $this->server->dispatch( $request );
|
||||
$this->assertEquals( 403, $response->get_status() );
|
||||
$this->assertEquals( 401, $response->get_status() );
|
||||
}
|
||||
|
||||
public function test_get_item_inherit_status_with_invalid_parent() {
|
||||
|
|
@ -553,7 +553,7 @@ class WP_Test_REST_Attachments_Controller extends WP_Test_REST_Post_Type_Control
|
|||
$this->assertEquals( $attachment_id, $data['id'] );
|
||||
}
|
||||
|
||||
public function test_get_item_auto_status_with_invalid_parent_returns_error() {
|
||||
public function test_get_item_auto_status_with_invalid_parent_not_authenticated_returns_error() {
|
||||
$attachment_id = $this->factory->attachment->create_object(
|
||||
$this->test_file, REST_TESTS_IMPOSSIBLY_HIGH_NUMBER, array(
|
||||
'post_mime_type' => 'image/jpeg',
|
||||
|
|
@ -564,7 +564,7 @@ class WP_Test_REST_Attachments_Controller extends WP_Test_REST_Post_Type_Control
|
|||
$request = new WP_REST_Request( 'GET', sprintf( '/wp/v2/media/%d', $attachment_id ) );
|
||||
$response = $this->server->dispatch( $request );
|
||||
|
||||
$this->assertErrorResponse( 'rest_forbidden', $response, 403 );
|
||||
$this->assertErrorResponse( 'rest_forbidden', $response, 401 );
|
||||
}
|
||||
|
||||
public function test_create_item() {
|
||||
|
|
|
|||
|
|
@ -1327,7 +1327,7 @@ class WP_Test_REST_Posts_Controller extends WP_Test_REST_Post_Type_Controller_Te
|
|||
$this->assertEquals( rest_url( '/wp/v2/users/' . self::$author_id ), $links['author'][0]['href'] );
|
||||
}
|
||||
|
||||
public function test_get_post_without_permission() {
|
||||
public function test_get_post_draft_status_not_authenicated() {
|
||||
$draft_id = $this->factory->post->create(
|
||||
array(
|
||||
'post_status' => 'draft',
|
||||
|
|
@ -1338,7 +1338,7 @@ class WP_Test_REST_Posts_Controller extends WP_Test_REST_Post_Type_Controller_Te
|
|||
$request = new WP_REST_Request( 'GET', sprintf( '/wp/v2/posts/%d', $draft_id ) );
|
||||
$response = $this->server->dispatch( $request );
|
||||
|
||||
$this->assertErrorResponse( 'rest_forbidden', $response, 403 );
|
||||
$this->assertErrorResponse( 'rest_forbidden', $response, 401 );
|
||||
}
|
||||
|
||||
public function test_get_post_invalid_id() {
|
||||
|
|
@ -1464,7 +1464,7 @@ class WP_Test_REST_Posts_Controller extends WP_Test_REST_Post_Type_Controller_Te
|
|||
$this->assertTrue( $data['excerpt']['protected'] );
|
||||
}
|
||||
|
||||
public function test_get_item_read_permission_custom_post_status() {
|
||||
public function test_get_item_read_permission_custom_post_status_not_authenticated() {
|
||||
register_post_status( 'testpubstatus', array( 'public' => true ) );
|
||||
register_post_status( 'testprivtatus', array( 'public' => false ) );
|
||||
// Public status
|
||||
|
|
@ -1486,7 +1486,7 @@ class WP_Test_REST_Posts_Controller extends WP_Test_REST_Post_Type_Controller_Te
|
|||
);
|
||||
$request = new WP_REST_Request( 'GET', sprintf( '/wp/v2/posts/%d', self::$post_id ) );
|
||||
$response = $this->server->dispatch( $request );
|
||||
$this->assertEquals( 403, $response->get_status() );
|
||||
$this->assertEquals( 401, $response->get_status() );
|
||||
}
|
||||
|
||||
public function test_prepare_item() {
|
||||
|
|
|
|||
|
|
@ -10,7 +10,9 @@
|
|||
* @group restapi
|
||||
*/
|
||||
class WP_Test_REST_Settings_Controller extends WP_Test_REST_Controller_Testcase {
|
||||
|
||||
protected static $administrator;
|
||||
protected static $author;
|
||||
|
||||
public static function wpSetUpBeforeClass( $factory ) {
|
||||
self::$administrator = $factory->user->create(
|
||||
|
|
@ -18,10 +20,17 @@ class WP_Test_REST_Settings_Controller extends WP_Test_REST_Controller_Testcase
|
|||
'role' => 'administrator',
|
||||
)
|
||||
);
|
||||
|
||||
self::$author = $factory->user->create(
|
||||
array(
|
||||
'role' => 'author',
|
||||
)
|
||||
);
|
||||
}
|
||||
|
||||
public static function wpTearDownAfterClass() {
|
||||
self::delete_user( self::$administrator );
|
||||
self::delete_user( self::$author );
|
||||
}
|
||||
|
||||
public function setUp() {
|
||||
|
|
@ -45,7 +54,14 @@ class WP_Test_REST_Settings_Controller extends WP_Test_REST_Controller_Testcase
|
|||
public function test_context_param() {
|
||||
}
|
||||
|
||||
public function test_get_item_is_not_public() {
|
||||
public function test_get_item_is_not_public_not_authenticated() {
|
||||
$request = new WP_REST_Request( 'GET', '/wp/v2/settings' );
|
||||
$response = $this->server->dispatch( $request );
|
||||
$this->assertEquals( 401, $response->get_status() );
|
||||
}
|
||||
|
||||
public function test_get_item_is_not_public_no_permission() {
|
||||
wp_set_current_user( self::$author );
|
||||
$request = new WP_REST_Request( 'GET', '/wp/v2/settings' );
|
||||
$response = $this->server->dispatch( $request );
|
||||
$this->assertEquals( 403, $response->get_status() );
|
||||
|
|
|
|||
|
|
@ -11,6 +11,20 @@
|
|||
*/
|
||||
class WP_Test_REST_Taxonomies_Controller extends WP_Test_REST_Controller_Testcase {
|
||||
|
||||
protected static $contributor_id;
|
||||
|
||||
public static function wpSetUpBeforeClass( $factory ) {
|
||||
self::$contributor_id = $factory->user->create(
|
||||
array(
|
||||
'role' => 'contributor',
|
||||
)
|
||||
);
|
||||
}
|
||||
|
||||
public static function wpTearDownAfterClass() {
|
||||
self::delete_user( self::$contributor_id );
|
||||
}
|
||||
|
||||
public function test_register_routes() {
|
||||
$routes = $this->server->get_routes();
|
||||
|
||||
|
|
@ -101,7 +115,16 @@ class WP_Test_REST_Taxonomies_Controller extends WP_Test_REST_Controller_Testcas
|
|||
$this->assertErrorResponse( 'rest_taxonomy_invalid', $response, 404 );
|
||||
}
|
||||
|
||||
public function test_get_non_public_taxonomy() {
|
||||
public function test_get_non_public_taxonomy_not_authenticated() {
|
||||
register_taxonomy( 'api-private', 'post', array( 'public' => false ) );
|
||||
|
||||
$request = new WP_REST_Request( 'GET', '/wp/v2/taxonomies/api-private' );
|
||||
$response = $this->server->dispatch( $request );
|
||||
$this->assertErrorResponse( 'rest_forbidden', $response, 401 );
|
||||
}
|
||||
|
||||
public function test_get_non_public_taxonomy_no_permission() {
|
||||
wp_set_current_user( self::$contributor_id );
|
||||
register_taxonomy( 'api-private', 'post', array( 'public' => false ) );
|
||||
|
||||
$request = new WP_REST_Request( 'GET', '/wp/v2/taxonomies/api-private' );
|
||||
|
|
|
|||
Loading…
Reference in New Issue