Skip to:
Content

BuddyPress.org


Ignore:
Timestamp:
11/03/2024 06:19:06 PM (13 months ago)
Author:
espellcaste
Message:

A user is no longer de-authenticated when making REST API requests.

We are introducing a new BP_LoggedIn_User class to fetch data about a BuddyPress logged-in user. This new addition fixes an issue where a user could be de-authenticated when making REST API requests.

Props dcavins, DJPaul, johnjamesjacoby, and imath.

Closes https://github.com/buddypress/buddypress/pull/395
See #9229 and #9145
Fixes #7658

File:
1 edited

Legend:

Unmodified
Added
Removed

  • trunk/tests/phpunit/testcases/messages/test-sidewide-notices-controller.php

    r14026 r14070  
    100100     */
    101101    public function test_get_items() {
    102         $this->bp::set_current_user( $this->user );
     102        wp_set_current_user( $this->user );
    103103
    104104        $tested = array(
     
    135135     */
    136136    public function test_get_items_no_edit_access() {
    137         $this->bp::set_current_user( $this->user );
     137        wp_set_current_user( $this->user );
    138138        $tested = array(
    139139            'n1' => array(
     
    148148
    149149        $u1 = static::factory()->user->create();
    150         $this->bp::set_current_user( $u1 );
     150        wp_set_current_user( $u1 );
    151151
    152152        $request = new WP_REST_Request( 'GET', $this->endpoint_url );
     
    161161     */
    162162    public function test_get_items_view_active() {
    163         $this->bp::set_current_user( $this->user );
     163        wp_set_current_user( $this->user );
    164164        $tested = array(
    165165            'n1' => array(
     
    177177
    178178        $u1 = static::factory()->user->create();
    179         $this->bp::set_current_user( $u1 );
     179        wp_set_current_user( $u1 );
    180180
    181181        $request = new WP_REST_Request( 'GET', $this->endpoint_url );
     
    198198     */
    199199    public function test_get_items_no_active() {
    200         $this->bp::set_current_user( $this->user );
    201 
    202         $u1 = static::factory()->user->create();
    203         $this->bp::set_current_user( $u1 );
     200        wp_set_current_user( $this->user );
     201
     202        $u1 = static::factory()->user->create();
     203        wp_set_current_user( $u1 );
    204204
    205205        $request = new WP_REST_Request( 'GET', $this->endpoint_url );
     
    215215     */
    216216    public function test_get_item() {
    217         $this->bp::set_current_user( $this->user );
     217        wp_set_current_user( $this->user );
    218218        $tested = array(
    219219            'n1' => array(
     
    233233
    234234        $u1 = static::factory()->user->create();
    235         $this->bp::set_current_user( $u1 );
     235        wp_set_current_user( $u1 );
    236236
    237237        $request = new WP_REST_Request( 'GET', $this->endpoint_url . '/' . $id );
     
    251251     */
    252252    public function test_get_item_admin_access() {
    253         $this->bp::set_current_user( $this->user );
     253        wp_set_current_user( $this->user );
    254254        $tested = array(
    255255            'n1' => array(
     
    284284     */
    285285    public function test_get_item_no_access() {
    286         $this->bp::set_current_user( $this->user );
     286        wp_set_current_user( $this->user );
    287287        $tested = array(
    288288            'n1' => array(
     
    301301
    302302        $u1 = static::factory()->user->create();
    303         $this->bp::set_current_user( $u1 );
     303        wp_set_current_user( $u1 );
    304304
    305305        $request = new WP_REST_Request( 'GET', $this->endpoint_url . '/' . $id );
     
    314314     */
    315315    public function test_get_item_view_active() {
    316         $this->bp::set_current_user( $this->user );
     316        wp_set_current_user( $this->user );
    317317        $tested = array(
    318318            'n1' => array(
     
    332332
    333333        $u1 = static::factory()->user->create();
    334         $this->bp::set_current_user( $u1 );
     334        wp_set_current_user( $u1 );
    335335
    336336        $request = new WP_REST_Request( 'GET', $this->endpoint_url . '/' . $id );
     
    350350     */
    351351    public function test_get_item_with_invalid_id() {
    352         $this->bp::set_current_user( $this->user );
     352        wp_set_current_user( $this->user );
    353353
    354354        $request = new WP_REST_Request( 'GET', $this->endpoint_url . '/' . REST_TESTS_IMPOSSIBLY_HIGH_NUMBER );
     
    363363     */
    364364    public function test_create_item() {
    365         $this->bp::set_current_user( $this->user );
     365        wp_set_current_user( $this->user );
    366366
    367367        $request = new WP_REST_Request( 'POST', $this->endpoint_url );
     
    388388     */
    389389    public function test_create_item_no_access() {
    390         $this->bp::set_current_user( static::factory()->user->create() );
     390        wp_set_current_user( static::factory()->user->create() );
    391391
    392392        $request = new WP_REST_Request( 'POST', $this->endpoint_url );
     
    408408     */
    409409    public function test_create_item_no_subject() {
    410         $this->bp::set_current_user( $this->user );
     410        wp_set_current_user( $this->user );
    411411
    412412        $request = new WP_REST_Request( 'POST', $this->endpoint_url );
     
    428428     */
    429429    public function test_update_item() {
    430         $this->bp::set_current_user( $this->user );
     430        wp_set_current_user( $this->user );
    431431        $tested = array(
    432432            'n1' => array(
     
    458458     */
    459459    public function test_update_item_no_access() {
    460         $this->bp::set_current_user( $this->user );
     460        wp_set_current_user( $this->user );
    461461        $tested = array(
    462462            'n1' => array(
     
    469469
    470470        $u1 = static::factory()->user->create();
    471         $this->bp::set_current_user( $u1 );
     471        wp_set_current_user( $u1 );
    472472
    473473        $request = new WP_REST_Request( 'PUT', sprintf( $this->endpoint_url . '/%d', $n->id ) );
     
    483483     */
    484484    public function test_update_item_no_message() {
    485         $this->bp::set_current_user( $this->user );
     485        wp_set_current_user( $this->user );
    486486        $tested = array(
    487487            'n1' => array(
     
    505505     */
    506506    public function test_update_item_with_invalid_id() {
    507         $this->bp::set_current_user( $this->user );
     507        wp_set_current_user( $this->user );
    508508
    509509        $request = new WP_REST_Request( 'PUT', sprintf( $this->endpoint_url . '/%d', REST_TESTS_IMPOSSIBLY_HIGH_NUMBER ) );
     
    519519     */
    520520    public function test_delete_item() {
    521         $this->bp::set_current_user( $this->user );
     521        wp_set_current_user( $this->user );
    522522        $tested = array(
    523523            'n1' => array(
     
    546546     */
    547547    public function test_delete_item_no_access() {
    548         $this->bp::set_current_user( $this->user );
     548        wp_set_current_user( $this->user );
    549549        $tested = array(
    550550            'n1' => array(
     
    557557
    558558        $u1 = static::factory()->user->create();
    559         $this->bp::set_current_user( $u1 );
     559        wp_set_current_user( $u1 );
    560560
    561561        $request = new WP_REST_Request( 'DELETE', sprintf( $this->endpoint_url . '/%d', $n->id ) );
     
    570570     */
    571571    public function test_delete_item_with_invalid_id() {
    572         $this->bp::set_current_user( $this->user );
     572        wp_set_current_user( $this->user );
    573573
    574574        $request = new WP_REST_Request( 'DELETE', sprintf( $this->endpoint_url . '/%d', REST_TESTS_IMPOSSIBLY_HIGH_NUMBER ) );
     
    583583     */
    584584    public function test_dismiss_item() {
    585         $this->bp::set_current_user( $this->user );
     585        wp_set_current_user( $this->user );
    586586        $tested = array(
    587587            'n1' => array(
     
    594594
    595595        $u1 = static::factory()->user->create();
    596         $this->bp::set_current_user( $u1 );
     596        wp_set_current_user( $u1 );
    597597
    598598        $request = new WP_REST_Request( 'PUT', $this->endpoint_url . '/dismiss' );
     
    614614     */
    615615    public function test_dismiss_item_no_actives() {
    616         $this->bp::set_current_user( $this->user );
     616        wp_set_current_user( $this->user );
    617617        $tested = array(
    618618            'n1' => array(
     
    625625
    626626        $u1 = static::factory()->user->create();
    627         $this->bp::set_current_user( $u1 );
     627        wp_set_current_user( $u1 );
    628628
    629629        $request = new WP_REST_Request( 'PUT', $this->endpoint_url . '/dismiss' );
     
    638638     */
    639639    public function test_dismiss_item_not_logged_in() {
    640         $this->bp::set_current_user( $this->user );
     640        wp_set_current_user( $this->user );
    641641        $tested = array(
    642642            'n1' => array(
     
    647647        $this->create_notice( $tested );
    648648
    649         $this->bp::set_current_user( 0 );
     649        wp_set_current_user( 0 );
    650650
    651651        $request = new WP_REST_Request( 'PUT', $this->endpoint_url . '/dismiss' );
Note: See TracChangeset for help on using the changeset viewer.