Page MenuHomePhabricator
Create Task
Maniphest T341759

Create functional tests for core OAuth functionality
Open, Needs TriagePublic
Actions

Description

Essential OAuth functionality should have end-to-end tests:

  • proposing a new application (OAuth 1, OAuth 2; owner-only, normal)
  • authorizing an application (OAuth 1, OAuth 2); there are lots of variations (/authorize vs /authenticate for OAuth 1; refresh token, PKCE for OAuth 2), not sure how much we should try to cover
  • making an API request with an authorized application
  • using the identify endpoint (OAuth 1, OAuth 2)

For the authorizing test, we might want to build something like oauth-hello-world into the extension, only enabled in CI mode. Or we could use a NodeJS test script to both be the OAuth app and simulate the browser.

The others are straightforward, we use createOAuthConsumer.php to register the app (we'd need to do T274713: Allow creating OAuth owner-only consumers via maintenance script for the owner-only tests), override the secret key in the DB or just use RSA, the API and identify requests can use the PHP integration test framework (OAuth 2 has a couple such tests already), app proposal is a normal Selenium test.

Related Objects

Event Timeline

Tgr created this task.Jul 13 2023, 3:51 AM
Restricted Application added a subscriber: Aklapper. · View Herald TranscriptJul 13 2023, 3:51 AM
Tgr added a comment.Jul 13 2023, 3:55 AM

See also:

Tgr mentioned this in T340919: OAuth requests to MediaWiki endpoints not supporting OAuth should be rejected.Jul 13 2023, 3:56 AM
Tgr mentioned this in T348206: Improve logging, monitoring and test coverage for MediaWiki Platform team authentication extensions.Oct 23 2023, 2:09 AM
matmarex updated the task description. (Show Details)Thu, Jan 22, 3:10 PM
Restricted Application added a project: MediaWiki-Platform-Team. · View Herald TranscriptThu, Jan 22, 3:10 PM
Tgr mentioned this in T415281: [EPIC] OAuth extension critical workflows (for automated tests enhancement).Thu, Jan 22, 4:13 PM
JTweed-WMF edited projects, added MediaWiki-Platform-Team (Q3 Kanban Board); removed MediaWiki-Platform-Team.Mon, Jan 26, 3:51 PM
JTweed-WMF moved this task from Essential Work to Next on the MediaWiki-Platform-Team (Q3 Kanban Board) board.
Content licensed under Creative Commons Attribution-ShareAlike (CC BY-SA) 4.0 unless otherwise noted; code licensed under GNU General Public License (GPL) 2.0 or later and other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL · Credits