Merge pull request #44 from addwiki/logout-token

Adds csrf token to action=logout requests

Author: addshore

src/MediawikiApi.php

@@ -489,7 +489,9 @@ private function throwLoginUsageException( $result ) {
 	 */
 	public function logout() {
 		$this->logger->log( LogLevel::DEBUG, 'Logging out' );
-		$result = $this->postRequest( new SimpleRequest( 'logout' ) );
+		$result = $this->postRequest( new SimpleRequest( 'logout', [
+			'token' => $this->getToken()
+		] ) );
 		if ( $result === [] ) {
 			$this->isLoggedIn = false;
 			$this->clearTokens();

tests/Unit/MediawikiApiTest.php

@@ -246,21 +246,59 @@ public function testBadLoginSequence() {
 
 	public function testLogout() {
 		$client = $this->getMockClient();
-		$client->expects( $this->at( 0 ) )
-			->method( 'request' )
-			->with( 'POST', null, $this->getExpectedRequestOpts( [ 'action' => 'logout' ], 'form_params' ) )
-			->will( $this->returnValue( $this->getMockResponse( [] ) ) );
+		$client->method( 'request' )
+			->withConsecutive(
+				[ 'POST', null, $this->getExpectedRequestOpts( [
+					'action' => 'query',
+					'meta' => 'tokens',
+					'type' => 'csrf',
+					'continue' => ''
+				], 'form_params' ) ],
+				[ 'POST', null, $this->getExpectedRequestOpts( [
+					'action' => 'logout',
+					'token' => 'TKN-csrf'
+				], 'form_params' ) ]
+			)
+			->willReturnOnConsecutiveCalls(
+				$this->returnValue( $this->getMockResponse( [
+					'query' => [
+						'tokens' => [
+							'csrf' => 'TKN-csrf',
+						]
+					]
+				] ) ),
+				$this->returnValue( $this->getMockResponse( [] ) )
+			);
 		$api = new MediawikiApi( '', $client );
 
 		$this->assertTrue( $api->logout() );
 	}
 
 	public function testLogoutOnFailure() {
 		$client = $this->getMockClient();
-		$client->expects( $this->at( 0 ) )
-			->method( 'request' )
-			->with( 'POST', null, $this->getExpectedRequestOpts( [ 'action' => 'logout' ], 'form_params' ) )
-			->will( $this->returnValue( $this->getMockResponse( null ) ) );
+		$client->method( 'request' )
+			->withConsecutive(
+				[ 'POST', null, $this->getExpectedRequestOpts( [
+					'action' => 'query',
+					'meta' => 'tokens',
+					'type' => 'csrf',
+					'continue' => ''
+				], 'form_params' ) ],
+				[ 'POST', null, $this->getExpectedRequestOpts( [
+					'action' => 'logout',
+					'token' => 'TKN-csrf'
+				], 'form_params' ) ]
+			)
+			->willReturnOnConsecutiveCalls(
+				$this->returnValue( $this->getMockResponse( [
+					'query' => [
+						'tokens' => [
+							'csrf' => 'TKN-csrf',
+						]
+					]
+				] ) ),
+				$this->returnValue( $this->getMockResponse( null ) )
+			);
 		$api = new MediawikiApi( '', $client );
 
 		$this->assertFalse( $api->logout() );