Tests: Update infrastructure & add travis config (#100)

* Tests: Move tests infrastructure, set up travis Consolidates the composer files so we can run install once in travis. * Return empty array if no values are $_POST'ed to the form Fixes an issue with tests + null values in logs * Clean up some naming & create helper functions for tests * Debug travis * Remove debug * Fix notices on form * Turn on multisite flag
2025-04-04 20:03:44 +03:00 · 2019-11-15 17:40:53 -05:00 · 2019-11-15 17:40:53 -05:00 · 03949905c0
parent 5c2041442a
commit 03949905c0
12 changed files with 2705 additions and 2583 deletions
--- a/.travis.yml
+++ b/.travis.yml
@ -0,0 +1,16 @@
+sudo: required
+dist: trusty
+language: php
+php: 7.2
+env: WP_VERSION=latest WP_MULTISITE=1 WP_CORE_DIR=/tmp/wordpress
+
+install:
+  - bash bin/install-wp-tests.sh wporg_5ftf_test root '' localhost $WP_VERSION
+  - composer install
+
+script:
+  - composer run-script test -- --version
+  - composer run-script test -- -c phpunit.xml.dist
+  - touch $TRAVIS_BUILD_DIR/tmp.php
+  - export CHANGED_FILES=$(git diff --name-only --diff-filter=AM $TRAVIS_BRANCH...HEAD | tr '\n' ' ')
+  - composer run-script phpcs $TRAVIS_BUILD_DIR/tmp.php $(echo $CHANGED_FILES) -- -n
--- a/bin/install-wp-tests.sh
+++ b/bin/install-wp-tests.sh
@ -0,0 +1,155 @@
+#!/usr/bin/env bash
+
+if [ $# -lt 3 ]; then
+	echo "usage: $0 <db-name> <db-user> <db-pass> [db-host] [wp-version] [skip-database-creation]"
+	exit 1
+fi
+
+DB_NAME=$1
+DB_USER=$2
+DB_PASS=$3
+DB_HOST=${4-localhost}
+WP_VERSION=${5-latest}
+SKIP_DB_CREATE=${6-false}
+
+TMPDIR=${TMPDIR-/tmp}
+TMPDIR=$(echo $TMPDIR | sed -e "s/\/$//")
+WP_TESTS_DIR=${WP_TESTS_DIR-$TMPDIR/wordpress-tests-lib}
+WP_CORE_DIR=${WP_CORE_DIR-$TMPDIR/wordpress/}
+
+download() {
+    if [ `which curl` ]; then
+        curl -s "$1" > "$2";
+    elif [ `which wget` ]; then
+        wget -nv -O "$2" "$1"
+    fi
+}
+
+if [[ $WP_VERSION =~ ^[0-9]+\.[0-9]+\-(beta|RC)[0-9]+$ ]]; then
+	WP_BRANCH=${WP_VERSION%\-*}
+	WP_TESTS_TAG="branches/$WP_BRANCH"
+
+elif [[ $WP_VERSION =~ ^[0-9]+\.[0-9]+$ ]]; then
+	WP_TESTS_TAG="branches/$WP_VERSION"
+elif [[ $WP_VERSION =~ [0-9]+\.[0-9]+\.[0-9]+ ]]; then
+	if [[ $WP_VERSION =~ [0-9]+\.[0-9]+\.[0] ]]; then
+		# version x.x.0 means the first release of the major version, so strip off the .0 and download version x.x
+		WP_TESTS_TAG="tags/${WP_VERSION%??}"
+	else
+		WP_TESTS_TAG="tags/$WP_VERSION"
+	fi
+elif [[ $WP_VERSION == 'nightly' || $WP_VERSION == 'trunk' ]]; then
+	WP_TESTS_TAG="trunk"
+else
+	# http serves a single offer, whereas https serves multiple. we only want one
+	download http://api.wordpress.org/core/version-check/1.7/ /tmp/wp-latest.json
+	grep '[0-9]+\.[0-9]+(\.[0-9]+)?' /tmp/wp-latest.json
+	LATEST_VERSION=$(grep -o '"version":"[^"]*' /tmp/wp-latest.json | sed 's/"version":"//')
+	if [[ -z "$LATEST_VERSION" ]]; then
+		echo "Latest WordPress version could not be found"
+		exit 1
+	fi
+	WP_TESTS_TAG="tags/$LATEST_VERSION"
+fi
+set -ex
+
+install_wp() {
+
+	if [ -d $WP_CORE_DIR ]; then
+		return;
+	fi
+
+	mkdir -p $WP_CORE_DIR
+
+	if [[ $WP_VERSION == 'nightly' || $WP_VERSION == 'trunk' ]]; then
+		mkdir -p $TMPDIR/wordpress-nightly
+		download https://wordpress.org/nightly-builds/wordpress-latest.zip  $TMPDIR/wordpress-nightly/wordpress-nightly.zip
+		unzip -q $TMPDIR/wordpress-nightly/wordpress-nightly.zip -d $TMPDIR/wordpress-nightly/
+		mv $TMPDIR/wordpress-nightly/wordpress/* $WP_CORE_DIR
+	else
+		if [ $WP_VERSION == 'latest' ]; then
+			local ARCHIVE_NAME='latest'
+		elif [[ $WP_VERSION =~ [0-9]+\.[0-9]+ ]]; then
+			# https serves multiple offers, whereas http serves single.
+			download https://api.wordpress.org/core/version-check/1.7/ $TMPDIR/wp-latest.json
+			if [[ $WP_VERSION =~ [0-9]+\.[0-9]+\.[0] ]]; then
+				# version x.x.0 means the first release of the major version, so strip off the .0 and download version x.x
+				LATEST_VERSION=${WP_VERSION%??}
+			else
+				# otherwise, scan the releases and get the most up to date minor version of the major release
+				local VERSION_ESCAPED=`echo $WP_VERSION | sed 's/\./\\\\./g'`
+				LATEST_VERSION=$(grep -o '"version":"'$VERSION_ESCAPED'[^"]*' $TMPDIR/wp-latest.json | sed 's/"version":"//' | head -1)
+			fi
+			if [[ -z "$LATEST_VERSION" ]]; then
+				local ARCHIVE_NAME="wordpress-$WP_VERSION"
+			else
+				local ARCHIVE_NAME="wordpress-$LATEST_VERSION"
+			fi
+		else
+			local ARCHIVE_NAME="wordpress-$WP_VERSION"
+		fi
+		download https://wordpress.org/${ARCHIVE_NAME}.tar.gz  $TMPDIR/wordpress.tar.gz
+		tar --strip-components=1 -zxmf $TMPDIR/wordpress.tar.gz -C $WP_CORE_DIR
+	fi
+
+	download https://raw.github.com/markoheijnen/wp-mysqli/master/db.php $WP_CORE_DIR/wp-content/db.php
+}
+
+install_test_suite() {
+	# portable in-place argument for both GNU sed and Mac OSX sed
+	if [[ $(uname -s) == 'Darwin' ]]; then
+		local ioption='-i.bak'
+	else
+		local ioption='-i'
+	fi
+
+	# set up testing suite if it doesn't yet exist
+	if [ ! -d $WP_TESTS_DIR ]; then
+		# set up testing suite
+		mkdir -p $WP_TESTS_DIR
+		svn co --quiet https://develop.svn.wordpress.org/${WP_TESTS_TAG}/tests/phpunit/includes/ $WP_TESTS_DIR/includes
+		svn co --quiet https://develop.svn.wordpress.org/${WP_TESTS_TAG}/tests/phpunit/data/ $WP_TESTS_DIR/data
+	fi
+
+	if [ ! -f wp-tests-config.php ]; then
+		download https://develop.svn.wordpress.org/${WP_TESTS_TAG}/wp-tests-config-sample.php "$WP_TESTS_DIR"/wp-tests-config.php
+		# remove all forward slashes in the end
+		WP_CORE_DIR=$(echo $WP_CORE_DIR | sed "s:/\+$::")
+		sed $ioption "s:dirname( __FILE__ ) . '/src/':'$WP_CORE_DIR/':" "$WP_TESTS_DIR"/wp-tests-config.php
+		sed $ioption "s/youremptytestdbnamehere/$DB_NAME/" "$WP_TESTS_DIR"/wp-tests-config.php
+		sed $ioption "s/yourusernamehere/$DB_USER/" "$WP_TESTS_DIR"/wp-tests-config.php
+		sed $ioption "s/yourpasswordhere/$DB_PASS/" "$WP_TESTS_DIR"/wp-tests-config.php
+		sed $ioption "s|localhost|${DB_HOST}|" "$WP_TESTS_DIR"/wp-tests-config.php
+	fi
+
+}
+
+install_db() {
+
+	if [ ${SKIP_DB_CREATE} = "true" ]; then
+		return 0
+	fi
+
+	# parse DB_HOST for port or socket references
+	local PARTS=(${DB_HOST//\:/ })
+	local DB_HOSTNAME=${PARTS[0]};
+	local DB_SOCK_OR_PORT=${PARTS[1]};
+	local EXTRA=""
+
+	if ! [ -z $DB_HOSTNAME ] ; then
+		if [ $(echo $DB_SOCK_OR_PORT | grep -e '^[0-9]\{1,\}$') ]; then
+			EXTRA=" --host=$DB_HOSTNAME --port=$DB_SOCK_OR_PORT --protocol=tcp"
+		elif ! [ -z $DB_SOCK_OR_PORT ] ; then
+			EXTRA=" --socket=$DB_SOCK_OR_PORT"
+		elif ! [ -z $DB_HOSTNAME ] ; then
+			EXTRA=" --host=$DB_HOSTNAME --protocol=tcp"
+		fi
+	fi
+
+	# create database
+	mysqladmin create $DB_NAME --user="$DB_USER" --password="$DB_PASS"$EXTRA
+}
+
+install_wp
+install_test_suite
+install_db
--- a/composer.json
+++ b/composer.json
@ -10,12 +10,17 @@
 		"platform": {
 			"php": "7.2"
 		},
-		"vendor-dir": "mu-plugins/vendor"
+		"vendor-dir": "mu-plugins/vendor",
+		"_comment": "Work around `test:watch` timeout, see https://github.com/spatie/phpunit-watcher/issues/63#issuecomment-545633709",
+		"process-timeout": 0
 	},
 	"require": {},
-	"require-dev": {
+	"_comment" : "PHPUnit 7.x is the latest version that's compatible with Core, see https://core.trac.wordpress.org/ticket/46149",
+	"require-dev" : {
 		"dealerdirect/phpcodesniffer-composer-installer": "0.5.0",
-		"wp-coding-standards/wpcs": "2.1.1"
+		"wp-coding-standards/wpcs": "2.1.1",
+		"phpunit/phpunit"        : "^7",
+		"spatie/phpunit-watcher" : "^1.12"
 	},
 	"scripts": {
 		"phpcs": [
@ -23,6 +28,9 @@
 		],
 		"phpcbf": [
 			"phpcbf -p"
-		]
+		],
+		"test" : "phpunit",
+		"_comment"   : "Input won't work when running this via `composer test:watch`. If you want to use PHPUnit Watcher's interactive options then you'll need to call it directly in your terminal. See https://github.com/composer/composer/issues/5856",
+		"test:watch" : "phpunit-watcher watch"
 	}
 }
--- a/composer.lock
+++ b/composer.lock
--- a/phpunit-watcher.yml.dist
+++ b/phpunit-watcher.yml.dist
@ -0,0 +1,11 @@
+watch:
+  directories:
+    - plugins/wporg-5ftf
+  fileMask: '*.php'
+
+notifications:
+  passingTests: false
+  failingTests: false
+
+phpunit:
+  binaryPath: mu-plugins/vendor/bin/phpunit
--- a/plugins/wporg-5ftf/phpunit.xml.dist
+++ b/plugins/wporg-5ftf/phpunit.xml.dist
@ -1,16 +1,18 @@
 <phpunit
-	bootstrap="tests/bootstrap.php"
+	bootstrap="plugins/wporg-5ftf/tests/bootstrap.php"
 	backupGlobals="false"
 	colors="true"
 	convertErrorsToExceptions="true"
 	convertNoticesToExceptions="true"
 	convertWarningsToExceptions="true"
 	>
-
+	<php>
+		<const name="WP_TESTS_MULTISITE" value="1" />
+	</php>
 	<testsuites>
-		<testsuite name="Five for the Future plugin">
+		<testsuite name="Five for the Future Plugin">
 			<directory prefix="test-" suffix=".php">
-				./tests/
+				./plugins/wporg-5ftf/tests/
 			</directory>
 		</testsuite>
 	</testsuites>
--- a/plugins/wporg-5ftf/composer.json
+++ b/plugins/wporg-5ftf/composer.json
@ -1,32 +0,0 @@
-{
-	"name"        : "wordpress/five-for-the-future",
-	"description" : "Five for the Future plugin",
-	"license"     : "GPL-2.0-or-later",
-
-	"authors" : [
-		{
-			"name"  : "WordPress",
-			"email" : "support@wordcamp.org"
-		}
-	],
-
-	"config" : {
-		"_comment": "Work around `test:watch` timeout, see https://github.com/spatie/phpunit-watcher/issues/63#issuecomment-545633709",
-		"process-timeout": 0
-	},
-
-	"require" : {},
-
-	"_comment" : "PHPUnit 7.x is the latest version that's compatible with Core, see https://core.trac.wordpress.org/ticket/46149",
-	"require-dev" : {
-		"phpunit/phpunit"        : "^7",
-		"spatie/phpunit-watcher" : "^1.12"
-	},
-
-	"scripts" : {
-		"test" : "vendor/bin/phpunit",
-
-		"_comment"   : "Input won't work when running this via `composer test:watch`. If you want to use PHPUnit Watcher's interactive options then you'll need to call it directly in your terminal. See https://github.com/composer/composer/issues/5856",
-		"test:watch" : "vendor/bin/phpunit-watcher watch"
-	}
-}
--- a/plugins/wporg-5ftf/composer.lock
+++ b/plugins/wporg-5ftf/composer.lock
--- a/plugins/wporg-5ftf/includes/pledge-form.php
+++ b/plugins/wporg-5ftf/includes/pledge-form.php
@ -354,7 +354,12 @@ function get_form_submission() {
 		)
 	);

-	return filter_input_array( INPUT_POST, $input_filters );
+	$result = filter_input_array( INPUT_POST, $input_filters );
+	if ( ! $result ) {
+		return array_fill_keys( array_keys( $input_filters ), '' );
+	}
+
+	return $result;
 }

 /**
--- a/plugins/wporg-5ftf/phpunit-watcher.yml.dist
+++ b/plugins/wporg-5ftf/phpunit-watcher.yml.dist
@ -1,13 +0,0 @@
-watch:
-  directories:
-    # By default only the `tests/` folder is watched, but the empty value below represents the current directory,
-    # so that tests will also re-run when the files-under-test are changed.
-    -
-  fileMask: '*.php'
-
-notifications:
-  passingTests: false
-  failingTests: false
-
-phpunit:
-  binaryPath: vendor/bin/phpunit
--- a/plugins/wporg-5ftf/tests/bootstrap.php
+++ b/plugins/wporg-5ftf/tests/bootstrap.php
@ -1,29 +1,29 @@
 <?php
+/**
+ * PHPUnit bootstrap file
+ */

-namespace WordPressDotOrg\FiveForTheFuture\Tests;
+$_tests_dir = getenv( 'WP_TESTS_DIR' );

-if ( 'cli' !== php_sapi_name() ) {
-	return;
+if ( ! $_tests_dir ) {
+	$_tests_dir = rtrim( sys_get_temp_dir(), '/\\' ) . '/wordpress-tests-lib';
 }

-
-define( 'WP_PLUGIN_DIR', dirname( dirname( __DIR__ ) ) );
-
-
-$core_tests_directory = getenv( 'WP_TESTS_DIR' );
-
-if ( ! $core_tests_directory ) {
-	echo "\nPlease set the WP_TESTS_DIR environment variable to the folder where WordPress' PHPUnit tests live --";
-	echo "\ne.g., export WP_TESTS_DIR=/srv/www/wordpress-develop/tests/phpunit\n";
-
-	return;
+if ( ! file_exists( $_tests_dir . '/includes/functions.php' ) ) {
+	echo "Could not find $_tests_dir/includes/functions.php, have you run bin/install-wp-tests.sh ?" . PHP_EOL; // phpcs:ignore WordPress.Security.EscapeOutput.OutputNotEscaped
+	exit( 1 );
 }

-require_once $core_tests_directory . '/includes/functions.php';
-require_once dirname( dirname( $core_tests_directory ) ) . '/build/wp-admin/includes/plugin.php';
+// Give access to tests_add_filter() function.
+require_once $_tests_dir . '/includes/functions.php';

-tests_add_filter( 'muplugins_loaded', function() {
-	require_once dirname( __DIR__ )  . '/index.php';
-} );
+/**
+ * Manually load the plugin being tested.
+ */
+function _manually_load_plugin() {
+	require dirname( dirname( __FILE__ ) ) . '/index.php';
+}
+tests_add_filter( 'muplugins_loaded', '_manually_load_plugin' );

-require_once $core_tests_directory . '/includes/bootstrap.php';
+// Start up the WP testing environment.
+require $_tests_dir . '/includes/bootstrap.php';
--- a/plugins/wporg-5ftf/tests/test-email.php
+++ b/plugins/wporg-5ftf/tests/test-email.php
@ -8,35 +8,27 @@ defined( 'WPINC' ) || die();

 class Test_Email extends WP_UnitTestCase {
 	// phpcs:ignore PSR2.Classes.PropertyDeclaration.Multiple
-	protected static $valid_pledge, $valid_action, $valid_action_page, $valid_action_url, $valid_token;
+	protected static $pledge, $action, $page, $action_url, $token;

 	/**
 	 * Setup fixtures that are shared across all tests.
 	 */
 	public static function wpSetUpBeforeClass() {
-		$valid_pledge_params = array(
+		$pledge_id = self::factory()->post->create( array(
 			'post_type'   => PLEDGE_POST_TYPE,
 			'post_title'  => 'Valid Pledge',
 			'post_status' => 'publish',
-		);
+		) );

-		$valid_action_page_params = array(
+		$page_id = self::factory()->post->create( array(
 			'post_type'   => 'page',
 			'post_title'  => 'For Organizers',
 			'post_status' => 'publish',
-		);
+		) );

-		$valid_pledge_id = self::factory()->post->create( $valid_pledge_params );
-
-		self::$valid_pledge = get_post( $valid_pledge_id );
-
-		$valid_action_page_id    = self::factory()->post->create( $valid_action_page_params );
-		self::$valid_action_page = get_post( $valid_action_page_id );
-
-		self::$valid_action = 'confirm_pledge_email';
-		// todo better example action to use, like contributor verifying participation? or is this one just as good?
-			// should probably use the manage one once that's implemented, b/c should test the `view` context and the `update` context.
-			// use this one for now, though.
+		self::$pledge = get_post( $pledge_id );
+		self::$page   = get_post( $page_id );
+		self::$action = 'confirm_pledge_email';

 		self::verify_before_class_fixtures();
 	}
@ -47,11 +39,11 @@ class Test_Email extends WP_UnitTestCase {
 	 * @return void
 	 */
 	protected static function verify_before_class_fixtures() {
-		self::assertSame( 'object',         gettype( self::$valid_action_page ) );
-		self::assertSame( 'For Organizers', self::$valid_action_page->post_title );
-		self::assertSame( 'object',         gettype( self::$valid_pledge ) );
-		self::assertSame( 'Valid Pledge',   self::$valid_pledge->post_title );
-		self::assertSame( PLEDGE_POST_TYPE, self::$valid_pledge->post_type );
+		self::assertSame( 'object',         gettype( self::$page ) );
+		self::assertSame( 'For Organizers', self::$page->post_title );
+		self::assertSame( 'object',         gettype( self::$pledge ) );
+		self::assertSame( 'Valid Pledge',   self::$pledge->post_title );
+		self::assertSame( PLEDGE_POST_TYPE, self::$pledge->post_type );
 	}

 	/**
@ -65,78 +57,78 @@ class Test_Email extends WP_UnitTestCase {
 		 *
 		 * This must be called before every test, because the process of verifying a valid token will delete it.
 		 */
-		self::$valid_action_url = get_authentication_url( self::$valid_pledge->ID, self::$valid_action, self::$valid_action_page->ID );
-		self::$valid_token      = get_post_meta( self::$valid_pledge->ID, TOKEN_PREFIX . self::$valid_action, true );
+		self::$action_url = get_authentication_url( self::$pledge->ID, self::$action, self::$page->ID );
+		self::$token      = get_post_meta( self::$pledge->ID, TOKEN_PREFIX . self::$action, true );

 		// Verify that the fixtures are setup correctly.
-		$action_url_args = wp_parse_args( wp_parse_url( self::$valid_action_url, PHP_URL_QUERY ) );
+		$action_url_args = wp_parse_args( wp_parse_url( self::$action_url, PHP_URL_QUERY ) );

-		$this->assertSame( 'array', gettype( self::$valid_token ) );
-		$this->assertSame( $action_url_args['action'], self::$valid_action );
-		$this->assertSame( $action_url_args['auth_token'], self::$valid_token['value'] );
+		$this->assertSame( 'array', gettype( self::$token ) );
+		$this->assertSame( $action_url_args['action'], self::$action );
+		$this->assertSame( $action_url_args['auth_token'], self::$token['value'] );
+	}
+
+	/**
+	 * Helper function to create & get a token.
+	 */
+	private function _get_token( $pledge_id, $action, $page_id, $single = true ) {
+		get_authentication_url( $pledge_id, $action, $page_id, $single );
+		return get_post_meta( $pledge_id, TOKEN_PREFIX . $action, true );
 	}

 	/**
 	 * @covers ::is_valid_authentication_token
 	 */
 	public function test_valid_token_accepted() {
-		$verified = is_valid_authentication_token( self::$valid_pledge->ID, self::$valid_action, self::$valid_token['value'] );
-
+		$verified = is_valid_authentication_token( self::$pledge->ID, self::$action, self::$token['value'] );
 		$this->assertTrue( $verified );
-
-		// todo test that `view` and `update` contexts work as well, when those are added
-			// maybe need to test some failures for that too.
 	}

 	/**
 	 * @covers ::is_valid_authentication_token
-	 *
-	 * @dataProvider data_invalid_token_rejected
+	 * @dataProvider data_invalid_token_provider
 	 */
-	public function test_invalid_token_rejected( $invalid_token ) {
-		/*
-		 * It's expected that some of the values passed in won't have a `value` item, so fallback to the item
-		 * itself in those cases, to avoid PHPUnit throwing an exception.
-		 */
-		$invalid_token_value = $invalid_token['value'] ?? $invalid_token;
-		$verified            = is_valid_authentication_token( self::$valid_pledge->ID, self::$valid_action, $invalid_token_value );
+	public function test_invalid_tokens_are_rejected( $token_to_validate ) {
+		$verified = is_valid_authentication_token(
+			self::$pledge->ID,
+			self::$action,
+			$token_to_validate
+		);

 		$this->assertSame( false, $verified );
 	}

 	/**
-	 * Test that invalid tokens are rejected.
+	 * Provide invalid tokens to be used by `test_invalid_tokens_are_rejected`.
 	 *
 	 * Note that data providers can't access fixtures.
 	 * See https://phpunit.readthedocs.io/en/7.4/writing-tests-for-phpunit.html#data-providers.
 	 *
 	 * @covers ::is_valid_authentication_token
 	 */
-	public function data_invalid_token_rejected() {
+	public function data_invalid_token_provider() {
 		return array(
 			'non-existent-token' => array( false ), // Simulates `get_post_meta()` return value.
 			'wrong-data-type'    => array( 'this string is not an array' ),
 			'wrong-array-items'  => array( 'this' => "doesn't have `value` and `expiration` items" ),
-
-			'invalid-value'      => array(
-				array(
-					'value'      => 'Valid tokens will never contain special characters like !@#$%^&*()',
-					'expiration' => time() + HOUR_IN_SECONDS,
-				),
-			),
+			'invalid-value'      => array( 'Valid tokens will never contain special characters like !@#$%^&*()' ),
 		);
 	}

 	/**
 	 * @covers ::is_valid_authentication_token
 	 */
-	public function test_expired_token_rejected() {
-		$expired_token               = self::$valid_token;
+	public function test_expired_tokens_are_rejected() {
+		$expired_token               = self::$token;
 		$expired_token['expiration'] = time() - 1;

-		update_post_meta( self::$valid_pledge->ID, TOKEN_PREFIX . self::$valid_action, $expired_token );
+		update_post_meta( self::$pledge->ID, TOKEN_PREFIX . self::$action, $expired_token );

-		$verified = is_valid_authentication_token( self::$valid_pledge->ID, self::$valid_action, self::$valid_token['value'] );
+		$verified = is_valid_authentication_token(
+			self::$pledge->ID,
+			self::$action,
+			self::$token['value']
+		);

 		$this->assertSame( false, $verified );
 	}
@ -144,10 +136,10 @@ class Test_Email extends WP_UnitTestCase {
 	/**
 	 * @covers ::is_valid_authentication_token
 	 */
-	public function test_used_token_rejected() {
+	public function test_used_tokens_are_rejected() {
 		// The token should be deleted once it's used/verified for the first time.
-		$first_verification  = is_valid_authentication_token( self::$valid_pledge->ID, self::$valid_action, self::$valid_token['value'] );
-		$second_verification = is_valid_authentication_token( self::$valid_pledge->ID, self::$valid_action, self::$valid_token['value'] );
+		$first_verification  = is_valid_authentication_token( self::$pledge->ID, self::$action, self::$token['value'] );
+		$second_verification = is_valid_authentication_token( self::$pledge->ID, self::$action, self::$token['value'] );

 		$this->assertSame( true, $first_verification );
 		$this->assertSame( false, $second_verification );
@ -156,8 +148,8 @@ class Test_Email extends WP_UnitTestCase {
 	/**
 	 * @covers ::is_valid_authentication_token
 	 */
-	public function test_valid_token_rejected_for_other_pages() {
-		$verified = is_valid_authentication_token( self::$valid_action_page->ID, self::$valid_action, self::$valid_token['value'] );
+	public function test_valid_tokens_are_rejected_for_other_pages() {
+		$verified = is_valid_authentication_token( self::$page->ID, self::$action, self::$token['value'] );

 		$this->assertSame( false, $verified );
 	}
@ -165,14 +157,17 @@ class Test_Email extends WP_UnitTestCase {
 	/**
 	 * @covers ::is_valid_authentication_token
 	 */
-	public function test_valid_token_rejected_for_other_actions() {
-		// Setup another valid token for the other action.
-		$other_valid_action = 'confirm_contributor_participation';
-		// todo update this when the action for that step is created, so that they match and show that valid actions.
-		$other_valid_action_url = get_authentication_url( self::$valid_pledge->ID, $other_valid_action, self::$valid_action_page->ID );
+	public function test_valid_tokens_are_rejected_for_other_actions() {
+		// Generate new token on pledge.
+		$new_action = 'confirm_contributor_participation';
+		self::_get_token( self::$pledge->ID, $new_action, self::$page->ID );

 		// Intentionally mismatch the token and action.
-		$verified = is_valid_authentication_token( self::$valid_pledge->ID, $other_valid_action, self::$valid_token['value'] );
+		$verified = is_valid_authentication_token(
+			self::$pledge->ID,
+			$new_action,
+			self::$token['value']
+		);

 		$this->assertSame( false, $verified );
 	}
@ -180,28 +175,23 @@ class Test_Email extends WP_UnitTestCase {
 	/**
 	 * @covers ::is_valid_authentication_token
 	 */
-	public function test_valid_token_rejected_for_other_pledge() {
-		$other_valid_pledge_params = array(
+	public function test_valid_tokens_are_rejected_for_other_pledges() {
+		$new_pledge_id = self::factory()->post->create( array(
 			'post_type'   => PLEDGE_POST_TYPE,
 			'post_title'  => 'Other Valid Pledge',
 			'post_status' => 'publish',
-		);
+		) );

-		$other_valid_pledge_id = self::factory()->post->create( $other_valid_pledge_params );
-		$other_valid_pledge    = get_post( $other_valid_pledge_id );
-
-		// Create a valid token for the other pledge.
-		get_authentication_url( $other_valid_pledge->ID, self::$valid_action, self::$valid_action_page->ID );
-
-		$other_valid_token = get_post_meta( $other_valid_pledge->ID, TOKEN_PREFIX . self::$valid_action, true );
+		$new_pledge = get_post( $new_pledge_id );
+		$new_token  = self::_get_token( $new_pledge->ID, self::$action, self::$page->ID );

 		// Intentionally mismatch the pledge and token.
-		$verified = is_valid_authentication_token( $other_valid_pledge_id, self::$valid_action, self::$valid_token['value'] );
+		$verified = is_valid_authentication_token( $new_pledge_id, self::$action, self::$token['value'] );

-		$this->assertSame( 'Other Valid Pledge', $other_valid_pledge->post_title );
-		$this->assertSame( 'array', gettype( $other_valid_token ) );
-		$this->assertArrayHasKey( 'value', $other_valid_token );
-		$this->assertNotSame( $other_valid_token['value'], self::$valid_token['value'] );
+		$this->assertSame( 'Other Valid Pledge', $new_pledge->post_title );
+		$this->assertSame( 'array', gettype( $new_token ) );
+		$this->assertArrayHasKey( 'value', $new_token );
+		$this->assertNotSame( $new_token['value'], self::$token['value'] );
 		$this->assertSame( false, $verified );
 	}

@ -209,14 +199,13 @@ class Test_Email extends WP_UnitTestCase {
 	 * @covers ::is_valid_authentication_token
 	 */
 	public function test_reusable_token_is_reusable() {
-		$reusable_action = 'manage_pledge';
-		get_authentication_url( self::$valid_pledge->ID, $reusable_action, self::$valid_action_page->ID, false );
-		$reusable_token = get_post_meta( self::$valid_pledge->ID, TOKEN_PREFIX . $reusable_action, true );
+		$action = 'manage_pledge';
+		$token  = self::_get_token( self::$pledge->ID, $action, self::$page->ID, false );

 		// The token should be usable multiple times.
-		$first_verification  = is_valid_authentication_token( self::$valid_pledge->ID, $reusable_action, $reusable_token['value'] );
-		$second_verification = is_valid_authentication_token( self::$valid_pledge->ID, $reusable_action, $reusable_token['value'] );
-		$third_verification  = is_valid_authentication_token( self::$valid_pledge->ID, $reusable_action, $reusable_token['value'] );
+		$first_verification  = is_valid_authentication_token( self::$pledge->ID, $action, $token['value'] );
+		$second_verification = is_valid_authentication_token( self::$pledge->ID, $action, $token['value'] );
+		$third_verification  = is_valid_authentication_token( self::$pledge->ID, $action, $token['value'] );

 		$this->assertSame( true, $first_verification );
 		$this->assertSame( true, $second_verification );
@ -226,15 +215,14 @@ class Test_Email extends WP_UnitTestCase {
 	/**
 	 * @covers ::is_valid_authentication_token
 	 */
-	public function test_expired_reusable_token_rejected() {
-		$reusable_action = 'manage_pledge';
-		get_authentication_url( self::$valid_pledge->ID, $reusable_action, self::$valid_action_page->ID, false );
-		$reusable_token = get_post_meta( self::$valid_pledge->ID, TOKEN_PREFIX . $reusable_action, true );
+	public function test_expired_reusable_tokens_are_rejected() {
+		$action = 'manage_pledge';
+		$token  = self::_get_token( self::$pledge->ID, $action, self::$page->ID, false );

-		$reusable_token['expiration'] = time() - 1;
-		update_post_meta( self::$valid_pledge->ID, TOKEN_PREFIX . $reusable_action, $reusable_token );
+		$token['expiration'] = time() - 1;
+		update_post_meta( self::$pledge->ID, TOKEN_PREFIX . $action, $token );

-		$verified = is_valid_authentication_token( self::$valid_pledge->ID, $reusable_action, $reusable_token['value'] );
+		$verified = is_valid_authentication_token( self::$pledge->ID, $action, $token['value'] );

 		$this->assertSame( false, $verified );
 	}