Tests: Update infrastructure & add travis config (#100)

* Tests: Move tests infrastructure, set up travis Consolidates the composer files so we can run install once in travis. * Return empty array if no values are $_POST'ed to the form Fixes an issue with tests + null values in logs * Clean up some naming & create helper functions for tests * Debug travis * Remove debug * Fix notices on form * Turn on multisite flag
2025-04-12 06:53:44 +03:00 · 2019-11-15 17:40:53 -05:00 · 2019-11-15 17:40:53 -05:00 · 03949905c0
parent 5c2041442a
commit 03949905c0
12 changed files with 2705 additions and 2583 deletions
--- a/.travis.yml
+++ b/.travis.yml
@ -0,0 +1,16 @@
 sudo: required
 dist: trusty
 language: php
 php: 7.2
 env: WP_VERSION=latest WP_MULTISITE=1 WP_CORE_DIR=/tmp/wordpress
 install:
  - bash bin/install-wp-tests.sh wporg_5ftf_test root '' localhost $WP_VERSION
  - composer install
 script:
  - composer run-script test -- --version
  - composer run-script test -- -c phpunit.xml.dist
  - touch $TRAVIS_BUILD_DIR/tmp.php
  - export CHANGED_FILES=$(git diff --name-only --diff-filter=AM $TRAVIS_BRANCH...HEAD | tr '\n' ' ')
  - composer run-script phpcs $TRAVIS_BUILD_DIR/tmp.php $(echo $CHANGED_FILES) -- -n
--- a/bin/install-wp-tests.sh
+++ b/bin/install-wp-tests.sh
@ -0,0 +1,155 @@
 #!/usr/bin/env bash
 if [ $# -lt 3 ]; then
 	echo "usage: $0 <db-name> <db-user> <db-pass> [db-host] [wp-version] [skip-database-creation]"
 	exit 1
 fi
 DB_NAME=$1
 DB_USER=$2
 DB_PASS=$3
 DB_HOST=${4-localhost}
 WP_VERSION=${5-latest}
 SKIP_DB_CREATE=${6-false}
 TMPDIR=${TMPDIR-/tmp}
 TMPDIR=$(echo $TMPDIR | sed -e "s/\/$//")
 WP_TESTS_DIR=${WP_TESTS_DIR-$TMPDIR/wordpress-tests-lib}
 WP_CORE_DIR=${WP_CORE_DIR-$TMPDIR/wordpress/}
 download() {
    if [ `which curl` ]; then
        curl -s "$1" > "$2";
    elif [ `which wget` ]; then
        wget -nv -O "$2" "$1"
    fi
 }
 if [[ $WP_VERSION =~ ^[0-9]+\.[0-9]+\-(beta|RC)[0-9]+$ ]]; then
 	WP_BRANCH=${WP_VERSION%\-*}
 	WP_TESTS_TAG="branches/$WP_BRANCH"
 elif [[ $WP_VERSION =~ ^[0-9]+\.[0-9]+$ ]]; then
 	WP_TESTS_TAG="branches/$WP_VERSION"
 elif [[ $WP_VERSION =~ [0-9]+\.[0-9]+\.[0-9]+ ]]; then
 	if [[ $WP_VERSION =~ [0-9]+\.[0-9]+\.[0] ]]; then
 		# version x.x.0 means the first release of the major version, so strip off the .0 and download version x.x
 		WP_TESTS_TAG="tags/${WP_VERSION%??}"
 	else
 		WP_TESTS_TAG="tags/$WP_VERSION"
 	fi
 elif [[ $WP_VERSION == 'nightly' || $WP_VERSION == 'trunk' ]]; then
 	WP_TESTS_TAG="trunk"
 else
 	# http serves a single offer, whereas https serves multiple. we only want one
 	download http://api.wordpress.org/core/version-check/1.7/ /tmp/wp-latest.json
 	grep '[0-9]+\.[0-9]+(\.[0-9]+)?' /tmp/wp-latest.json
 	LATEST_VERSION=$(grep -o '"version":"[^"]*' /tmp/wp-latest.json | sed 's/"version":"//')
 	if [[ -z "$LATEST_VERSION" ]]; then
 		echo "Latest WordPress version could not be found"
 		exit 1
 	fi
 	WP_TESTS_TAG="tags/$LATEST_VERSION"
 fi
 set -ex
 install_wp() {
 	if [ -d $WP_CORE_DIR ]; then
 		return;
 	fi
 	mkdir -p $WP_CORE_DIR
 	if [[ $WP_VERSION == 'nightly' || $WP_VERSION == 'trunk' ]]; then
 		mkdir -p $TMPDIR/wordpress-nightly
 		download https://wordpress.org/nightly-builds/wordpress-latest.zip  $TMPDIR/wordpress-nightly/wordpress-nightly.zip
 		unzip -q $TMPDIR/wordpress-nightly/wordpress-nightly.zip -d $TMPDIR/wordpress-nightly/
 		mv $TMPDIR/wordpress-nightly/wordpress/* $WP_CORE_DIR
 	else
 		if [ $WP_VERSION == 'latest' ]; then
 			local ARCHIVE_NAME='latest'
 		elif [[ $WP_VERSION =~ [0-9]+\.[0-9]+ ]]; then
 			# https serves multiple offers, whereas http serves single.
 			download https://api.wordpress.org/core/version-check/1.7/ $TMPDIR/wp-latest.json
 			if [[ $WP_VERSION =~ [0-9]+\.[0-9]+\.[0] ]]; then
 				# version x.x.0 means the first release of the major version, so strip off the .0 and download version x.x
 				LATEST_VERSION=${WP_VERSION%??}
 			else
 				# otherwise, scan the releases and get the most up to date minor version of the major release
 				local VERSION_ESCAPED=`echo $WP_VERSION | sed 's/\./\\\\./g'`
 				LATEST_VERSION=$(grep -o '"version":"'$VERSION_ESCAPED'[^"]*' $TMPDIR/wp-latest.json | sed 's/"version":"//' | head -1)
 			fi
 			if [[ -z "$LATEST_VERSION" ]]; then
 				local ARCHIVE_NAME="wordpress-$WP_VERSION"
 			else
 				local ARCHIVE_NAME="wordpress-$LATEST_VERSION"
 			fi
 		else
 			local ARCHIVE_NAME="wordpress-$WP_VERSION"
 		fi
 		download https://wordpress.org/${ARCHIVE_NAME}.tar.gz  $TMPDIR/wordpress.tar.gz
 		tar --strip-components=1 -zxmf $TMPDIR/wordpress.tar.gz -C $WP_CORE_DIR
 	fi
 	download https://raw.github.com/markoheijnen/wp-mysqli/master/db.php $WP_CORE_DIR/wp-content/db.php
 }
 install_test_suite() {
 	# portable in-place argument for both GNU sed and Mac OSX sed
 	if [[ $(uname -s) == 'Darwin' ]]; then
 		local ioption='-i.bak'
 	else
 		local ioption='-i'
 	fi
 	# set up testing suite if it doesn't yet exist
 	if [ ! -d $WP_TESTS_DIR ]; then
 		# set up testing suite
 		mkdir -p $WP_TESTS_DIR
 		svn co --quiet https://develop.svn.wordpress.org/${WP_TESTS_TAG}/tests/phpunit/includes/ $WP_TESTS_DIR/includes
 		svn co --quiet https://develop.svn.wordpress.org/${WP_TESTS_TAG}/tests/phpunit/data/ $WP_TESTS_DIR/data
 	fi
 	if [ ! -f wp-tests-config.php ]; then
 		download https://develop.svn.wordpress.org/${WP_TESTS_TAG}/wp-tests-config-sample.php "$WP_TESTS_DIR"/wp-tests-config.php
 		# remove all forward slashes in the end
 		WP_CORE_DIR=$(echo $WP_CORE_DIR | sed "s:/\+$::")
 		sed $ioption "s:dirname( __FILE__ ) . '/src/':'$WP_CORE_DIR/':" "$WP_TESTS_DIR"/wp-tests-config.php
 		sed $ioption "s/youremptytestdbnamehere/$DB_NAME/" "$WP_TESTS_DIR"/wp-tests-config.php
 		sed $ioption "s/yourusernamehere/$DB_USER/" "$WP_TESTS_DIR"/wp-tests-config.php
 		sed $ioption "s/yourpasswordhere/$DB_PASS/" "$WP_TESTS_DIR"/wp-tests-config.php
 		sed $ioption "s|localhost|${DB_HOST}|" "$WP_TESTS_DIR"/wp-tests-config.php
 	fi
 }
 install_db() {
 	if [ ${SKIP_DB_CREATE} = "true" ]; then
 		return 0
 	fi
 	# parse DB_HOST for port or socket references
 	local PARTS=(${DB_HOST//\:/ })
 	local DB_HOSTNAME=${PARTS[0]};
 	local DB_SOCK_OR_PORT=${PARTS[1]};
 	local EXTRA=""
 	if ! [ -z $DB_HOSTNAME ] ; then
 		if [ $(echo $DB_SOCK_OR_PORT | grep -e '^[0-9]\{1,\}$') ]; then
 			EXTRA=" --host=$DB_HOSTNAME --port=$DB_SOCK_OR_PORT --protocol=tcp"
 		elif ! [ -z $DB_SOCK_OR_PORT ] ; then
 			EXTRA=" --socket=$DB_SOCK_OR_PORT"
 		elif ! [ -z $DB_HOSTNAME ] ; then
 			EXTRA=" --host=$DB_HOSTNAME --protocol=tcp"
 		fi
 	fi
 	# create database
 	mysqladmin create $DB_NAME --user="$DB_USER" --password="$DB_PASS"$EXTRA
 }
 install_wp
 install_test_suite
 install_db
--- a/composer.json
+++ b/composer.json
@ -10,12 +10,17 @@
 		"platform": {
 			"php": "7.2"
 		},
-		"vendor-dir": "mu-plugins/vendor"
+		"vendor-dir": "mu-plugins/vendor",
 		"_comment": "Work around `test:watch` timeout, see https://github.com/spatie/phpunit-watcher/issues/63#issuecomment-545633709",
 		"process-timeout": 0
 	},
 	"require": {},
-	"require-dev": {
+	"_comment" : "PHPUnit 7.x is the latest version that's compatible with Core, see https://core.trac.wordpress.org/ticket/46149",
 	"require-dev" : {
 		"dealerdirect/phpcodesniffer-composer-installer": "0.5.0",
-		"wp-coding-standards/wpcs": "2.1.1"
+		"wp-coding-standards/wpcs": "2.1.1",
 		"phpunit/phpunit"        : "^7",
 		"spatie/phpunit-watcher" : "^1.12"
 	},
 	"scripts": {
 		"phpcs": [
@ -23,6 +28,9 @@
 		],
 		"phpcbf": [
 			"phpcbf -p"
-		]
+		],
 		"test" : "phpunit",
 		"_comment"   : "Input won't work when running this via `composer test:watch`. If you want to use PHPUnit Watcher's interactive options then you'll need to call it directly in your terminal. See https://github.com/composer/composer/issues/5856",
 		"test:watch" : "phpunit-watcher watch"
 	}
 }
--- a/composer.lock
+++ b/composer.lock
--- a/phpunit-watcher.yml.dist
+++ b/phpunit-watcher.yml.dist
@ -0,0 +1,11 @@
 watch:
  directories:
    - plugins/wporg-5ftf
  fileMask: '*.php'
 notifications:
  passingTests: false
  failingTests: false
 phpunit:
  binaryPath: mu-plugins/vendor/bin/phpunit
--- a/plugins/wporg-5ftf/phpunit.xml.dist
+++ b/plugins/wporg-5ftf/phpunit.xml.dist
@ -1,16 +1,18 @@
 <phpunit
-	bootstrap="tests/bootstrap.php"
+	bootstrap="plugins/wporg-5ftf/tests/bootstrap.php"
 	backupGlobals="false"
 	colors="true"
 	convertErrorsToExceptions="true"
 	convertNoticesToExceptions="true"
 	convertWarningsToExceptions="true"
 	>
-
+	<php>
 		<const name="WP_TESTS_MULTISITE" value="1" />
 	</php>
 	<testsuites>
-		<testsuite name="Five for the Future plugin">
+		<testsuite name="Five for the Future Plugin">
 			<directory prefix="test-" suffix=".php">
-				./tests/
+				./plugins/wporg-5ftf/tests/
 			</directory>
 		</testsuite>
 	</testsuites>
--- a/plugins/wporg-5ftf/composer.json
+++ b/plugins/wporg-5ftf/composer.json
@ -1,32 +0,0 @@
 {
 	"name"        : "wordpress/five-for-the-future",
 	"description" : "Five for the Future plugin",
 	"license"     : "GPL-2.0-or-later",
 	"authors" : [
 		{
 			"name"  : "WordPress",
 			"email" : "support@wordcamp.org"
 		}
 	],
 	"config" : {
 		"_comment": "Work around `test:watch` timeout, see https://github.com/spatie/phpunit-watcher/issues/63#issuecomment-545633709",
 		"process-timeout": 0
 	},
 	"require" : {},
 	"_comment" : "PHPUnit 7.x is the latest version that's compatible with Core, see https://core.trac.wordpress.org/ticket/46149",
 	"require-dev" : {
 		"phpunit/phpunit"        : "^7",
 		"spatie/phpunit-watcher" : "^1.12"
 	},
 	"scripts" : {
 		"test" : "vendor/bin/phpunit",
 		"_comment"   : "Input won't work when running this via `composer test:watch`. If you want to use PHPUnit Watcher's interactive options then you'll need to call it directly in your terminal. See https://github.com/composer/composer/issues/5856",
 		"test:watch" : "vendor/bin/phpunit-watcher watch"
 	}
 }
--- a/plugins/wporg-5ftf/composer.lock
+++ b/plugins/wporg-5ftf/composer.lock
--- a/plugins/wporg-5ftf/includes/pledge-form.php
+++ b/plugins/wporg-5ftf/includes/pledge-form.php
@ -354,7 +354,12 @@ function get_form_submission() {
 		)
 	);
-	return filter_input_array( INPUT_POST, $input_filters );
+	$result = filter_input_array( INPUT_POST, $input_filters );
 	if ( ! $result ) {
 		return array_fill_keys( array_keys( $input_filters ), '' );
 	}
 	return $result;
 }
 /**
--- a/plugins/wporg-5ftf/phpunit-watcher.yml.dist
+++ b/plugins/wporg-5ftf/phpunit-watcher.yml.dist
@ -1,13 +0,0 @@
 watch:
  directories:
    # By default only the `tests/` folder is watched, but the empty value below represents the current directory,
    # so that tests will also re-run when the files-under-test are changed.
    -
  fileMask: '*.php'
 notifications:
  passingTests: false
  failingTests: false
 phpunit:
  binaryPath: vendor/bin/phpunit
--- a/plugins/wporg-5ftf/tests/bootstrap.php
+++ b/plugins/wporg-5ftf/tests/bootstrap.php
@ -1,29 +1,29 @@
 <?php
 /**
 * PHPUnit bootstrap file
 */
-namespace WordPressDotOrg\FiveForTheFuture\Tests;
+$_tests_dir = getenv( 'WP_TESTS_DIR' );
-if ( 'cli' !== php_sapi_name() ) {
+if ( ! $_tests_dir ) {
-	return;
+	$_tests_dir = rtrim( sys_get_temp_dir(), '/\\' ) . '/wordpress-tests-lib';
 }
-
+if ( ! file_exists( $_tests_dir . '/includes/functions.php' ) ) {
-define( 'WP_PLUGIN_DIR', dirname( dirname( __DIR__ ) ) );
+	echo "Could not find $_tests_dir/includes/functions.php, have you run bin/install-wp-tests.sh ?" . PHP_EOL; // phpcs:ignore WordPress.Security.EscapeOutput.OutputNotEscaped
-
+	exit( 1 );
 $core_tests_directory = getenv( 'WP_TESTS_DIR' );
 if ( ! $core_tests_directory ) {
 	echo "\nPlease set the WP_TESTS_DIR environment variable to the folder where WordPress' PHPUnit tests live --";
 	echo "\ne.g., export WP_TESTS_DIR=/srv/www/wordpress-develop/tests/phpunit\n";
 	return;
 }
-require_once $core_tests_directory . '/includes/functions.php';
+// Give access to tests_add_filter() function.
-require_once dirname( dirname( $core_tests_directory ) ) . '/build/wp-admin/includes/plugin.php';
+require_once $_tests_dir . '/includes/functions.php';
-tests_add_filter( 'muplugins_loaded', function() {
+/**
-	require_once dirname( __DIR__ )  . '/index.php';
+ * Manually load the plugin being tested.
-} );
+ */
 function _manually_load_plugin() {
 	require dirname( dirname( __FILE__ ) ) . '/index.php';
 }
 tests_add_filter( 'muplugins_loaded', '_manually_load_plugin' );
-require_once $core_tests_directory . '/includes/bootstrap.php';
+// Start up the WP testing environment.
 require $_tests_dir . '/includes/bootstrap.php';
--- a/plugins/wporg-5ftf/tests/test-email.php
+++ b/plugins/wporg-5ftf/tests/test-email.php
@ -8,35 +8,27 @@ defined( 'WPINC' ) || die();
 class Test_Email extends WP_UnitTestCase {
 	// phpcs:ignore PSR2.Classes.PropertyDeclaration.Multiple
-	protected static $valid_pledge, $valid_action, $valid_action_page, $valid_action_url, $valid_token;
+	protected static $pledge, $action, $page, $action_url, $token;
 	/**
 	 * Setup fixtures that are shared across all tests.
 	 */
 	public static function wpSetUpBeforeClass() {
-		$valid_pledge_params = array(
+		$pledge_id = self::factory()->post->create( array(
 			'post_type'   => PLEDGE_POST_TYPE,
 			'post_title'  => 'Valid Pledge',
 			'post_status' => 'publish',
-		);
+		) );
-		$valid_action_page_params = array(
+		$page_id = self::factory()->post->create( array(
 			'post_type'   => 'page',
 			'post_title'  => 'For Organizers',
 			'post_status' => 'publish',
-		);
+		) );
-		$valid_pledge_id = self::factory()->post->create( $valid_pledge_params );
+		self::$pledge = get_post( $pledge_id );
-
+		self::$page   = get_post( $page_id );
-		self::$valid_pledge = get_post( $valid_pledge_id );
+		self::$action = 'confirm_pledge_email';
 		$valid_action_page_id    = self::factory()->post->create( $valid_action_page_params );
 		self::$valid_action_page = get_post( $valid_action_page_id );
 		self::$valid_action = 'confirm_pledge_email';
 		// todo better example action to use, like contributor verifying participation? or is this one just as good?
 			// should probably use the manage one once that's implemented, b/c should test the `view` context and the `update` context.
 			// use this one for now, though.
 		self::verify_before_class_fixtures();
 	}
@ -47,11 +39,11 @@ class Test_Email extends WP_UnitTestCase {
 	 * @return void
 	 */
 	protected static function verify_before_class_fixtures() {
-		self::assertSame( 'object',         gettype( self::$valid_action_page ) );
+		self::assertSame( 'object',         gettype( self::$page ) );
-		self::assertSame( 'For Organizers', self::$valid_action_page->post_title );
+		self::assertSame( 'For Organizers', self::$page->post_title );
-		self::assertSame( 'object',         gettype( self::$valid_pledge ) );
+		self::assertSame( 'object',         gettype( self::$pledge ) );
-		self::assertSame( 'Valid Pledge',   self::$valid_pledge->post_title );
+		self::assertSame( 'Valid Pledge',   self::$pledge->post_title );
-		self::assertSame( PLEDGE_POST_TYPE, self::$valid_pledge->post_type );
+		self::assertSame( PLEDGE_POST_TYPE, self::$pledge->post_type );
 	}
 	/**
@ -65,78 +57,78 @@ class Test_Email extends WP_UnitTestCase {
 		 *
 		 * This must be called before every test, because the process of verifying a valid token will delete it.
 		 */
-		self::$valid_action_url = get_authentication_url( self::$valid_pledge->ID, self::$valid_action, self::$valid_action_page->ID );
+		self::$action_url = get_authentication_url( self::$pledge->ID, self::$action, self::$page->ID );
-		self::$valid_token      = get_post_meta( self::$valid_pledge->ID, TOKEN_PREFIX . self::$valid_action, true );
+		self::$token      = get_post_meta( self::$pledge->ID, TOKEN_PREFIX . self::$action, true );
 		// Verify that the fixtures are setup correctly.
-		$action_url_args = wp_parse_args( wp_parse_url( self::$valid_action_url, PHP_URL_QUERY ) );
+		$action_url_args = wp_parse_args( wp_parse_url( self::$action_url, PHP_URL_QUERY ) );
-		$this->assertSame( 'array', gettype( self::$valid_token ) );
+		$this->assertSame( 'array', gettype( self::$token ) );
-		$this->assertSame( $action_url_args['action'], self::$valid_action );
+		$this->assertSame( $action_url_args['action'], self::$action );
-		$this->assertSame( $action_url_args['auth_token'], self::$valid_token['value'] );
+		$this->assertSame( $action_url_args['auth_token'], self::$token['value'] );
 	}
 	/**
 	 * Helper function to create & get a token.
 	 */
 	private function _get_token( $pledge_id, $action, $page_id, $single = true ) {
 		get_authentication_url( $pledge_id, $action, $page_id, $single );
 		return get_post_meta( $pledge_id, TOKEN_PREFIX . $action, true );
 	}
 	/**
 	 * @covers ::is_valid_authentication_token
 	 */
 	public function test_valid_token_accepted() {
-		$verified = is_valid_authentication_token( self::$valid_pledge->ID, self::$valid_action, self::$valid_token['value'] );
+		$verified = is_valid_authentication_token( self::$pledge->ID, self::$action, self::$token['value'] );
 		$this->assertTrue( $verified );
 		// todo test that `view` and `update` contexts work as well, when those are added
 			// maybe need to test some failures for that too.
 	}
 	/**
 	 * @covers ::is_valid_authentication_token
-	 *
+	 * @dataProvider data_invalid_token_provider
 	 * @dataProvider data_invalid_token_rejected
 	 */
-	public function test_invalid_token_rejected( $invalid_token ) {
+	public function test_invalid_tokens_are_rejected( $token_to_validate ) {
-		/*
+		$verified = is_valid_authentication_token(
-		 * It's expected that some of the values passed in won't have a `value` item, so fallback to the item
+			self::$pledge->ID,
-		 * itself in those cases, to avoid PHPUnit throwing an exception.
+			self::$action,
-		 */
+			$token_to_validate
-		$invalid_token_value = $invalid_token['value'] ?? $invalid_token;
+		);
 		$verified            = is_valid_authentication_token( self::$valid_pledge->ID, self::$valid_action, $invalid_token_value );
 		$this->assertSame( false, $verified );
 	}
 	/**
-	 * Test that invalid tokens are rejected.
+	 * Provide invalid tokens to be used by `test_invalid_tokens_are_rejected`.
 	 *
 	 * Note that data providers can't access fixtures.
 	 * See https://phpunit.readthedocs.io/en/7.4/writing-tests-for-phpunit.html#data-providers.
 	 *
 	 * @covers ::is_valid_authentication_token
 	 */
-	public function data_invalid_token_rejected() {
+	public function data_invalid_token_provider() {
 		return array(
 			'non-existent-token' => array( false ), // Simulates `get_post_meta()` return value.
 			'wrong-data-type'    => array( 'this string is not an array' ),
 			'wrong-array-items'  => array( 'this' => "doesn't have `value` and `expiration` items" ),
-
+			'invalid-value'      => array( 'Valid tokens will never contain special characters like !@#$%^&*()' ),
 			'invalid-value'      => array(
 				array(
 					'value'      => 'Valid tokens will never contain special characters like !@#$%^&*()',
 					'expiration' => time() + HOUR_IN_SECONDS,
 				),
 			),
 		);
 	}
 	/**
 	 * @covers ::is_valid_authentication_token
 	 */
-	public function test_expired_token_rejected() {
+	public function test_expired_tokens_are_rejected() {
-		$expired_token               = self::$valid_token;
+		$expired_token               = self::$token;
 		$expired_token['expiration'] = time() - 1;
-		update_post_meta( self::$valid_pledge->ID, TOKEN_PREFIX . self::$valid_action, $expired_token );
+		update_post_meta( self::$pledge->ID, TOKEN_PREFIX . self::$action, $expired_token );
-		$verified = is_valid_authentication_token( self::$valid_pledge->ID, self::$valid_action, self::$valid_token['value'] );
+		$verified = is_valid_authentication_token(
 			self::$pledge->ID,
 			self::$action,
 			self::$token['value']
 		);
 		$this->assertSame( false, $verified );
 	}
@ -144,10 +136,10 @@ class Test_Email extends WP_UnitTestCase {
 	/**
 	 * @covers ::is_valid_authentication_token
 	 */
-	public function test_used_token_rejected() {
+	public function test_used_tokens_are_rejected() {
 		// The token should be deleted once it's used/verified for the first time.
-		$first_verification  = is_valid_authentication_token( self::$valid_pledge->ID, self::$valid_action, self::$valid_token['value'] );
+		$first_verification  = is_valid_authentication_token( self::$pledge->ID, self::$action, self::$token['value'] );
-		$second_verification = is_valid_authentication_token( self::$valid_pledge->ID, self::$valid_action, self::$valid_token['value'] );
+		$second_verification = is_valid_authentication_token( self::$pledge->ID, self::$action, self::$token['value'] );
 		$this->assertSame( true, $first_verification );
 		$this->assertSame( false, $second_verification );
@ -156,8 +148,8 @@ class Test_Email extends WP_UnitTestCase {
 	/**
 	 * @covers ::is_valid_authentication_token
 	 */
-	public function test_valid_token_rejected_for_other_pages() {
+	public function test_valid_tokens_are_rejected_for_other_pages() {
-		$verified = is_valid_authentication_token( self::$valid_action_page->ID, self::$valid_action, self::$valid_token['value'] );
+		$verified = is_valid_authentication_token( self::$page->ID, self::$action, self::$token['value'] );
 		$this->assertSame( false, $verified );
 	}
@ -165,14 +157,17 @@ class Test_Email extends WP_UnitTestCase {
 	/**
 	 * @covers ::is_valid_authentication_token
 	 */
-	public function test_valid_token_rejected_for_other_actions() {
+	public function test_valid_tokens_are_rejected_for_other_actions() {
-		// Setup another valid token for the other action.
+		// Generate new token on pledge.
-		$other_valid_action = 'confirm_contributor_participation';
+		$new_action = 'confirm_contributor_participation';
-		// todo update this when the action for that step is created, so that they match and show that valid actions.
+		self::_get_token( self::$pledge->ID, $new_action, self::$page->ID );
 		$other_valid_action_url = get_authentication_url( self::$valid_pledge->ID, $other_valid_action, self::$valid_action_page->ID );
 		// Intentionally mismatch the token and action.
-		$verified = is_valid_authentication_token( self::$valid_pledge->ID, $other_valid_action, self::$valid_token['value'] );
+		$verified = is_valid_authentication_token(
 			self::$pledge->ID,
 			$new_action,
 			self::$token['value']
 		);
 		$this->assertSame( false, $verified );
 	}
@ -180,28 +175,23 @@ class Test_Email extends WP_UnitTestCase {
 	/**
 	 * @covers ::is_valid_authentication_token
 	 */
-	public function test_valid_token_rejected_for_other_pledge() {
+	public function test_valid_tokens_are_rejected_for_other_pledges() {
-		$other_valid_pledge_params = array(
+		$new_pledge_id = self::factory()->post->create( array(
 			'post_type'   => PLEDGE_POST_TYPE,
 			'post_title'  => 'Other Valid Pledge',
 			'post_status' => 'publish',
-		);
+		) );
-		$other_valid_pledge_id = self::factory()->post->create( $other_valid_pledge_params );
+		$new_pledge = get_post( $new_pledge_id );
-		$other_valid_pledge    = get_post( $other_valid_pledge_id );
+		$new_token  = self::_get_token( $new_pledge->ID, self::$action, self::$page->ID );
 		// Create a valid token for the other pledge.
 		get_authentication_url( $other_valid_pledge->ID, self::$valid_action, self::$valid_action_page->ID );
 		$other_valid_token = get_post_meta( $other_valid_pledge->ID, TOKEN_PREFIX . self::$valid_action, true );
 		// Intentionally mismatch the pledge and token.
-		$verified = is_valid_authentication_token( $other_valid_pledge_id, self::$valid_action, self::$valid_token['value'] );
+		$verified = is_valid_authentication_token( $new_pledge_id, self::$action, self::$token['value'] );
-		$this->assertSame( 'Other Valid Pledge', $other_valid_pledge->post_title );
+		$this->assertSame( 'Other Valid Pledge', $new_pledge->post_title );
-		$this->assertSame( 'array', gettype( $other_valid_token ) );
+		$this->assertSame( 'array', gettype( $new_token ) );
-		$this->assertArrayHasKey( 'value', $other_valid_token );
+		$this->assertArrayHasKey( 'value', $new_token );
-		$this->assertNotSame( $other_valid_token['value'], self::$valid_token['value'] );
+		$this->assertNotSame( $new_token['value'], self::$token['value'] );
 		$this->assertSame( false, $verified );
 	}
@ -209,14 +199,13 @@ class Test_Email extends WP_UnitTestCase {
 	 * @covers ::is_valid_authentication_token
 	 */
 	public function test_reusable_token_is_reusable() {
-		$reusable_action = 'manage_pledge';
+		$action = 'manage_pledge';
-		get_authentication_url( self::$valid_pledge->ID, $reusable_action, self::$valid_action_page->ID, false );
+		$token  = self::_get_token( self::$pledge->ID, $action, self::$page->ID, false );
 		$reusable_token = get_post_meta( self::$valid_pledge->ID, TOKEN_PREFIX . $reusable_action, true );
 		// The token should be usable multiple times.
-		$first_verification  = is_valid_authentication_token( self::$valid_pledge->ID, $reusable_action, $reusable_token['value'] );
+		$first_verification  = is_valid_authentication_token( self::$pledge->ID, $action, $token['value'] );
-		$second_verification = is_valid_authentication_token( self::$valid_pledge->ID, $reusable_action, $reusable_token['value'] );
+		$second_verification = is_valid_authentication_token( self::$pledge->ID, $action, $token['value'] );
-		$third_verification  = is_valid_authentication_token( self::$valid_pledge->ID, $reusable_action, $reusable_token['value'] );
+		$third_verification  = is_valid_authentication_token( self::$pledge->ID, $action, $token['value'] );
 		$this->assertSame( true, $first_verification );
 		$this->assertSame( true, $second_verification );
@ -226,15 +215,14 @@ class Test_Email extends WP_UnitTestCase {
 	/**
 	 * @covers ::is_valid_authentication_token
 	 */
-	public function test_expired_reusable_token_rejected() {
+	public function test_expired_reusable_tokens_are_rejected() {
-		$reusable_action = 'manage_pledge';
+		$action = 'manage_pledge';
-		get_authentication_url( self::$valid_pledge->ID, $reusable_action, self::$valid_action_page->ID, false );
+		$token  = self::_get_token( self::$pledge->ID, $action, self::$page->ID, false );
 		$reusable_token = get_post_meta( self::$valid_pledge->ID, TOKEN_PREFIX . $reusable_action, true );
-		$reusable_token['expiration'] = time() - 1;
+		$token['expiration'] = time() - 1;
-		update_post_meta( self::$valid_pledge->ID, TOKEN_PREFIX . $reusable_action, $reusable_token );
+		update_post_meta( self::$pledge->ID, TOKEN_PREFIX . $action, $token );
-		$verified = is_valid_authentication_token( self::$valid_pledge->ID, $reusable_action, $reusable_token['value'] );
+		$verified = is_valid_authentication_token( self::$pledge->ID, $action, $token['value'] );
 		$this->assertSame( false, $verified );
 	}