Thijs/wiki.techinc.nl
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
wiki.techinc.nl/tests/phpunit/includes/user/UserTest.php

1032 lines
33 KiB
PHP
Raw Normal View History

Add unit tests for $wgGroupPermissions/$wgRevokePermissions
2011-07-11 18:36:29 +00:00
<?php
First steps for bug 14801: add backend support for per-namespace permissions to core. This extends $wgGroupPermissions syntax from $wgGroupPermissions[$group][$right] = bool to $wgGroupPermissions[$group][$right] = array( NS_X => bool ). This is safely backwards compatible; the booleans are still fully supported, and any unset namespace will default to false. * User::getRights(), User::isAllowed() and User::getGroupPermissions now optionally accept a namespace parameter. If not set, it will check whether the user has the right for all namespaces. * Anything that uses Title::getUserPermissionsErrorsInternal() automatically supports per-namespace permissions. This includes Title::getUserPermissionsErrors and Title::(quick)UserCan. * Fix tests that set User::mRights The next step would be to change all User::isAllowed() to Title::quickUserCan or pass the namespace to User::isAllowed().
2011-07-16 16:09:00 +00:00
define( 'NS_UNITTEST', 5600 );
define( 'NS_UNITTEST_TALK', 5601 );
Fix UserTest case that was missing a cache purge The process cache is based on blind-TTL, so purge it to test the persistent cache properly. Change-Id: I8ee78a1e73bf5164e74b1e8a23559c2e91bba6dd
2016-11-17 00:38:09 +00:00
use MediaWiki\MediaWikiServices;
Switch to librarized version of TestingAccessWrapper Replaces \TestingAccessWrapper (defined in core) with \Wikimedia\TestingAccessWrapper (defined in the composer package wikimedia/testing-access-wrapper). See https://gerrit.wikimedia.org/r/#/q/topic:librarize-testing-access-wrapper for downstream patches. The core version of the class is kept around for a while to avoid circular dependency problems. Bug: T163434 Change-Id: I52cc257e593da3d6c3b01a909e554a950225aec8
2017-04-19 19:37:35 +00:00
use Wikimedia\TestingAccessWrapper;
Fix UserTest case that was missing a cache purge The process cache is based on blind-TTL, so purge it to test the persistent cache properly. Change-Id: I8ee78a1e73bf5164e74b1e8a23559c2e91bba6dd
2016-11-17 00:38:09 +00:00
Since r92364 UserTest.php needs a database
2011-07-19 21:41:25 +00:00
/**
* @group Database
*/
Add unit tests for $wgGroupPermissions/$wgRevokePermissions
2011-07-11 18:36:29 +00:00
class UserTest extends MediaWikiTestCase {
Documentation and whitespace Clearing another w/c
2012-01-19 14:56:18 +00:00
/**
* @var User
*/
First steps for bug 14801: add backend support for per-namespace permissions to core. This extends $wgGroupPermissions syntax from $wgGroupPermissions[$group][$right] = bool to $wgGroupPermissions[$group][$right] = array( NS_X => bool ). This is safely backwards compatible; the booleans are still fully supported, and any unset namespace will default to false. * User::getRights(), User::isAllowed() and User::getGroupPermissions now optionally accept a namespace parameter. If not set, it will check whether the user has the right for all namespaces. * Anything that uses Title::getUserPermissionsErrorsInternal() automatically supports per-namespace permissions. This includes Title::getUserPermissionsErrors and Title::(quick)UserCan. * Fix tests that set User::mRights The next step would be to change all User::isAllowed() to Title::quickUserCan or pass the namespace to User::isAllowed().
2011-07-16 16:09:00 +00:00
protected $user;
Stylize.php changes
2011-10-11 10:02:50 +00:00
Clean and repair many phpunit tests (+ fix implied configuration) This commit depends on the introduction of MediaWikiTestCase::setMwGlobals in change Iccf6ea81f4. Various tests already set their globals, but forgot to restore them afterwards, or forgot to call the parent setUp, tearDown... Either way they won't have to anymore with setMwGlobals. Consistent use of function characteristics: * protected function setUp * protected function tearDown * public static function (provide..) (Matching the function signature with PHPUnit/Framework/TestCase.php) Replaces: * public function (setUp|tearDown)\( * protected function $1( * \tfunction (setUp|tearDown)\( * \tprotected function $1( * \tfunction (data|provide)\( * \tpublic static function $1\( Also renamed a few "data#", "provider#" and "provides#" functions to "provide#" for consistency. This also removes confusion where the /media tests had a few private methods called dataFile(), which were sometimes expected to be data providers. Fixes: TimestampTest often failed due to a previous test setting a different language (it tests "1 hour ago" so need to make sure it is set to English). MWNamespaceTest became a lot cleaner now that it executes with a known context. Though the now-redundant code that was removed didn't work anyway because wgContentNamespaces isn't keyed by namespace id, it had them was values... FileBackendTest: * Fixed: "PHP Fatal: Using $this when not in object context" HttpTest * Added comment about: "PHP Fatal: Call to protected MWHttpRequest::__construct()" (too much unrelated code to fix in this commit) ExternalStoreTest * Add an assertTrue as well, without it the test is useless because regardless of whether wgExternalStores is true or false it only uses it if it is an array. Change-Id: I9d2b148e57bada64afeb7d5a99bec0e58f8e1561
2012-10-08 10:56:20 +00:00
protected function setUp() {
Add unit tests for $wgGroupPermissions/$wgRevokePermissions
2011-07-11 18:36:29 +00:00
parent::setUp();
Stylize.php changes
2011-10-11 10:02:50 +00:00
Convert all array() syntax to [] Per wikitech-l consensus: https://lists.wikimedia.org/pipermail/wikitech-l/2016-February/084821.html Notes: * Disabled CallTimePassByReference due to false positives (T127163) Change-Id: I2c8ce713ce6600a0bb7bf67537c87044c7a45c4b
2016-02-17 09:09:32 +00:00
$this->setMwGlobals( [
'wgGroupPermissions' => [],
'wgRevokePermissions' => [],
] );
Stylize.php changes
2011-10-11 10:02:50 +00:00
Add unit tests for $wgGroupPermissions/$wgRevokePermissions
2011-07-11 18:36:29 +00:00
$this->setUpPermissionGlobals();
Clean and repair many phpunit tests (+ fix implied configuration) This commit depends on the introduction of MediaWikiTestCase::setMwGlobals in change Iccf6ea81f4. Various tests already set their globals, but forgot to restore them afterwards, or forgot to call the parent setUp, tearDown... Either way they won't have to anymore with setMwGlobals. Consistent use of function characteristics: * protected function setUp * protected function tearDown * public static function (provide..) (Matching the function signature with PHPUnit/Framework/TestCase.php) Replaces: * public function (setUp|tearDown)\( * protected function $1( * \tfunction (setUp|tearDown)\( * \tprotected function $1( * \tfunction (data|provide)\( * \tpublic static function $1\( Also renamed a few "data#", "provider#" and "provides#" functions to "provide#" for consistency. This also removes confusion where the /media tests had a few private methods called dataFile(), which were sometimes expected to be data providers. Fixes: TimestampTest often failed due to a previous test setting a different language (it tests "1 hour ago" so need to make sure it is set to English). MWNamespaceTest became a lot cleaner now that it executes with a known context. Though the now-redundant code that was removed didn't work anyway because wgContentNamespaces isn't keyed by namespace id, it had them was values... FileBackendTest: * Fixed: "PHP Fatal: Using $this when not in object context" HttpTest * Added comment about: "PHP Fatal: Call to protected MWHttpRequest::__construct()" (too much unrelated code to fix in this commit) ExternalStoreTest * Add an assertTrue as well, without it the test is useless because regardless of whether wgExternalStores is true or false it only uses it if it is an array. Change-Id: I9d2b148e57bada64afeb7d5a99bec0e58f8e1561
2012-10-08 10:56:20 +00:00
Use test user helper methods in UserGroupMembershipTest/UserTest This avoids postgres failures when trying to insert users with name "false" (cast to 0, which fails since integer != text type). Bug: T75174 Change-Id: I809edd94117811d22492eaba440fad6aaea1195b
2017-05-18 20:16:55 +00:00
$this->user = $this->getTestUser( [ 'unittesters' ] )->getUser();
Add unit tests for $wgGroupPermissions/$wgRevokePermissions
2011-07-11 18:36:29 +00:00
}
Clean and repair many phpunit tests (+ fix implied configuration) This commit depends on the introduction of MediaWikiTestCase::setMwGlobals in change Iccf6ea81f4. Various tests already set their globals, but forgot to restore them afterwards, or forgot to call the parent setUp, tearDown... Either way they won't have to anymore with setMwGlobals. Consistent use of function characteristics: * protected function setUp * protected function tearDown * public static function (provide..) (Matching the function signature with PHPUnit/Framework/TestCase.php) Replaces: * public function (setUp|tearDown)\( * protected function $1( * \tfunction (setUp|tearDown)\( * \tprotected function $1( * \tfunction (data|provide)\( * \tpublic static function $1\( Also renamed a few "data#", "provider#" and "provides#" functions to "provide#" for consistency. This also removes confusion where the /media tests had a few private methods called dataFile(), which were sometimes expected to be data providers. Fixes: TimestampTest often failed due to a previous test setting a different language (it tests "1 hour ago" so need to make sure it is set to English). MWNamespaceTest became a lot cleaner now that it executes with a known context. Though the now-redundant code that was removed didn't work anyway because wgContentNamespaces isn't keyed by namespace id, it had them was values... FileBackendTest: * Fixed: "PHP Fatal: Using $this when not in object context" HttpTest * Added comment about: "PHP Fatal: Call to protected MWHttpRequest::__construct()" (too much unrelated code to fix in this commit) ExternalStoreTest * Add an assertTrue as well, without it the test is useless because regardless of whether wgExternalStores is true or false it only uses it if it is an array. Change-Id: I9d2b148e57bada64afeb7d5a99bec0e58f8e1561
2012-10-08 10:56:20 +00:00
Add unit tests for $wgGroupPermissions/$wgRevokePermissions
2011-07-11 18:36:29 +00:00
private function setUpPermissionGlobals() {
global $wgGroupPermissions, $wgRevokePermissions;
Stylize.php changes
2011-10-11 10:02:50 +00:00
First steps for bug 14801: add backend support for per-namespace permissions to core. This extends $wgGroupPermissions syntax from $wgGroupPermissions[$group][$right] = bool to $wgGroupPermissions[$group][$right] = array( NS_X => bool ). This is safely backwards compatible; the booleans are still fully supported, and any unset namespace will default to false. * User::getRights(), User::isAllowed() and User::getGroupPermissions now optionally accept a namespace parameter. If not set, it will check whether the user has the right for all namespaces. * Anything that uses Title::getUserPermissionsErrorsInternal() automatically supports per-namespace permissions. This includes Title::getUserPermissionsErrors and Title::(quick)UserCan. * Fix tests that set User::mRights The next step would be to change all User::isAllowed() to Title::quickUserCan or pass the namespace to User::isAllowed().
2011-07-16 16:09:00 +00:00
# Data for regular $wgGroupPermissions test
Convert all array() syntax to [] Per wikitech-l consensus: https://lists.wikimedia.org/pipermail/wikitech-l/2016-February/084821.html Notes: * Disabled CallTimePassByReference due to false positives (T127163) Change-Id: I2c8ce713ce6600a0bb7bf67537c87044c7a45c4b
2016-02-17 09:09:32 +00:00
$wgGroupPermissions['unittesters'] = [
First steps for bug 14801: add backend support for per-namespace permissions to core. This extends $wgGroupPermissions syntax from $wgGroupPermissions[$group][$right] = bool to $wgGroupPermissions[$group][$right] = array( NS_X => bool ). This is safely backwards compatible; the booleans are still fully supported, and any unset namespace will default to false. * User::getRights(), User::isAllowed() and User::getGroupPermissions now optionally accept a namespace parameter. If not set, it will check whether the user has the right for all namespaces. * Anything that uses Title::getUserPermissionsErrorsInternal() automatically supports per-namespace permissions. This includes Title::getUserPermissionsErrors and Title::(quick)UserCan. * Fix tests that set User::mRights The next step would be to change all User::isAllowed() to Title::quickUserCan or pass the namespace to User::isAllowed().
2011-07-16 16:09:00 +00:00
'test' => true,
Add unit tests for $wgGroupPermissions/$wgRevokePermissions
2011-07-11 18:36:29 +00:00
'runtest' => true,
'writetest' => false,
'nukeworld' => false,
Convert all array() syntax to [] Per wikitech-l consensus: https://lists.wikimedia.org/pipermail/wikitech-l/2016-February/084821.html Notes: * Disabled CallTimePassByReference due to false positives (T127163) Change-Id: I2c8ce713ce6600a0bb7bf67537c87044c7a45c4b
2016-02-17 09:09:32 +00:00
];
$wgGroupPermissions['testwriters'] = [
First steps for bug 14801: add backend support for per-namespace permissions to core. This extends $wgGroupPermissions syntax from $wgGroupPermissions[$group][$right] = bool to $wgGroupPermissions[$group][$right] = array( NS_X => bool ). This is safely backwards compatible; the booleans are still fully supported, and any unset namespace will default to false. * User::getRights(), User::isAllowed() and User::getGroupPermissions now optionally accept a namespace parameter. If not set, it will check whether the user has the right for all namespaces. * Anything that uses Title::getUserPermissionsErrorsInternal() automatically supports per-namespace permissions. This includes Title::getUserPermissionsErrors and Title::(quick)UserCan. * Fix tests that set User::mRights The next step would be to change all User::isAllowed() to Title::quickUserCan or pass the namespace to User::isAllowed().
2011-07-16 16:09:00 +00:00
'test' => true,
Add unit tests for $wgGroupPermissions/$wgRevokePermissions
2011-07-11 18:36:29 +00:00
'writetest' => true,
'modifytest' => true,
Convert all array() syntax to [] Per wikitech-l consensus: https://lists.wikimedia.org/pipermail/wikitech-l/2016-February/084821.html Notes: * Disabled CallTimePassByReference due to false positives (T127163) Change-Id: I2c8ce713ce6600a0bb7bf67537c87044c7a45c4b
2016-02-17 09:09:32 +00:00
];
Clean and repair many phpunit tests (+ fix implied configuration) This commit depends on the introduction of MediaWikiTestCase::setMwGlobals in change Iccf6ea81f4. Various tests already set their globals, but forgot to restore them afterwards, or forgot to call the parent setUp, tearDown... Either way they won't have to anymore with setMwGlobals. Consistent use of function characteristics: * protected function setUp * protected function tearDown * public static function (provide..) (Matching the function signature with PHPUnit/Framework/TestCase.php) Replaces: * public function (setUp|tearDown)\( * protected function $1( * \tfunction (setUp|tearDown)\( * \tprotected function $1( * \tfunction (data|provide)\( * \tpublic static function $1\( Also renamed a few "data#", "provider#" and "provides#" functions to "provide#" for consistency. This also removes confusion where the /media tests had a few private methods called dataFile(), which were sometimes expected to be data providers. Fixes: TimestampTest often failed due to a previous test setting a different language (it tests "1 hour ago" so need to make sure it is set to English). MWNamespaceTest became a lot cleaner now that it executes with a known context. Though the now-redundant code that was removed didn't work anyway because wgContentNamespaces isn't keyed by namespace id, it had them was values... FileBackendTest: * Fixed: "PHP Fatal: Using $this when not in object context" HttpTest * Added comment about: "PHP Fatal: Call to protected MWHttpRequest::__construct()" (too much unrelated code to fix in this commit) ExternalStoreTest * Add an assertTrue as well, without it the test is useless because regardless of whether wgExternalStores is true or false it only uses it if it is an array. Change-Id: I9d2b148e57bada64afeb7d5a99bec0e58f8e1561
2012-10-08 10:56:20 +00:00
First steps for bug 14801: add backend support for per-namespace permissions to core. This extends $wgGroupPermissions syntax from $wgGroupPermissions[$group][$right] = bool to $wgGroupPermissions[$group][$right] = array( NS_X => bool ). This is safely backwards compatible; the booleans are still fully supported, and any unset namespace will default to false. * User::getRights(), User::isAllowed() and User::getGroupPermissions now optionally accept a namespace parameter. If not set, it will check whether the user has the right for all namespaces. * Anything that uses Title::getUserPermissionsErrorsInternal() automatically supports per-namespace permissions. This includes Title::getUserPermissionsErrors and Title::(quick)UserCan. * Fix tests that set User::mRights The next step would be to change all User::isAllowed() to Title::quickUserCan or pass the namespace to User::isAllowed().
2011-07-16 16:09:00 +00:00
# Data for regular $wgRevokePermissions test
Convert all array() syntax to [] Per wikitech-l consensus: https://lists.wikimedia.org/pipermail/wikitech-l/2016-February/084821.html Notes: * Disabled CallTimePassByReference due to false positives (T127163) Change-Id: I2c8ce713ce6600a0bb7bf67537c87044c7a45c4b
2016-02-17 09:09:32 +00:00
$wgRevokePermissions['formertesters'] = [
Add unit tests for $wgGroupPermissions/$wgRevokePermissions
2011-07-11 18:36:29 +00:00
'runtest' => true,
Convert all array() syntax to [] Per wikitech-l consensus: https://lists.wikimedia.org/pipermail/wikitech-l/2016-February/084821.html Notes: * Disabled CallTimePassByReference due to false positives (T127163) Change-Id: I2c8ce713ce6600a0bb7bf67537c87044c7a45c4b
2016-02-17 09:09:32 +00:00
];
Add 'viewmyprivateinfo', 'editmyprivateinfo', and 'editmyoptions' rights These are needed for OAuth grants. Note that we don't bother with a 'viewmyoptions' right, since the majority will be determinable from just observing the interface. Note that the fact of having a confirmed email address cannot be reliably hidden, and if the user has 'sendemail' they may be able to determine the real name and email address by sending an email to another account that they control. Change-Id: I3f03dd010020e8d43cc2d3bca7b3ef7196d1c548
2013-06-10 19:30:43 +00:00
# For the options test
Convert all array() syntax to [] Per wikitech-l consensus: https://lists.wikimedia.org/pipermail/wikitech-l/2016-February/084821.html Notes: * Disabled CallTimePassByReference due to false positives (T127163) Change-Id: I2c8ce713ce6600a0bb7bf67537c87044c7a45c4b
2016-02-17 09:09:32 +00:00
$wgGroupPermissions['*'] = [
Add 'viewmyprivateinfo', 'editmyprivateinfo', and 'editmyoptions' rights These are needed for OAuth grants. Note that we don't bother with a 'viewmyoptions' right, since the majority will be determinable from just observing the interface. Note that the fact of having a confirmed email address cannot be reliably hidden, and if the user has 'sendemail' they may be able to determine the real name and email address by sending an email to another account that they control. Change-Id: I3f03dd010020e8d43cc2d3bca7b3ef7196d1c548
2013-06-10 19:30:43 +00:00
'editmyoptions' => true,
Convert all array() syntax to [] Per wikitech-l consensus: https://lists.wikimedia.org/pipermail/wikitech-l/2016-February/084821.html Notes: * Disabled CallTimePassByReference due to false positives (T127163) Change-Id: I2c8ce713ce6600a0bb7bf67537c87044c7a45c4b
2016-02-17 09:09:32 +00:00
];
First steps for bug 14801: add backend support for per-namespace permissions to core. This extends $wgGroupPermissions syntax from $wgGroupPermissions[$group][$right] = bool to $wgGroupPermissions[$group][$right] = array( NS_X => bool ). This is safely backwards compatible; the booleans are still fully supported, and any unset namespace will default to false. * User::getRights(), User::isAllowed() and User::getGroupPermissions now optionally accept a namespace parameter. If not set, it will check whether the user has the right for all namespaces. * Anything that uses Title::getUserPermissionsErrorsInternal() automatically supports per-namespace permissions. This includes Title::getUserPermissionsErrors and Title::(quick)UserCan. * Fix tests that set User::mRights The next step would be to change all User::isAllowed() to Title::quickUserCan or pass the namespace to User::isAllowed().
2011-07-16 16:09:00 +00:00
}
Stylize.php changes
2011-10-11 10:02:50 +00:00
Add more @covers tags and test cleanup Other cleanup includes - Adding method scopes - Fixing php comments - Adding todos Change-Id: I0a231008e6a59110ffcab6af1bd8c4d3ee13f21d
2013-10-21 21:09:13 +00:00
/**
* @covers User::getGroupPermissions
*/
Add unit tests for $wgGroupPermissions/$wgRevokePermissions
2011-07-11 18:36:29 +00:00
public function testGroupPermissions() {
Convert all array() syntax to [] Per wikitech-l consensus: https://lists.wikimedia.org/pipermail/wikitech-l/2016-February/084821.html Notes: * Disabled CallTimePassByReference due to false positives (T127163) Change-Id: I2c8ce713ce6600a0bb7bf67537c87044c7a45c4b
2016-02-17 09:09:32 +00:00
$rights = User::getGroupPermissions( [ 'unittesters' ] );
Add unit tests for $wgGroupPermissions/$wgRevokePermissions
2011-07-11 18:36:29 +00:00
$this->assertContains( 'runtest', $rights );
$this->assertNotContains( 'writetest', $rights );
$this->assertNotContains( 'modifytest', $rights );
$this->assertNotContains( 'nukeworld', $rights );
Stylize.php changes
2011-10-11 10:02:50 +00:00
Convert all array() syntax to [] Per wikitech-l consensus: https://lists.wikimedia.org/pipermail/wikitech-l/2016-February/084821.html Notes: * Disabled CallTimePassByReference due to false positives (T127163) Change-Id: I2c8ce713ce6600a0bb7bf67537c87044c7a45c4b
2016-02-17 09:09:32 +00:00
$rights = User::getGroupPermissions( [ 'unittesters', 'testwriters' ] );
Add unit tests for $wgGroupPermissions/$wgRevokePermissions
2011-07-11 18:36:29 +00:00
$this->assertContains( 'runtest', $rights );
$this->assertContains( 'writetest', $rights );
$this->assertContains( 'modifytest', $rights );
$this->assertNotContains( 'nukeworld', $rights );
}
Update formatting 2 of n. Change-Id: I5406673e99ed53e4e330ed47f022a17177544daa
2013-02-14 11:36:35 +00:00
Add more @covers tags and test cleanup Other cleanup includes - Adding method scopes - Fixing php comments - Adding todos Change-Id: I0a231008e6a59110ffcab6af1bd8c4d3ee13f21d
2013-10-21 21:09:13 +00:00
/**
* @covers User::getGroupPermissions
*/
Add unit tests for $wgGroupPermissions/$wgRevokePermissions
2011-07-11 18:36:29 +00:00
public function testRevokePermissions() {
Convert all array() syntax to [] Per wikitech-l consensus: https://lists.wikimedia.org/pipermail/wikitech-l/2016-February/084821.html Notes: * Disabled CallTimePassByReference due to false positives (T127163) Change-Id: I2c8ce713ce6600a0bb7bf67537c87044c7a45c4b
2016-02-17 09:09:32 +00:00
$rights = User::getGroupPermissions( [ 'unittesters', 'formertesters' ] );
Add unit tests for $wgGroupPermissions/$wgRevokePermissions
2011-07-11 18:36:29 +00:00
$this->assertNotContains( 'runtest', $rights );
$this->assertNotContains( 'writetest', $rights );
$this->assertNotContains( 'modifytest', $rights );
Stylize.php changes
2011-10-11 10:02:50 +00:00
$this->assertNotContains( 'nukeworld', $rights );
Add unit tests for $wgGroupPermissions/$wgRevokePermissions
2011-07-11 18:36:29 +00:00
}
Stylize.php changes
2011-10-11 10:02:50 +00:00
Add more @covers tags and test cleanup Other cleanup includes - Adding method scopes - Fixing php comments - Adding todos Change-Id: I0a231008e6a59110ffcab6af1bd8c4d3ee13f21d
2013-10-21 21:09:13 +00:00
/**
* @covers User::getRights
*/
First steps for bug 14801: add backend support for per-namespace permissions to core. This extends $wgGroupPermissions syntax from $wgGroupPermissions[$group][$right] = bool to $wgGroupPermissions[$group][$right] = array( NS_X => bool ). This is safely backwards compatible; the booleans are still fully supported, and any unset namespace will default to false. * User::getRights(), User::isAllowed() and User::getGroupPermissions now optionally accept a namespace parameter. If not set, it will check whether the user has the right for all namespaces. * Anything that uses Title::getUserPermissionsErrorsInternal() automatically supports per-namespace permissions. This includes Title::getUserPermissionsErrors and Title::(quick)UserCan. * Fix tests that set User::mRights The next step would be to change all User::isAllowed() to Title::quickUserCan or pass the namespace to User::isAllowed().
2011-07-16 16:09:00 +00:00
public function testUserPermissions() {
$rights = $this->user->getRights();
$this->assertContains( 'runtest', $rights );
$this->assertNotContains( 'writetest', $rights );
$this->assertNotContains( 'modifytest', $rights );
$this->assertNotContains( 'nukeworld', $rights );
}
Stylize.php changes
2011-10-11 10:02:50 +00:00
SECURITY: Move 'UserGetRights' call before application of Session::getAllowedUserRights() This prevents hook functions from accidentally adding rights that should be denied based on the session grants. If some extension really needs to be able to override session grants, add a new hook where the old call was, with documentation explicitly warning about the security implications. Bug: T139670 Change-Id: I6392cf4d7cc9d3ea96554b25bb5f8abb66e9031b
2016-07-07 21:24:50 +00:00
/**
* @covers User::getRights
*/
public function testUserGetRightsHooks() {
Use test user helper methods in UserGroupMembershipTest/UserTest This avoids postgres failures when trying to insert users with name "false" (cast to 0, which fails since integer != text type). Bug: T75174 Change-Id: I809edd94117811d22492eaba440fad6aaea1195b
2017-05-18 20:16:55 +00:00
$user = $this->getTestUser( [ 'unittesters', 'testwriters' ] )->getUser();
SECURITY: Move 'UserGetRights' call before application of Session::getAllowedUserRights() This prevents hook functions from accidentally adding rights that should be denied based on the session grants. If some extension really needs to be able to override session grants, add a new hook where the old call was, with documentation explicitly warning about the security implications. Bug: T139670 Change-Id: I6392cf4d7cc9d3ea96554b25bb5f8abb66e9031b
2016-07-07 21:24:50 +00:00
$userWrapper = TestingAccessWrapper::newFromObject( $user );
$rights = $user->getRights();
$this->assertContains( 'test', $rights, 'sanity check' );
$this->assertContains( 'runtest', $rights, 'sanity check' );
$this->assertContains( 'writetest', $rights, 'sanity check' );
$this->assertNotContains( 'nukeworld', $rights, 'sanity check' );
// Add a hook manipluating the rights
$this->mergeMwGlobalArrayValue( 'wgHooks', [ 'UserGetRights' => [ function ( $user, &$rights ) {
$rights[] = 'nukeworld';
$rights = array_diff( $rights, [ 'writetest' ] );
} ] ] );
$userWrapper->mRights = null;
$rights = $user->getRights();
$this->assertContains( 'test', $rights );
$this->assertContains( 'runtest', $rights );
$this->assertNotContains( 'writetest', $rights );
$this->assertContains( 'nukeworld', $rights );
// Add a Session that limits rights
Use ::class to resolve class names in tests This helps to find renamed or misspelled classes earlier. Phan will check the class names Change-Id: Ie541a7baae10ab6f5c13f95ac2ff6598b8f8950c
2018-01-13 00:02:09 +00:00
$mock = $this->getMockBuilder( stdClass::class )
SECURITY: Move 'UserGetRights' call before application of Session::getAllowedUserRights() This prevents hook functions from accidentally adding rights that should be denied based on the session grants. If some extension really needs to be able to override session grants, add a new hook where the old call was, with documentation explicitly warning about the security implications. Bug: T139670 Change-Id: I6392cf4d7cc9d3ea96554b25bb5f8abb66e9031b
2016-07-07 21:24:50 +00:00
->setMethods( [ 'getAllowedUserRights', 'deregisterSession', 'getSessionId' ] )
->getMock();
$mock->method( 'getAllowedUserRights' )->willReturn( [ 'test', 'writetest' ] );
$mock->method( 'getSessionId' )->willReturn(
new MediaWiki\Session\SessionId( str_repeat( 'X', 32 ) )
);
$session = MediaWiki\Session\TestUtils::getDummySession( $mock );
$mockRequest = $this->getMockBuilder( FauxRequest::class )
->setMethods( [ 'getSession' ] )
->getMock();
$mockRequest->method( 'getSession' )->willReturn( $session );
$userWrapper->mRequest = $mockRequest;
$userWrapper->mRights = null;
$rights = $user->getRights();
$this->assertContains( 'test', $rights );
$this->assertNotContains( 'runtest', $rights );
$this->assertNotContains( 'writetest', $rights );
$this->assertNotContains( 'nukeworld', $rights );
}
First steps for bug 14801: add backend support for per-namespace permissions to core. This extends $wgGroupPermissions syntax from $wgGroupPermissions[$group][$right] = bool to $wgGroupPermissions[$group][$right] = array( NS_X => bool ). This is safely backwards compatible; the booleans are still fully supported, and any unset namespace will default to false. * User::getRights(), User::isAllowed() and User::getGroupPermissions now optionally accept a namespace parameter. If not set, it will check whether the user has the right for all namespaces. * Anything that uses Title::getUserPermissionsErrorsInternal() automatically supports per-namespace permissions. This includes Title::getUserPermissionsErrors and Title::(quick)UserCan. * Fix tests that set User::mRights The next step would be to change all User::isAllowed() to Title::quickUserCan or pass the namespace to User::isAllowed().
2011-07-16 16:09:00 +00:00
/**
* @dataProvider provideGetGroupsWithPermission
Add more @covers tags and test cleanup Other cleanup includes - Adding method scopes - Fixing php comments - Adding todos Change-Id: I0a231008e6a59110ffcab6af1bd8c4d3ee13f21d
2013-10-21 21:09:13 +00:00
* @covers User::getGroupsWithPermission
First steps for bug 14801: add backend support for per-namespace permissions to core. This extends $wgGroupPermissions syntax from $wgGroupPermissions[$group][$right] = bool to $wgGroupPermissions[$group][$right] = array( NS_X => bool ). This is safely backwards compatible; the booleans are still fully supported, and any unset namespace will default to false. * User::getRights(), User::isAllowed() and User::getGroupPermissions now optionally accept a namespace parameter. If not set, it will check whether the user has the right for all namespaces. * Anything that uses Title::getUserPermissionsErrorsInternal() automatically supports per-namespace permissions. This includes Title::getUserPermissionsErrors and Title::(quick)UserCan. * Fix tests that set User::mRights The next step would be to change all User::isAllowed() to Title::quickUserCan or pass the namespace to User::isAllowed().
2011-07-16 16:09:00 +00:00
*/
Reverted r92364 (per-namespace permissions). This is the wrong configuration format for such a feature, and the wrong interface. We already have certain per-namespace permissions in the Title class, and we didn't need to add extra formal parameters to a whole lot of User methods in order to get them. The feature should be implemented wholly in Title, and the concept of user rights should remain relatively simple and easy to understand, and independent of its many applications, i.e. a user either has a right or doesn't. Rights are just a tool for developing access policies; the complexity should be in the caller. The revert was mostly done by hand, since there were a lot of conflicts. I tried to preserve the gist of conflicting changes in r102187 and r102873. The test changes are not simple reverts, rather I just edited out the per-namespace tests. I reverted the followups r92589 and r104310.
2011-12-12 06:03:01 +00:00
public function testGetGroupsWithPermission( $expected, $right ) {
$result = User::getGroupsWithPermission( $right );
First steps for bug 14801: add backend support for per-namespace permissions to core. This extends $wgGroupPermissions syntax from $wgGroupPermissions[$group][$right] = bool to $wgGroupPermissions[$group][$right] = array( NS_X => bool ). This is safely backwards compatible; the booleans are still fully supported, and any unset namespace will default to false. * User::getRights(), User::isAllowed() and User::getGroupPermissions now optionally accept a namespace parameter. If not set, it will check whether the user has the right for all namespaces. * Anything that uses Title::getUserPermissionsErrorsInternal() automatically supports per-namespace permissions. This includes Title::getUserPermissionsErrors and Title::(quick)UserCan. * Fix tests that set User::mRights The next step would be to change all User::isAllowed() to Title::quickUserCan or pass the namespace to User::isAllowed().
2011-07-16 16:09:00 +00:00
sort( $result );
sort( $expected );
Stylize.php changes
2011-10-11 10:02:50 +00:00
Reverted r92364 (per-namespace permissions). This is the wrong configuration format for such a feature, and the wrong interface. We already have certain per-namespace permissions in the Title class, and we didn't need to add extra formal parameters to a whole lot of User methods in order to get them. The feature should be implemented wholly in Title, and the concept of user rights should remain relatively simple and easy to understand, and independent of its many applications, i.e. a user either has a right or doesn't. Rights are just a tool for developing access policies; the complexity should be in the caller. The revert was mostly done by hand, since there were a lot of conflicts. I tried to preserve the gist of conflicting changes in r102187 and r102873. The test changes are not simple reverts, rather I just edited out the per-namespace tests. I reverted the followups r92589 and r104310.
2011-12-12 06:03:01 +00:00
$this->assertEquals( $expected, $result, "Groups with permission $right" );
First steps for bug 14801: add backend support for per-namespace permissions to core. This extends $wgGroupPermissions syntax from $wgGroupPermissions[$group][$right] = bool to $wgGroupPermissions[$group][$right] = array( NS_X => bool ). This is safely backwards compatible; the booleans are still fully supported, and any unset namespace will default to false. * User::getRights(), User::isAllowed() and User::getGroupPermissions now optionally accept a namespace parameter. If not set, it will check whether the user has the right for all namespaces. * Anything that uses Title::getUserPermissionsErrorsInternal() automatically supports per-namespace permissions. This includes Title::getUserPermissionsErrors and Title::(quick)UserCan. * Fix tests that set User::mRights The next step would be to change all User::isAllowed() to Title::quickUserCan or pass the namespace to User::isAllowed().
2011-07-16 16:09:00 +00:00
}
Documentation and whitespace Clearing another w/c
2012-01-19 14:56:18 +00:00
Clean and repair many phpunit tests (+ fix implied configuration) This commit depends on the introduction of MediaWikiTestCase::setMwGlobals in change Iccf6ea81f4. Various tests already set their globals, but forgot to restore them afterwards, or forgot to call the parent setUp, tearDown... Either way they won't have to anymore with setMwGlobals. Consistent use of function characteristics: * protected function setUp * protected function tearDown * public static function (provide..) (Matching the function signature with PHPUnit/Framework/TestCase.php) Replaces: * public function (setUp|tearDown)\( * protected function $1( * \tfunction (setUp|tearDown)\( * \tprotected function $1( * \tfunction (data|provide)\( * \tpublic static function $1\( Also renamed a few "data#", "provider#" and "provides#" functions to "provide#" for consistency. This also removes confusion where the /media tests had a few private methods called dataFile(), which were sometimes expected to be data providers. Fixes: TimestampTest often failed due to a previous test setting a different language (it tests "1 hour ago" so need to make sure it is set to English). MWNamespaceTest became a lot cleaner now that it executes with a known context. Though the now-redundant code that was removed didn't work anyway because wgContentNamespaces isn't keyed by namespace id, it had them was values... FileBackendTest: * Fixed: "PHP Fatal: Using $this when not in object context" HttpTest * Added comment about: "PHP Fatal: Call to protected MWHttpRequest::__construct()" (too much unrelated code to fix in this commit) ExternalStoreTest * Add an assertTrue as well, without it the test is useless because regardless of whether wgExternalStores is true or false it only uses it if it is an array. Change-Id: I9d2b148e57bada64afeb7d5a99bec0e58f8e1561
2012-10-08 10:56:20 +00:00
public static function provideGetGroupsWithPermission() {
Convert all array() syntax to [] Per wikitech-l consensus: https://lists.wikimedia.org/pipermail/wikitech-l/2016-February/084821.html Notes: * Disabled CallTimePassByReference due to false positives (T127163) Change-Id: I2c8ce713ce6600a0bb7bf67537c87044c7a45c4b
2016-02-17 09:09:32 +00:00
return [
[
[ 'unittesters', 'testwriters' ],
Reverted r92364 (per-namespace permissions). This is the wrong configuration format for such a feature, and the wrong interface. We already have certain per-namespace permissions in the Title class, and we didn't need to add extra formal parameters to a whole lot of User methods in order to get them. The feature should be implemented wholly in Title, and the concept of user rights should remain relatively simple and easy to understand, and independent of its many applications, i.e. a user either has a right or doesn't. Rights are just a tool for developing access policies; the complexity should be in the caller. The revert was mostly done by hand, since there were a lot of conflicts. I tried to preserve the gist of conflicting changes in r102187 and r102873. The test changes are not simple reverts, rather I just edited out the per-namespace tests. I reverted the followups r92589 and r104310.
2011-12-12 06:03:01 +00:00
'test'
Convert all array() syntax to [] Per wikitech-l consensus: https://lists.wikimedia.org/pipermail/wikitech-l/2016-February/084821.html Notes: * Disabled CallTimePassByReference due to false positives (T127163) Change-Id: I2c8ce713ce6600a0bb7bf67537c87044c7a45c4b
2016-02-17 09:09:32 +00:00
],
[
[ 'unittesters' ],
Reverted r92364 (per-namespace permissions). This is the wrong configuration format for such a feature, and the wrong interface. We already have certain per-namespace permissions in the Title class, and we didn't need to add extra formal parameters to a whole lot of User methods in order to get them. The feature should be implemented wholly in Title, and the concept of user rights should remain relatively simple and easy to understand, and independent of its many applications, i.e. a user either has a right or doesn't. Rights are just a tool for developing access policies; the complexity should be in the caller. The revert was mostly done by hand, since there were a lot of conflicts. I tried to preserve the gist of conflicting changes in r102187 and r102873. The test changes are not simple reverts, rather I just edited out the per-namespace tests. I reverted the followups r92589 and r104310.
2011-12-12 06:03:01 +00:00
'runtest'
Convert all array() syntax to [] Per wikitech-l consensus: https://lists.wikimedia.org/pipermail/wikitech-l/2016-February/084821.html Notes: * Disabled CallTimePassByReference due to false positives (T127163) Change-Id: I2c8ce713ce6600a0bb7bf67537c87044c7a45c4b
2016-02-17 09:09:32 +00:00
],
[
[ 'testwriters' ],
Reverted r92364 (per-namespace permissions). This is the wrong configuration format for such a feature, and the wrong interface. We already have certain per-namespace permissions in the Title class, and we didn't need to add extra formal parameters to a whole lot of User methods in order to get them. The feature should be implemented wholly in Title, and the concept of user rights should remain relatively simple and easy to understand, and independent of its many applications, i.e. a user either has a right or doesn't. Rights are just a tool for developing access policies; the complexity should be in the caller. The revert was mostly done by hand, since there were a lot of conflicts. I tried to preserve the gist of conflicting changes in r102187 and r102873. The test changes are not simple reverts, rather I just edited out the per-namespace tests. I reverted the followups r92589 and r104310.
2011-12-12 06:03:01 +00:00
'writetest'
Convert all array() syntax to [] Per wikitech-l consensus: https://lists.wikimedia.org/pipermail/wikitech-l/2016-February/084821.html Notes: * Disabled CallTimePassByReference due to false positives (T127163) Change-Id: I2c8ce713ce6600a0bb7bf67537c87044c7a45c4b
2016-02-17 09:09:32 +00:00
],
[
[ 'testwriters' ],
Reverted r92364 (per-namespace permissions). This is the wrong configuration format for such a feature, and the wrong interface. We already have certain per-namespace permissions in the Title class, and we didn't need to add extra formal parameters to a whole lot of User methods in order to get them. The feature should be implemented wholly in Title, and the concept of user rights should remain relatively simple and easy to understand, and independent of its many applications, i.e. a user either has a right or doesn't. Rights are just a tool for developing access policies; the complexity should be in the caller. The revert was mostly done by hand, since there were a lot of conflicts. I tried to preserve the gist of conflicting changes in r102187 and r102873. The test changes are not simple reverts, rather I just edited out the per-namespace tests. I reverted the followups r92589 and r104310.
2011-12-12 06:03:01 +00:00
'modifytest'
Convert all array() syntax to [] Per wikitech-l consensus: https://lists.wikimedia.org/pipermail/wikitech-l/2016-February/084821.html Notes: * Disabled CallTimePassByReference due to false positives (T127163) Change-Id: I2c8ce713ce6600a0bb7bf67537c87044c7a45c4b
2016-02-17 09:09:32 +00:00
],
];
First steps for bug 14801: add backend support for per-namespace permissions to core. This extends $wgGroupPermissions syntax from $wgGroupPermissions[$group][$right] = bool to $wgGroupPermissions[$group][$right] = array( NS_X => bool ). This is safely backwards compatible; the booleans are still fully supported, and any unset namespace will default to false. * User::getRights(), User::isAllowed() and User::getGroupPermissions now optionally accept a namespace parameter. If not set, it will check whether the user has the right for all namespaces. * Anything that uses Title::getUserPermissionsErrorsInternal() automatically supports per-namespace permissions. This includes Title::getUserPermissionsErrors and Title::(quick)UserCan. * Fix tests that set User::mRights The next step would be to change all User::isAllowed() to Title::quickUserCan or pass the namespace to User::isAllowed().
2011-07-16 16:09:00 +00:00
}
Testcases for isValidUserName method of User.php. There are many cases this method will fail for non-latin languages, but not added now since there are bugs reported on that already and results a rewrite of the method as per UAX 31 standard.
2011-10-11 09:17:36 +00:00
UserTest: Cover User::isIP and User::isValidUserName better Change-Id: I4663c37871492c1415152b2af0fda4f6de4f212f
2014-07-01 16:31:07 +00:00
/**
* @dataProvider provideIPs
* @covers User::isIP
*/
public function testIsIP( $value, $result, $message ) {
$this->assertEquals( $this->user->isIP( $value ), $result, $message );
}
public static function provideIPs() {
Convert all array() syntax to [] Per wikitech-l consensus: https://lists.wikimedia.org/pipermail/wikitech-l/2016-February/084821.html Notes: * Disabled CallTimePassByReference due to false positives (T127163) Change-Id: I2c8ce713ce6600a0bb7bf67537c87044c7a45c4b
2016-02-17 09:09:32 +00:00
return [
[ '', false, 'Empty string' ],
[ ' ', false, 'Blank space' ],
[ '10.0.0.0', true, 'IPv4 private 10/8' ],
[ '10.255.255.255', true, 'IPv4 private 10/8' ],
[ '192.168.1.1', true, 'IPv4 private 192.168/16' ],
[ '203.0.113.0', true, 'IPv4 example' ],
[ '2002:ffff:ffff:ffff:ffff:ffff:ffff:ffff', true, 'IPv6 example' ],
UserTest: Cover User::isIP and User::isValidUserName better Change-Id: I4663c37871492c1415152b2af0fda4f6de4f212f
2014-07-01 16:31:07 +00:00
// Not valid IPs but classified as such by MediaWiki for negated asserting
// of whether this might be the identifier of a logged-out user or whether
// to allow usernames like it.
Convert all array() syntax to [] Per wikitech-l consensus: https://lists.wikimedia.org/pipermail/wikitech-l/2016-February/084821.html Notes: * Disabled CallTimePassByReference due to false positives (T127163) Change-Id: I2c8ce713ce6600a0bb7bf67537c87044c7a45c4b
2016-02-17 09:09:32 +00:00
[ '300.300.300.300', true, 'Looks too much like an IPv4 address' ],
[ '203.0.113.xxx', true, 'Assigned by UseMod to cloaked logged-out users' ],
];
UserTest: Cover User::isIP and User::isValidUserName better Change-Id: I4663c37871492c1415152b2af0fda4f6de4f212f
2014-07-01 16:31:07 +00:00
}
Use dataProvider for the testIsValidUserName method. Followup r99466
2011-10-11 10:25:58 +00:00
/**
* @dataProvider provideUserNames
Add more @covers tags and test cleanup Other cleanup includes - Adding method scopes - Fixing php comments - Adding todos Change-Id: I0a231008e6a59110ffcab6af1bd8c4d3ee13f21d
2013-10-21 21:09:13 +00:00
* @covers User::isValidUserName
Use dataProvider for the testIsValidUserName method. Followup r99466
2011-10-11 10:25:58 +00:00
*/
public function testIsValidUserName( $username, $result, $message ) {
$this->assertEquals( $this->user->isValidUserName( $username ), $result, $message );
Testcases for isValidUserName method of User.php. There are many cases this method will fail for non-latin languages, but not added now since there are bugs reported on that already and results a rewrite of the method as per UAX 31 standard.
2011-10-11 09:17:36 +00:00
}
Clean and repair many phpunit tests (+ fix implied configuration) This commit depends on the introduction of MediaWikiTestCase::setMwGlobals in change Iccf6ea81f4. Various tests already set their globals, but forgot to restore them afterwards, or forgot to call the parent setUp, tearDown... Either way they won't have to anymore with setMwGlobals. Consistent use of function characteristics: * protected function setUp * protected function tearDown * public static function (provide..) (Matching the function signature with PHPUnit/Framework/TestCase.php) Replaces: * public function (setUp|tearDown)\( * protected function $1( * \tfunction (setUp|tearDown)\( * \tprotected function $1( * \tfunction (data|provide)\( * \tpublic static function $1\( Also renamed a few "data#", "provider#" and "provides#" functions to "provide#" for consistency. This also removes confusion where the /media tests had a few private methods called dataFile(), which were sometimes expected to be data providers. Fixes: TimestampTest often failed due to a previous test setting a different language (it tests "1 hour ago" so need to make sure it is set to English). MWNamespaceTest became a lot cleaner now that it executes with a known context. Though the now-redundant code that was removed didn't work anyway because wgContentNamespaces isn't keyed by namespace id, it had them was values... FileBackendTest: * Fixed: "PHP Fatal: Using $this when not in object context" HttpTest * Added comment about: "PHP Fatal: Call to protected MWHttpRequest::__construct()" (too much unrelated code to fix in this commit) ExternalStoreTest * Add an assertTrue as well, without it the test is useless because regardless of whether wgExternalStores is true or false it only uses it if it is an array. Change-Id: I9d2b148e57bada64afeb7d5a99bec0e58f8e1561
2012-10-08 10:56:20 +00:00
public static function provideUserNames() {
Convert all array() syntax to [] Per wikitech-l consensus: https://lists.wikimedia.org/pipermail/wikitech-l/2016-February/084821.html Notes: * Disabled CallTimePassByReference due to false positives (T127163) Change-Id: I2c8ce713ce6600a0bb7bf67537c87044c7a45c4b
2016-02-17 09:09:32 +00:00
return [
[ '', false, 'Empty string' ],
[ ' ', false, 'Blank space' ],
[ 'abcd', false, 'Starts with small letter' ],
[ 'Ab/cd', false, 'Contains slash' ],
[ 'Ab cd', true, 'Whitespace' ],
[ '192.168.1.1', false, 'IP' ],
Add basic IP range support to Special:Contributions This works by using the new table introduced with T156318. The only thing that differs from normal Special:Contribs is we are showing the IP address next to each entry. This is it how it is displayed if you request to see newbie contributions: https://en.wikipedia.org/wiki/Special:Contributions?contribs=newbie For the time being, Special:DeletedContributions does not support IP ranges. Various other irrelevant links such as Uploads and Logs are also hidden. Refer to P4725 for a way to automate creation of edits by random IPs in your dev environment. IP::isValidBlock() has been deprecated with this dependent change: https://gerrit.wikimedia.org/r/#/c/373165/ Bug: T163562 Change-Id: Ice1bdae3d16cf365da14c6df0e8d91d2b914e064
2017-04-21 16:17:59 +00:00
[ '116.17.184.5/32', false, 'IP range' ],
[ '::e:f:2001/96', false, 'IPv6 range' ],
Convert all array() syntax to [] Per wikitech-l consensus: https://lists.wikimedia.org/pipermail/wikitech-l/2016-February/084821.html Notes: * Disabled CallTimePassByReference due to false positives (T127163) Change-Id: I2c8ce713ce6600a0bb7bf67537c87044c7a45c4b
2016-02-17 09:09:32 +00:00
[ 'User:Abcd', false, 'Reserved Namespace' ],
[ '12abcd232', true, 'Starts with Numbers' ],
[ '?abcd', true, 'Start with ? mark' ],
[ '#abcd', false, 'Start with #' ],
[ 'Abcdകഖഗഘ', true, ' Mixed scripts' ],
[ 'ജോസ്‌തോമസ്', false, 'ZWNJ- Format control character' ],
[ 'Ab cd', false, ' Ideographic space' ],
[ '300.300.300.300', false, 'Looks too much like an IPv4 address' ],
[ '302.113.311.900', false, 'Looks too much like an IPv4 address' ],
[ '203.0.113.xxx', false, 'Reserved for usage by UseMod for cloaked logged-out users' ],
];
Use dataProvider for the testIsValidUserName method. Followup r99466
2011-10-11 10:25:58 +00:00
}
Add UserTest::testAllRightsWithMessage New test case, which checked, if for all available rights a right- message exist (Core and Extensions) Some missing rights added with extra patch sets (need merge/rebasing before merge of this) Change-Id: I28957835fb77a01a799439ad7b3d22b96db07204
2012-08-13 08:18:18 +00:00
/**
* Test, if for all rights a right- message exist,
* which is used on Special:ListGroupRights as help text
* Extensions and core
Add @coversNothing in places where @covers does not apply These tests apply to things that are not relevant to PHP code coverage, such as testing presence of messages, JSON files, or the PHPUnit tests themselves. Using @coversNothing indicates that there is no code here to be covered, and prevents warnings when using --strict-coverage mode (T152923). Change-Id: Id89ee2c15a3ce3f10e34b13fb677cd1af75af9e6
2017-12-28 08:38:21 +00:00
*
* @coversNothing
Add UserTest::testAllRightsWithMessage New test case, which checked, if for all available rights a right- message exist (Core and Extensions) Some missing rights added with extra patch sets (need merge/rebasing before merge of this) Change-Id: I28957835fb77a01a799439ad7b3d22b96db07204
2012-08-13 08:18:18 +00:00
*/
public function testAllRightsWithMessage() {
UserTest: Cover User::isIP and User::isValidUserName better Change-Id: I4663c37871492c1415152b2af0fda4f6de4f212f
2014-07-01 16:31:07 +00:00
// Getting all user rights, for core: User::$mCoreRights, for extensions: $wgAvailableRights
Add UserTest::testAllRightsWithMessage New test case, which checked, if for all available rights a right- message exist (Core and Extensions) Some missing rights added with extra patch sets (need merge/rebasing before merge of this) Change-Id: I28957835fb77a01a799439ad7b3d22b96db07204
2012-08-13 08:18:18 +00:00
$allRights = User::getAllRights();
$allMessageKeys = Language::getMessageKeysFor( 'en' );
Convert all array() syntax to [] Per wikitech-l consensus: https://lists.wikimedia.org/pipermail/wikitech-l/2016-February/084821.html Notes: * Disabled CallTimePassByReference due to false positives (T127163) Change-Id: I2c8ce713ce6600a0bb7bf67537c87044c7a45c4b
2016-02-17 09:09:32 +00:00
$rightsWithMessage = [];
Add UserTest::testAllRightsWithMessage New test case, which checked, if for all available rights a right- message exist (Core and Extensions) Some missing rights added with extra patch sets (need merge/rebasing before merge of this) Change-Id: I28957835fb77a01a799439ad7b3d22b96db07204
2012-08-13 08:18:18 +00:00
foreach ( $allMessageKeys as $message ) {
// === 0: must be at beginning of string (position 0)
if ( strpos( $message, 'right-' ) === 0 ) {
$rightsWithMessage[] = substr( $message, strlen( 'right-' ) );
}
}
sort( $allRights );
sort( $rightsWithMessage );
$this->assertEquals(
$allRights,
$rightsWithMessage,
'Each user rights (core/extensions) has a corresponding right- message.'
);
}
Unit test for User::getEditCount Rather trivial test for User::getEditCount as suggested by Siebrand in https://gerrit.wikimedia.org/r/26457 This required adding the User in the test to DB, as the data is written to and read from the DB. Change-Id: Ic4e55c01247158315b759654b34fdbdf9a61db01
2012-10-18 03:03:10 +00:00
/**
* Test User::editCount
raise timeout for UserTest::testEditCount UserTest::testEditCount did eleven calls to doEdit which is slow when used with the sqlite backend. I have made to do less edits and also marked it as '@group medium' which means the timeout will be 10 seconds instead of 2 seconds. Change-Id: If2d055075470f837009568d56b1119a57b177ba3
2012-10-26 11:02:48 +00:00
* @group medium
Add more @covers tags and test cleanup Other cleanup includes - Adding method scopes - Fixing php comments - Adding todos Change-Id: I0a231008e6a59110ffcab6af1bd8c4d3ee13f21d
2013-10-21 21:09:13 +00:00
* @covers User::getEditCount
Unit test for User::getEditCount Rather trivial test for User::getEditCount as suggested by Siebrand in https://gerrit.wikimedia.org/r/26457 This required adding the User in the test to DB, as the data is written to and read from the DB. Change-Id: Ic4e55c01247158315b759654b34fdbdf9a61db01
2012-10-18 03:03:10 +00:00
*/
Keep $user->mEditCount up to date Whenever User::incEditCount() is called, this tries to keep the user object up to date so hooks can read the edit count without reloading the user from the db. Another option would be invalidate the instance cache and let the read repopulate it. It would add a db access on each edit. Bug: T128249 Change-Id: I79194c41d6b2fd84ad658909a2941d9d3d28d94e
2016-08-03 15:26:47 +00:00
public function testGetEditCount() {
Whenever possible, reuse User objects in unit tests The unit tests spend nearly half of their run time resetting the user table for each test. But the majority of tests do not depend on the user table having the exact value that the setup code resets it to, and do not need to modify the user objects they require to run. Fix that by providing an API for tests to get User objects, and to indicate whether the User object will be subject to destructive modification or not. This allows User objects to be reused across multiple unit tests. Change-Id: I17ef1f519759c5e7796c259282afe730ef722e96
2016-05-18 09:19:20 +00:00
$user = $this->getMutableTestUser()->getUser();
Unit test for User::getEditCount Rather trivial test for User::getEditCount as suggested by Siebrand in https://gerrit.wikimedia.org/r/26457 This required adding the User in the test to DB, as the data is written to and read from the DB. Change-Id: Ic4e55c01247158315b759654b34fdbdf9a61db01
2012-10-18 03:03:10 +00:00
raise timeout for UserTest::testEditCount UserTest::testEditCount did eleven calls to doEdit which is slow when used with the sqlite backend. I have made to do less edits and also marked it as '@group medium' which means the timeout will be 10 seconds instead of 2 seconds. Change-Id: If2d055075470f837009568d56b1119a57b177ba3
2012-10-26 11:02:48 +00:00
// let the user have a few (3) edits
fix testEditCount to work with non-wikitext content in main NS consistent with WikiPageTest and other places, perform the test with the Help namespace as a workaround for now. Change-Id: I2b766c17f35e0e79662b6302c122225a1a33e7be
2012-11-08 17:05:46 +00:00
$page = WikiPage::factory( Title::newFromText( 'Help:UserTest_EditCount' ) );
Update formatting 2 of n. Change-Id: I5406673e99ed53e4e330ed47f022a17177544daa
2013-02-14 11:36:35 +00:00
for ( $i = 0; $i < 3; $i++ ) {
Replace WikiPage::doEdit() usages Update/add some comments Bug: T145737 Change-Id: Ib3b2b69906074cbb51917dc57204c989fd6c58b2
2016-09-15 20:13:22 +00:00
$page->doEditContent(
ContentHandler::makeContent( (string)$i, $page->getTitle() ),
'test',
0,
false,
$user
);
Unit test for User::getEditCount Rather trivial test for User::getEditCount as suggested by Siebrand in https://gerrit.wikimedia.org/r/26457 This required adding the User in the test to DB, as the data is written to and read from the DB. Change-Id: Ic4e55c01247158315b759654b34fdbdf9a61db01
2012-10-18 03:03:10 +00:00
}
Pass phpcs-strict on some test files (4/x) Change-Id: Ifdbb431a6018c514b15ae71cc0c21b653a5e466d
2014-04-24 12:50:36 +00:00
$this->assertEquals(
3,
$user->getEditCount(),
'After three edits, the user edit count should be 3'
);
Unit test for User::getEditCount Rather trivial test for User::getEditCount as suggested by Siebrand in https://gerrit.wikimedia.org/r/26457 This required adding the User in the test to DB, as the data is written to and read from the DB. Change-Id: Ic4e55c01247158315b759654b34fdbdf9a61db01
2012-10-18 03:03:10 +00:00
Keep $user->mEditCount up to date Whenever User::incEditCount() is called, this tries to keep the user object up to date so hooks can read the edit count without reloading the user from the db. Another option would be invalidate the instance cache and let the read repopulate it. It would add a db access on each edit. Bug: T128249 Change-Id: I79194c41d6b2fd84ad658909a2941d9d3d28d94e
2016-08-03 15:26:47 +00:00
// increase the edit count
Unit test for User::getEditCount Rather trivial test for User::getEditCount as suggested by Siebrand in https://gerrit.wikimedia.org/r/26457 This required adding the User in the test to DB, as the data is written to and read from the DB. Change-Id: Ic4e55c01247158315b759654b34fdbdf9a61db01
2012-10-18 03:03:10 +00:00
$user->incEditCount();
Pass phpcs-strict on some test files (4/x) Change-Id: Ifdbb431a6018c514b15ae71cc0c21b653a5e466d
2014-04-24 12:50:36 +00:00
$this->assertEquals(
4,
$user->getEditCount(),
'After increasing the edit count manually, the user edit count should be 4'
);
Unit test for User::getEditCount Rather trivial test for User::getEditCount as suggested by Siebrand in https://gerrit.wikimedia.org/r/26457 This required adding the User in the test to DB, as the data is written to and read from the DB. Change-Id: Ic4e55c01247158315b759654b34fdbdf9a61db01
2012-10-18 03:03:10 +00:00
}
(bug 37963) Fixed loading process for user options. The bug has actually already been fixed, so this patch just removes extraneous function calls and code in User::getOption() and User::setOption(). It also adds unit tests for user options (including a test for the case provided in the bug report). Change-Id: Idd8af9cf1a26a4adbde3ca71dde64539ecd0a207
2012-10-29 20:07:49 +00:00
Keep $user->mEditCount up to date Whenever User::incEditCount() is called, this tries to keep the user object up to date so hooks can read the edit count without reloading the user from the db. Another option would be invalidate the instance cache and let the read repopulate it. It would add a db access on each edit. Bug: T128249 Change-Id: I79194c41d6b2fd84ad658909a2941d9d3d28d94e
2016-08-03 15:26:47 +00:00
/**
* Test User::editCount
* @group medium
* @covers User::getEditCount
*/
public function testGetEditCountForAnons() {
$user = User::newFromName( 'Anonymous' );
$this->assertNull(
$user->getEditCount(),
'Edit count starts null for anonymous users.'
);
$user->incEditCount();
$this->assertNull(
$user->getEditCount(),
'Edit count remains null for anonymous users despite calls to increase it.'
);
}
/**
* Test User::editCount
* @group medium
* @covers User::incEditCount
*/
public function testIncEditCount() {
$user = $this->getMutableTestUser()->getUser();
$user->incEditCount();
$reloadedUser = User::newFromId( $user->getId() );
$reloadedUser->incEditCount();
$this->assertEquals(
2,
$reloadedUser->getEditCount(),
'Increasing the edit count after a fresh load leaves the object up to date.'
);
}
(bug 37963) Fixed loading process for user options. The bug has actually already been fixed, so this patch just removes extraneous function calls and code in User::getOption() and User::setOption(). It also adds unit tests for user options (including a test for the case provided in the bug report). Change-Id: Idd8af9cf1a26a4adbde3ca71dde64539ecd0a207
2012-10-29 20:07:49 +00:00
/**
* Test changing user options.
Add more @covers tags and test cleanup Other cleanup includes - Adding method scopes - Fixing php comments - Adding todos Change-Id: I0a231008e6a59110ffcab6af1bd8c4d3ee13f21d
2013-10-21 21:09:13 +00:00
* @covers User::setOption
* @covers User::getOption
(bug 37963) Fixed loading process for user options. The bug has actually already been fixed, so this patch just removes extraneous function calls and code in User::getOption() and User::setOption(). It also adds unit tests for user options (including a test for the case provided in the bug report). Change-Id: Idd8af9cf1a26a4adbde3ca71dde64539ecd0a207
2012-10-29 20:07:49 +00:00
*/
public function testOptions() {
Whenever possible, reuse User objects in unit tests The unit tests spend nearly half of their run time resetting the user table for each test. But the majority of tests do not depend on the user table having the exact value that the setup code resets it to, and do not need to modify the user objects they require to run. Fix that by providing an API for tests to get User objects, and to indicate whether the User object will be subject to destructive modification or not. This allows User objects to be reused across multiple unit tests. Change-Id: I17ef1f519759c5e7796c259282afe730ef722e96
2016-05-18 09:19:20 +00:00
$user = $this->getMutableTestUser()->getUser();
(bug 37963) Fixed loading process for user options. The bug has actually already been fixed, so this patch just removes extraneous function calls and code in User::getOption() and User::setOption(). It also adds unit tests for user options (including a test for the case provided in the bug report). Change-Id: Idd8af9cf1a26a4adbde3ca71dde64539ecd0a207
2012-10-29 20:07:49 +00:00
UserTest: Don't rely on the behavior of unknown user options They are not actually expected to be preserved, although they might be. Change-Id: I34e15f3d1e5b9b825e6fc14814c8e9a6ac151ce9
2014-09-20 16:56:04 +00:00
$user->setOption( 'userjs-someoption', 'test' );
Remove cols and rows preferences In https://gerrit.wikimedia.org/r/80061/, Chad was convinced this preference is barely used and mostly set to weird values by people who don't understand what they're doing. He made some quick stats: http://p.defau.lt/?fgGU0StB4J9l0LC5GZq8AA Used defaults of 80 columns and 25 rows in places that still were asking for it. The old default values are left in $wgDefaultUserOptions for now, since various extensions are using them. The 'rows' and 'columns' messages don't appear to be in use in any extensions in Git, so I killed those as well. (This is the same as I642188c74d929a586b1882a1cf8656056c4fcf5a.) Bug: T26430 Change-Id: I6c9802bc4f9cf32fb75c3dd7b9e2dc18f271eedf
2017-01-09 10:56:41 +00:00
$user->setOption( 'rclimit', 200 );
(bug 37963) Fixed loading process for user options. The bug has actually already been fixed, so this patch just removes extraneous function calls and code in User::getOption() and User::setOption(). It also adds unit tests for user options (including a test for the case provided in the bug report). Change-Id: Idd8af9cf1a26a4adbde3ca71dde64539ecd0a207
2012-10-29 20:07:49 +00:00
$user->saveSettings();
Whenever possible, reuse User objects in unit tests The unit tests spend nearly half of their run time resetting the user table for each test. But the majority of tests do not depend on the user table having the exact value that the setup code resets it to, and do not need to modify the user objects they require to run. Fix that by providing an API for tests to get User objects, and to indicate whether the User object will be subject to destructive modification or not. This allows User objects to be reused across multiple unit tests. Change-Id: I17ef1f519759c5e7796c259282afe730ef722e96
2016-05-18 09:19:20 +00:00
$user = User::newFromName( $user->getName() );
Fix UserTest case that was missing a cache purge The process cache is based on blind-TTL, so purge it to test the persistent cache properly. Change-Id: I8ee78a1e73bf5164e74b1e8a23559c2e91bba6dd
2016-11-17 00:38:09 +00:00
$user->load( User::READ_LATEST );
$this->assertEquals( 'test', $user->getOption( 'userjs-someoption' ) );
Remove cols and rows preferences In https://gerrit.wikimedia.org/r/80061/, Chad was convinced this preference is barely used and mostly set to weird values by people who don't understand what they're doing. He made some quick stats: http://p.defau.lt/?fgGU0StB4J9l0LC5GZq8AA Used defaults of 80 columns and 25 rows in places that still were asking for it. The old default values are left in $wgDefaultUserOptions for now, since various extensions are using them. The 'rows' and 'columns' messages don't appear to be in use in any extensions in Git, so I killed those as well. (This is the same as I642188c74d929a586b1882a1cf8656056c4fcf5a.) Bug: T26430 Change-Id: I6c9802bc4f9cf32fb75c3dd7b9e2dc18f271eedf
2017-01-09 10:56:41 +00:00
$this->assertEquals( 200, $user->getOption( 'rclimit' ) );
Fix UserTest case that was missing a cache purge The process cache is based on blind-TTL, so purge it to test the persistent cache properly. Change-Id: I8ee78a1e73bf5164e74b1e8a23559c2e91bba6dd
2016-11-17 00:38:09 +00:00
$user = User::newFromName( $user->getName() );
MediaWikiServices::getInstance()->getMainWANObjectCache()->clearProcessCache();
UserTest: Don't rely on the behavior of unknown user options They are not actually expected to be preserved, although they might be. Change-Id: I34e15f3d1e5b9b825e6fc14814c8e9a6ac151ce9
2014-09-20 16:56:04 +00:00
$this->assertEquals( 'test', $user->getOption( 'userjs-someoption' ) );
Remove cols and rows preferences In https://gerrit.wikimedia.org/r/80061/, Chad was convinced this preference is barely used and mostly set to weird values by people who don't understand what they're doing. He made some quick stats: http://p.defau.lt/?fgGU0StB4J9l0LC5GZq8AA Used defaults of 80 columns and 25 rows in places that still were asking for it. The old default values are left in $wgDefaultUserOptions for now, since various extensions are using them. The 'rows' and 'columns' messages don't appear to be in use in any extensions in Git, so I killed those as well. (This is the same as I642188c74d929a586b1882a1cf8656056c4fcf5a.) Bug: T26430 Change-Id: I6c9802bc4f9cf32fb75c3dd7b9e2dc18f271eedf
2017-01-09 10:56:41 +00:00
$this->assertEquals( 200, $user->getOption( 'rclimit' ) );
(bug 37963) Fixed loading process for user options. The bug has actually already been fixed, so this patch just removes extraneous function calls and code in User::getOption() and User::setOption(). It also adds unit tests for user options (including a test for the case provided in the bug report). Change-Id: Idd8af9cf1a26a4adbde3ca71dde64539ecd0a207
2012-10-29 20:07:49 +00:00
}
/**
tests: Replace implicit Bugzilla bug numbers with Phab ones It's unreasonable to expect newbies to know that "bug 12345" means "Task T14345" except where it doesn't, so let's just standardise on the real numbers. Change-Id: I46261416f7603558dceb76ebe695a5cac274e417
2017-02-20 23:45:58 +00:00
* T39963
(bug 37963) Fixed loading process for user options. The bug has actually already been fixed, so this patch just removes extraneous function calls and code in User::getOption() and User::setOption(). It also adds unit tests for user options (including a test for the case provided in the bug report). Change-Id: Idd8af9cf1a26a4adbde3ca71dde64539ecd0a207
2012-10-29 20:07:49 +00:00
* Make sure defaults are loaded when setOption is called.
Add more @covers tags and test cleanup Other cleanup includes - Adding method scopes - Fixing php comments - Adding todos Change-Id: I0a231008e6a59110ffcab6af1bd8c4d3ee13f21d
2013-10-21 21:09:13 +00:00
* @covers User::loadOptions
(bug 37963) Fixed loading process for user options. The bug has actually already been fixed, so this patch just removes extraneous function calls and code in User::getOption() and User::setOption(). It also adds unit tests for user options (including a test for the case provided in the bug report). Change-Id: Idd8af9cf1a26a4adbde3ca71dde64539ecd0a207
2012-10-29 20:07:49 +00:00
*/
public function testAnonOptions() {
global $wgDefaultUserOptions;
UserTest: Don't rely on the behavior of unknown user options They are not actually expected to be preserved, although they might be. Change-Id: I34e15f3d1e5b9b825e6fc14814c8e9a6ac151ce9
2014-09-20 16:56:04 +00:00
$this->user->setOption( 'userjs-someoption', 'test' );
Remove cols and rows preferences In https://gerrit.wikimedia.org/r/80061/, Chad was convinced this preference is barely used and mostly set to weird values by people who don't understand what they're doing. He made some quick stats: http://p.defau.lt/?fgGU0StB4J9l0LC5GZq8AA Used defaults of 80 columns and 25 rows in places that still were asking for it. The old default values are left in $wgDefaultUserOptions for now, since various extensions are using them. The 'rows' and 'columns' messages don't appear to be in use in any extensions in Git, so I killed those as well. (This is the same as I642188c74d929a586b1882a1cf8656056c4fcf5a.) Bug: T26430 Change-Id: I6c9802bc4f9cf32fb75c3dd7b9e2dc18f271eedf
2017-01-09 10:56:41 +00:00
$this->assertEquals( $wgDefaultUserOptions['rclimit'], $this->user->getOption( 'rclimit' ) );
UserTest: Don't rely on the behavior of unknown user options They are not actually expected to be preserved, although they might be. Change-Id: I34e15f3d1e5b9b825e6fc14814c8e9a6ac151ce9
2014-09-20 16:56:04 +00:00
$this->assertEquals( 'test', $this->user->getOption( 'userjs-someoption' ) );
(bug 37963) Fixed loading process for user options. The bug has actually already been fixed, so this patch just removes extraneous function calls and code in User::getOption() and User::setOption(). It also adds unit tests for user options (including a test for the case provided in the bug report). Change-Id: Idd8af9cf1a26a4adbde3ca71dde64539ecd0a207
2012-10-29 20:07:49 +00:00
}
Password Expiration Add functionality to expire users' passwords: * Adds column to the user table to keep a password expiration * Adds $wgPasswordExpirationDays, which will force users to reset their passwords after a set number of days. By default, this set to false, so passwords never expire. * Adds a default grace period of 7 days, where if the user's password is expired, they can still login, but are encouraged to reset their password. * Adds hook 'LoginPasswordResetMessage' to update reset message, in case an extension wants to vary the message on a particular reset event. * Adds hook 'ResetPasswordExpiration' to allow extensions to change the expiration date when the user resets their password. E.g., if an extension wants to vary the expiration based on the user's group. If the user is in the grace period, they get a password reset form added to the login successful page. If an extension prevents showing the login successful page (like CentralAuth), it should be updated to show a password change form during the grace period. After the grace period, the user will not be able to login without changing their password. Also prevents a successful reset if the user is "changing" their password to their existing password. No passwords will expire by default. Sites will have to call User->expirePassword() from their own maintenance script to trigger a password reset for a user. Bug: 54997 Change-Id: I92a9fc63b409b182b1d7b48781d73fc7216f8061
2013-10-09 18:09:28 +00:00
Refactor password validity checking Refactor the password checks to return a status object, so the function can handle the entire error message, or return multiple error messages. This patchset aims to keep the functionality identical. A followup patchset can further improve the functionality. E.g., although getPasswordValidity stated it could return an array of messages, it never did so except from the hook, so most callers expect and handle a single string. Change-Id: I87644486f5572dc067ebdbacd01fb39c67e5612a
2014-03-12 01:47:29 +00:00
/**
* Test password validity checks. There are 3 checks in core,
* - ensure the password meets the minimal length
* - ensure the password is not the same as the username
* - ensure the username/password combo isn't forbidden
* @covers User::checkPasswordValidity()
* @covers User::getPasswordValidity()
* @covers User::isValidPassword()
*/
public function testCheckPasswordValidity() {
Convert all array() syntax to [] Per wikitech-l consensus: https://lists.wikimedia.org/pipermail/wikitech-l/2016-February/084821.html Notes: * Disabled CallTimePassByReference due to false positives (T127163) Change-Id: I2c8ce713ce6600a0bb7bf67537c87044c7a45c4b
2016-02-17 09:09:32 +00:00
$this->setMwGlobals( [
'wgPasswordPolicy' => [
'policies' => [
'sysop' => [
Password validity by policy per group Make password policies defined in a configurable policy, which is defined by group. A user's password policy will be the maximum of each group policy that the user belongs to. Bug: T94774 Change-Id: Iad8e49ffcffed38df6293db0ef31a227d3962003
2015-04-23 01:48:48 +00:00
'MinimalPasswordLength' => 8,
'MinimumPasswordLengthToLogin' => 1,
'PasswordCannotMatchUsername' => 1,
Convert all array() syntax to [] Per wikitech-l consensus: https://lists.wikimedia.org/pipermail/wikitech-l/2016-February/084821.html Notes: * Disabled CallTimePassByReference due to false positives (T127163) Change-Id: I2c8ce713ce6600a0bb7bf67537c87044c7a45c4b
2016-02-17 09:09:32 +00:00
],
'default' => [
Password validity by policy per group Make password policies defined in a configurable policy, which is defined by group. A user's password policy will be the maximum of each group policy that the user belongs to. Bug: T94774 Change-Id: Iad8e49ffcffed38df6293db0ef31a227d3962003
2015-04-23 01:48:48 +00:00
'MinimalPasswordLength' => 6,
'PasswordCannotMatchUsername' => true,
'PasswordCannotMatchBlacklist' => true,
Whenever possible, reuse User objects in unit tests The unit tests spend nearly half of their run time resetting the user table for each test. But the majority of tests do not depend on the user table having the exact value that the setup code resets it to, and do not need to modify the user objects they require to run. Fix that by providing an API for tests to get User objects, and to indicate whether the User object will be subject to destructive modification or not. This allows User objects to be reused across multiple unit tests. Change-Id: I17ef1f519759c5e7796c259282afe730ef722e96
2016-05-18 09:19:20 +00:00
'MaximalPasswordLength' => 40,
Convert all array() syntax to [] Per wikitech-l consensus: https://lists.wikimedia.org/pipermail/wikitech-l/2016-February/084821.html Notes: * Disabled CallTimePassByReference due to false positives (T127163) Change-Id: I2c8ce713ce6600a0bb7bf67537c87044c7a45c4b
2016-02-17 09:09:32 +00:00
],
],
'checks' => [
Password validity by policy per group Make password policies defined in a configurable policy, which is defined by group. A user's password policy will be the maximum of each group policy that the user belongs to. Bug: T94774 Change-Id: Iad8e49ffcffed38df6293db0ef31a227d3962003
2015-04-23 01:48:48 +00:00
'MinimalPasswordLength' => 'PasswordPolicyChecks::checkMinimalPasswordLength',
'MinimumPasswordLengthToLogin' => 'PasswordPolicyChecks::checkMinimumPasswordLengthToLogin',
'PasswordCannotMatchUsername' => 'PasswordPolicyChecks::checkPasswordCannotMatchUsername',
'PasswordCannotMatchBlacklist' => 'PasswordPolicyChecks::checkPasswordCannotMatchBlacklist',
'MaximalPasswordLength' => 'PasswordPolicyChecks::checkMaximalPasswordLength',
Convert all array() syntax to [] Per wikitech-l consensus: https://lists.wikimedia.org/pipermail/wikitech-l/2016-February/084821.html Notes: * Disabled CallTimePassByReference due to false positives (T127163) Change-Id: I2c8ce713ce6600a0bb7bf67537c87044c7a45c4b
2016-02-17 09:09:32 +00:00
],
],
] );
Password validity by policy per group Make password policies defined in a configurable policy, which is defined by group. A user's password policy will be the maximum of each group policy that the user belongs to. Bug: T94774 Change-Id: Iad8e49ffcffed38df6293db0ef31a227d3962003
2015-04-23 01:48:48 +00:00
Whenever possible, reuse User objects in unit tests The unit tests spend nearly half of their run time resetting the user table for each test. But the majority of tests do not depend on the user table having the exact value that the setup code resets it to, and do not need to modify the user objects they require to run. Fix that by providing an API for tests to get User objects, and to indicate whether the User object will be subject to destructive modification or not. This allows User objects to be reused across multiple unit tests. Change-Id: I17ef1f519759c5e7796c259282afe730ef722e96
2016-05-18 09:19:20 +00:00
$user = static::getTestUser()->getUser();
Refactor password validity checking Refactor the password checks to return a status object, so the function can handle the entire error message, or return multiple error messages. This patchset aims to keep the functionality identical. A followup patchset can further improve the functionality. E.g., although getPasswordValidity stated it could return an array of messages, it never did so except from the hook, so most callers expect and handle a single string. Change-Id: I87644486f5572dc067ebdbacd01fb39c67e5612a
2014-03-12 01:47:29 +00:00
// Sanity
$this->assertTrue( $user->isValidPassword( 'Password1234' ) );
// Minimum length
$this->assertFalse( $user->isValidPassword( 'a' ) );
$this->assertFalse( $user->checkPasswordValidity( 'a' )->isGood() );
SECURITY: Set maximal password length for DoS Prevent DoS attacks caused by the amount of time it takes to hash long passwords by setting a limit on password length. Slightly restructures the behavior of User::checkPasswordValidity in order to accommodate for the difference between passwords the user should be able to log in with and passwords they should not. Bug: T64685 Change-Id: I24f33474c6f934fb8d94bb054dc23093abfebd5e
2014-12-26 16:29:15 +00:00
$this->assertTrue( $user->checkPasswordValidity( 'a' )->isOK() );
Refactor password validity checking Refactor the password checks to return a status object, so the function can handle the entire error message, or return multiple error messages. This patchset aims to keep the functionality identical. A followup patchset can further improve the functionality. E.g., although getPasswordValidity stated it could return an array of messages, it never did so except from the hook, so most callers expect and handle a single string. Change-Id: I87644486f5572dc067ebdbacd01fb39c67e5612a
2014-03-12 01:47:29 +00:00
$this->assertEquals( 'passwordtooshort', $user->getPasswordValidity( 'a' ) );
SECURITY: Set maximal password length for DoS Prevent DoS attacks caused by the amount of time it takes to hash long passwords by setting a limit on password length. Slightly restructures the behavior of User::checkPasswordValidity in order to accommodate for the difference between passwords the user should be able to log in with and passwords they should not. Bug: T64685 Change-Id: I24f33474c6f934fb8d94bb054dc23093abfebd5e
2014-12-26 16:29:15 +00:00
// Maximum length
Whenever possible, reuse User objects in unit tests The unit tests spend nearly half of their run time resetting the user table for each test. But the majority of tests do not depend on the user table having the exact value that the setup code resets it to, and do not need to modify the user objects they require to run. Fix that by providing an API for tests to get User objects, and to indicate whether the User object will be subject to destructive modification or not. This allows User objects to be reused across multiple unit tests. Change-Id: I17ef1f519759c5e7796c259282afe730ef722e96
2016-05-18 09:19:20 +00:00
$longPass = str_repeat( 'a', 41 );
SECURITY: Set maximal password length for DoS Prevent DoS attacks caused by the amount of time it takes to hash long passwords by setting a limit on password length. Slightly restructures the behavior of User::checkPasswordValidity in order to accommodate for the difference between passwords the user should be able to log in with and passwords they should not. Bug: T64685 Change-Id: I24f33474c6f934fb8d94bb054dc23093abfebd5e
2014-12-26 16:29:15 +00:00
$this->assertFalse( $user->isValidPassword( $longPass ) );
$this->assertFalse( $user->checkPasswordValidity( $longPass )->isGood() );
$this->assertFalse( $user->checkPasswordValidity( $longPass )->isOK() );
$this->assertEquals( 'passwordtoolong', $user->getPasswordValidity( $longPass ) );
Refactor password validity checking Refactor the password checks to return a status object, so the function can handle the entire error message, or return multiple error messages. This patchset aims to keep the functionality identical. A followup patchset can further improve the functionality. E.g., although getPasswordValidity stated it could return an array of messages, it never did so except from the hook, so most callers expect and handle a single string. Change-Id: I87644486f5572dc067ebdbacd01fb39c67e5612a
2014-03-12 01:47:29 +00:00
// Matches username
Whenever possible, reuse User objects in unit tests The unit tests spend nearly half of their run time resetting the user table for each test. But the majority of tests do not depend on the user table having the exact value that the setup code resets it to, and do not need to modify the user objects they require to run. Fix that by providing an API for tests to get User objects, and to indicate whether the User object will be subject to destructive modification or not. This allows User objects to be reused across multiple unit tests. Change-Id: I17ef1f519759c5e7796c259282afe730ef722e96
2016-05-18 09:19:20 +00:00
$this->assertFalse( $user->checkPasswordValidity( $user->getName() )->isGood() );
$this->assertTrue( $user->checkPasswordValidity( $user->getName() )->isOK() );
$this->assertEquals( 'password-name-match', $user->getPasswordValidity( $user->getName() ) );
Refactor password validity checking Refactor the password checks to return a status object, so the function can handle the entire error message, or return multiple error messages. This patchset aims to keep the functionality identical. A followup patchset can further improve the functionality. E.g., although getPasswordValidity stated it could return an array of messages, it never did so except from the hook, so most callers expect and handle a single string. Change-Id: I87644486f5572dc067ebdbacd01fb39c67e5612a
2014-03-12 01:47:29 +00:00
// On the forbidden list
Whenever possible, reuse User objects in unit tests The unit tests spend nearly half of their run time resetting the user table for each test. But the majority of tests do not depend on the user table having the exact value that the setup code resets it to, and do not need to modify the user objects they require to run. Fix that by providing an API for tests to get User objects, and to indicate whether the User object will be subject to destructive modification or not. This allows User objects to be reused across multiple unit tests. Change-Id: I17ef1f519759c5e7796c259282afe730ef722e96
2016-05-18 09:19:20 +00:00
$user = User::newFromName( 'Useruser' );
Refactor password validity checking Refactor the password checks to return a status object, so the function can handle the entire error message, or return multiple error messages. This patchset aims to keep the functionality identical. A followup patchset can further improve the functionality. E.g., although getPasswordValidity stated it could return an array of messages, it never did so except from the hook, so most callers expect and handle a single string. Change-Id: I87644486f5572dc067ebdbacd01fb39c67e5612a
2014-03-12 01:47:29 +00:00
$this->assertFalse( $user->checkPasswordValidity( 'Passpass' )->isGood() );
$this->assertEquals( 'password-login-forbidden', $user->getPasswordValidity( 'Passpass' ) );
}
Add tests for User::getCanonicalName() Change-Id: I00097a4706c4ada41a5697470b550c925ae6051d
2014-08-25 18:24:10 +00:00
/**
* @covers User::getCanonicalName()
* @dataProvider provideGetCanonicalName
*/
Reject usernames with namespace or interwiki prefixes User::getCanonicalName silently stripped namepace/iw prefixes, resulting in weird behavior (e.g. entering 'Template:Foo' in the registration form username field was accepted, but user 'Foo' was created). Explicitly reject such names instead. Also remove leading whitespace from test cases testing for something else. Bug: T94656 Change-Id: Idfb22f998cb069fca24abcf5809afd6e0324b0ae
2016-04-16 17:36:33 +00:00
public function testGetCanonicalName( $name, $expectedArray ) {
// fake interwiki map for the 'Interwiki prefix' testcase
$this->mergeMwGlobalArrayValue( 'wgHooks', [
'InterwikiLoadPrefix' => [
function ( $prefix, &$iwdata ) {
if ( $prefix === 'interwiki' ) {
$iwdata = [
'iw_url' => 'http://example.com/',
'iw_local' => 0,
'iw_trans' => 0,
];
return false;
}
},
],
] );
Add tests for User::getCanonicalName() Change-Id: I00097a4706c4ada41a5697470b550c925ae6051d
2014-08-25 18:24:10 +00:00
foreach ( $expectedArray as $validate => $expected ) {
$this->assertEquals(
$expected,
Reject usernames with namespace or interwiki prefixes User::getCanonicalName silently stripped namepace/iw prefixes, resulting in weird behavior (e.g. entering 'Template:Foo' in the registration form username field was accepted, but user 'Foo' was created). Explicitly reject such names instead. Also remove leading whitespace from test cases testing for something else. Bug: T94656 Change-Id: Idfb22f998cb069fca24abcf5809afd6e0324b0ae
2016-04-16 17:36:33 +00:00
User::getCanonicalName( $name, $validate === 'false' ? false : $validate ), $validate );
Add tests for User::getCanonicalName() Change-Id: I00097a4706c4ada41a5697470b550c925ae6051d
2014-08-25 18:24:10 +00:00
}
}
test: Clean up data providers that should be static Follows-up b36d883. By far most data providers are static (and PHPUnit expects them to be static and calls them that way). Most of these classes already had their data providers static but additional commits sloppily introduced non-static ones. * ResourceLoaderWikiModuleTest, 8968d8787f. * TitleTest, 545f1d3a73. Odd unused method 'dataTestIsValidMoveOperation' was introduced in 550b878e63. * GlobalVarConfigTest, a3e18c3670. Change-Id: I5da99f7cd3da68c550ae507ffe1f725d31e7666f
2014-09-18 01:28:26 +00:00
public static function provideGetCanonicalName() {
Convert all array() syntax to [] Per wikitech-l consensus: https://lists.wikimedia.org/pipermail/wikitech-l/2016-February/084821.html Notes: * Disabled CallTimePassByReference due to false positives (T127163) Change-Id: I2c8ce713ce6600a0bb7bf67537c87044c7a45c4b
2016-02-17 09:09:32 +00:00
return [
Reject usernames with namespace or interwiki prefixes User::getCanonicalName silently stripped namepace/iw prefixes, resulting in weird behavior (e.g. entering 'Template:Foo' in the registration form username field was accepted, but user 'Foo' was created). Explicitly reject such names instead. Also remove leading whitespace from test cases testing for something else. Bug: T94656 Change-Id: Idfb22f998cb069fca24abcf5809afd6e0324b0ae
2016-04-16 17:36:33 +00:00
'Leading space' => [ ' Leading space', [ 'creatable' => 'Leading space' ] ],
'Trailing space ' => [ 'Trailing space ', [ 'creatable' => 'Trailing space' ] ],
'Namespace prefix' => [ 'Talk:Username', [ 'creatable' => false, 'usable' => false,
'valid' => false, 'false' => 'Talk:Username' ] ],
'Interwiki prefix' => [ 'interwiki:Username', [ 'creatable' => false, 'usable' => false,
'valid' => false, 'false' => 'Interwiki:Username' ] ],
'With hash' => [ 'name with # hash', [ 'creatable' => false, 'usable' => false ] ],
'Multi spaces' => [ 'Multi spaces', [ 'creatable' => 'Multi spaces',
'usable' => 'Multi spaces' ] ],
'Lowercase' => [ 'lowercase', [ 'creatable' => 'Lowercase' ] ],
'Invalid character' => [ 'in[]valid', [ 'creatable' => false, 'usable' => false,
'valid' => false, 'false' => 'In[]valid' ] ],
'With slash' => [ 'with / slash', [ 'creatable' => false, 'usable' => false, 'valid' => false,
'false' => 'With / slash' ] ],
Convert all array() syntax to [] Per wikitech-l consensus: https://lists.wikimedia.org/pipermail/wikitech-l/2016-February/084821.html Notes: * Disabled CallTimePassByReference due to false positives (T127163) Change-Id: I2c8ce713ce6600a0bb7bf67537c87044c7a45c4b
2016-02-17 09:09:32 +00:00
];
Add tests for User::getCanonicalName() Change-Id: I00097a4706c4ada41a5697470b550c925ae6051d
2014-08-25 18:24:10 +00:00
}
Add User::equals Seems stupid omission. Title has one. Why do I need to think how to determine how to users objects point to the same user. Allows more expressive code. Also fixes a bug in multiple places where users "0" and "00" were considered equal. Change-Id: I682392e564b332b77ab489f2ad394fa2d28098a5
2014-12-11 08:59:28 +00:00
Add missing @covers tag Change-Id: I491929e3d77688bf07640db4218ef99d6b888a82
2015-01-13 18:25:41 +00:00
/**
* @covers User::equals
*/
Add User::equals Seems stupid omission. Title has one. Why do I need to think how to determine how to users objects point to the same user. Allows more expressive code. Also fixes a bug in multiple places where users "0" and "00" were considered equal. Change-Id: I682392e564b332b77ab489f2ad394fa2d28098a5
2014-12-11 08:59:28 +00:00
public function testEquals() {
Whenever possible, reuse User objects in unit tests The unit tests spend nearly half of their run time resetting the user table for each test. But the majority of tests do not depend on the user table having the exact value that the setup code resets it to, and do not need to modify the user objects they require to run. Fix that by providing an API for tests to get User objects, and to indicate whether the User object will be subject to destructive modification or not. This allows User objects to be reused across multiple unit tests. Change-Id: I17ef1f519759c5e7796c259282afe730ef722e96
2016-05-18 09:19:20 +00:00
$first = $this->getMutableTestUser()->getUser();
$second = User::newFromName( $first->getName() );
Add User::equals Seems stupid omission. Title has one. Why do I need to think how to determine how to users objects point to the same user. Allows more expressive code. Also fixes a bug in multiple places where users "0" and "00" were considered equal. Change-Id: I682392e564b332b77ab489f2ad394fa2d28098a5
2014-12-11 08:59:28 +00:00
$this->assertTrue( $first->equals( $first ) );
$this->assertTrue( $first->equals( $second ) );
$this->assertTrue( $second->equals( $first ) );
Whenever possible, reuse User objects in unit tests The unit tests spend nearly half of their run time resetting the user table for each test. But the majority of tests do not depend on the user table having the exact value that the setup code resets it to, and do not need to modify the user objects they require to run. Fix that by providing an API for tests to get User objects, and to indicate whether the User object will be subject to destructive modification or not. This allows User objects to be reused across multiple unit tests. Change-Id: I17ef1f519759c5e7796c259282afe730ef722e96
2016-05-18 09:19:20 +00:00
$third = $this->getMutableTestUser()->getUser();
$fourth = $this->getMutableTestUser()->getUser();
Add User::equals Seems stupid omission. Title has one. Why do I need to think how to determine how to users objects point to the same user. Allows more expressive code. Also fixes a bug in multiple places where users "0" and "00" were considered equal. Change-Id: I682392e564b332b77ab489f2ad394fa2d28098a5
2014-12-11 08:59:28 +00:00
$this->assertFalse( $third->equals( $fourth ) );
$this->assertFalse( $fourth->equals( $third ) );
// Test users loaded from db with id
Whenever possible, reuse User objects in unit tests The unit tests spend nearly half of their run time resetting the user table for each test. But the majority of tests do not depend on the user table having the exact value that the setup code resets it to, and do not need to modify the user objects they require to run. Fix that by providing an API for tests to get User objects, and to indicate whether the User object will be subject to destructive modification or not. This allows User objects to be reused across multiple unit tests. Change-Id: I17ef1f519759c5e7796c259282afe730ef722e96
2016-05-18 09:19:20 +00:00
$user = $this->getMutableTestUser()->getUser();
$fifth = User::newFromId( $user->getId() );
$sixth = User::newFromName( $user->getName() );
Add User::equals Seems stupid omission. Title has one. Why do I need to think how to determine how to users objects point to the same user. Allows more expressive code. Also fixes a bug in multiple places where users "0" and "00" were considered equal. Change-Id: I682392e564b332b77ab489f2ad394fa2d28098a5
2014-12-11 08:59:28 +00:00
$this->assertTrue( $fifth->equals( $sixth ) );
}
User: Add unit tests for getId, isAnon and isLoggedIn Change-Id: Ie007d9da47df871f99ca19c4d7364f46f71c255b
2015-04-02 01:15:50 +00:00
/**
* @covers User::getId
*/
public function testGetId() {
Whenever possible, reuse User objects in unit tests The unit tests spend nearly half of their run time resetting the user table for each test. But the majority of tests do not depend on the user table having the exact value that the setup code resets it to, and do not need to modify the user objects they require to run. Fix that by providing an API for tests to get User objects, and to indicate whether the User object will be subject to destructive modification or not. This allows User objects to be reused across multiple unit tests. Change-Id: I17ef1f519759c5e7796c259282afe730ef722e96
2016-05-18 09:19:20 +00:00
$user = static::getTestUser()->getUser();
User: Add unit tests for getId, isAnon and isLoggedIn Change-Id: Ie007d9da47df871f99ca19c4d7364f46f71c255b
2015-04-02 01:15:50 +00:00
$this->assertTrue( $user->getId() > 0 );
}
/**
* @covers User::isLoggedIn
* @covers User::isAnon
*/
public function testLoggedIn() {
Whenever possible, reuse User objects in unit tests The unit tests spend nearly half of their run time resetting the user table for each test. But the majority of tests do not depend on the user table having the exact value that the setup code resets it to, and do not need to modify the user objects they require to run. Fix that by providing an API for tests to get User objects, and to indicate whether the User object will be subject to destructive modification or not. This allows User objects to be reused across multiple unit tests. Change-Id: I17ef1f519759c5e7796c259282afe730ef722e96
2016-05-18 09:19:20 +00:00
$user = $this->getMutableTestUser()->getUser();
User: Add unit tests for getId, isAnon and isLoggedIn Change-Id: Ie007d9da47df871f99ca19c4d7364f46f71c255b
2015-04-02 01:15:50 +00:00
$this->assertTrue( $user->isLoggedIn() );
$this->assertFalse( $user->isAnon() );
// Non-existent users are perceived as anonymous
$user = User::newFromName( 'UTNonexistent' );
$this->assertFalse( $user->isLoggedIn() );
$this->assertTrue( $user->isAnon() );
$user = new User;
$this->assertFalse( $user->isLoggedIn() );
$this->assertTrue( $user->isAnon() );
}
Added CAS logic to User::addAutopromoteOnceGroups * This should avoid duplicate logging events on races or when the cache fails to update. * Also added getDBTouched() method to get user_touched itself. Bug: T48834 Change-Id: Ib2cd0a2c72629fa4e13dcff4d2d6fbac8e690b32
2015-04-07 20:50:00 +00:00
/**
* @covers User::checkAndSetTouched
*/
public function testCheckAndSetTouched() {
Whenever possible, reuse User objects in unit tests The unit tests spend nearly half of their run time resetting the user table for each test. But the majority of tests do not depend on the user table having the exact value that the setup code resets it to, and do not need to modify the user objects they require to run. Fix that by providing an API for tests to get User objects, and to indicate whether the User object will be subject to destructive modification or not. This allows User objects to be reused across multiple unit tests. Change-Id: I17ef1f519759c5e7796c259282afe730ef722e96
2016-05-18 09:19:20 +00:00
$user = $this->getMutableTestUser()->getUser();
$user = TestingAccessWrapper::newFromObject( $user );
Added CAS logic to User::addAutopromoteOnceGroups * This should avoid duplicate logging events on races or when the cache fails to update. * Also added getDBTouched() method to get user_touched itself. Bug: T48834 Change-Id: Ib2cd0a2c72629fa4e13dcff4d2d6fbac8e690b32
2015-04-07 20:50:00 +00:00
$this->assertTrue( $user->isLoggedIn() );
$touched = $user->getDBTouched();
$this->assertTrue(
$user->checkAndSetTouched(), "checkAndSetTouched() succeded" );
$this->assertGreaterThan(
$touched, $user->getDBTouched(), "user_touched increased with casOnTouched()" );
$touched = $user->getDBTouched();
$this->assertTrue(
$user->checkAndSetTouched(), "checkAndSetTouched() succeded #2" );
$this->assertGreaterThan(
$touched, $user->getDBTouched(), "user_touched increased with casOnTouched() #2" );
}
Add User::findUsersByGroup() Needed by Iee6e0074d64. Change-Id: Idbaf2102410f82343ad38ff51ccb7ab70b15e654
2016-07-27 01:44:53 +00:00
/**
* @covers User::findUsersByGroup
*/
public function testFindUsersByGroup() {
$users = User::findUsersByGroup( [] );
$this->assertEquals( 0, iterator_count( $users ) );
$users = User::findUsersByGroup( 'foo' );
$this->assertEquals( 0, iterator_count( $users ) );
$user = $this->getMutableTestUser( [ 'foo' ] )->getUser();
$users = User::findUsersByGroup( 'foo' );
$this->assertEquals( 1, iterator_count( $users ) );
$users->rewind();
$this->assertTrue( $user->equals( $users->current() ) );
// arguments have OR relationship
$user2 = $this->getMutableTestUser( [ 'bar' ] )->getUser();
$users = User::findUsersByGroup( [ 'foo', 'bar' ] );
$this->assertEquals( 2, iterator_count( $users ) );
$users->rewind();
$this->assertTrue( $user->equals( $users->current() ) );
$users->next();
$this->assertTrue( $user2->equals( $users->current() ) );
// users are not duplicated
$user = $this->getMutableTestUser( [ 'baz', 'boom' ] )->getUser();
$users = User::findUsersByGroup( [ 'baz', 'boom' ] );
$this->assertEquals( 1, iterator_count( $users ) );
$users->rewind();
$this->assertTrue( $user->equals( $users->current() ) );
}
Send a cookie with autoblocks to prevent vandalism. Send a cookie with blocks that have autoblock turned on so that the user will be identified to MediaWiki and any IP they try to edit anonymously from will be blocked, even without logging in to the originally blocked account. Additionally, the block info is stored in local storage as well as an even stronger deterrence. Note: this is meant to deter normal vandals, i.e., not attackers who know what cookies and local storage are and will be actively removing the cookie. This feature is disabled by default, and can be enabled with the new $wgCookieSetOnAutoblock configuration variable (by setting it to true); The cookie will expire at the same time as the block or after $wgCookieExpiration (whichever is sooner). Bug: T5233 Bug: T147610 Change-Id: Ic3383af56c555c1592d272490ff4da683b9d7b1b
2013-02-07 21:56:54 +00:00
/**
* When a user is autoblocked a cookie is set with which to track them
* in case they log out and change IP addresses.
* @link https://phabricator.wikimedia.org/T5233
*/
public function testAutoblockCookies() {
// Set up the bits of global configuration that we use.
$this->setMwGlobals( [
'wgCookieSetOnAutoblock' => true,
'wgCookiePrefix' => 'wmsitetitle',
Validate BlockID cookie before use This change adds a HMAC to the block-cookie to prevent someone spoofing a cookie and so discovering revdeleted users' names. The HMAC is only added if $wgSecretKey is set; if it isn't, the existing plain-ID format is used. A note about this has been added to DefaultSettings.php. Tests are updated and new tests added to demonstrate an inauthentic HMAC, and for when $wgSecretKey is not definied. Bug: T152951 Change-Id: I6a3ef9e91091408c25eaa2d36d58b365d681e8c6
2017-01-04 03:38:27 +00:00
'wgSecretKey' => MWCryptRand::generateHex( 64, true ),
Send a cookie with autoblocks to prevent vandalism. Send a cookie with blocks that have autoblock turned on so that the user will be identified to MediaWiki and any IP they try to edit anonymously from will be blocked, even without logging in to the originally blocked account. Additionally, the block info is stored in local storage as well as an even stronger deterrence. Note: this is meant to deter normal vandals, i.e., not attackers who know what cookies and local storage are and will be actively removing the cookie. This feature is disabled by default, and can be enabled with the new $wgCookieSetOnAutoblock configuration variable (by setting it to true); The cookie will expire at the same time as the block or after $wgCookieExpiration (whichever is sooner). Bug: T5233 Bug: T147610 Change-Id: Ic3383af56c555c1592d272490ff4da683b9d7b1b
2013-02-07 21:56:54 +00:00
] );
Specify a blocker for all UserTest blocks Also, un-register the PerofmrRetroactiveAutoblock hook from CheckUser as it will assume an IP address for the user which is not specified in UserTest. This will keep the unit tests focused on unit testing, as opposed to integration. Bug:T176103 Change-Id: I3a090f7bae5ba266c3cd4500ecf83338fb8503bb
2017-09-18 18:57:17 +00:00
// Unregister the hooks for proper unit testing
$this->mergeMwGlobalArrayValue( 'wgHooks', [
'PerformRetroactiveAutoblock' => []
] );
Send a cookie with autoblocks to prevent vandalism. Send a cookie with blocks that have autoblock turned on so that the user will be identified to MediaWiki and any IP they try to edit anonymously from will be blocked, even without logging in to the originally blocked account. Additionally, the block info is stored in local storage as well as an even stronger deterrence. Note: this is meant to deter normal vandals, i.e., not attackers who know what cookies and local storage are and will be actively removing the cookie. This feature is disabled by default, and can be enabled with the new $wgCookieSetOnAutoblock configuration variable (by setting it to true); The cookie will expire at the same time as the block or after $wgCookieExpiration (whichever is sooner). Bug: T5233 Bug: T147610 Change-Id: Ic3383af56c555c1592d272490ff4da683b9d7b1b
2013-02-07 21:56:54 +00:00
// 1. Log in a test user, and block them.
Specify a blocker for all UserTest blocks Also, un-register the PerofmrRetroactiveAutoblock hook from CheckUser as it will assume an IP address for the user which is not specified in UserTest. This will keep the unit tests focused on unit testing, as opposed to integration. Bug:T176103 Change-Id: I3a090f7bae5ba266c3cd4500ecf83338fb8503bb
2017-09-18 18:57:17 +00:00
$userBlocker = $this->getTestSysop()->getUser();
Send a cookie with autoblocks to prevent vandalism. Send a cookie with blocks that have autoblock turned on so that the user will be identified to MediaWiki and any IP they try to edit anonymously from will be blocked, even without logging in to the originally blocked account. Additionally, the block info is stored in local storage as well as an even stronger deterrence. Note: this is meant to deter normal vandals, i.e., not attackers who know what cookies and local storage are and will be actively removing the cookie. This feature is disabled by default, and can be enabled with the new $wgCookieSetOnAutoblock configuration variable (by setting it to true); The cookie will expire at the same time as the block or after $wgCookieExpiration (whichever is sooner). Bug: T5233 Bug: T147610 Change-Id: Ic3383af56c555c1592d272490ff4da683b9d7b1b
2013-02-07 21:56:54 +00:00
$user1tmp = $this->getTestUser()->getUser();
$request1 = new FauxRequest();
$request1->getSession()->setUser( $user1tmp );
Default block-cookies to 24 hours only Rather than use wgCookieExpiration as the basis for the maximum life of a block cookie, just use 1 day. Tests have been updated also. Bug: T153347 Change-Id: I3447d97af3170308834f365c5c600430f47c66a7
2016-12-20 12:08:38 +00:00
$expiryFiveHours = wfTimestamp() + ( 5 * 60 * 60 );
Send a cookie with autoblocks to prevent vandalism. Send a cookie with blocks that have autoblock turned on so that the user will be identified to MediaWiki and any IP they try to edit anonymously from will be blocked, even without logging in to the originally blocked account. Additionally, the block info is stored in local storage as well as an even stronger deterrence. Note: this is meant to deter normal vandals, i.e., not attackers who know what cookies and local storage are and will be actively removing the cookie. This feature is disabled by default, and can be enabled with the new $wgCookieSetOnAutoblock configuration variable (by setting it to true); The cookie will expire at the same time as the block or after $wgCookieExpiration (whichever is sooner). Bug: T5233 Bug: T147610 Change-Id: Ic3383af56c555c1592d272490ff4da683b9d7b1b
2013-02-07 21:56:54 +00:00
$block = new Block( [
'enableAutoblock' => true,
Default block-cookies to 24 hours only Rather than use wgCookieExpiration as the basis for the maximum life of a block cookie, just use 1 day. Tests have been updated also. Bug: T153347 Change-Id: I3447d97af3170308834f365c5c600430f47c66a7
2016-12-20 12:08:38 +00:00
'expiry' => wfTimestamp( TS_MW, $expiryFiveHours ),
Send a cookie with autoblocks to prevent vandalism. Send a cookie with blocks that have autoblock turned on so that the user will be identified to MediaWiki and any IP they try to edit anonymously from will be blocked, even without logging in to the originally blocked account. Additionally, the block info is stored in local storage as well as an even stronger deterrence. Note: this is meant to deter normal vandals, i.e., not attackers who know what cookies and local storage are and will be actively removing the cookie. This feature is disabled by default, and can be enabled with the new $wgCookieSetOnAutoblock configuration variable (by setting it to true); The cookie will expire at the same time as the block or after $wgCookieExpiration (whichever is sooner). Bug: T5233 Bug: T147610 Change-Id: Ic3383af56c555c1592d272490ff4da683b9d7b1b
2013-02-07 21:56:54 +00:00
] );
$block->setTarget( $user1tmp );
Specify a blocker for all UserTest blocks Also, un-register the PerofmrRetroactiveAutoblock hook from CheckUser as it will assume an IP address for the user which is not specified in UserTest. This will keep the unit tests focused on unit testing, as opposed to integration. Bug:T176103 Change-Id: I3a090f7bae5ba266c3cd4500ecf83338fb8503bb
2017-09-18 18:57:17 +00:00
$block->setBlocker( $userBlocker );
Assert that blocks were inserted successfully in UserTest Bug: T176103 Change-Id: Ia8afc37605a844590abe49eaad1e806bd2c7f6f8
2017-09-18 18:03:04 +00:00
$res = $block->insert();
$this->assertTrue( (bool)$res['id'], 'Failed to insert block' );
Send a cookie with autoblocks to prevent vandalism. Send a cookie with blocks that have autoblock turned on so that the user will be identified to MediaWiki and any IP they try to edit anonymously from will be blocked, even without logging in to the originally blocked account. Additionally, the block info is stored in local storage as well as an even stronger deterrence. Note: this is meant to deter normal vandals, i.e., not attackers who know what cookies and local storage are and will be actively removing the cookie. This feature is disabled by default, and can be enabled with the new $wgCookieSetOnAutoblock configuration variable (by setting it to true); The cookie will expire at the same time as the block or after $wgCookieExpiration (whichever is sooner). Bug: T5233 Bug: T147610 Change-Id: Ic3383af56c555c1592d272490ff4da683b9d7b1b
2013-02-07 21:56:54 +00:00
$user1 = User::newFromSession( $request1 );
$user1->mBlock = $block;
$user1->load();
// Confirm that the block has been applied as required.
$this->assertTrue( $user1->isLoggedIn() );
$this->assertTrue( $user1->isBlocked() );
$this->assertEquals( Block::TYPE_USER, $block->getType() );
$this->assertTrue( $block->isAutoblocking() );
$this->assertGreaterThanOrEqual( 1, $block->getId() );
// Test for the desired cookie name, value, and expiry.
$cookies = $request1->response()->getCookies();
$this->assertArrayHasKey( 'wmsitetitleBlockID', $cookies );
Default block-cookies to 24 hours only Rather than use wgCookieExpiration as the basis for the maximum life of a block cookie, just use 1 day. Tests have been updated also. Bug: T153347 Change-Id: I3447d97af3170308834f365c5c600430f47c66a7
2016-12-20 12:08:38 +00:00
$this->assertEquals( $expiryFiveHours, $cookies['wmsitetitleBlockID']['expire'] );
Validate BlockID cookie before use This change adds a HMAC to the block-cookie to prevent someone spoofing a cookie and so discovering revdeleted users' names. The HMAC is only added if $wgSecretKey is set; if it isn't, the existing plain-ID format is used. A note about this has been added to DefaultSettings.php. Tests are updated and new tests added to demonstrate an inauthentic HMAC, and for when $wgSecretKey is not definied. Bug: T152951 Change-Id: I6a3ef9e91091408c25eaa2d36d58b365d681e8c6
2017-01-04 03:38:27 +00:00
$cookieValue = Block::getIdFromCookieValue( $cookies['wmsitetitleBlockID']['value'] );
$this->assertEquals( $block->getId(), $cookieValue );
Send a cookie with autoblocks to prevent vandalism. Send a cookie with blocks that have autoblock turned on so that the user will be identified to MediaWiki and any IP they try to edit anonymously from will be blocked, even without logging in to the originally blocked account. Additionally, the block info is stored in local storage as well as an even stronger deterrence. Note: this is meant to deter normal vandals, i.e., not attackers who know what cookies and local storage are and will be actively removing the cookie. This feature is disabled by default, and can be enabled with the new $wgCookieSetOnAutoblock configuration variable (by setting it to true); The cookie will expire at the same time as the block or after $wgCookieExpiration (whichever is sooner). Bug: T5233 Bug: T147610 Change-Id: Ic3383af56c555c1592d272490ff4da683b9d7b1b
2013-02-07 21:56:54 +00:00
// 2. Create a new request, set the cookies, and see if the (anon) user is blocked.
$request2 = new FauxRequest();
Validate BlockID cookie before use This change adds a HMAC to the block-cookie to prevent someone spoofing a cookie and so discovering revdeleted users' names. The HMAC is only added if $wgSecretKey is set; if it isn't, the existing plain-ID format is used. A note about this has been added to DefaultSettings.php. Tests are updated and new tests added to demonstrate an inauthentic HMAC, and for when $wgSecretKey is not definied. Bug: T152951 Change-Id: I6a3ef9e91091408c25eaa2d36d58b365d681e8c6
2017-01-04 03:38:27 +00:00
$request2->setCookie( 'BlockID', $block->getCookieValue() );
Send a cookie with autoblocks to prevent vandalism. Send a cookie with blocks that have autoblock turned on so that the user will be identified to MediaWiki and any IP they try to edit anonymously from will be blocked, even without logging in to the originally blocked account. Additionally, the block info is stored in local storage as well as an even stronger deterrence. Note: this is meant to deter normal vandals, i.e., not attackers who know what cookies and local storage are and will be actively removing the cookie. This feature is disabled by default, and can be enabled with the new $wgCookieSetOnAutoblock configuration variable (by setting it to true); The cookie will expire at the same time as the block or after $wgCookieExpiration (whichever is sooner). Bug: T5233 Bug: T147610 Change-Id: Ic3383af56c555c1592d272490ff4da683b9d7b1b
2013-02-07 21:56:54 +00:00
$user2 = User::newFromSession( $request2 );
$user2->load();
$this->assertNotEquals( $user1->getId(), $user2->getId() );
$this->assertNotEquals( $user1->getToken(), $user2->getToken() );
$this->assertTrue( $user2->isAnon() );
$this->assertFalse( $user2->isLoggedIn() );
$this->assertTrue( $user2->isBlocked() );
Specify a blocker for all UserTest blocks Also, un-register the PerofmrRetroactiveAutoblock hook from CheckUser as it will assume an IP address for the user which is not specified in UserTest. This will keep the unit tests focused on unit testing, as opposed to integration. Bug:T176103 Change-Id: I3a090f7bae5ba266c3cd4500ecf83338fb8503bb
2017-09-18 18:57:17 +00:00
// Non-strict type-check.
$this->assertEquals( true, $user2->getBlock()->isAutoblocking(), 'Autoblock does not work' );
Send a cookie with autoblocks to prevent vandalism. Send a cookie with blocks that have autoblock turned on so that the user will be identified to MediaWiki and any IP they try to edit anonymously from will be blocked, even without logging in to the originally blocked account. Additionally, the block info is stored in local storage as well as an even stronger deterrence. Note: this is meant to deter normal vandals, i.e., not attackers who know what cookies and local storage are and will be actively removing the cookie. This feature is disabled by default, and can be enabled with the new $wgCookieSetOnAutoblock configuration variable (by setting it to true); The cookie will expire at the same time as the block or after $wgCookieExpiration (whichever is sooner). Bug: T5233 Bug: T147610 Change-Id: Ic3383af56c555c1592d272490ff4da683b9d7b1b
2013-02-07 21:56:54 +00:00
// Can't directly compare the objects becuase of member type differences.
// One day this will work: $this->assertEquals( $block, $user2->getBlock() );
$this->assertEquals( $block->getId(), $user2->getBlock()->getId() );
$this->assertEquals( $block->getExpiry(), $user2->getBlock()->getExpiry() );
// 3. Finally, set up a request as a new user, and the block should still be applied.
$user3tmp = $this->getTestUser()->getUser();
$request3 = new FauxRequest();
$request3->getSession()->setUser( $user3tmp );
$request3->setCookie( 'BlockID', $block->getId() );
$user3 = User::newFromSession( $request3 );
$user3->load();
$this->assertTrue( $user3->isLoggedIn() );
$this->assertTrue( $user3->isBlocked() );
$this->assertEquals( true, $user3->getBlock()->isAutoblocking() ); // Non-strict type-check.
// Clean up.
$block->delete();
}
/**
* Make sure that no cookie is set to track autoblocked users
* when $wgCookieSetOnAutoblock is false.
*/
public function testAutoblockCookiesDisabled() {
// Set up the bits of global configuration that we use.
$this->setMwGlobals( [
'wgCookieSetOnAutoblock' => false,
'wgCookiePrefix' => 'wm_no_cookies',
Validate BlockID cookie before use This change adds a HMAC to the block-cookie to prevent someone spoofing a cookie and so discovering revdeleted users' names. The HMAC is only added if $wgSecretKey is set; if it isn't, the existing plain-ID format is used. A note about this has been added to DefaultSettings.php. Tests are updated and new tests added to demonstrate an inauthentic HMAC, and for when $wgSecretKey is not definied. Bug: T152951 Change-Id: I6a3ef9e91091408c25eaa2d36d58b365d681e8c6
2017-01-04 03:38:27 +00:00
'wgSecretKey' => MWCryptRand::generateHex( 64, true ),
Send a cookie with autoblocks to prevent vandalism. Send a cookie with blocks that have autoblock turned on so that the user will be identified to MediaWiki and any IP they try to edit anonymously from will be blocked, even without logging in to the originally blocked account. Additionally, the block info is stored in local storage as well as an even stronger deterrence. Note: this is meant to deter normal vandals, i.e., not attackers who know what cookies and local storage are and will be actively removing the cookie. This feature is disabled by default, and can be enabled with the new $wgCookieSetOnAutoblock configuration variable (by setting it to true); The cookie will expire at the same time as the block or after $wgCookieExpiration (whichever is sooner). Bug: T5233 Bug: T147610 Change-Id: Ic3383af56c555c1592d272490ff4da683b9d7b1b
2013-02-07 21:56:54 +00:00
] );
Specify a blocker for all UserTest blocks Also, un-register the PerofmrRetroactiveAutoblock hook from CheckUser as it will assume an IP address for the user which is not specified in UserTest. This will keep the unit tests focused on unit testing, as opposed to integration. Bug:T176103 Change-Id: I3a090f7bae5ba266c3cd4500ecf83338fb8503bb
2017-09-18 18:57:17 +00:00
// Unregister the hooks for proper unit testing
$this->mergeMwGlobalArrayValue( 'wgHooks', [
'PerformRetroactiveAutoblock' => []
] );
Send a cookie with autoblocks to prevent vandalism. Send a cookie with blocks that have autoblock turned on so that the user will be identified to MediaWiki and any IP they try to edit anonymously from will be blocked, even without logging in to the originally blocked account. Additionally, the block info is stored in local storage as well as an even stronger deterrence. Note: this is meant to deter normal vandals, i.e., not attackers who know what cookies and local storage are and will be actively removing the cookie. This feature is disabled by default, and can be enabled with the new $wgCookieSetOnAutoblock configuration variable (by setting it to true); The cookie will expire at the same time as the block or after $wgCookieExpiration (whichever is sooner). Bug: T5233 Bug: T147610 Change-Id: Ic3383af56c555c1592d272490ff4da683b9d7b1b
2013-02-07 21:56:54 +00:00
// 1. Log in a test user, and block them.
Specify a blocker for all UserTest blocks Also, un-register the PerofmrRetroactiveAutoblock hook from CheckUser as it will assume an IP address for the user which is not specified in UserTest. This will keep the unit tests focused on unit testing, as opposed to integration. Bug:T176103 Change-Id: I3a090f7bae5ba266c3cd4500ecf83338fb8503bb
2017-09-18 18:57:17 +00:00
$userBlocker = $this->getTestSysop()->getUser();
Send a cookie with autoblocks to prevent vandalism. Send a cookie with blocks that have autoblock turned on so that the user will be identified to MediaWiki and any IP they try to edit anonymously from will be blocked, even without logging in to the originally blocked account. Additionally, the block info is stored in local storage as well as an even stronger deterrence. Note: this is meant to deter normal vandals, i.e., not attackers who know what cookies and local storage are and will be actively removing the cookie. This feature is disabled by default, and can be enabled with the new $wgCookieSetOnAutoblock configuration variable (by setting it to true); The cookie will expire at the same time as the block or after $wgCookieExpiration (whichever is sooner). Bug: T5233 Bug: T147610 Change-Id: Ic3383af56c555c1592d272490ff4da683b9d7b1b
2013-02-07 21:56:54 +00:00
$testUser = $this->getTestUser()->getUser();
$request1 = new FauxRequest();
$request1->getSession()->setUser( $testUser );
$block = new Block( [ 'enableAutoblock' => true ] );
$block->setTarget( $testUser );
Specify a blocker for all UserTest blocks Also, un-register the PerofmrRetroactiveAutoblock hook from CheckUser as it will assume an IP address for the user which is not specified in UserTest. This will keep the unit tests focused on unit testing, as opposed to integration. Bug:T176103 Change-Id: I3a090f7bae5ba266c3cd4500ecf83338fb8503bb
2017-09-18 18:57:17 +00:00
$block->setBlocker( $userBlocker );
Assert that blocks were inserted successfully in UserTest Bug: T176103 Change-Id: Ia8afc37605a844590abe49eaad1e806bd2c7f6f8
2017-09-18 18:03:04 +00:00
$res = $block->insert();
$this->assertTrue( (bool)$res['id'], 'Failed to insert block' );
Send a cookie with autoblocks to prevent vandalism. Send a cookie with blocks that have autoblock turned on so that the user will be identified to MediaWiki and any IP they try to edit anonymously from will be blocked, even without logging in to the originally blocked account. Additionally, the block info is stored in local storage as well as an even stronger deterrence. Note: this is meant to deter normal vandals, i.e., not attackers who know what cookies and local storage are and will be actively removing the cookie. This feature is disabled by default, and can be enabled with the new $wgCookieSetOnAutoblock configuration variable (by setting it to true); The cookie will expire at the same time as the block or after $wgCookieExpiration (whichever is sooner). Bug: T5233 Bug: T147610 Change-Id: Ic3383af56c555c1592d272490ff4da683b9d7b1b
2013-02-07 21:56:54 +00:00
$user = User::newFromSession( $request1 );
$user->mBlock = $block;
$user->load();
// 2. Test that the cookie IS NOT present.
$this->assertTrue( $user->isLoggedIn() );
$this->assertTrue( $user->isBlocked() );
$this->assertEquals( Block::TYPE_USER, $block->getType() );
$this->assertTrue( $block->isAutoblocking() );
$this->assertGreaterThanOrEqual( 1, $user->getBlockId() );
$this->assertGreaterThanOrEqual( $block->getId(), $user->getBlockId() );
$cookies = $request1->response()->getCookies();
$this->assertArrayNotHasKey( 'wm_no_cookiesBlockID', $cookies );
// Clean up.
$block->delete();
}
/**
* When a user is autoblocked and a cookie is set to track them, the expiry time of the cookie
Default block-cookies to 24 hours only Rather than use wgCookieExpiration as the basis for the maximum life of a block cookie, just use 1 day. Tests have been updated also. Bug: T153347 Change-Id: I3447d97af3170308834f365c5c600430f47c66a7
2016-12-20 12:08:38 +00:00
* should match the block's expiry, to a maximum of 24 hours. If the expiry time is changed,
* the cookie's should change with it.
Send a cookie with autoblocks to prevent vandalism. Send a cookie with blocks that have autoblock turned on so that the user will be identified to MediaWiki and any IP they try to edit anonymously from will be blocked, even without logging in to the originally blocked account. Additionally, the block info is stored in local storage as well as an even stronger deterrence. Note: this is meant to deter normal vandals, i.e., not attackers who know what cookies and local storage are and will be actively removing the cookie. This feature is disabled by default, and can be enabled with the new $wgCookieSetOnAutoblock configuration variable (by setting it to true); The cookie will expire at the same time as the block or after $wgCookieExpiration (whichever is sooner). Bug: T5233 Bug: T147610 Change-Id: Ic3383af56c555c1592d272490ff4da683b9d7b1b
2013-02-07 21:56:54 +00:00
*/
public function testAutoblockCookieInfiniteExpiry() {
$this->setMwGlobals( [
'wgCookieSetOnAutoblock' => true,
'wgCookiePrefix' => 'wm_infinite_block',
Validate BlockID cookie before use This change adds a HMAC to the block-cookie to prevent someone spoofing a cookie and so discovering revdeleted users' names. The HMAC is only added if $wgSecretKey is set; if it isn't, the existing plain-ID format is used. A note about this has been added to DefaultSettings.php. Tests are updated and new tests added to demonstrate an inauthentic HMAC, and for when $wgSecretKey is not definied. Bug: T152951 Change-Id: I6a3ef9e91091408c25eaa2d36d58b365d681e8c6
2017-01-04 03:38:27 +00:00
'wgSecretKey' => MWCryptRand::generateHex( 64, true ),
Send a cookie with autoblocks to prevent vandalism. Send a cookie with blocks that have autoblock turned on so that the user will be identified to MediaWiki and any IP they try to edit anonymously from will be blocked, even without logging in to the originally blocked account. Additionally, the block info is stored in local storage as well as an even stronger deterrence. Note: this is meant to deter normal vandals, i.e., not attackers who know what cookies and local storage are and will be actively removing the cookie. This feature is disabled by default, and can be enabled with the new $wgCookieSetOnAutoblock configuration variable (by setting it to true); The cookie will expire at the same time as the block or after $wgCookieExpiration (whichever is sooner). Bug: T5233 Bug: T147610 Change-Id: Ic3383af56c555c1592d272490ff4da683b9d7b1b
2013-02-07 21:56:54 +00:00
] );
Specify a blocker for all UserTest blocks Also, un-register the PerofmrRetroactiveAutoblock hook from CheckUser as it will assume an IP address for the user which is not specified in UserTest. This will keep the unit tests focused on unit testing, as opposed to integration. Bug:T176103 Change-Id: I3a090f7bae5ba266c3cd4500ecf83338fb8503bb
2017-09-18 18:57:17 +00:00
// Unregister the hooks for proper unit testing
$this->mergeMwGlobalArrayValue( 'wgHooks', [
'PerformRetroactiveAutoblock' => []
] );
Send a cookie with autoblocks to prevent vandalism. Send a cookie with blocks that have autoblock turned on so that the user will be identified to MediaWiki and any IP they try to edit anonymously from will be blocked, even without logging in to the originally blocked account. Additionally, the block info is stored in local storage as well as an even stronger deterrence. Note: this is meant to deter normal vandals, i.e., not attackers who know what cookies and local storage are and will be actively removing the cookie. This feature is disabled by default, and can be enabled with the new $wgCookieSetOnAutoblock configuration variable (by setting it to true); The cookie will expire at the same time as the block or after $wgCookieExpiration (whichever is sooner). Bug: T5233 Bug: T147610 Change-Id: Ic3383af56c555c1592d272490ff4da683b9d7b1b
2013-02-07 21:56:54 +00:00
// 1. Log in a test user, and block them indefinitely.
Specify a blocker for all UserTest blocks Also, un-register the PerofmrRetroactiveAutoblock hook from CheckUser as it will assume an IP address for the user which is not specified in UserTest. This will keep the unit tests focused on unit testing, as opposed to integration. Bug:T176103 Change-Id: I3a090f7bae5ba266c3cd4500ecf83338fb8503bb
2017-09-18 18:57:17 +00:00
$userBlocker = $this->getTestSysop()->getUser();
Send a cookie with autoblocks to prevent vandalism. Send a cookie with blocks that have autoblock turned on so that the user will be identified to MediaWiki and any IP they try to edit anonymously from will be blocked, even without logging in to the originally blocked account. Additionally, the block info is stored in local storage as well as an even stronger deterrence. Note: this is meant to deter normal vandals, i.e., not attackers who know what cookies and local storage are and will be actively removing the cookie. This feature is disabled by default, and can be enabled with the new $wgCookieSetOnAutoblock configuration variable (by setting it to true); The cookie will expire at the same time as the block or after $wgCookieExpiration (whichever is sooner). Bug: T5233 Bug: T147610 Change-Id: Ic3383af56c555c1592d272490ff4da683b9d7b1b
2013-02-07 21:56:54 +00:00
$user1Tmp = $this->getTestUser()->getUser();
$request1 = new FauxRequest();
$request1->getSession()->setUser( $user1Tmp );
$block = new Block( [ 'enableAutoblock' => true, 'expiry' => 'infinity' ] );
$block->setTarget( $user1Tmp );
Specify a blocker for all UserTest blocks Also, un-register the PerofmrRetroactiveAutoblock hook from CheckUser as it will assume an IP address for the user which is not specified in UserTest. This will keep the unit tests focused on unit testing, as opposed to integration. Bug:T176103 Change-Id: I3a090f7bae5ba266c3cd4500ecf83338fb8503bb
2017-09-18 18:57:17 +00:00
$block->setBlocker( $userBlocker );
Assert that blocks were inserted successfully in UserTest Bug: T176103 Change-Id: Ia8afc37605a844590abe49eaad1e806bd2c7f6f8
2017-09-18 18:03:04 +00:00
$res = $block->insert();
$this->assertTrue( (bool)$res['id'], 'Failed to insert block' );
Send a cookie with autoblocks to prevent vandalism. Send a cookie with blocks that have autoblock turned on so that the user will be identified to MediaWiki and any IP they try to edit anonymously from will be blocked, even without logging in to the originally blocked account. Additionally, the block info is stored in local storage as well as an even stronger deterrence. Note: this is meant to deter normal vandals, i.e., not attackers who know what cookies and local storage are and will be actively removing the cookie. This feature is disabled by default, and can be enabled with the new $wgCookieSetOnAutoblock configuration variable (by setting it to true); The cookie will expire at the same time as the block or after $wgCookieExpiration (whichever is sooner). Bug: T5233 Bug: T147610 Change-Id: Ic3383af56c555c1592d272490ff4da683b9d7b1b
2013-02-07 21:56:54 +00:00
$user1 = User::newFromSession( $request1 );
$user1->mBlock = $block;
$user1->load();
// 2. Test the cookie's expiry timestamp.
$this->assertTrue( $user1->isLoggedIn() );
$this->assertTrue( $user1->isBlocked() );
$this->assertEquals( Block::TYPE_USER, $block->getType() );
$this->assertTrue( $block->isAutoblocking() );
$this->assertGreaterThanOrEqual( 1, $user1->getBlockId() );
$cookies = $request1->response()->getCookies();
Default block-cookies to 24 hours only Rather than use wgCookieExpiration as the basis for the maximum life of a block cookie, just use 1 day. Tests have been updated also. Bug: T153347 Change-Id: I3447d97af3170308834f365c5c600430f47c66a7
2016-12-20 12:08:38 +00:00
// Test the cookie's expiry to the nearest minute.
Send a cookie with autoblocks to prevent vandalism. Send a cookie with blocks that have autoblock turned on so that the user will be identified to MediaWiki and any IP they try to edit anonymously from will be blocked, even without logging in to the originally blocked account. Additionally, the block info is stored in local storage as well as an even stronger deterrence. Note: this is meant to deter normal vandals, i.e., not attackers who know what cookies and local storage are and will be actively removing the cookie. This feature is disabled by default, and can be enabled with the new $wgCookieSetOnAutoblock configuration variable (by setting it to true); The cookie will expire at the same time as the block or after $wgCookieExpiration (whichever is sooner). Bug: T5233 Bug: T147610 Change-Id: Ic3383af56c555c1592d272490ff4da683b9d7b1b
2013-02-07 21:56:54 +00:00
$this->assertArrayHasKey( 'wm_infinite_blockBlockID', $cookies );
Default block-cookies to 24 hours only Rather than use wgCookieExpiration as the basis for the maximum life of a block cookie, just use 1 day. Tests have been updated also. Bug: T153347 Change-Id: I3447d97af3170308834f365c5c600430f47c66a7
2016-12-20 12:08:38 +00:00
$expOneDay = wfTimestamp() + ( 24 * 60 * 60 );
Check for expiry dates in a 10-second window This changes a test of expiry dates to be a 10-second range, to account for slow testing. For example, a test may start and set the block's expiry in one second, but by the time it is reading the value from that block's cookie it can sometimes be the next second. Making it 10 seconds just gives it more room for being slow. Bug: T153527 Change-Id: I5efde7785134a75487d31ef3d8b7b14f53b7f5d0
2016-12-20 12:13:56 +00:00
// Check for expiry dates in a 10-second window, to account for slow testing.
phpunit: Use assertEquals(, $delta) in UserTest instead of greater/lessThan Follows-up 9d8358e09. Documented at https://phpunit.de/manual/4.8/en/appendixes.assertions.html#appendixes.assertions.assertEquals Change-Id: Id337626c069663883d6a4bde58432637d33eb8c0
2017-01-04 03:29:35 +00:00
$this->assertEquals(
$expOneDay,
$cookies['wm_infinite_blockBlockID']['expire'],
'Expiry date',
5.0
Check for expiry dates in a 10-second window This changes a test of expiry dates to be a 10-second range, to account for slow testing. For example, a test may start and set the block's expiry in one second, but by the time it is reading the value from that block's cookie it can sometimes be the next second. Making it 10 seconds just gives it more room for being slow. Bug: T153527 Change-Id: I5efde7785134a75487d31ef3d8b7b14f53b7f5d0
2016-12-20 12:13:56 +00:00
);
Send a cookie with autoblocks to prevent vandalism. Send a cookie with blocks that have autoblock turned on so that the user will be identified to MediaWiki and any IP they try to edit anonymously from will be blocked, even without logging in to the originally blocked account. Additionally, the block info is stored in local storage as well as an even stronger deterrence. Note: this is meant to deter normal vandals, i.e., not attackers who know what cookies and local storage are and will be actively removing the cookie. This feature is disabled by default, and can be enabled with the new $wgCookieSetOnAutoblock configuration variable (by setting it to true); The cookie will expire at the same time as the block or after $wgCookieExpiration (whichever is sooner). Bug: T5233 Bug: T147610 Change-Id: Ic3383af56c555c1592d272490ff4da683b9d7b1b
2013-02-07 21:56:54 +00:00
Default block-cookies to 24 hours only Rather than use wgCookieExpiration as the basis for the maximum life of a block cookie, just use 1 day. Tests have been updated also. Bug: T153347 Change-Id: I3447d97af3170308834f365c5c600430f47c66a7
2016-12-20 12:08:38 +00:00
// 3. Change the block's expiry (to 2 hours), and the cookie's should be changed also.
$newExpiry = wfTimestamp() + 2 * 60 * 60;
Send a cookie with autoblocks to prevent vandalism. Send a cookie with blocks that have autoblock turned on so that the user will be identified to MediaWiki and any IP they try to edit anonymously from will be blocked, even without logging in to the originally blocked account. Additionally, the block info is stored in local storage as well as an even stronger deterrence. Note: this is meant to deter normal vandals, i.e., not attackers who know what cookies and local storage are and will be actively removing the cookie. This feature is disabled by default, and can be enabled with the new $wgCookieSetOnAutoblock configuration variable (by setting it to true); The cookie will expire at the same time as the block or after $wgCookieExpiration (whichever is sooner). Bug: T5233 Bug: T147610 Change-Id: Ic3383af56c555c1592d272490ff4da683b9d7b1b
2013-02-07 21:56:54 +00:00
$block->mExpiry = wfTimestamp( TS_MW, $newExpiry );
$block->update();
$user2tmp = $this->getTestUser()->getUser();
$request2 = new FauxRequest();
$request2->getSession()->setUser( $user2tmp );
$user2 = User::newFromSession( $request2 );
$user2->mBlock = $block;
$user2->load();
$cookies = $request2->response()->getCookies();
Default block-cookies to 24 hours only Rather than use wgCookieExpiration as the basis for the maximum life of a block cookie, just use 1 day. Tests have been updated also. Bug: T153347 Change-Id: I3447d97af3170308834f365c5c600430f47c66a7
2016-12-20 12:08:38 +00:00
$this->assertEquals( wfTimestamp( TS_MW, $newExpiry ), $block->getExpiry() );
Send a cookie with autoblocks to prevent vandalism. Send a cookie with blocks that have autoblock turned on so that the user will be identified to MediaWiki and any IP they try to edit anonymously from will be blocked, even without logging in to the originally blocked account. Additionally, the block info is stored in local storage as well as an even stronger deterrence. Note: this is meant to deter normal vandals, i.e., not attackers who know what cookies and local storage are and will be actively removing the cookie. This feature is disabled by default, and can be enabled with the new $wgCookieSetOnAutoblock configuration variable (by setting it to true); The cookie will expire at the same time as the block or after $wgCookieExpiration (whichever is sooner). Bug: T5233 Bug: T147610 Change-Id: Ic3383af56c555c1592d272490ff4da683b9d7b1b
2013-02-07 21:56:54 +00:00
$this->assertEquals( $newExpiry, $cookies['wm_infinite_blockBlockID']['expire'] );
// Clean up.
$block->delete();
}
Add $wgSoftBlockRanges This variable allows for blocking anonymous contributions from certain IP addresses. Account creation from these addresses will be allowed. The idea here is that, for example, Wikimedia could add 10.0.0.0/8 to prevent logged-out bots on labs from making confusing edits. See I74f5f4a3. The default for the new variable is empty to avoid causing issues on upgrade for wikis on private networks. Change-Id: I6c11a6b9e1a740de074e7ccd753418f94c4b6288
2016-11-23 19:51:30 +00:00
public function testSoftBlockRanges() {
global $wgUser;
$this->setMwGlobals( [
'wgSoftBlockRanges' => [ '10.0.0.0/8' ],
'wgUser' => null,
] );
// IP isn't in $wgSoftBlockRanges
$request = new FauxRequest();
$request->setIP( '192.168.0.1' );
$wgUser = User::newFromSession( $request );
$this->assertNull( $wgUser->getBlock() );
// IP is in $wgSoftBlockRanges
$request = new FauxRequest();
$request->setIP( '10.20.30.40' );
$wgUser = User::newFromSession( $request );
$block = $wgUser->getBlock();
$this->assertInstanceOf( Block::class, $block );
$this->assertSame( 'wgSoftBlockRanges', $block->getSystemBlockType() );
// Make sure the block is really soft
$request->getSession()->setUser( $this->getTestUser()->getUser() );
$wgUser = User::newFromSession( $request );
$this->assertFalse( $wgUser->isAnon(), 'sanity check' );
$this->assertNull( $wgUser->getBlock() );
}
Validate BlockID cookie before use This change adds a HMAC to the block-cookie to prevent someone spoofing a cookie and so discovering revdeleted users' names. The HMAC is only added if $wgSecretKey is set; if it isn't, the existing plain-ID format is used. A note about this has been added to DefaultSettings.php. Tests are updated and new tests added to demonstrate an inauthentic HMAC, and for when $wgSecretKey is not definied. Bug: T152951 Change-Id: I6a3ef9e91091408c25eaa2d36d58b365d681e8c6
2017-01-04 03:38:27 +00:00
/**
* Test that a modified BlockID cookie doesn't actually load the relevant block (T152951).
*/
public function testAutoblockCookieInauthentic() {
// Set up the bits of global configuration that we use.
$this->setMwGlobals( [
'wgCookieSetOnAutoblock' => true,
'wgCookiePrefix' => 'wmsitetitle',
'wgSecretKey' => MWCryptRand::generateHex( 64, true ),
] );
Specify a blocker for all UserTest blocks Also, un-register the PerofmrRetroactiveAutoblock hook from CheckUser as it will assume an IP address for the user which is not specified in UserTest. This will keep the unit tests focused on unit testing, as opposed to integration. Bug:T176103 Change-Id: I3a090f7bae5ba266c3cd4500ecf83338fb8503bb
2017-09-18 18:57:17 +00:00
// Unregister the hooks for proper unit testing
$this->mergeMwGlobalArrayValue( 'wgHooks', [
'PerformRetroactiveAutoblock' => []
] );
Validate BlockID cookie before use This change adds a HMAC to the block-cookie to prevent someone spoofing a cookie and so discovering revdeleted users' names. The HMAC is only added if $wgSecretKey is set; if it isn't, the existing plain-ID format is used. A note about this has been added to DefaultSettings.php. Tests are updated and new tests added to demonstrate an inauthentic HMAC, and for when $wgSecretKey is not definied. Bug: T152951 Change-Id: I6a3ef9e91091408c25eaa2d36d58b365d681e8c6
2017-01-04 03:38:27 +00:00
// 1. Log in a blocked test user.
Specify a blocker for all UserTest blocks Also, un-register the PerofmrRetroactiveAutoblock hook from CheckUser as it will assume an IP address for the user which is not specified in UserTest. This will keep the unit tests focused on unit testing, as opposed to integration. Bug:T176103 Change-Id: I3a090f7bae5ba266c3cd4500ecf83338fb8503bb
2017-09-18 18:57:17 +00:00
$userBlocker = $this->getTestSysop()->getUser();
Validate BlockID cookie before use This change adds a HMAC to the block-cookie to prevent someone spoofing a cookie and so discovering revdeleted users' names. The HMAC is only added if $wgSecretKey is set; if it isn't, the existing plain-ID format is used. A note about this has been added to DefaultSettings.php. Tests are updated and new tests added to demonstrate an inauthentic HMAC, and for when $wgSecretKey is not definied. Bug: T152951 Change-Id: I6a3ef9e91091408c25eaa2d36d58b365d681e8c6
2017-01-04 03:38:27 +00:00
$user1tmp = $this->getTestUser()->getUser();
$request1 = new FauxRequest();
$request1->getSession()->setUser( $user1tmp );
$block = new Block( [ 'enableAutoblock' => true ] );
$block->setTarget( $user1tmp );
Specify a blocker for all UserTest blocks Also, un-register the PerofmrRetroactiveAutoblock hook from CheckUser as it will assume an IP address for the user which is not specified in UserTest. This will keep the unit tests focused on unit testing, as opposed to integration. Bug:T176103 Change-Id: I3a090f7bae5ba266c3cd4500ecf83338fb8503bb
2017-09-18 18:57:17 +00:00
$block->setBlocker( $userBlocker );
Assert that blocks were inserted successfully in UserTest Bug: T176103 Change-Id: Ia8afc37605a844590abe49eaad1e806bd2c7f6f8
2017-09-18 18:03:04 +00:00
$res = $block->insert();
$this->assertTrue( (bool)$res['id'], 'Failed to insert block' );
Validate BlockID cookie before use This change adds a HMAC to the block-cookie to prevent someone spoofing a cookie and so discovering revdeleted users' names. The HMAC is only added if $wgSecretKey is set; if it isn't, the existing plain-ID format is used. A note about this has been added to DefaultSettings.php. Tests are updated and new tests added to demonstrate an inauthentic HMAC, and for when $wgSecretKey is not definied. Bug: T152951 Change-Id: I6a3ef9e91091408c25eaa2d36d58b365d681e8c6
2017-01-04 03:38:27 +00:00
$user1 = User::newFromSession( $request1 );
$user1->mBlock = $block;
$user1->load();
// 2. Create a new request, set the cookie to an invalid value, and make sure the (anon)
// user not blocked.
$request2 = new FauxRequest();
$request2->setCookie( 'BlockID', $block->getId() . '!zzzzzzz' );
$user2 = User::newFromSession( $request2 );
$user2->load();
$this->assertTrue( $user2->isAnon() );
$this->assertFalse( $user2->isLoggedIn() );
$this->assertFalse( $user2->isBlocked() );
// Clean up.
$block->delete();
}
/**
* The BlockID cookie is normally verified with a HMAC, but not if wgSecretKey is not set.
* This checks that a non-authenticated cookie still works.
*/
public function testAutoblockCookieNoSecretKey() {
// Set up the bits of global configuration that we use.
$this->setMwGlobals( [
'wgCookieSetOnAutoblock' => true,
'wgCookiePrefix' => 'wmsitetitle',
'wgSecretKey' => null,
] );
Specify a blocker for all UserTest blocks Also, un-register the PerofmrRetroactiveAutoblock hook from CheckUser as it will assume an IP address for the user which is not specified in UserTest. This will keep the unit tests focused on unit testing, as opposed to integration. Bug:T176103 Change-Id: I3a090f7bae5ba266c3cd4500ecf83338fb8503bb
2017-09-18 18:57:17 +00:00
// Unregister the hooks for proper unit testing
$this->mergeMwGlobalArrayValue( 'wgHooks', [
'PerformRetroactiveAutoblock' => []
] );
Validate BlockID cookie before use This change adds a HMAC to the block-cookie to prevent someone spoofing a cookie and so discovering revdeleted users' names. The HMAC is only added if $wgSecretKey is set; if it isn't, the existing plain-ID format is used. A note about this has been added to DefaultSettings.php. Tests are updated and new tests added to demonstrate an inauthentic HMAC, and for when $wgSecretKey is not definied. Bug: T152951 Change-Id: I6a3ef9e91091408c25eaa2d36d58b365d681e8c6
2017-01-04 03:38:27 +00:00
// 1. Log in a blocked test user.
Specify a blocker for all UserTest blocks Also, un-register the PerofmrRetroactiveAutoblock hook from CheckUser as it will assume an IP address for the user which is not specified in UserTest. This will keep the unit tests focused on unit testing, as opposed to integration. Bug:T176103 Change-Id: I3a090f7bae5ba266c3cd4500ecf83338fb8503bb
2017-09-18 18:57:17 +00:00
$userBlocker = $this->getTestSysop()->getUser();
Validate BlockID cookie before use This change adds a HMAC to the block-cookie to prevent someone spoofing a cookie and so discovering revdeleted users' names. The HMAC is only added if $wgSecretKey is set; if it isn't, the existing plain-ID format is used. A note about this has been added to DefaultSettings.php. Tests are updated and new tests added to demonstrate an inauthentic HMAC, and for when $wgSecretKey is not definied. Bug: T152951 Change-Id: I6a3ef9e91091408c25eaa2d36d58b365d681e8c6
2017-01-04 03:38:27 +00:00
$user1tmp = $this->getTestUser()->getUser();
$request1 = new FauxRequest();
$request1->getSession()->setUser( $user1tmp );
$block = new Block( [ 'enableAutoblock' => true ] );
$block->setTarget( $user1tmp );
Specify a blocker for all UserTest blocks Also, un-register the PerofmrRetroactiveAutoblock hook from CheckUser as it will assume an IP address for the user which is not specified in UserTest. This will keep the unit tests focused on unit testing, as opposed to integration. Bug:T176103 Change-Id: I3a090f7bae5ba266c3cd4500ecf83338fb8503bb
2017-09-18 18:57:17 +00:00
$block->setBlocker( $userBlocker );
Assert that blocks were inserted successfully in UserTest Bug: T176103 Change-Id: Ia8afc37605a844590abe49eaad1e806bd2c7f6f8
2017-09-18 18:03:04 +00:00
$res = $block->insert();
$this->assertTrue( (bool)$res['id'], 'Failed to insert block' );
Validate BlockID cookie before use This change adds a HMAC to the block-cookie to prevent someone spoofing a cookie and so discovering revdeleted users' names. The HMAC is only added if $wgSecretKey is set; if it isn't, the existing plain-ID format is used. A note about this has been added to DefaultSettings.php. Tests are updated and new tests added to demonstrate an inauthentic HMAC, and for when $wgSecretKey is not definied. Bug: T152951 Change-Id: I6a3ef9e91091408c25eaa2d36d58b365d681e8c6
2017-01-04 03:38:27 +00:00
$user1 = User::newFromSession( $request1 );
$user1->mBlock = $block;
$user1->load();
$this->assertTrue( $user1->isBlocked() );
// 2. Create a new request, set the cookie to just the block ID, and the user should
// still get blocked when they log in again.
$request2 = new FauxRequest();
$request2->setCookie( 'BlockID', $block->getId() );
$user2 = User::newFromSession( $request2 );
$user2->load();
$this->assertNotEquals( $user1->getId(), $user2->getId() );
$this->assertNotEquals( $user1->getToken(), $user2->getToken() );
$this->assertTrue( $user2->isAnon() );
$this->assertFalse( $user2->isLoggedIn() );
$this->assertTrue( $user2->isBlocked() );
$this->assertEquals( true, $user2->getBlock()->isAutoblocking() ); // Non-strict type-check.
// Clean up.
$block->delete();
}
User::isPingLimitable(): handle CIDR notation in $wgRateLimitsExcludedIPs Bug: T156983 Change-Id: I727c19214cb3f9fad558d433bb38fbcf25d8497a
2017-02-02 01:23:01 +00:00
Add @covers tags to user tests Change-Id: I9ec5644e6b780937492eb5e0ea9e27ebad15ad43
2017-12-25 07:27:12 +00:00
/**
* @covers User::isPingLimitable
*/
User::isPingLimitable(): handle CIDR notation in $wgRateLimitsExcludedIPs Bug: T156983 Change-Id: I727c19214cb3f9fad558d433bb38fbcf25d8497a
2017-02-02 01:23:01 +00:00
public function testIsPingLimitable() {
$request = new FauxRequest();
$request->setIP( '1.2.3.4' );
$user = User::newFromSession( $request );
$this->setMwGlobals( 'wgRateLimitsExcludedIPs', [] );
$this->assertTrue( $user->isPingLimitable() );
$this->setMwGlobals( 'wgRateLimitsExcludedIPs', [ '1.2.3.4' ] );
$this->assertFalse( $user->isPingLimitable() );
$this->setMwGlobals( 'wgRateLimitsExcludedIPs', [ '1.2.3.0/8' ] );
$this->assertFalse( $user->isPingLimitable() );
$this->setMwGlobals( 'wgRateLimitsExcludedIPs', [] );
$noRateLimitUser = $this->getMockBuilder( User::class )->disableOriginalConstructor()
->setMethods( [ 'getIP', 'getRights' ] )->getMock();
$noRateLimitUser->expects( $this->any() )->method( 'getIP' )->willReturn( '1.2.3.4' );
$noRateLimitUser->expects( $this->any() )->method( 'getRights' )->willReturn( [ 'noratelimit' ] );
$this->assertFalse( $noRateLimitUser->isPingLimitable() );
}
RCFilters UI: Highlight behavior Let there be highlight! and there were highlights And RCFilters separated the highlight from the darkness And it defined highlights as five colors The lights are called yellow and green, and the darks red and blue And there were colors and there were circles; one highlight. This is the commit that adds highlight support for filters both in the backend and the UI. The backend tags results based on which filter they fit and the front end paints those results according to the color chosen by the user. Highlights can be toggled off and on. Also added circle indicators to the capsule items and each line of results to indicate whether the line has more than one color affecting it. Bug: T149467 Bug: T156164 Change-Id: I341c3f7c224271a18d455b9e5f5457ec43de802d
2017-02-10 14:18:02 +00:00
public function provideExperienceLevel() {
return [
[ 2, 2, 'newcomer' ],
[ 12, 3, 'newcomer' ],
[ 8, 5, 'newcomer' ],
[ 15, 10, 'learner' ],
[ 450, 20, 'learner' ],
[ 460, 33, 'learner' ],
[ 525, 28, 'learner' ],
[ 538, 33, 'experienced' ],
];
}
/**
Add @covers tags to user tests Change-Id: I9ec5644e6b780937492eb5e0ea9e27ebad15ad43
2017-12-25 07:27:12 +00:00
* @covers User::getExperienceLevel
RCFilters UI: Highlight behavior Let there be highlight! and there were highlights And RCFilters separated the highlight from the darkness And it defined highlights as five colors The lights are called yellow and green, and the darks red and blue And there were colors and there were circles; one highlight. This is the commit that adds highlight support for filters both in the backend and the UI. The backend tags results based on which filter they fit and the front end paints those results according to the color chosen by the user. Highlights can be toggled off and on. Also added circle indicators to the capsule items and each line of results to indicate whether the line has more than one color affecting it. Bug: T149467 Bug: T156164 Change-Id: I341c3f7c224271a18d455b9e5f5457ec43de802d
2017-02-10 14:18:02 +00:00
* @dataProvider provideExperienceLevel
*/
public function testExperienceLevel( $editCount, $memberSince, $expLevel ) {
$this->setMwGlobals( [
'wgLearnerEdits' => 10,
'wgLearnerMemberSince' => 4,
'wgExperiencedUserEdits' => 500,
'wgExperiencedUserMemberSince' => 30,
] );
$db = wfGetDB( DB_MASTER );
$data = new stdClass();
$data->user_id = 1;
$data->user_name = 'name';
$data->user_real_name = 'Real Name';
$data->user_touched = 1;
$data->user_token = 'token';
$data->user_email = 'a@a.a';
$data->user_email_authenticated = null;
$data->user_email_token = 'token';
$data->user_email_token_expires = null;
$data->user_editcount = $editCount;
$data->user_registration = $db->timestamp( time() - $memberSince * 86400 );
$user = User::newFromRow( $data );
$this->assertEquals( $expLevel, $user->getExperienceLevel() );
}
Add @covers tags to user tests Change-Id: I9ec5644e6b780937492eb5e0ea9e27ebad15ad43
2017-12-25 07:27:12 +00:00
/**
* @covers User::getExperienceLevel
*/
RCFilters UI: Highlight behavior Let there be highlight! and there were highlights And RCFilters separated the highlight from the darkness And it defined highlights as five colors The lights are called yellow and green, and the darks red and blue And there were colors and there were circles; one highlight. This is the commit that adds highlight support for filters both in the backend and the UI. The backend tags results based on which filter they fit and the front end paints those results according to the color chosen by the user. Highlights can be toggled off and on. Also added circle indicators to the capsule items and each line of results to indicate whether the line has more than one color affecting it. Bug: T149467 Bug: T156164 Change-Id: I341c3f7c224271a18d455b9e5f5457ec43de802d
2017-02-10 14:18:02 +00:00
public function testExperienceLevelAnon() {
$user = User::newFromName( '10.11.12.13', false );
$this->assertFalse( $user->getExperienceLevel() );
}
Use IPSet for checking of wgProxyList Instead of using array_* functions, use the IPSet for checking, if a specific IP address matches a set of addresses. This also deprecates a backward-compatibility functionality, that the wgProxyList array could also be an associative array, where the blocked IP address is set as a key of the array insted of a value. All IP address keys will be mved to values on-the-fly, however a deprecation warning will be emitted. A notice in the Release notes was added, too. Bug: T161580 Change-Id: I69d9534942c415ab044177969ecd54160079b593
2017-04-15 23:52:23 +00:00
public static function provideIsLocallBlockedProxy() {
return [
[ '1.2.3.4', '1.2.3.4' ],
[ '1.2.3.4', '1.2.3.0/16' ],
];
}
/**
* @dataProvider provideIsLocallBlockedProxy
* @covers User::isLocallyBlockedProxy
*/
public function testIsLocallyBlockedProxy( $ip, $blockListEntry ) {
$this->setMwGlobals(
'wgProxyList', []
);
$this->assertFalse( User::isLocallyBlockedProxy( $ip ) );
$this->setMwGlobals(
'wgProxyList',
[
$blockListEntry
]
);
$this->assertTrue( User::isLocallyBlockedProxy( $ip ) );
$this->setMwGlobals(
'wgProxyList',
[
'test' => $blockListEntry
]
);
$this->assertTrue( User::isLocallyBlockedProxy( $ip ) );
$this->hideDeprecated(
'IP addresses in the keys of $wgProxyList (found the following IP ' .
'addresses in keys: ' . $blockListEntry . ', please move them to values)'
);
$this->setMwGlobals(
'wgProxyList',
[
$blockListEntry => 'test'
]
);
$this->assertTrue( User::isLocallyBlockedProxy( $ip ) );
}
Since r92364 UserTest.php needs a database
2011-07-19 21:41:25 +00:00
}
Reference in a new issue Copy permalink