2015-11-22 20:17:00 +00:00
|
|
|
<?php
|
|
|
|
|
|
|
|
|
|
namespace MediaWiki\Auth;
|
|
|
|
|
|
2018-02-08 14:10:23 +00:00
|
|
|
use Config;
|
2022-05-28 06:56:01 +00:00
|
|
|
use Language;
|
Hooks::run() call site migration
Migrate all callers of Hooks::run() to use the new
HookContainer/HookRunner system.
General principles:
* Use DI if it is already used. We're not changing the way state is
managed in this patch.
* HookContainer is always injected, not HookRunner. HookContainer
is a service, it's a more generic interface, it is the only
thing that provides isRegistered() which is needed in some cases,
and a HookRunner can be efficiently constructed from it
(confirmed by benchmark). Because HookContainer is needed
for object construction, it is also needed by all factories.
* "Ask your friendly local base class". Big hierarchies like
SpecialPage and ApiBase have getHookContainer() and getHookRunner()
methods in the base class, and classes that extend that base class
are not expected to know or care where the base class gets its
HookContainer from.
* ProtectedHookAccessorTrait provides protected getHookContainer() and
getHookRunner() methods, getting them from the global service
container. The point of this is to ease migration to DI by ensuring
that call sites ask their local friendly base class rather than
getting a HookRunner from the service container directly.
* Private $this->hookRunner. In some smaller classes where accessor
methods did not seem warranted, there is a private HookRunner property
which is accessed directly. Very rarely (two cases), there is a
protected property, for consistency with code that conventionally
assumes protected=private, but in cases where the class might actually
be overridden, a protected accessor is preferred over a protected
property.
* The last resort: Hooks::runner(). Mostly for static, file-scope and
global code. In a few cases it was used for objects with broken
construction schemes, out of horror or laziness.
Constructors with new required arguments:
* AuthManager
* BadFileLookup
* BlockManager
* ClassicInterwikiLookup
* ContentHandlerFactory
* ContentSecurityPolicy
* DefaultOptionsManager
* DerivedPageDataUpdater
* FullSearchResultWidget
* HtmlCacheUpdater
* LanguageFactory
* LanguageNameUtils
* LinkRenderer
* LinkRendererFactory
* LocalisationCache
* MagicWordFactory
* MessageCache
* NamespaceInfo
* PageEditStash
* PageHandlerFactory
* PageUpdater
* ParserFactory
* PermissionManager
* RevisionStore
* RevisionStoreFactory
* SearchEngineConfig
* SearchEngineFactory
* SearchFormWidget
* SearchNearMatcher
* SessionBackend
* SpecialPageFactory
* UserNameUtils
* UserOptionsManager
* WatchedItemQueryService
* WatchedItemStore
Constructors with new optional arguments:
* DefaultPreferencesFactory
* Language
* LinkHolderArray
* MovePage
* Parser
* ParserCache
* PasswordReset
* Router
setHookContainer() now required after construction:
* AuthenticationProvider
* ResourceLoaderModule
* SearchEngine
Change-Id: Id442b0dbe43aba84bd5cf801d86dedc768b082c7
2020-03-19 02:42:09 +00:00
|
|
|
use MediaWiki\Auth\Hook\AuthManagerLoginAuthenticateAuditHook;
|
|
|
|
|
use MediaWiki\Auth\Hook\LocalUserCreatedHook;
|
|
|
|
|
use MediaWiki\Auth\Hook\SecuritySensitiveOperationStatusHook;
|
|
|
|
|
use MediaWiki\Auth\Hook\UserLoggedInHook;
|
2020-10-30 10:55:50 +00:00
|
|
|
use MediaWiki\Block\BlockManager;
|
2019-05-13 14:18:07 +00:00
|
|
|
use MediaWiki\Block\DatabaseBlock;
|
Hooks::run() call site migration
Migrate all callers of Hooks::run() to use the new
HookContainer/HookRunner system.
General principles:
* Use DI if it is already used. We're not changing the way state is
managed in this patch.
* HookContainer is always injected, not HookRunner. HookContainer
is a service, it's a more generic interface, it is the only
thing that provides isRegistered() which is needed in some cases,
and a HookRunner can be efficiently constructed from it
(confirmed by benchmark). Because HookContainer is needed
for object construction, it is also needed by all factories.
* "Ask your friendly local base class". Big hierarchies like
SpecialPage and ApiBase have getHookContainer() and getHookRunner()
methods in the base class, and classes that extend that base class
are not expected to know or care where the base class gets its
HookContainer from.
* ProtectedHookAccessorTrait provides protected getHookContainer() and
getHookRunner() methods, getting them from the global service
container. The point of this is to ease migration to DI by ensuring
that call sites ask their local friendly base class rather than
getting a HookRunner from the service container directly.
* Private $this->hookRunner. In some smaller classes where accessor
methods did not seem warranted, there is a private HookRunner property
which is accessed directly. Very rarely (two cases), there is a
protected property, for consistency with code that conventionally
assumes protected=private, but in cases where the class might actually
be overridden, a protected accessor is preferred over a protected
property.
* The last resort: Hooks::runner(). Mostly for static, file-scope and
global code. In a few cases it was used for objects with broken
construction schemes, out of horror or laziness.
Constructors with new required arguments:
* AuthManager
* BadFileLookup
* BlockManager
* ClassicInterwikiLookup
* ContentHandlerFactory
* ContentSecurityPolicy
* DefaultOptionsManager
* DerivedPageDataUpdater
* FullSearchResultWidget
* HtmlCacheUpdater
* LanguageFactory
* LanguageNameUtils
* LinkRenderer
* LinkRendererFactory
* LocalisationCache
* MagicWordFactory
* MessageCache
* NamespaceInfo
* PageEditStash
* PageHandlerFactory
* PageUpdater
* ParserFactory
* PermissionManager
* RevisionStore
* RevisionStoreFactory
* SearchEngineConfig
* SearchEngineFactory
* SearchFormWidget
* SearchNearMatcher
* SessionBackend
* SpecialPageFactory
* UserNameUtils
* UserOptionsManager
* WatchedItemQueryService
* WatchedItemStore
Constructors with new optional arguments:
* DefaultPreferencesFactory
* Language
* LinkHolderArray
* MovePage
* Parser
* ParserCache
* PasswordReset
* Router
setHookContainer() now required after construction:
* AuthenticationProvider
* ResourceLoaderModule
* SearchEngine
Change-Id: Id442b0dbe43aba84bd5cf801d86dedc768b082c7
2020-03-19 02:42:09 +00:00
|
|
|
use MediaWiki\HookContainer\HookContainer;
|
|
|
|
|
use MediaWiki\HookContainer\StaticHookRegistry;
|
2022-05-28 06:56:01 +00:00
|
|
|
use MediaWiki\Languages\LanguageConverterFactory;
|
2019-08-26 12:24:37 +00:00
|
|
|
use MediaWiki\MediaWikiServices;
|
2015-11-22 20:17:00 +00:00
|
|
|
use MediaWiki\Session\SessionInfo;
|
|
|
|
|
use MediaWiki\Session\UserInfo;
|
2021-08-05 21:09:06 +00:00
|
|
|
use MediaWiki\User\BotPasswordStore;
|
|
|
|
|
use MediaWiki\User\UserFactory;
|
|
|
|
|
use MediaWiki\User\UserIdentityLookup;
|
2020-04-08 18:19:49 +00:00
|
|
|
use MediaWiki\User\UserNameUtils;
|
2021-08-05 21:09:06 +00:00
|
|
|
use MediaWiki\User\UserOptionsManager;
|
2021-04-13 00:43:46 +00:00
|
|
|
use MediaWiki\Watchlist\WatchlistManager;
|
2019-10-06 04:54:59 +00:00
|
|
|
use PHPUnit\Framework\Assert;
|
2020-11-13 21:43:00 +00:00
|
|
|
use PHPUnit\Framework\MockObject\Builder\InvocationMocker;
|
|
|
|
|
use PHPUnit\Framework\MockObject\Rule\InvocationOrder;
|
2019-11-08 21:24:00 +00:00
|
|
|
use Psr\Container\ContainerInterface;
|
2018-02-08 14:10:23 +00:00
|
|
|
use Psr\Log\LoggerInterface;
|
2015-11-22 20:17:00 +00:00
|
|
|
use Psr\Log\LogLevel;
|
2020-10-10 21:03:11 +00:00
|
|
|
use ReadOnlyMode;
|
2021-04-21 16:25:17 +00:00
|
|
|
use Status;
|
2015-11-22 20:17:00 +00:00
|
|
|
use StatusValue;
|
2018-02-08 14:10:23 +00:00
|
|
|
use WebRequest;
|
2022-03-09 22:16:22 +00:00
|
|
|
use Wikimedia\ObjectFactory\ObjectFactory;
|
2022-05-28 06:56:01 +00:00
|
|
|
use Wikimedia\Rdbms\ILoadBalancer;
|
2016-10-12 05:36:03 +00:00
|
|
|
use Wikimedia\ScopedCallback;
|
2017-04-19 19:37:35 +00:00
|
|
|
use Wikimedia\TestingAccessWrapper;
|
2015-11-22 20:17:00 +00:00
|
|
|
|
|
|
|
|
/**
|
|
|
|
|
* @group AuthManager
|
|
|
|
|
* @group Database
|
2018-10-31 13:22:47 +00:00
|
|
|
* @covers \MediaWiki\Auth\AuthManager
|
2015-11-22 20:17:00 +00:00
|
|
|
*/
|
2020-06-30 15:09:24 +00:00
|
|
|
class AuthManagerTest extends \MediaWikiIntegrationTestCase {
|
2015-11-22 20:17:00 +00:00
|
|
|
/** @var WebRequest */
|
|
|
|
|
protected $request;
|
|
|
|
|
/** @var Config */
|
|
|
|
|
protected $config;
|
2019-11-08 21:24:00 +00:00
|
|
|
/** @var ObjectFactory */
|
|
|
|
|
protected $objectFactory;
|
2020-10-10 21:03:11 +00:00
|
|
|
/** @var ReadOnlyMode */
|
|
|
|
|
protected $readOnlyMode;
|
Hooks::run() call site migration
Migrate all callers of Hooks::run() to use the new
HookContainer/HookRunner system.
General principles:
* Use DI if it is already used. We're not changing the way state is
managed in this patch.
* HookContainer is always injected, not HookRunner. HookContainer
is a service, it's a more generic interface, it is the only
thing that provides isRegistered() which is needed in some cases,
and a HookRunner can be efficiently constructed from it
(confirmed by benchmark). Because HookContainer is needed
for object construction, it is also needed by all factories.
* "Ask your friendly local base class". Big hierarchies like
SpecialPage and ApiBase have getHookContainer() and getHookRunner()
methods in the base class, and classes that extend that base class
are not expected to know or care where the base class gets its
HookContainer from.
* ProtectedHookAccessorTrait provides protected getHookContainer() and
getHookRunner() methods, getting them from the global service
container. The point of this is to ease migration to DI by ensuring
that call sites ask their local friendly base class rather than
getting a HookRunner from the service container directly.
* Private $this->hookRunner. In some smaller classes where accessor
methods did not seem warranted, there is a private HookRunner property
which is accessed directly. Very rarely (two cases), there is a
protected property, for consistency with code that conventionally
assumes protected=private, but in cases where the class might actually
be overridden, a protected accessor is preferred over a protected
property.
* The last resort: Hooks::runner(). Mostly for static, file-scope and
global code. In a few cases it was used for objects with broken
construction schemes, out of horror or laziness.
Constructors with new required arguments:
* AuthManager
* BadFileLookup
* BlockManager
* ClassicInterwikiLookup
* ContentHandlerFactory
* ContentSecurityPolicy
* DefaultOptionsManager
* DerivedPageDataUpdater
* FullSearchResultWidget
* HtmlCacheUpdater
* LanguageFactory
* LanguageNameUtils
* LinkRenderer
* LinkRendererFactory
* LocalisationCache
* MagicWordFactory
* MessageCache
* NamespaceInfo
* PageEditStash
* PageHandlerFactory
* PageUpdater
* ParserFactory
* PermissionManager
* RevisionStore
* RevisionStoreFactory
* SearchEngineConfig
* SearchEngineFactory
* SearchFormWidget
* SearchNearMatcher
* SessionBackend
* SpecialPageFactory
* UserNameUtils
* UserOptionsManager
* WatchedItemQueryService
* WatchedItemStore
Constructors with new optional arguments:
* DefaultPreferencesFactory
* Language
* LinkHolderArray
* MovePage
* Parser
* ParserCache
* PasswordReset
* Router
setHookContainer() now required after construction:
* AuthenticationProvider
* ResourceLoaderModule
* SearchEngine
Change-Id: Id442b0dbe43aba84bd5cf801d86dedc768b082c7
2020-03-19 02:42:09 +00:00
|
|
|
|
|
|
|
|
/** @var HookContainer */
|
|
|
|
|
private $hookContainer;
|
|
|
|
|
/** @var array */
|
|
|
|
|
private $authHooks;
|
|
|
|
|
|
2020-04-08 18:19:49 +00:00
|
|
|
/** @var UserNameUtils */
|
|
|
|
|
protected $userNameUtils;
|
|
|
|
|
|
2018-02-08 14:10:23 +00:00
|
|
|
/** @var LoggerInterface */
|
2015-11-22 20:17:00 +00:00
|
|
|
protected $logger;
|
|
|
|
|
|
|
|
|
|
protected $preauthMocks = [];
|
|
|
|
|
protected $primaryauthMocks = [];
|
|
|
|
|
protected $secondaryauthMocks = [];
|
|
|
|
|
|
|
|
|
|
/** @var AuthManager */
|
|
|
|
|
protected $manager;
|
|
|
|
|
/** @var TestingAccessWrapper */
|
|
|
|
|
protected $managerPriv;
|
|
|
|
|
|
2020-10-30 10:55:50 +00:00
|
|
|
/** @var BlockManager */
|
|
|
|
|
private $blockManager;
|
|
|
|
|
|
2021-04-13 00:43:46 +00:00
|
|
|
/** @var WatchlistManager */
|
|
|
|
|
private $watchlistManager;
|
|
|
|
|
|
2021-07-22 11:38:45 +00:00
|
|
|
/** @var ILoadBalancer */
|
|
|
|
|
private $loadBalancer;
|
|
|
|
|
|
|
|
|
|
/** @var Language */
|
|
|
|
|
private $contentLanguage;
|
|
|
|
|
|
|
|
|
|
/** @var LanguageConverterFactory */
|
|
|
|
|
private $languageConverterFactory;
|
|
|
|
|
|
2021-08-05 21:09:06 +00:00
|
|
|
/** @var BotPasswordStore */
|
|
|
|
|
private $botPasswordStore;
|
|
|
|
|
|
|
|
|
|
/** @var UserFactory */
|
|
|
|
|
private $userFactory;
|
|
|
|
|
|
|
|
|
|
/** @var UserIdentityLookup */
|
|
|
|
|
private $userIdentityLookup;
|
|
|
|
|
|
|
|
|
|
/** @var UserOptionsManager */
|
|
|
|
|
private $userOptionsManager;
|
|
|
|
|
|
2021-04-21 16:25:17 +00:00
|
|
|
protected function setUp(): void {
|
|
|
|
|
parent::setUp();
|
|
|
|
|
$this->tablesUsed[] = 'ipblocks';
|
|
|
|
|
}
|
|
|
|
|
|
2015-11-22 20:17:00 +00:00
|
|
|
/**
|
|
|
|
|
* Sets a mock on a hook
|
|
|
|
|
* @param string $hook
|
2021-01-14 08:20:36 +00:00
|
|
|
* @param string $hookInterface
|
2020-11-13 21:43:00 +00:00
|
|
|
* @param InvocationOrder $expect From $this->once(), $this->never(), etc.
|
|
|
|
|
* @return InvocationMocker $mock->expects( $expect )->method( ... ).
|
2015-11-22 20:17:00 +00:00
|
|
|
*/
|
Hooks::run() call site migration
Migrate all callers of Hooks::run() to use the new
HookContainer/HookRunner system.
General principles:
* Use DI if it is already used. We're not changing the way state is
managed in this patch.
* HookContainer is always injected, not HookRunner. HookContainer
is a service, it's a more generic interface, it is the only
thing that provides isRegistered() which is needed in some cases,
and a HookRunner can be efficiently constructed from it
(confirmed by benchmark). Because HookContainer is needed
for object construction, it is also needed by all factories.
* "Ask your friendly local base class". Big hierarchies like
SpecialPage and ApiBase have getHookContainer() and getHookRunner()
methods in the base class, and classes that extend that base class
are not expected to know or care where the base class gets its
HookContainer from.
* ProtectedHookAccessorTrait provides protected getHookContainer() and
getHookRunner() methods, getting them from the global service
container. The point of this is to ease migration to DI by ensuring
that call sites ask their local friendly base class rather than
getting a HookRunner from the service container directly.
* Private $this->hookRunner. In some smaller classes where accessor
methods did not seem warranted, there is a private HookRunner property
which is accessed directly. Very rarely (two cases), there is a
protected property, for consistency with code that conventionally
assumes protected=private, but in cases where the class might actually
be overridden, a protected accessor is preferred over a protected
property.
* The last resort: Hooks::runner(). Mostly for static, file-scope and
global code. In a few cases it was used for objects with broken
construction schemes, out of horror or laziness.
Constructors with new required arguments:
* AuthManager
* BadFileLookup
* BlockManager
* ClassicInterwikiLookup
* ContentHandlerFactory
* ContentSecurityPolicy
* DefaultOptionsManager
* DerivedPageDataUpdater
* FullSearchResultWidget
* HtmlCacheUpdater
* LanguageFactory
* LanguageNameUtils
* LinkRenderer
* LinkRendererFactory
* LocalisationCache
* MagicWordFactory
* MessageCache
* NamespaceInfo
* PageEditStash
* PageHandlerFactory
* PageUpdater
* ParserFactory
* PermissionManager
* RevisionStore
* RevisionStoreFactory
* SearchEngineConfig
* SearchEngineFactory
* SearchFormWidget
* SearchNearMatcher
* SessionBackend
* SpecialPageFactory
* UserNameUtils
* UserOptionsManager
* WatchedItemQueryService
* WatchedItemStore
Constructors with new optional arguments:
* DefaultPreferencesFactory
* Language
* LinkHolderArray
* MovePage
* Parser
* ParserCache
* PasswordReset
* Router
setHookContainer() now required after construction:
* AuthenticationProvider
* ResourceLoaderModule
* SearchEngine
Change-Id: Id442b0dbe43aba84bd5cf801d86dedc768b082c7
2020-03-19 02:42:09 +00:00
|
|
|
protected function hook( $hook, $hookInterface, $expect ) {
|
|
|
|
|
$mock = $this->getMockBuilder( $hookInterface )
|
|
|
|
|
->onlyMethods( [ "on$hook" ] )
|
2017-04-05 23:39:50 +00:00
|
|
|
->getMock();
|
Hooks::run() call site migration
Migrate all callers of Hooks::run() to use the new
HookContainer/HookRunner system.
General principles:
* Use DI if it is already used. We're not changing the way state is
managed in this patch.
* HookContainer is always injected, not HookRunner. HookContainer
is a service, it's a more generic interface, it is the only
thing that provides isRegistered() which is needed in some cases,
and a HookRunner can be efficiently constructed from it
(confirmed by benchmark). Because HookContainer is needed
for object construction, it is also needed by all factories.
* "Ask your friendly local base class". Big hierarchies like
SpecialPage and ApiBase have getHookContainer() and getHookRunner()
methods in the base class, and classes that extend that base class
are not expected to know or care where the base class gets its
HookContainer from.
* ProtectedHookAccessorTrait provides protected getHookContainer() and
getHookRunner() methods, getting them from the global service
container. The point of this is to ease migration to DI by ensuring
that call sites ask their local friendly base class rather than
getting a HookRunner from the service container directly.
* Private $this->hookRunner. In some smaller classes where accessor
methods did not seem warranted, there is a private HookRunner property
which is accessed directly. Very rarely (two cases), there is a
protected property, for consistency with code that conventionally
assumes protected=private, but in cases where the class might actually
be overridden, a protected accessor is preferred over a protected
property.
* The last resort: Hooks::runner(). Mostly for static, file-scope and
global code. In a few cases it was used for objects with broken
construction schemes, out of horror or laziness.
Constructors with new required arguments:
* AuthManager
* BadFileLookup
* BlockManager
* ClassicInterwikiLookup
* ContentHandlerFactory
* ContentSecurityPolicy
* DefaultOptionsManager
* DerivedPageDataUpdater
* FullSearchResultWidget
* HtmlCacheUpdater
* LanguageFactory
* LanguageNameUtils
* LinkRenderer
* LinkRendererFactory
* LocalisationCache
* MagicWordFactory
* MessageCache
* NamespaceInfo
* PageEditStash
* PageHandlerFactory
* PageUpdater
* ParserFactory
* PermissionManager
* RevisionStore
* RevisionStoreFactory
* SearchEngineConfig
* SearchEngineFactory
* SearchFormWidget
* SearchNearMatcher
* SessionBackend
* SpecialPageFactory
* UserNameUtils
* UserOptionsManager
* WatchedItemQueryService
* WatchedItemStore
Constructors with new optional arguments:
* DefaultPreferencesFactory
* Language
* LinkHolderArray
* MovePage
* Parser
* ParserCache
* PasswordReset
* Router
setHookContainer() now required after construction:
* AuthenticationProvider
* ResourceLoaderModule
* SearchEngine
Change-Id: Id442b0dbe43aba84bd5cf801d86dedc768b082c7
2020-03-19 02:42:09 +00:00
|
|
|
$this->authHooks[$hook][] = $mock;
|
2015-11-22 20:17:00 +00:00
|
|
|
return $mock->expects( $expect )->method( "on$hook" );
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/**
|
|
|
|
|
* Unsets a hook
|
|
|
|
|
* @param string $hook
|
|
|
|
|
*/
|
|
|
|
|
protected function unhook( $hook ) {
|
Hooks::run() call site migration
Migrate all callers of Hooks::run() to use the new
HookContainer/HookRunner system.
General principles:
* Use DI if it is already used. We're not changing the way state is
managed in this patch.
* HookContainer is always injected, not HookRunner. HookContainer
is a service, it's a more generic interface, it is the only
thing that provides isRegistered() which is needed in some cases,
and a HookRunner can be efficiently constructed from it
(confirmed by benchmark). Because HookContainer is needed
for object construction, it is also needed by all factories.
* "Ask your friendly local base class". Big hierarchies like
SpecialPage and ApiBase have getHookContainer() and getHookRunner()
methods in the base class, and classes that extend that base class
are not expected to know or care where the base class gets its
HookContainer from.
* ProtectedHookAccessorTrait provides protected getHookContainer() and
getHookRunner() methods, getting them from the global service
container. The point of this is to ease migration to DI by ensuring
that call sites ask their local friendly base class rather than
getting a HookRunner from the service container directly.
* Private $this->hookRunner. In some smaller classes where accessor
methods did not seem warranted, there is a private HookRunner property
which is accessed directly. Very rarely (two cases), there is a
protected property, for consistency with code that conventionally
assumes protected=private, but in cases where the class might actually
be overridden, a protected accessor is preferred over a protected
property.
* The last resort: Hooks::runner(). Mostly for static, file-scope and
global code. In a few cases it was used for objects with broken
construction schemes, out of horror or laziness.
Constructors with new required arguments:
* AuthManager
* BadFileLookup
* BlockManager
* ClassicInterwikiLookup
* ContentHandlerFactory
* ContentSecurityPolicy
* DefaultOptionsManager
* DerivedPageDataUpdater
* FullSearchResultWidget
* HtmlCacheUpdater
* LanguageFactory
* LanguageNameUtils
* LinkRenderer
* LinkRendererFactory
* LocalisationCache
* MagicWordFactory
* MessageCache
* NamespaceInfo
* PageEditStash
* PageHandlerFactory
* PageUpdater
* ParserFactory
* PermissionManager
* RevisionStore
* RevisionStoreFactory
* SearchEngineConfig
* SearchEngineFactory
* SearchFormWidget
* SearchNearMatcher
* SessionBackend
* SpecialPageFactory
* UserNameUtils
* UserOptionsManager
* WatchedItemQueryService
* WatchedItemStore
Constructors with new optional arguments:
* DefaultPreferencesFactory
* Language
* LinkHolderArray
* MovePage
* Parser
* ParserCache
* PasswordReset
* Router
setHookContainer() now required after construction:
* AuthenticationProvider
* ResourceLoaderModule
* SearchEngine
Change-Id: Id442b0dbe43aba84bd5cf801d86dedc768b082c7
2020-03-19 02:42:09 +00:00
|
|
|
$this->authHooks[$hook] = [];
|
2015-11-22 20:17:00 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/**
|
|
|
|
|
* Ensure a value is a clean Message object
|
2019-11-08 21:24:00 +00:00
|
|
|
* @param string|\Message $key
|
2015-11-22 20:17:00 +00:00
|
|
|
* @param array $params
|
2019-11-08 21:24:00 +00:00
|
|
|
* @return \Message
|
2015-11-22 20:17:00 +00:00
|
|
|
*/
|
|
|
|
|
protected function message( $key, $params = [] ) {
|
|
|
|
|
if ( $key === null ) {
|
|
|
|
|
return null;
|
|
|
|
|
}
|
|
|
|
|
if ( $key instanceof \MessageSpecifier ) {
|
|
|
|
|
$params = $key->getParams();
|
|
|
|
|
$key = $key->getKey();
|
|
|
|
|
}
|
2019-08-26 12:24:37 +00:00
|
|
|
return new \Message( $key, $params,
|
|
|
|
|
MediaWikiServices::getInstance()->getLanguageFactory()->getLanguage( 'en' ) );
|
2015-11-22 20:17:00 +00:00
|
|
|
}
|
|
|
|
|
|
2018-08-01 12:40:47 +00:00
|
|
|
/**
|
|
|
|
|
* Test two AuthenticationResponses for equality. We don't want to use regular assertEquals
|
|
|
|
|
* because that recursively compares members, which leads to false negatives if e.g. Language
|
|
|
|
|
* caches are reset.
|
|
|
|
|
*
|
2021-01-14 08:20:36 +00:00
|
|
|
* @param AuthenticationResponse $expected
|
|
|
|
|
* @param AuthenticationResponse $actual
|
2018-08-01 12:40:47 +00:00
|
|
|
* @param string $msg
|
|
|
|
|
*/
|
|
|
|
|
private function assertResponseEquals(
|
|
|
|
|
AuthenticationResponse $expected, AuthenticationResponse $actual, $msg = ''
|
|
|
|
|
) {
|
|
|
|
|
foreach ( ( new \ReflectionClass( $expected ) )->getProperties() as $prop ) {
|
|
|
|
|
$name = $prop->getName();
|
|
|
|
|
$usedMsg = ltrim( "$msg ($name)" );
|
|
|
|
|
if ( $name === 'message' && $expected->message ) {
|
|
|
|
|
$this->assertSame( $expected->message->serialize(), $actual->message->serialize(),
|
|
|
|
|
$usedMsg );
|
|
|
|
|
} else {
|
|
|
|
|
$this->assertEquals( $expected->$name, $actual->$name, $usedMsg );
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
2015-11-22 20:17:00 +00:00
|
|
|
/**
|
|
|
|
|
* Initialize the AuthManagerConfig variable in $this->config
|
|
|
|
|
*
|
|
|
|
|
* Uses data from the various 'mocks' fields.
|
|
|
|
|
*/
|
|
|
|
|
protected function initializeConfig() {
|
|
|
|
|
$config = [
|
|
|
|
|
'preauth' => [
|
|
|
|
|
],
|
|
|
|
|
'primaryauth' => [
|
|
|
|
|
],
|
|
|
|
|
'secondaryauth' => [
|
|
|
|
|
],
|
|
|
|
|
];
|
|
|
|
|
|
|
|
|
|
foreach ( [ 'preauth', 'primaryauth', 'secondaryauth' ] as $type ) {
|
|
|
|
|
$key = $type . 'Mocks';
|
|
|
|
|
foreach ( $this->$key as $mock ) {
|
2021-02-07 13:10:36 +00:00
|
|
|
$config[$type][$mock->getUniqueId()] = [ 'factory' => static function () use ( $mock ) {
|
2015-11-22 20:17:00 +00:00
|
|
|
return $mock;
|
|
|
|
|
} ];
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
$this->config->set( 'AuthManagerConfig', $config );
|
|
|
|
|
$this->config->set( 'LanguageCode', 'en' );
|
|
|
|
|
$this->config->set( 'NewUserLog', false );
|
2021-02-22 03:07:19 +00:00
|
|
|
$this->config->set( 'RememberMe', RememberMeAuthenticationRequest::CHOOSE_REMEMBER );
|
2015-11-22 20:17:00 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/**
|
|
|
|
|
* Initialize $this->manager
|
|
|
|
|
* @param bool $regen Force a call to $this->initializeConfig()
|
|
|
|
|
*/
|
|
|
|
|
protected function initializeManager( $regen = false ) {
|
2021-08-05 21:09:06 +00:00
|
|
|
// TODO clean this up, don't need to re fetch the services each time
|
2015-11-22 20:17:00 +00:00
|
|
|
if ( $regen || !$this->config ) {
|
|
|
|
|
$this->config = new \HashConfig();
|
|
|
|
|
}
|
|
|
|
|
if ( $regen || !$this->request ) {
|
|
|
|
|
$this->request = new \FauxRequest();
|
|
|
|
|
}
|
2019-11-08 21:24:00 +00:00
|
|
|
if ( $regen || !$this->objectFactory ) {
|
|
|
|
|
$services = $this->createNoOpAbstractMock( ContainerInterface::class );
|
|
|
|
|
$this->objectFactory = new ObjectFactory( $services );
|
|
|
|
|
}
|
2020-10-10 21:03:11 +00:00
|
|
|
if ( $regen || !$this->readOnlyMode ) {
|
2022-01-12 20:13:39 +00:00
|
|
|
$this->readOnlyMode = $this->getServiceContainer()->getReadOnlyMode();
|
2020-10-10 21:03:11 +00:00
|
|
|
}
|
2020-10-30 10:55:50 +00:00
|
|
|
if ( $regen || !$this->blockManager ) {
|
2022-01-12 20:13:39 +00:00
|
|
|
$this->blockManager = $this->getServiceContainer()->getBlockManager();
|
2020-10-30 10:55:50 +00:00
|
|
|
}
|
2021-04-13 00:43:46 +00:00
|
|
|
if ( $regen || !$this->watchlistManager ) {
|
2022-01-12 20:13:39 +00:00
|
|
|
$this->watchlistManager = $this->getServiceContainer()->getWatchlistManager();
|
2021-04-13 00:43:46 +00:00
|
|
|
}
|
Hooks::run() call site migration
Migrate all callers of Hooks::run() to use the new
HookContainer/HookRunner system.
General principles:
* Use DI if it is already used. We're not changing the way state is
managed in this patch.
* HookContainer is always injected, not HookRunner. HookContainer
is a service, it's a more generic interface, it is the only
thing that provides isRegistered() which is needed in some cases,
and a HookRunner can be efficiently constructed from it
(confirmed by benchmark). Because HookContainer is needed
for object construction, it is also needed by all factories.
* "Ask your friendly local base class". Big hierarchies like
SpecialPage and ApiBase have getHookContainer() and getHookRunner()
methods in the base class, and classes that extend that base class
are not expected to know or care where the base class gets its
HookContainer from.
* ProtectedHookAccessorTrait provides protected getHookContainer() and
getHookRunner() methods, getting them from the global service
container. The point of this is to ease migration to DI by ensuring
that call sites ask their local friendly base class rather than
getting a HookRunner from the service container directly.
* Private $this->hookRunner. In some smaller classes where accessor
methods did not seem warranted, there is a private HookRunner property
which is accessed directly. Very rarely (two cases), there is a
protected property, for consistency with code that conventionally
assumes protected=private, but in cases where the class might actually
be overridden, a protected accessor is preferred over a protected
property.
* The last resort: Hooks::runner(). Mostly for static, file-scope and
global code. In a few cases it was used for objects with broken
construction schemes, out of horror or laziness.
Constructors with new required arguments:
* AuthManager
* BadFileLookup
* BlockManager
* ClassicInterwikiLookup
* ContentHandlerFactory
* ContentSecurityPolicy
* DefaultOptionsManager
* DerivedPageDataUpdater
* FullSearchResultWidget
* HtmlCacheUpdater
* LanguageFactory
* LanguageNameUtils
* LinkRenderer
* LinkRendererFactory
* LocalisationCache
* MagicWordFactory
* MessageCache
* NamespaceInfo
* PageEditStash
* PageHandlerFactory
* PageUpdater
* ParserFactory
* PermissionManager
* RevisionStore
* RevisionStoreFactory
* SearchEngineConfig
* SearchEngineFactory
* SearchFormWidget
* SearchNearMatcher
* SessionBackend
* SpecialPageFactory
* UserNameUtils
* UserOptionsManager
* WatchedItemQueryService
* WatchedItemStore
Constructors with new optional arguments:
* DefaultPreferencesFactory
* Language
* LinkHolderArray
* MovePage
* Parser
* ParserCache
* PasswordReset
* Router
setHookContainer() now required after construction:
* AuthenticationProvider
* ResourceLoaderModule
* SearchEngine
Change-Id: Id442b0dbe43aba84bd5cf801d86dedc768b082c7
2020-03-19 02:42:09 +00:00
|
|
|
if ( $regen || !$this->hookContainer ) {
|
|
|
|
|
// Set up a HookContainer similar to the normal one except that it
|
|
|
|
|
// gets global hooks from $this->authHooks instead of $wgHooks
|
|
|
|
|
$this->hookContainer = new HookContainer(
|
|
|
|
|
new class( $this->authHooks ) extends StaticHookRegistry {
|
|
|
|
|
private $hooks;
|
|
|
|
|
|
|
|
|
|
public function __construct( &$hooks ) {
|
|
|
|
|
parent::__construct();
|
|
|
|
|
$this->hooks =& $hooks;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
public function getGlobalHooks() {
|
|
|
|
|
return $this->hooks;
|
|
|
|
|
}
|
|
|
|
|
},
|
|
|
|
|
$this->objectFactory
|
|
|
|
|
);
|
|
|
|
|
}
|
2020-04-08 18:19:49 +00:00
|
|
|
if ( $regen || !$this->userNameUtils ) {
|
2022-01-12 20:13:39 +00:00
|
|
|
$this->userNameUtils = $this->getServiceContainer()->getUserNameUtils();
|
2020-04-08 18:19:49 +00:00
|
|
|
}
|
2021-07-22 11:38:45 +00:00
|
|
|
if ( $regen || !$this->loadBalancer ) {
|
2022-01-12 20:13:39 +00:00
|
|
|
$this->loadBalancer = $this->getServiceContainer()->getDBLoadBalancer();
|
2021-07-22 11:38:45 +00:00
|
|
|
}
|
|
|
|
|
if ( $regen || !$this->contentLanguage ) {
|
2022-01-12 20:13:39 +00:00
|
|
|
$this->contentLanguage = $this->getServiceContainer()->getContentLanguage();
|
2021-07-22 11:38:45 +00:00
|
|
|
}
|
|
|
|
|
if ( $regen || !$this->languageConverterFactory ) {
|
2022-01-12 20:13:39 +00:00
|
|
|
$this->languageConverterFactory = $this->getServiceContainer()->getLanguageConverterFactory();
|
2021-07-22 11:38:45 +00:00
|
|
|
}
|
2021-08-05 21:09:06 +00:00
|
|
|
if ( $regen || !$this->botPasswordStore ) {
|
2022-01-12 20:13:39 +00:00
|
|
|
$this->botPasswordStore = $this->getServiceContainer()->getBotPasswordStore();
|
2021-08-05 21:09:06 +00:00
|
|
|
}
|
|
|
|
|
if ( $regen || !$this->userFactory ) {
|
2022-01-12 20:13:39 +00:00
|
|
|
$this->userFactory = $this->getServiceContainer()->getUserFactory();
|
2021-08-05 21:09:06 +00:00
|
|
|
}
|
|
|
|
|
if ( $regen || !$this->userIdentityLookup ) {
|
2022-01-12 20:13:39 +00:00
|
|
|
$this->userIdentityLookup = $this->getServiceContainer()->getUserIdentityLookup();
|
2021-08-05 21:09:06 +00:00
|
|
|
}
|
|
|
|
|
if ( $regen || !$this->userOptionsManager ) {
|
2022-01-12 20:13:39 +00:00
|
|
|
$this->userOptionsManager = $this->getServiceContainer()->getUserOptionsManager();
|
2021-08-05 21:09:06 +00:00
|
|
|
}
|
2015-11-22 20:17:00 +00:00
|
|
|
if ( !$this->logger ) {
|
|
|
|
|
$this->logger = new \TestLogger();
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if ( $regen || !$this->config->has( 'AuthManagerConfig' ) ) {
|
|
|
|
|
$this->initializeConfig();
|
|
|
|
|
}
|
2020-02-20 09:45:13 +00:00
|
|
|
$this->manager = new AuthManager(
|
|
|
|
|
$this->request,
|
|
|
|
|
$this->config,
|
|
|
|
|
$this->objectFactory,
|
2020-10-10 21:03:11 +00:00
|
|
|
$this->hookContainer,
|
2020-04-08 18:19:49 +00:00
|
|
|
$this->readOnlyMode,
|
2020-10-30 10:55:50 +00:00
|
|
|
$this->userNameUtils,
|
|
|
|
|
$this->blockManager,
|
2021-07-22 11:38:45 +00:00
|
|
|
$this->watchlistManager,
|
|
|
|
|
$this->loadBalancer,
|
|
|
|
|
$this->contentLanguage,
|
2021-08-05 21:09:06 +00:00
|
|
|
$this->languageConverterFactory,
|
|
|
|
|
$this->botPasswordStore,
|
|
|
|
|
$this->userFactory,
|
|
|
|
|
$this->userIdentityLookup,
|
|
|
|
|
$this->userOptionsManager
|
2020-02-20 09:45:13 +00:00
|
|
|
);
|
2015-11-22 20:17:00 +00:00
|
|
|
$this->manager->setLogger( $this->logger );
|
2017-04-19 19:37:35 +00:00
|
|
|
$this->managerPriv = TestingAccessWrapper::newFromObject( $this->manager );
|
2015-11-22 20:17:00 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/**
|
|
|
|
|
* Setup SessionManager with a mock session provider
|
|
|
|
|
* @param bool|null $canChangeUser If non-null, canChangeUser will be mocked to return this
|
|
|
|
|
* @param array $methods Additional methods to mock
|
|
|
|
|
* @return array (MediaWiki\Session\SessionProvider, ScopedCallback)
|
|
|
|
|
*/
|
|
|
|
|
protected function getMockSessionProvider( $canChangeUser = null, array $methods = [] ) {
|
|
|
|
|
if ( !$this->config ) {
|
|
|
|
|
$this->config = new \HashConfig();
|
|
|
|
|
$this->initializeConfig();
|
|
|
|
|
}
|
|
|
|
|
$this->config->set( 'ObjectCacheSessionExpiry', 100 );
|
|
|
|
|
|
|
|
|
|
$methods[] = '__toString';
|
|
|
|
|
$methods[] = 'describe';
|
|
|
|
|
if ( $canChangeUser !== null ) {
|
|
|
|
|
$methods[] = 'canChangeUser';
|
|
|
|
|
}
|
2018-01-13 00:02:09 +00:00
|
|
|
$provider = $this->getMockBuilder( \DummySessionProvider::class )
|
2021-03-20 15:18:58 +00:00
|
|
|
->onlyMethods( $methods )
|
2015-11-22 20:17:00 +00:00
|
|
|
->getMock();
|
2021-04-22 08:28:11 +00:00
|
|
|
$provider->method( '__toString' )
|
|
|
|
|
->willReturn( 'MockSessionProvider' );
|
|
|
|
|
$provider->method( 'describe' )
|
|
|
|
|
->willReturn( 'MockSessionProvider sessions' );
|
2015-11-22 20:17:00 +00:00
|
|
|
if ( $canChangeUser !== null ) {
|
2021-04-22 08:28:11 +00:00
|
|
|
$provider->method( 'canChangeUser' )
|
|
|
|
|
->willReturn( $canChangeUser );
|
2015-11-22 20:17:00 +00:00
|
|
|
}
|
|
|
|
|
$this->config->set( 'SessionProviders', [
|
2021-02-07 13:10:36 +00:00
|
|
|
[ 'factory' => static function () use ( $provider ) {
|
2015-11-22 20:17:00 +00:00
|
|
|
return $provider;
|
|
|
|
|
} ],
|
|
|
|
|
] );
|
|
|
|
|
|
|
|
|
|
$manager = new \MediaWiki\Session\SessionManager( [
|
|
|
|
|
'config' => $this->config,
|
|
|
|
|
'logger' => new \Psr\Log\NullLogger(),
|
|
|
|
|
'store' => new \HashBagOStuff(),
|
|
|
|
|
] );
|
2017-04-19 19:37:35 +00:00
|
|
|
TestingAccessWrapper::newFromObject( $manager )->getProvider( (string)$provider );
|
2015-11-22 20:17:00 +00:00
|
|
|
|
|
|
|
|
$reset = \MediaWiki\Session\TestUtils::setSessionManagerSingleton( $manager );
|
|
|
|
|
|
|
|
|
|
if ( $this->request ) {
|
|
|
|
|
$manager->getSessionForRequest( $this->request );
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
return [ $provider, $reset ];
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
public function testCanAuthenticateNow() {
|
|
|
|
|
$this->initializeManager();
|
|
|
|
|
|
|
|
|
|
list( $provider, $reset ) = $this->getMockSessionProvider( false );
|
|
|
|
|
$this->assertFalse( $this->manager->canAuthenticateNow() );
|
2016-10-12 05:36:03 +00:00
|
|
|
ScopedCallback::consume( $reset );
|
2015-11-22 20:17:00 +00:00
|
|
|
|
|
|
|
|
list( $provider, $reset ) = $this->getMockSessionProvider( true );
|
|
|
|
|
$this->assertTrue( $this->manager->canAuthenticateNow() );
|
2016-10-12 05:36:03 +00:00
|
|
|
ScopedCallback::consume( $reset );
|
2015-11-22 20:17:00 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
public function testNormalizeUsername() {
|
|
|
|
|
$mocks = [
|
2021-04-16 13:17:10 +00:00
|
|
|
$this->createMock( AbstractPrimaryAuthenticationProvider::class ),
|
|
|
|
|
$this->createMock( AbstractPrimaryAuthenticationProvider::class ),
|
|
|
|
|
$this->createMock( AbstractPrimaryAuthenticationProvider::class ),
|
|
|
|
|
$this->createMock( AbstractPrimaryAuthenticationProvider::class ),
|
2015-11-22 20:17:00 +00:00
|
|
|
];
|
|
|
|
|
foreach ( $mocks as $key => $mock ) {
|
2021-04-22 08:28:11 +00:00
|
|
|
$mock->method( 'getUniqueId' )->willReturn( $key );
|
2015-11-22 20:17:00 +00:00
|
|
|
}
|
|
|
|
|
$mocks[0]->expects( $this->once() )->method( 'providerNormalizeUsername' )
|
|
|
|
|
->with( $this->identicalTo( 'XYZ' ) )
|
|
|
|
|
->willReturn( 'Foo' );
|
|
|
|
|
$mocks[1]->expects( $this->once() )->method( 'providerNormalizeUsername' )
|
|
|
|
|
->with( $this->identicalTo( 'XYZ' ) )
|
|
|
|
|
->willReturn( 'Foo' );
|
|
|
|
|
$mocks[2]->expects( $this->once() )->method( 'providerNormalizeUsername' )
|
|
|
|
|
->with( $this->identicalTo( 'XYZ' ) )
|
|
|
|
|
->willReturn( null );
|
|
|
|
|
$mocks[3]->expects( $this->once() )->method( 'providerNormalizeUsername' )
|
|
|
|
|
->with( $this->identicalTo( 'XYZ' ) )
|
|
|
|
|
->willReturn( 'Bar!' );
|
|
|
|
|
|
|
|
|
|
$this->primaryauthMocks = $mocks;
|
|
|
|
|
|
|
|
|
|
$this->initializeManager();
|
|
|
|
|
|
|
|
|
|
$this->assertSame( [ 'Foo', 'Bar!' ], $this->manager->normalizeUsername( 'XYZ' ) );
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/**
|
|
|
|
|
* @dataProvider provideSecuritySensitiveOperationStatus
|
|
|
|
|
* @param bool $mutableSession
|
|
|
|
|
*/
|
|
|
|
|
public function testSecuritySensitiveOperationStatus( $mutableSession ) {
|
|
|
|
|
$this->logger = new \Psr\Log\NullLogger();
|
|
|
|
|
$user = \User::newFromName( 'UTSysop' );
|
|
|
|
|
$provideUser = null;
|
|
|
|
|
$reauth = $mutableSession ? AuthManager::SEC_REAUTH : AuthManager::SEC_FAIL;
|
|
|
|
|
|
|
|
|
|
list( $provider, $reset ) = $this->getMockSessionProvider(
|
|
|
|
|
$mutableSession, [ 'provideSessionInfo' ]
|
|
|
|
|
);
|
2021-04-22 08:40:46 +00:00
|
|
|
$provider->method( 'provideSessionInfo' )
|
2022-06-05 23:39:02 +00:00
|
|
|
->willReturnCallback( static function () use ( $provider, &$provideUser ) {
|
2015-11-22 20:17:00 +00:00
|
|
|
return new SessionInfo( SessionInfo::MIN_PRIORITY, [
|
|
|
|
|
'provider' => $provider,
|
2022-05-31 14:17:41 +00:00
|
|
|
'id' => \DummySessionProvider::ID,
|
2015-11-22 20:17:00 +00:00
|
|
|
'persisted' => true,
|
|
|
|
|
'userInfo' => UserInfo::newFromUser( $provideUser, true )
|
|
|
|
|
] );
|
2022-06-05 23:39:02 +00:00
|
|
|
} );
|
2015-11-22 20:17:00 +00:00
|
|
|
$this->initializeManager();
|
|
|
|
|
|
|
|
|
|
$this->config->set( 'ReauthenticateTime', [] );
|
|
|
|
|
$this->config->set( 'AllowSecuritySensitiveOperationIfCannotReauthenticate', [] );
|
|
|
|
|
$provideUser = new \User;
|
|
|
|
|
$session = $provider->getManager()->getSessionForRequest( $this->request );
|
2021-11-21 19:13:24 +00:00
|
|
|
$this->assertSame( 0, $session->getUser()->getId() );
|
2015-11-22 20:17:00 +00:00
|
|
|
|
|
|
|
|
// Anonymous user => reauth
|
|
|
|
|
$session->set( 'AuthManager:lastAuthId', 0 );
|
|
|
|
|
$session->set( 'AuthManager:lastAuthTimestamp', time() - 5 );
|
|
|
|
|
$this->assertSame( $reauth, $this->manager->securitySensitiveOperationStatus( 'foo' ) );
|
|
|
|
|
|
|
|
|
|
$provideUser = $user;
|
|
|
|
|
$session = $provider->getManager()->getSessionForRequest( $this->request );
|
2021-11-21 19:13:24 +00:00
|
|
|
$this->assertSame( $user->getId(), $session->getUser()->getId() );
|
2015-11-22 20:17:00 +00:00
|
|
|
|
|
|
|
|
// Error for no default (only gets thrown for non-anonymous user)
|
|
|
|
|
$session->set( 'AuthManager:lastAuthId', $user->getId() + 1 );
|
|
|
|
|
$session->set( 'AuthManager:lastAuthTimestamp', time() - 5 );
|
|
|
|
|
try {
|
|
|
|
|
$this->manager->securitySensitiveOperationStatus( 'foo' );
|
|
|
|
|
$this->fail( 'Expected exception not thrown' );
|
|
|
|
|
} catch ( \UnexpectedValueException $ex ) {
|
|
|
|
|
$this->assertSame(
|
|
|
|
|
$mutableSession
|
|
|
|
|
? '$wgReauthenticateTime lacks a default'
|
|
|
|
|
: '$wgAllowSecuritySensitiveOperationIfCannotReauthenticate lacks a default',
|
|
|
|
|
$ex->getMessage()
|
|
|
|
|
);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if ( $mutableSession ) {
|
|
|
|
|
$this->config->set( 'ReauthenticateTime', [
|
|
|
|
|
'test' => 100,
|
|
|
|
|
'test2' => -1,
|
|
|
|
|
'default' => 10,
|
|
|
|
|
] );
|
|
|
|
|
|
|
|
|
|
// Mismatched user ID
|
|
|
|
|
$session->set( 'AuthManager:lastAuthId', $user->getId() + 1 );
|
|
|
|
|
$session->set( 'AuthManager:lastAuthTimestamp', time() - 5 );
|
|
|
|
|
$this->assertSame(
|
|
|
|
|
AuthManager::SEC_REAUTH, $this->manager->securitySensitiveOperationStatus( 'foo' )
|
|
|
|
|
);
|
|
|
|
|
$this->assertSame(
|
|
|
|
|
AuthManager::SEC_REAUTH, $this->manager->securitySensitiveOperationStatus( 'test' )
|
|
|
|
|
);
|
|
|
|
|
$this->assertSame(
|
|
|
|
|
AuthManager::SEC_OK, $this->manager->securitySensitiveOperationStatus( 'test2' )
|
|
|
|
|
);
|
|
|
|
|
|
|
|
|
|
// Missing time
|
|
|
|
|
$session->set( 'AuthManager:lastAuthId', $user->getId() );
|
|
|
|
|
$session->set( 'AuthManager:lastAuthTimestamp', null );
|
|
|
|
|
$this->assertSame(
|
|
|
|
|
AuthManager::SEC_REAUTH, $this->manager->securitySensitiveOperationStatus( 'foo' )
|
|
|
|
|
);
|
|
|
|
|
$this->assertSame(
|
|
|
|
|
AuthManager::SEC_REAUTH, $this->manager->securitySensitiveOperationStatus( 'test' )
|
|
|
|
|
);
|
|
|
|
|
$this->assertSame(
|
|
|
|
|
AuthManager::SEC_OK, $this->manager->securitySensitiveOperationStatus( 'test2' )
|
|
|
|
|
);
|
|
|
|
|
|
|
|
|
|
// Recent enough to pass
|
|
|
|
|
$session->set( 'AuthManager:lastAuthTimestamp', time() - 5 );
|
|
|
|
|
$this->assertSame(
|
|
|
|
|
AuthManager::SEC_OK, $this->manager->securitySensitiveOperationStatus( 'foo' )
|
|
|
|
|
);
|
|
|
|
|
|
|
|
|
|
// Not recent enough to pass
|
|
|
|
|
$session->set( 'AuthManager:lastAuthTimestamp', time() - 20 );
|
|
|
|
|
$this->assertSame(
|
|
|
|
|
AuthManager::SEC_REAUTH, $this->manager->securitySensitiveOperationStatus( 'foo' )
|
|
|
|
|
);
|
|
|
|
|
// But recent enough for the 'test' operation
|
|
|
|
|
$this->assertSame(
|
|
|
|
|
AuthManager::SEC_OK, $this->manager->securitySensitiveOperationStatus( 'test' )
|
|
|
|
|
);
|
|
|
|
|
} else {
|
|
|
|
|
$this->config->set( 'AllowSecuritySensitiveOperationIfCannotReauthenticate', [
|
|
|
|
|
'test' => false,
|
|
|
|
|
'default' => true,
|
|
|
|
|
] );
|
|
|
|
|
|
|
|
|
|
$this->assertEquals(
|
|
|
|
|
AuthManager::SEC_OK, $this->manager->securitySensitiveOperationStatus( 'foo' )
|
|
|
|
|
);
|
|
|
|
|
|
|
|
|
|
$this->assertEquals(
|
|
|
|
|
AuthManager::SEC_FAIL, $this->manager->securitySensitiveOperationStatus( 'test' )
|
|
|
|
|
);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// Test hook, all three possible values
|
|
|
|
|
foreach ( [
|
|
|
|
|
AuthManager::SEC_OK => AuthManager::SEC_OK,
|
|
|
|
|
AuthManager::SEC_REAUTH => $reauth,
|
|
|
|
|
AuthManager::SEC_FAIL => AuthManager::SEC_FAIL,
|
|
|
|
|
] as $hook => $expect ) {
|
Hooks::run() call site migration
Migrate all callers of Hooks::run() to use the new
HookContainer/HookRunner system.
General principles:
* Use DI if it is already used. We're not changing the way state is
managed in this patch.
* HookContainer is always injected, not HookRunner. HookContainer
is a service, it's a more generic interface, it is the only
thing that provides isRegistered() which is needed in some cases,
and a HookRunner can be efficiently constructed from it
(confirmed by benchmark). Because HookContainer is needed
for object construction, it is also needed by all factories.
* "Ask your friendly local base class". Big hierarchies like
SpecialPage and ApiBase have getHookContainer() and getHookRunner()
methods in the base class, and classes that extend that base class
are not expected to know or care where the base class gets its
HookContainer from.
* ProtectedHookAccessorTrait provides protected getHookContainer() and
getHookRunner() methods, getting them from the global service
container. The point of this is to ease migration to DI by ensuring
that call sites ask their local friendly base class rather than
getting a HookRunner from the service container directly.
* Private $this->hookRunner. In some smaller classes where accessor
methods did not seem warranted, there is a private HookRunner property
which is accessed directly. Very rarely (two cases), there is a
protected property, for consistency with code that conventionally
assumes protected=private, but in cases where the class might actually
be overridden, a protected accessor is preferred over a protected
property.
* The last resort: Hooks::runner(). Mostly for static, file-scope and
global code. In a few cases it was used for objects with broken
construction schemes, out of horror or laziness.
Constructors with new required arguments:
* AuthManager
* BadFileLookup
* BlockManager
* ClassicInterwikiLookup
* ContentHandlerFactory
* ContentSecurityPolicy
* DefaultOptionsManager
* DerivedPageDataUpdater
* FullSearchResultWidget
* HtmlCacheUpdater
* LanguageFactory
* LanguageNameUtils
* LinkRenderer
* LinkRendererFactory
* LocalisationCache
* MagicWordFactory
* MessageCache
* NamespaceInfo
* PageEditStash
* PageHandlerFactory
* PageUpdater
* ParserFactory
* PermissionManager
* RevisionStore
* RevisionStoreFactory
* SearchEngineConfig
* SearchEngineFactory
* SearchFormWidget
* SearchNearMatcher
* SessionBackend
* SpecialPageFactory
* UserNameUtils
* UserOptionsManager
* WatchedItemQueryService
* WatchedItemStore
Constructors with new optional arguments:
* DefaultPreferencesFactory
* Language
* LinkHolderArray
* MovePage
* Parser
* ParserCache
* PasswordReset
* Router
setHookContainer() now required after construction:
* AuthenticationProvider
* ResourceLoaderModule
* SearchEngine
Change-Id: Id442b0dbe43aba84bd5cf801d86dedc768b082c7
2020-03-19 02:42:09 +00:00
|
|
|
$this->hook( 'SecuritySensitiveOperationStatus',
|
|
|
|
|
SecuritySensitiveOperationStatusHook::class,
|
|
|
|
|
$this->exactly( 2 )
|
|
|
|
|
)
|
2015-11-22 20:17:00 +00:00
|
|
|
->with(
|
|
|
|
|
$this->anything(),
|
|
|
|
|
$this->anything(),
|
2021-02-07 13:10:36 +00:00
|
|
|
$this->callback( static function ( $s ) use ( $session ) {
|
2015-11-22 20:17:00 +00:00
|
|
|
return $s->getId() === $session->getId();
|
|
|
|
|
} ),
|
|
|
|
|
$mutableSession ? $this->equalTo( 500, 1 ) : $this->equalTo( -1 )
|
|
|
|
|
)
|
2022-06-05 23:39:02 +00:00
|
|
|
->willReturnCallback( static function ( &$v ) use ( $hook ) {
|
2015-11-22 20:17:00 +00:00
|
|
|
$v = $hook;
|
|
|
|
|
return true;
|
2022-06-05 23:39:02 +00:00
|
|
|
} );
|
2015-11-22 20:17:00 +00:00
|
|
|
$session->set( 'AuthManager:lastAuthTimestamp', time() - 500 );
|
|
|
|
|
$this->assertEquals(
|
|
|
|
|
$expect, $this->manager->securitySensitiveOperationStatus( 'test' ), "hook $hook"
|
|
|
|
|
);
|
|
|
|
|
$this->assertEquals(
|
|
|
|
|
$expect, $this->manager->securitySensitiveOperationStatus( 'test2' ), "hook $hook"
|
|
|
|
|
);
|
|
|
|
|
$this->unhook( 'SecuritySensitiveOperationStatus' );
|
|
|
|
|
}
|
|
|
|
|
|
2016-10-12 05:36:03 +00:00
|
|
|
ScopedCallback::consume( $reset );
|
2015-11-22 20:17:00 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
public static function provideSecuritySensitiveOperationStatus() {
|
|
|
|
|
return [
|
|
|
|
|
[ true ],
|
|
|
|
|
[ false ],
|
|
|
|
|
];
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/**
|
|
|
|
|
* @dataProvider provideUserCanAuthenticate
|
|
|
|
|
* @param bool $primary1Can
|
|
|
|
|
* @param bool $primary2Can
|
|
|
|
|
* @param bool $expect
|
|
|
|
|
*/
|
|
|
|
|
public function testUserCanAuthenticate( $primary1Can, $primary2Can, $expect ) {
|
2021-04-16 13:17:10 +00:00
|
|
|
$mock1 = $this->createMock( AbstractPrimaryAuthenticationProvider::class );
|
2021-04-22 07:56:11 +00:00
|
|
|
$mock1->method( 'getUniqueId' )
|
|
|
|
|
->willReturn( 'primary1' );
|
|
|
|
|
$mock1->method( 'testUserCanAuthenticate' )
|
|
|
|
|
->with( 'UTSysop' )
|
|
|
|
|
->willReturn( $primary1Can );
|
2021-04-16 13:17:10 +00:00
|
|
|
$mock2 = $this->createMock( AbstractPrimaryAuthenticationProvider::class );
|
2021-04-22 07:56:11 +00:00
|
|
|
$mock2->method( 'getUniqueId' )
|
|
|
|
|
->willReturn( 'primary2' );
|
|
|
|
|
$mock2->method( 'testUserCanAuthenticate' )
|
|
|
|
|
->with( 'UTSysop' )
|
|
|
|
|
->willReturn( $primary2Can );
|
2015-11-22 20:17:00 +00:00
|
|
|
$this->primaryauthMocks = [ $mock1, $mock2 ];
|
|
|
|
|
|
|
|
|
|
$this->initializeManager( true );
|
|
|
|
|
$this->assertSame( $expect, $this->manager->userCanAuthenticate( 'UTSysop' ) );
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
public static function provideUserCanAuthenticate() {
|
|
|
|
|
return [
|
|
|
|
|
[ false, false, false ],
|
|
|
|
|
[ true, false, true ],
|
|
|
|
|
[ false, true, true ],
|
|
|
|
|
[ true, true, true ],
|
|
|
|
|
];
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
public function testRevokeAccessForUser() {
|
|
|
|
|
$this->initializeManager();
|
|
|
|
|
|
2021-04-16 13:17:10 +00:00
|
|
|
$mock = $this->createMock( AbstractPrimaryAuthenticationProvider::class );
|
2021-04-22 08:28:11 +00:00
|
|
|
$mock->method( 'getUniqueId' )
|
|
|
|
|
->willReturn( 'primary' );
|
2015-11-22 20:17:00 +00:00
|
|
|
$mock->expects( $this->once() )->method( 'providerRevokeAccessForUser' )
|
2021-04-22 07:56:11 +00:00
|
|
|
->with( 'UTSysop' );
|
2015-11-22 20:17:00 +00:00
|
|
|
$this->primaryauthMocks = [ $mock ];
|
|
|
|
|
|
|
|
|
|
$this->initializeManager( true );
|
|
|
|
|
$this->logger->setCollect( true );
|
|
|
|
|
|
|
|
|
|
$this->manager->revokeAccessForUser( 'UTSysop' );
|
|
|
|
|
|
|
|
|
|
$this->assertSame( [
|
|
|
|
|
[ LogLevel::INFO, 'Revoking access for {user}' ],
|
|
|
|
|
], $this->logger->getBuffer() );
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
public function testProviderCreation() {
|
|
|
|
|
$mocks = [
|
2021-04-16 13:17:10 +00:00
|
|
|
'pre' => $this->createMock( AbstractPreAuthenticationProvider::class ),
|
|
|
|
|
'primary' => $this->createMock( AbstractPrimaryAuthenticationProvider::class ),
|
|
|
|
|
'secondary' => $this->createMock( AbstractSecondaryAuthenticationProvider::class ),
|
2015-11-22 20:17:00 +00:00
|
|
|
];
|
|
|
|
|
foreach ( $mocks as $key => $mock ) {
|
2021-04-22 08:28:11 +00:00
|
|
|
$mock->method( 'getUniqueId' )->willReturn( $key );
|
2021-04-16 13:17:10 +00:00
|
|
|
$mock->expects( $this->once() )->method( 'init' );
|
2015-11-22 20:17:00 +00:00
|
|
|
}
|
|
|
|
|
$this->preauthMocks = [ $mocks['pre'] ];
|
|
|
|
|
$this->primaryauthMocks = [ $mocks['primary'] ];
|
|
|
|
|
$this->secondaryauthMocks = [ $mocks['secondary'] ];
|
|
|
|
|
|
|
|
|
|
// Normal operation
|
|
|
|
|
$this->initializeManager();
|
|
|
|
|
$this->assertSame(
|
|
|
|
|
$mocks['primary'],
|
|
|
|
|
$this->managerPriv->getAuthenticationProvider( 'primary' )
|
|
|
|
|
);
|
|
|
|
|
$this->assertSame(
|
|
|
|
|
$mocks['secondary'],
|
|
|
|
|
$this->managerPriv->getAuthenticationProvider( 'secondary' )
|
|
|
|
|
);
|
|
|
|
|
$this->assertSame(
|
|
|
|
|
$mocks['pre'],
|
|
|
|
|
$this->managerPriv->getAuthenticationProvider( 'pre' )
|
|
|
|
|
);
|
|
|
|
|
$this->assertSame(
|
|
|
|
|
[ 'pre' => $mocks['pre'] ],
|
|
|
|
|
$this->managerPriv->getPreAuthenticationProviders()
|
|
|
|
|
);
|
|
|
|
|
$this->assertSame(
|
|
|
|
|
[ 'primary' => $mocks['primary'] ],
|
|
|
|
|
$this->managerPriv->getPrimaryAuthenticationProviders()
|
|
|
|
|
);
|
|
|
|
|
$this->assertSame(
|
|
|
|
|
[ 'secondary' => $mocks['secondary'] ],
|
|
|
|
|
$this->managerPriv->getSecondaryAuthenticationProviders()
|
|
|
|
|
);
|
|
|
|
|
|
|
|
|
|
// Duplicate IDs
|
2021-04-16 13:17:10 +00:00
|
|
|
$mock1 = $this->createMock( AbstractPreAuthenticationProvider::class );
|
|
|
|
|
$mock2 = $this->createMock( AbstractPrimaryAuthenticationProvider::class );
|
2021-04-22 08:28:11 +00:00
|
|
|
$mock1->method( 'getUniqueId' )->willReturn( 'X' );
|
|
|
|
|
$mock2->method( 'getUniqueId' )->willReturn( 'X' );
|
2015-11-22 20:17:00 +00:00
|
|
|
$this->preauthMocks = [ $mock1 ];
|
|
|
|
|
$this->primaryauthMocks = [ $mock2 ];
|
|
|
|
|
$this->secondaryauthMocks = [];
|
|
|
|
|
$this->initializeManager( true );
|
|
|
|
|
try {
|
|
|
|
|
$this->managerPriv->getAuthenticationProvider( 'Y' );
|
|
|
|
|
$this->fail( 'Expected exception not thrown' );
|
|
|
|
|
} catch ( \RuntimeException $ex ) {
|
|
|
|
|
$class1 = get_class( $mock1 );
|
|
|
|
|
$class2 = get_class( $mock2 );
|
|
|
|
|
$this->assertSame(
|
|
|
|
|
"Duplicate specifications for id X (classes $class1 and $class2)", $ex->getMessage()
|
|
|
|
|
);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// Wrong classes
|
|
|
|
|
$mock = $this->getMockForAbstractClass( AuthenticationProvider::class );
|
2021-04-22 08:28:11 +00:00
|
|
|
$mock->method( 'getUniqueId' )->willReturn( 'X' );
|
2015-11-22 20:17:00 +00:00
|
|
|
$class = get_class( $mock );
|
|
|
|
|
$this->preauthMocks = [ $mock ];
|
|
|
|
|
$this->primaryauthMocks = [ $mock ];
|
|
|
|
|
$this->secondaryauthMocks = [ $mock ];
|
|
|
|
|
$this->initializeManager( true );
|
|
|
|
|
try {
|
|
|
|
|
$this->managerPriv->getPreAuthenticationProviders();
|
|
|
|
|
$this->fail( 'Expected exception not thrown' );
|
|
|
|
|
} catch ( \RuntimeException $ex ) {
|
|
|
|
|
$this->assertSame(
|
|
|
|
|
"Expected instance of MediaWiki\\Auth\\PreAuthenticationProvider, got $class",
|
|
|
|
|
$ex->getMessage()
|
|
|
|
|
);
|
|
|
|
|
}
|
|
|
|
|
try {
|
|
|
|
|
$this->managerPriv->getPrimaryAuthenticationProviders();
|
|
|
|
|
$this->fail( 'Expected exception not thrown' );
|
|
|
|
|
} catch ( \RuntimeException $ex ) {
|
|
|
|
|
$this->assertSame(
|
|
|
|
|
"Expected instance of MediaWiki\\Auth\\PrimaryAuthenticationProvider, got $class",
|
|
|
|
|
$ex->getMessage()
|
|
|
|
|
);
|
|
|
|
|
}
|
|
|
|
|
try {
|
|
|
|
|
$this->managerPriv->getSecondaryAuthenticationProviders();
|
|
|
|
|
$this->fail( 'Expected exception not thrown' );
|
|
|
|
|
} catch ( \RuntimeException $ex ) {
|
|
|
|
|
$this->assertSame(
|
|
|
|
|
"Expected instance of MediaWiki\\Auth\\SecondaryAuthenticationProvider, got $class",
|
|
|
|
|
$ex->getMessage()
|
|
|
|
|
);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// Sorting
|
2021-04-16 13:17:10 +00:00
|
|
|
$mock1 = $this->createMock( AbstractPrimaryAuthenticationProvider::class );
|
|
|
|
|
$mock2 = $this->createMock( AbstractPrimaryAuthenticationProvider::class );
|
|
|
|
|
$mock3 = $this->createMock( AbstractPrimaryAuthenticationProvider::class );
|
2021-04-22 08:28:11 +00:00
|
|
|
$mock1->method( 'getUniqueId' )->willReturn( 'A' );
|
|
|
|
|
$mock2->method( 'getUniqueId' )->willReturn( 'B' );
|
|
|
|
|
$mock3->method( 'getUniqueId' )->willReturn( 'C' );
|
2015-11-22 20:17:00 +00:00
|
|
|
$this->preauthMocks = [];
|
|
|
|
|
$this->primaryauthMocks = [ $mock1, $mock2, $mock3 ];
|
|
|
|
|
$this->secondaryauthMocks = [];
|
|
|
|
|
$this->initializeConfig();
|
|
|
|
|
$config = $this->config->get( 'AuthManagerConfig' );
|
|
|
|
|
|
|
|
|
|
$this->initializeManager( false );
|
|
|
|
|
$this->assertSame(
|
|
|
|
|
[ 'A' => $mock1, 'B' => $mock2, 'C' => $mock3 ],
|
2021-11-21 19:13:24 +00:00
|
|
|
$this->managerPriv->getPrimaryAuthenticationProviders()
|
2015-11-22 20:17:00 +00:00
|
|
|
);
|
|
|
|
|
|
|
|
|
|
$config['primaryauth']['A']['sort'] = 100;
|
|
|
|
|
$config['primaryauth']['C']['sort'] = -1;
|
|
|
|
|
$this->config->set( 'AuthManagerConfig', $config );
|
|
|
|
|
$this->initializeManager( false );
|
|
|
|
|
$this->assertSame(
|
|
|
|
|
[ 'C' => $mock3, 'B' => $mock2, 'A' => $mock1 ],
|
|
|
|
|
$this->managerPriv->getPrimaryAuthenticationProviders()
|
|
|
|
|
);
|
|
|
|
|
}
|
|
|
|
|
|
2018-08-06 16:03:03 +00:00
|
|
|
/**
|
|
|
|
|
* @dataProvider provideSetDefaultUserOptions
|
|
|
|
|
*/
|
|
|
|
|
public function testSetDefaultUserOptions(
|
|
|
|
|
$contLang, $useContextLang, $expectedLang, $expectedVariant
|
|
|
|
|
) {
|
|
|
|
|
$this->setContentLang( $contLang );
|
2021-07-22 11:38:45 +00:00
|
|
|
$this->initializeManager( true );
|
2015-11-22 20:17:00 +00:00
|
|
|
$context = \RequestContext::getMain();
|
2016-10-12 05:36:03 +00:00
|
|
|
$reset = new ScopedCallback( [ $context, 'setLanguage' ], [ $context->getLanguage() ] );
|
2015-11-22 20:17:00 +00:00
|
|
|
$context->setLanguage( 'de' );
|
|
|
|
|
|
|
|
|
|
$user = \User::newFromName( self::usernameForCreation() );
|
|
|
|
|
$user->addToDatabase();
|
|
|
|
|
$oldToken = $user->getToken();
|
2018-08-06 16:03:03 +00:00
|
|
|
$this->managerPriv->setDefaultUserOptions( $user, $useContextLang );
|
2015-11-22 20:17:00 +00:00
|
|
|
$user->saveSettings();
|
|
|
|
|
$this->assertNotEquals( $oldToken, $user->getToken() );
|
2022-04-29 19:54:27 +00:00
|
|
|
$this->assertSame(
|
|
|
|
|
$expectedLang,
|
|
|
|
|
$this->userOptionsManager->getOption( $user, 'language' )
|
|
|
|
|
);
|
|
|
|
|
$this->assertSame(
|
|
|
|
|
$expectedVariant,
|
|
|
|
|
$this->userOptionsManager->getOption( $user, 'variant' )
|
|
|
|
|
);
|
2018-08-06 16:03:03 +00:00
|
|
|
}
|
2015-11-22 20:17:00 +00:00
|
|
|
|
2018-08-06 16:03:03 +00:00
|
|
|
public function provideSetDefaultUserOptions() {
|
|
|
|
|
return [
|
|
|
|
|
[ 'zh', false, 'zh', 'zh' ],
|
|
|
|
|
[ 'zh', true, 'de', 'zh' ],
|
2021-09-29 00:46:36 +00:00
|
|
|
[ 'fr', true, 'de', 'fr' ],
|
2018-08-06 16:03:03 +00:00
|
|
|
];
|
2015-11-22 20:17:00 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
public function testForcePrimaryAuthenticationProviders() {
|
2021-04-16 13:17:10 +00:00
|
|
|
$mockA = $this->createMock( AbstractPrimaryAuthenticationProvider::class );
|
|
|
|
|
$mockB = $this->createMock( AbstractPrimaryAuthenticationProvider::class );
|
|
|
|
|
$mockB2 = $this->createMock( AbstractPrimaryAuthenticationProvider::class );
|
2021-04-22 08:28:11 +00:00
|
|
|
$mockA->method( 'getUniqueId' )->willReturn( 'A' );
|
|
|
|
|
$mockB->method( 'getUniqueId' )->willReturn( 'B' );
|
|
|
|
|
$mockB2->method( 'getUniqueId' )->willReturn( 'B' );
|
2015-11-22 20:17:00 +00:00
|
|
|
$this->primaryauthMocks = [ $mockA ];
|
|
|
|
|
|
|
|
|
|
$this->logger = new \TestLogger( true );
|
|
|
|
|
|
|
|
|
|
// Test without first initializing the configured providers
|
|
|
|
|
$this->initializeManager();
|
|
|
|
|
$this->manager->forcePrimaryAuthenticationProviders( [ $mockB ], 'testing' );
|
|
|
|
|
$this->assertSame(
|
|
|
|
|
[ 'B' => $mockB ], $this->managerPriv->getPrimaryAuthenticationProviders()
|
|
|
|
|
);
|
|
|
|
|
$this->assertSame( null, $this->managerPriv->getAuthenticationProvider( 'A' ) );
|
|
|
|
|
$this->assertSame( $mockB, $this->managerPriv->getAuthenticationProvider( 'B' ) );
|
|
|
|
|
$this->assertSame( [
|
|
|
|
|
[ LogLevel::WARNING, 'Overriding AuthManager primary authn because testing' ],
|
|
|
|
|
], $this->logger->getBuffer() );
|
|
|
|
|
$this->logger->clearBuffer();
|
|
|
|
|
|
|
|
|
|
// Test with first initializing the configured providers
|
|
|
|
|
$this->initializeManager();
|
|
|
|
|
$this->assertSame( $mockA, $this->managerPriv->getAuthenticationProvider( 'A' ) );
|
|
|
|
|
$this->assertSame( null, $this->managerPriv->getAuthenticationProvider( 'B' ) );
|
|
|
|
|
$this->request->getSession()->setSecret( 'AuthManager::authnState', 'test' );
|
|
|
|
|
$this->request->getSession()->setSecret( 'AuthManager::accountCreationState', 'test' );
|
|
|
|
|
$this->manager->forcePrimaryAuthenticationProviders( [ $mockB ], 'testing' );
|
|
|
|
|
$this->assertSame(
|
|
|
|
|
[ 'B' => $mockB ], $this->managerPriv->getPrimaryAuthenticationProviders()
|
|
|
|
|
);
|
|
|
|
|
$this->assertSame( null, $this->managerPriv->getAuthenticationProvider( 'A' ) );
|
|
|
|
|
$this->assertSame( $mockB, $this->managerPriv->getAuthenticationProvider( 'B' ) );
|
|
|
|
|
$this->assertNull( $this->request->getSession()->getSecret( 'AuthManager::authnState' ) );
|
|
|
|
|
$this->assertNull(
|
|
|
|
|
$this->request->getSession()->getSecret( 'AuthManager::accountCreationState' )
|
|
|
|
|
);
|
|
|
|
|
$this->assertSame( [
|
|
|
|
|
[ LogLevel::WARNING, 'Overriding AuthManager primary authn because testing' ],
|
|
|
|
|
[
|
|
|
|
|
LogLevel::WARNING,
|
|
|
|
|
'PrimaryAuthenticationProviders have already been accessed! I hope nothing breaks.'
|
|
|
|
|
],
|
|
|
|
|
], $this->logger->getBuffer() );
|
|
|
|
|
$this->logger->clearBuffer();
|
|
|
|
|
|
|
|
|
|
// Test duplicate IDs
|
|
|
|
|
$this->initializeManager();
|
|
|
|
|
try {
|
|
|
|
|
$this->manager->forcePrimaryAuthenticationProviders( [ $mockB, $mockB2 ], 'testing' );
|
|
|
|
|
$this->fail( 'Expected exception not thrown' );
|
|
|
|
|
} catch ( \RuntimeException $ex ) {
|
|
|
|
|
$class1 = get_class( $mockB );
|
|
|
|
|
$class2 = get_class( $mockB2 );
|
|
|
|
|
$this->assertSame(
|
|
|
|
|
"Duplicate specifications for id B (classes $class2 and $class1)", $ex->getMessage()
|
|
|
|
|
);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// Wrong classes
|
|
|
|
|
$mock = $this->getMockForAbstractClass( AuthenticationProvider::class );
|
2021-04-22 08:28:11 +00:00
|
|
|
$mock->method( 'getUniqueId' )->willReturn( 'X' );
|
2015-11-22 20:17:00 +00:00
|
|
|
$class = get_class( $mock );
|
|
|
|
|
try {
|
|
|
|
|
$this->manager->forcePrimaryAuthenticationProviders( [ $mock ], 'testing' );
|
|
|
|
|
$this->fail( 'Expected exception not thrown' );
|
|
|
|
|
} catch ( \RuntimeException $ex ) {
|
|
|
|
|
$this->assertSame(
|
2021-04-16 13:17:10 +00:00
|
|
|
"Expected instance of MediaWiki\\Auth\\AbstractPrimaryAuthenticationProvider, got $class",
|
2015-11-22 20:17:00 +00:00
|
|
|
$ex->getMessage()
|
|
|
|
|
);
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
public function testBeginAuthentication() {
|
|
|
|
|
$this->initializeManager();
|
|
|
|
|
|
|
|
|
|
// Immutable session
|
|
|
|
|
list( $provider, $reset ) = $this->getMockSessionProvider( false );
|
Hooks::run() call site migration
Migrate all callers of Hooks::run() to use the new
HookContainer/HookRunner system.
General principles:
* Use DI if it is already used. We're not changing the way state is
managed in this patch.
* HookContainer is always injected, not HookRunner. HookContainer
is a service, it's a more generic interface, it is the only
thing that provides isRegistered() which is needed in some cases,
and a HookRunner can be efficiently constructed from it
(confirmed by benchmark). Because HookContainer is needed
for object construction, it is also needed by all factories.
* "Ask your friendly local base class". Big hierarchies like
SpecialPage and ApiBase have getHookContainer() and getHookRunner()
methods in the base class, and classes that extend that base class
are not expected to know or care where the base class gets its
HookContainer from.
* ProtectedHookAccessorTrait provides protected getHookContainer() and
getHookRunner() methods, getting them from the global service
container. The point of this is to ease migration to DI by ensuring
that call sites ask their local friendly base class rather than
getting a HookRunner from the service container directly.
* Private $this->hookRunner. In some smaller classes where accessor
methods did not seem warranted, there is a private HookRunner property
which is accessed directly. Very rarely (two cases), there is a
protected property, for consistency with code that conventionally
assumes protected=private, but in cases where the class might actually
be overridden, a protected accessor is preferred over a protected
property.
* The last resort: Hooks::runner(). Mostly for static, file-scope and
global code. In a few cases it was used for objects with broken
construction schemes, out of horror or laziness.
Constructors with new required arguments:
* AuthManager
* BadFileLookup
* BlockManager
* ClassicInterwikiLookup
* ContentHandlerFactory
* ContentSecurityPolicy
* DefaultOptionsManager
* DerivedPageDataUpdater
* FullSearchResultWidget
* HtmlCacheUpdater
* LanguageFactory
* LanguageNameUtils
* LinkRenderer
* LinkRendererFactory
* LocalisationCache
* MagicWordFactory
* MessageCache
* NamespaceInfo
* PageEditStash
* PageHandlerFactory
* PageUpdater
* ParserFactory
* PermissionManager
* RevisionStore
* RevisionStoreFactory
* SearchEngineConfig
* SearchEngineFactory
* SearchFormWidget
* SearchNearMatcher
* SessionBackend
* SpecialPageFactory
* UserNameUtils
* UserOptionsManager
* WatchedItemQueryService
* WatchedItemStore
Constructors with new optional arguments:
* DefaultPreferencesFactory
* Language
* LinkHolderArray
* MovePage
* Parser
* ParserCache
* PasswordReset
* Router
setHookContainer() now required after construction:
* AuthenticationProvider
* ResourceLoaderModule
* SearchEngine
Change-Id: Id442b0dbe43aba84bd5cf801d86dedc768b082c7
2020-03-19 02:42:09 +00:00
|
|
|
$this->hook( 'UserLoggedIn', UserLoggedInHook::class, $this->never() );
|
2015-11-22 20:17:00 +00:00
|
|
|
$this->request->getSession()->setSecret( 'AuthManager::authnState', 'test' );
|
|
|
|
|
try {
|
|
|
|
|
$this->manager->beginAuthentication( [], 'http://localhost/' );
|
|
|
|
|
$this->fail( 'Expected exception not thrown' );
|
|
|
|
|
} catch ( \LogicException $ex ) {
|
|
|
|
|
$this->assertSame( 'Authentication is not possible now', $ex->getMessage() );
|
|
|
|
|
}
|
|
|
|
|
$this->unhook( 'UserLoggedIn' );
|
|
|
|
|
$this->assertNull( $this->request->getSession()->getSecret( 'AuthManager::authnState' ) );
|
2016-10-12 05:36:03 +00:00
|
|
|
ScopedCallback::consume( $reset );
|
2015-11-22 20:17:00 +00:00
|
|
|
$this->initializeManager( true );
|
|
|
|
|
|
|
|
|
|
// CreatedAccountAuthenticationRequest
|
|
|
|
|
$user = \User::newFromName( 'UTSysop' );
|
|
|
|
|
$reqs = [
|
|
|
|
|
new CreatedAccountAuthenticationRequest( $user->getId(), $user->getName() )
|
|
|
|
|
];
|
Hooks::run() call site migration
Migrate all callers of Hooks::run() to use the new
HookContainer/HookRunner system.
General principles:
* Use DI if it is already used. We're not changing the way state is
managed in this patch.
* HookContainer is always injected, not HookRunner. HookContainer
is a service, it's a more generic interface, it is the only
thing that provides isRegistered() which is needed in some cases,
and a HookRunner can be efficiently constructed from it
(confirmed by benchmark). Because HookContainer is needed
for object construction, it is also needed by all factories.
* "Ask your friendly local base class". Big hierarchies like
SpecialPage and ApiBase have getHookContainer() and getHookRunner()
methods in the base class, and classes that extend that base class
are not expected to know or care where the base class gets its
HookContainer from.
* ProtectedHookAccessorTrait provides protected getHookContainer() and
getHookRunner() methods, getting them from the global service
container. The point of this is to ease migration to DI by ensuring
that call sites ask their local friendly base class rather than
getting a HookRunner from the service container directly.
* Private $this->hookRunner. In some smaller classes where accessor
methods did not seem warranted, there is a private HookRunner property
which is accessed directly. Very rarely (two cases), there is a
protected property, for consistency with code that conventionally
assumes protected=private, but in cases where the class might actually
be overridden, a protected accessor is preferred over a protected
property.
* The last resort: Hooks::runner(). Mostly for static, file-scope and
global code. In a few cases it was used for objects with broken
construction schemes, out of horror or laziness.
Constructors with new required arguments:
* AuthManager
* BadFileLookup
* BlockManager
* ClassicInterwikiLookup
* ContentHandlerFactory
* ContentSecurityPolicy
* DefaultOptionsManager
* DerivedPageDataUpdater
* FullSearchResultWidget
* HtmlCacheUpdater
* LanguageFactory
* LanguageNameUtils
* LinkRenderer
* LinkRendererFactory
* LocalisationCache
* MagicWordFactory
* MessageCache
* NamespaceInfo
* PageEditStash
* PageHandlerFactory
* PageUpdater
* ParserFactory
* PermissionManager
* RevisionStore
* RevisionStoreFactory
* SearchEngineConfig
* SearchEngineFactory
* SearchFormWidget
* SearchNearMatcher
* SessionBackend
* SpecialPageFactory
* UserNameUtils
* UserOptionsManager
* WatchedItemQueryService
* WatchedItemStore
Constructors with new optional arguments:
* DefaultPreferencesFactory
* Language
* LinkHolderArray
* MovePage
* Parser
* ParserCache
* PasswordReset
* Router
setHookContainer() now required after construction:
* AuthenticationProvider
* ResourceLoaderModule
* SearchEngine
Change-Id: Id442b0dbe43aba84bd5cf801d86dedc768b082c7
2020-03-19 02:42:09 +00:00
|
|
|
$this->hook( 'UserLoggedIn', UserLoggedInHook::class, $this->never() );
|
2015-11-22 20:17:00 +00:00
|
|
|
try {
|
|
|
|
|
$this->manager->beginAuthentication( $reqs, 'http://localhost/' );
|
|
|
|
|
$this->fail( 'Expected exception not thrown' );
|
|
|
|
|
} catch ( \LogicException $ex ) {
|
|
|
|
|
$this->assertSame(
|
|
|
|
|
'CreatedAccountAuthenticationRequests are only valid on the same AuthManager ' .
|
|
|
|
|
'that created the account',
|
|
|
|
|
$ex->getMessage()
|
|
|
|
|
);
|
|
|
|
|
}
|
|
|
|
|
$this->unhook( 'UserLoggedIn' );
|
|
|
|
|
|
|
|
|
|
$this->request->getSession()->clear();
|
|
|
|
|
$this->request->getSession()->setSecret( 'AuthManager::authnState', 'test' );
|
|
|
|
|
$this->managerPriv->createdAccountAuthenticationRequests = [ $reqs[0] ];
|
Hooks::run() call site migration
Migrate all callers of Hooks::run() to use the new
HookContainer/HookRunner system.
General principles:
* Use DI if it is already used. We're not changing the way state is
managed in this patch.
* HookContainer is always injected, not HookRunner. HookContainer
is a service, it's a more generic interface, it is the only
thing that provides isRegistered() which is needed in some cases,
and a HookRunner can be efficiently constructed from it
(confirmed by benchmark). Because HookContainer is needed
for object construction, it is also needed by all factories.
* "Ask your friendly local base class". Big hierarchies like
SpecialPage and ApiBase have getHookContainer() and getHookRunner()
methods in the base class, and classes that extend that base class
are not expected to know or care where the base class gets its
HookContainer from.
* ProtectedHookAccessorTrait provides protected getHookContainer() and
getHookRunner() methods, getting them from the global service
container. The point of this is to ease migration to DI by ensuring
that call sites ask their local friendly base class rather than
getting a HookRunner from the service container directly.
* Private $this->hookRunner. In some smaller classes where accessor
methods did not seem warranted, there is a private HookRunner property
which is accessed directly. Very rarely (two cases), there is a
protected property, for consistency with code that conventionally
assumes protected=private, but in cases where the class might actually
be overridden, a protected accessor is preferred over a protected
property.
* The last resort: Hooks::runner(). Mostly for static, file-scope and
global code. In a few cases it was used for objects with broken
construction schemes, out of horror or laziness.
Constructors with new required arguments:
* AuthManager
* BadFileLookup
* BlockManager
* ClassicInterwikiLookup
* ContentHandlerFactory
* ContentSecurityPolicy
* DefaultOptionsManager
* DerivedPageDataUpdater
* FullSearchResultWidget
* HtmlCacheUpdater
* LanguageFactory
* LanguageNameUtils
* LinkRenderer
* LinkRendererFactory
* LocalisationCache
* MagicWordFactory
* MessageCache
* NamespaceInfo
* PageEditStash
* PageHandlerFactory
* PageUpdater
* ParserFactory
* PermissionManager
* RevisionStore
* RevisionStoreFactory
* SearchEngineConfig
* SearchEngineFactory
* SearchFormWidget
* SearchNearMatcher
* SessionBackend
* SpecialPageFactory
* UserNameUtils
* UserOptionsManager
* WatchedItemQueryService
* WatchedItemStore
Constructors with new optional arguments:
* DefaultPreferencesFactory
* Language
* LinkHolderArray
* MovePage
* Parser
* ParserCache
* PasswordReset
* Router
setHookContainer() now required after construction:
* AuthenticationProvider
* ResourceLoaderModule
* SearchEngine
Change-Id: Id442b0dbe43aba84bd5cf801d86dedc768b082c7
2020-03-19 02:42:09 +00:00
|
|
|
$this->hook( 'UserLoggedIn', UserLoggedInHook::class, $this->once() )
|
2021-02-07 13:10:36 +00:00
|
|
|
->with( $this->callback( static function ( $u ) use ( $user ) {
|
2015-11-22 20:17:00 +00:00
|
|
|
return $user->getId() === $u->getId() && $user->getName() === $u->getName();
|
|
|
|
|
} ) );
|
Hooks::run() call site migration
Migrate all callers of Hooks::run() to use the new
HookContainer/HookRunner system.
General principles:
* Use DI if it is already used. We're not changing the way state is
managed in this patch.
* HookContainer is always injected, not HookRunner. HookContainer
is a service, it's a more generic interface, it is the only
thing that provides isRegistered() which is needed in some cases,
and a HookRunner can be efficiently constructed from it
(confirmed by benchmark). Because HookContainer is needed
for object construction, it is also needed by all factories.
* "Ask your friendly local base class". Big hierarchies like
SpecialPage and ApiBase have getHookContainer() and getHookRunner()
methods in the base class, and classes that extend that base class
are not expected to know or care where the base class gets its
HookContainer from.
* ProtectedHookAccessorTrait provides protected getHookContainer() and
getHookRunner() methods, getting them from the global service
container. The point of this is to ease migration to DI by ensuring
that call sites ask their local friendly base class rather than
getting a HookRunner from the service container directly.
* Private $this->hookRunner. In some smaller classes where accessor
methods did not seem warranted, there is a private HookRunner property
which is accessed directly. Very rarely (two cases), there is a
protected property, for consistency with code that conventionally
assumes protected=private, but in cases where the class might actually
be overridden, a protected accessor is preferred over a protected
property.
* The last resort: Hooks::runner(). Mostly for static, file-scope and
global code. In a few cases it was used for objects with broken
construction schemes, out of horror or laziness.
Constructors with new required arguments:
* AuthManager
* BadFileLookup
* BlockManager
* ClassicInterwikiLookup
* ContentHandlerFactory
* ContentSecurityPolicy
* DefaultOptionsManager
* DerivedPageDataUpdater
* FullSearchResultWidget
* HtmlCacheUpdater
* LanguageFactory
* LanguageNameUtils
* LinkRenderer
* LinkRendererFactory
* LocalisationCache
* MagicWordFactory
* MessageCache
* NamespaceInfo
* PageEditStash
* PageHandlerFactory
* PageUpdater
* ParserFactory
* PermissionManager
* RevisionStore
* RevisionStoreFactory
* SearchEngineConfig
* SearchEngineFactory
* SearchFormWidget
* SearchNearMatcher
* SessionBackend
* SpecialPageFactory
* UserNameUtils
* UserOptionsManager
* WatchedItemQueryService
* WatchedItemStore
Constructors with new optional arguments:
* DefaultPreferencesFactory
* Language
* LinkHolderArray
* MovePage
* Parser
* ParserCache
* PasswordReset
* Router
setHookContainer() now required after construction:
* AuthenticationProvider
* ResourceLoaderModule
* SearchEngine
Change-Id: Id442b0dbe43aba84bd5cf801d86dedc768b082c7
2020-03-19 02:42:09 +00:00
|
|
|
$this->hook( 'AuthManagerLoginAuthenticateAudit',
|
|
|
|
|
AuthManagerLoginAuthenticateAuditHook::class, $this->once() );
|
2015-11-22 20:17:00 +00:00
|
|
|
$this->logger->setCollect( true );
|
|
|
|
|
$ret = $this->manager->beginAuthentication( $reqs, 'http://localhost/' );
|
|
|
|
|
$this->logger->setCollect( false );
|
|
|
|
|
$this->unhook( 'UserLoggedIn' );
|
|
|
|
|
$this->unhook( 'AuthManagerLoginAuthenticateAudit' );
|
|
|
|
|
$this->assertSame( AuthenticationResponse::PASS, $ret->status );
|
|
|
|
|
$this->assertSame( $user->getName(), $ret->username );
|
|
|
|
|
$this->assertSame( $user->getId(), $this->request->getSessionData( 'AuthManager:lastAuthId' ) );
|
2019-12-14 12:45:35 +00:00
|
|
|
// FIXME: Avoid relying on implicit amounts of time elapsing.
|
|
|
|
|
$this->assertEqualsWithDelta(
|
|
|
|
|
time(),
|
|
|
|
|
$this->request->getSessionData( 'AuthManager:lastAuthTimestamp' ),
|
|
|
|
|
1,
|
|
|
|
|
'timestamp ±1'
|
2015-11-22 20:17:00 +00:00
|
|
|
);
|
|
|
|
|
$this->assertNull( $this->request->getSession()->getSecret( 'AuthManager::authnState' ) );
|
|
|
|
|
$this->assertSame( $user->getId(), $this->request->getSession()->getUser()->getId() );
|
|
|
|
|
$this->assertSame( [
|
|
|
|
|
[ LogLevel::INFO, 'Logging in {user} after account creation' ],
|
|
|
|
|
], $this->logger->getBuffer() );
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
public function testCreateFromLogin() {
|
|
|
|
|
$user = \User::newFromName( 'UTSysop' );
|
2017-04-05 23:39:50 +00:00
|
|
|
$req1 = $this->createMock( AuthenticationRequest::class );
|
|
|
|
|
$req2 = $this->createMock( AuthenticationRequest::class );
|
|
|
|
|
$req3 = $this->createMock( AuthenticationRequest::class );
|
2015-11-22 20:17:00 +00:00
|
|
|
$userReq = new UsernameAuthenticationRequest;
|
|
|
|
|
$userReq->username = 'UTDummy';
|
|
|
|
|
|
2016-05-26 17:09:14 +00:00
|
|
|
$req1->returnToUrl = 'http://localhost/';
|
|
|
|
|
$req2->returnToUrl = 'http://localhost/';
|
|
|
|
|
$req3->returnToUrl = 'http://localhost/';
|
|
|
|
|
$req3->username = 'UTDummy';
|
|
|
|
|
$userReq->returnToUrl = 'http://localhost/';
|
|
|
|
|
|
2015-11-22 20:17:00 +00:00
|
|
|
// Passing one into beginAuthentication(), and an immediate FAIL
|
|
|
|
|
$primary = $this->getMockForAbstractClass( AbstractPrimaryAuthenticationProvider::class );
|
|
|
|
|
$this->primaryauthMocks = [ $primary ];
|
|
|
|
|
$this->initializeManager( true );
|
|
|
|
|
$res = AuthenticationResponse::newFail( wfMessage( 'foo' ) );
|
|
|
|
|
$res->createRequest = $req1;
|
2021-04-22 08:28:11 +00:00
|
|
|
$primary->method( 'beginPrimaryAuthentication' )
|
|
|
|
|
->willReturn( $res );
|
2015-11-22 20:17:00 +00:00
|
|
|
$createReq = new CreateFromLoginAuthenticationRequest(
|
|
|
|
|
null, [ $req2->getUniqueId() => $req2 ]
|
|
|
|
|
);
|
|
|
|
|
$this->logger->setCollect( true );
|
|
|
|
|
$ret = $this->manager->beginAuthentication( [ $createReq ], 'http://localhost/' );
|
|
|
|
|
$this->logger->setCollect( false );
|
|
|
|
|
$this->assertSame( AuthenticationResponse::FAIL, $ret->status );
|
|
|
|
|
$this->assertInstanceOf( CreateFromLoginAuthenticationRequest::class, $ret->createRequest );
|
|
|
|
|
$this->assertSame( $req1, $ret->createRequest->createRequest );
|
|
|
|
|
$this->assertEquals( [ $req2->getUniqueId() => $req2 ], $ret->createRequest->maybeLink );
|
|
|
|
|
|
|
|
|
|
// UI, then FAIL in beginAuthentication()
|
|
|
|
|
$primary = $this->getMockBuilder( AbstractPrimaryAuthenticationProvider::class )
|
2021-03-20 15:18:58 +00:00
|
|
|
->onlyMethods( [ 'continuePrimaryAuthentication' ] )
|
2015-11-22 20:17:00 +00:00
|
|
|
->getMockForAbstractClass();
|
|
|
|
|
$this->primaryauthMocks = [ $primary ];
|
|
|
|
|
$this->initializeManager( true );
|
2021-04-22 08:28:11 +00:00
|
|
|
$primary->method( 'beginPrimaryAuthentication' )
|
|
|
|
|
->willReturn( AuthenticationResponse::newUI( [ $req1 ], wfMessage( 'foo' ) ) );
|
2015-11-22 20:17:00 +00:00
|
|
|
$res = AuthenticationResponse::newFail( wfMessage( 'foo' ) );
|
|
|
|
|
$res->createRequest = $req2;
|
2021-04-22 08:28:11 +00:00
|
|
|
$primary->method( 'continuePrimaryAuthentication' )
|
|
|
|
|
->willReturn( $res );
|
2015-11-22 20:17:00 +00:00
|
|
|
$this->logger->setCollect( true );
|
|
|
|
|
$ret = $this->manager->beginAuthentication( [], 'http://localhost/' );
|
2021-11-21 19:13:24 +00:00
|
|
|
$this->assertSame( AuthenticationResponse::UI, $ret->status );
|
2015-11-22 20:17:00 +00:00
|
|
|
$ret = $this->manager->continueAuthentication( [] );
|
|
|
|
|
$this->logger->setCollect( false );
|
|
|
|
|
$this->assertSame( AuthenticationResponse::FAIL, $ret->status );
|
|
|
|
|
$this->assertInstanceOf( CreateFromLoginAuthenticationRequest::class, $ret->createRequest );
|
|
|
|
|
$this->assertSame( $req2, $ret->createRequest->createRequest );
|
|
|
|
|
$this->assertEquals( [], $ret->createRequest->maybeLink );
|
|
|
|
|
|
2016-05-26 17:09:14 +00:00
|
|
|
// Pass into beginAccountCreation(), see that maybeLink and createRequest get copied
|
|
|
|
|
$primary = $this->getMockForAbstractClass( AbstractPrimaryAuthenticationProvider::class );
|
2015-11-22 20:17:00 +00:00
|
|
|
$this->primaryauthMocks = [ $primary ];
|
|
|
|
|
$this->initializeManager( true );
|
2016-05-26 17:09:14 +00:00
|
|
|
$createReq = new CreateFromLoginAuthenticationRequest( $req3, [ $req2 ] );
|
|
|
|
|
$createReq->returnToUrl = 'http://localhost/';
|
|
|
|
|
$createReq->username = 'UTDummy';
|
|
|
|
|
$res = AuthenticationResponse::newUI( [ $req1 ], wfMessage( 'foo' ) );
|
2021-04-22 08:40:46 +00:00
|
|
|
$primary->method( 'beginPrimaryAccountCreation' )
|
2016-05-26 17:09:14 +00:00
|
|
|
->with( $this->anything(), $this->anything(), [ $userReq, $createReq, $req3 ] )
|
2021-04-22 08:28:11 +00:00
|
|
|
->willReturn( $res );
|
|
|
|
|
$primary->method( 'accountCreationType' )
|
|
|
|
|
->willReturn( PrimaryAuthenticationProvider::TYPE_CREATE );
|
2015-11-22 20:17:00 +00:00
|
|
|
$this->logger->setCollect( true );
|
|
|
|
|
$ret = $this->manager->beginAccountCreation(
|
|
|
|
|
$user, [ $userReq, $createReq ], 'http://localhost/'
|
|
|
|
|
);
|
|
|
|
|
$this->logger->setCollect( false );
|
|
|
|
|
$this->assertSame( AuthenticationResponse::UI, $ret->status );
|
2016-05-26 17:09:14 +00:00
|
|
|
$state = $this->request->getSession()->getSecret( 'AuthManager::accountCreationState' );
|
|
|
|
|
$this->assertNotNull( $state );
|
|
|
|
|
$this->assertEquals( [ $userReq, $createReq, $req3 ], $state['reqs'] );
|
|
|
|
|
$this->assertEquals( [ $req2 ], $state['maybeLink'] );
|
2015-11-22 20:17:00 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/**
|
|
|
|
|
* @dataProvider provideAuthentication
|
|
|
|
|
* @param StatusValue $preResponse
|
|
|
|
|
* @param array $primaryResponses
|
|
|
|
|
* @param array $secondaryResponses
|
|
|
|
|
* @param array $managerResponses
|
|
|
|
|
* @param bool $link Whether the primary authentication provider is a "link" provider
|
|
|
|
|
*/
|
|
|
|
|
public function testAuthentication(
|
|
|
|
|
StatusValue $preResponse, array $primaryResponses, array $secondaryResponses,
|
|
|
|
|
array $managerResponses, $link = false
|
|
|
|
|
) {
|
|
|
|
|
$this->initializeManager();
|
|
|
|
|
$user = \User::newFromName( 'UTSysop' );
|
|
|
|
|
$id = $user->getId();
|
|
|
|
|
$name = $user->getName();
|
|
|
|
|
|
|
|
|
|
// Set up lots of mocks...
|
|
|
|
|
$req = new RememberMeAuthenticationRequest;
|
|
|
|
|
$req->rememberMe = (bool)rand( 0, 1 );
|
|
|
|
|
$req->pre = $preResponse;
|
|
|
|
|
$req->primary = $primaryResponses;
|
|
|
|
|
$req->secondary = $secondaryResponses;
|
|
|
|
|
$mocks = [];
|
|
|
|
|
foreach ( [ 'pre', 'primary', 'secondary' ] as $key ) {
|
|
|
|
|
$class = ucfirst( $key ) . 'AuthenticationProvider';
|
2021-04-16 13:17:10 +00:00
|
|
|
$mocks[$key] = $this->getMockBuilder( "MediaWiki\\Auth\\Abstract$class" )
|
|
|
|
|
->setMockClassName( "MockAbstract$class" )
|
|
|
|
|
->getMock();
|
2021-04-22 08:28:11 +00:00
|
|
|
$mocks[$key]->method( 'getUniqueId' )
|
|
|
|
|
->willReturn( $key );
|
2021-04-16 13:17:10 +00:00
|
|
|
$mocks[$key . '2'] = $this->createMock( "MediaWiki\\Auth\\Abstract$class" );
|
2021-04-22 08:28:11 +00:00
|
|
|
$mocks[$key . '2']->method( 'getUniqueId' )
|
|
|
|
|
->willReturn( $key . '2' );
|
2021-04-16 13:17:10 +00:00
|
|
|
$mocks[$key . '3'] = $this->createMock( "MediaWiki\\Auth\\Abstract$class" );
|
2021-04-22 08:28:11 +00:00
|
|
|
$mocks[$key . '3']->method( 'getUniqueId' )
|
|
|
|
|
->willReturn( $key . '3' );
|
2015-11-22 20:17:00 +00:00
|
|
|
}
|
|
|
|
|
foreach ( $mocks as $mock ) {
|
2021-04-22 08:28:11 +00:00
|
|
|
$mock->method( 'getAuthenticationRequests' )
|
|
|
|
|
->willReturn( [] );
|
2015-11-22 20:17:00 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
$mocks['pre']->expects( $this->once() )->method( 'testForAuthentication' )
|
2022-06-05 23:39:02 +00:00
|
|
|
->willReturnCallback( function ( $reqs ) use ( $req ) {
|
2015-11-22 20:17:00 +00:00
|
|
|
$this->assertContains( $req, $reqs );
|
|
|
|
|
return $req->pre;
|
2022-06-05 23:39:02 +00:00
|
|
|
} );
|
2015-11-22 20:17:00 +00:00
|
|
|
|
|
|
|
|
$ct = count( $req->primary );
|
|
|
|
|
$callback = $this->returnCallback( function ( $reqs ) use ( $req ) {
|
|
|
|
|
$this->assertContains( $req, $reqs );
|
|
|
|
|
return array_shift( $req->primary );
|
|
|
|
|
} );
|
|
|
|
|
$mocks['primary']->expects( $this->exactly( min( 1, $ct ) ) )
|
|
|
|
|
->method( 'beginPrimaryAuthentication' )
|
|
|
|
|
->will( $callback );
|
|
|
|
|
$mocks['primary']->expects( $this->exactly( max( 0, $ct - 1 ) ) )
|
|
|
|
|
->method( 'continuePrimaryAuthentication' )
|
|
|
|
|
->will( $callback );
|
|
|
|
|
if ( $link ) {
|
2021-04-22 08:28:11 +00:00
|
|
|
$mocks['primary']->method( 'accountCreationType' )
|
|
|
|
|
->willReturn( PrimaryAuthenticationProvider::TYPE_LINK );
|
2015-11-22 20:17:00 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
$ct = count( $req->secondary );
|
|
|
|
|
$callback = $this->returnCallback( function ( $user, $reqs ) use ( $id, $name, $req ) {
|
|
|
|
|
$this->assertSame( $id, $user->getId() );
|
|
|
|
|
$this->assertSame( $name, $user->getName() );
|
|
|
|
|
$this->assertContains( $req, $reqs );
|
|
|
|
|
return array_shift( $req->secondary );
|
|
|
|
|
} );
|
|
|
|
|
$mocks['secondary']->expects( $this->exactly( min( 1, $ct ) ) )
|
|
|
|
|
->method( 'beginSecondaryAuthentication' )
|
|
|
|
|
->will( $callback );
|
|
|
|
|
$mocks['secondary']->expects( $this->exactly( max( 0, $ct - 1 ) ) )
|
|
|
|
|
->method( 'continueSecondaryAuthentication' )
|
|
|
|
|
->will( $callback );
|
|
|
|
|
|
|
|
|
|
$abstain = AuthenticationResponse::newAbstain();
|
|
|
|
|
$mocks['pre2']->expects( $this->atMost( 1 ) )->method( 'testForAuthentication' )
|
2021-04-22 08:28:11 +00:00
|
|
|
->willReturn( StatusValue::newGood() );
|
2015-11-22 20:17:00 +00:00
|
|
|
$mocks['primary2']->expects( $this->atMost( 1 ) )->method( 'beginPrimaryAuthentication' )
|
2021-04-22 08:28:11 +00:00
|
|
|
->willReturn( $abstain );
|
2015-11-22 20:17:00 +00:00
|
|
|
$mocks['primary2']->expects( $this->never() )->method( 'continuePrimaryAuthentication' );
|
|
|
|
|
$mocks['secondary2']->expects( $this->atMost( 1 ) )->method( 'beginSecondaryAuthentication' )
|
2021-04-22 08:28:11 +00:00
|
|
|
->willReturn( $abstain );
|
2015-11-22 20:17:00 +00:00
|
|
|
$mocks['secondary2']->expects( $this->never() )->method( 'continueSecondaryAuthentication' );
|
|
|
|
|
$mocks['secondary3']->expects( $this->atMost( 1 ) )->method( 'beginSecondaryAuthentication' )
|
2021-04-22 08:28:11 +00:00
|
|
|
->willReturn( $abstain );
|
2015-11-22 20:17:00 +00:00
|
|
|
$mocks['secondary3']->expects( $this->never() )->method( 'continueSecondaryAuthentication' );
|
|
|
|
|
|
|
|
|
|
$this->preauthMocks = [ $mocks['pre'], $mocks['pre2'] ];
|
|
|
|
|
$this->primaryauthMocks = [ $mocks['primary'], $mocks['primary2'] ];
|
|
|
|
|
$this->secondaryauthMocks = [
|
|
|
|
|
$mocks['secondary3'], $mocks['secondary'], $mocks['secondary2'],
|
|
|
|
|
// So linking happens
|
|
|
|
|
new ConfirmLinkSecondaryAuthenticationProvider,
|
|
|
|
|
];
|
|
|
|
|
$this->initializeManager( true );
|
|
|
|
|
$this->logger->setCollect( true );
|
|
|
|
|
|
2019-10-06 04:54:59 +00:00
|
|
|
$constraint = Assert::logicalOr(
|
2015-11-22 20:17:00 +00:00
|
|
|
$this->equalTo( AuthenticationResponse::PASS ),
|
|
|
|
|
$this->equalTo( AuthenticationResponse::FAIL )
|
|
|
|
|
);
|
|
|
|
|
$providers = array_filter(
|
|
|
|
|
array_merge(
|
|
|
|
|
$this->preauthMocks, $this->primaryauthMocks, $this->secondaryauthMocks
|
|
|
|
|
),
|
2021-02-06 19:30:20 +00:00
|
|
|
static function ( $p ) {
|
2015-11-22 20:17:00 +00:00
|
|
|
return is_callable( [ $p, 'expects' ] );
|
|
|
|
|
}
|
|
|
|
|
);
|
|
|
|
|
foreach ( $providers as $p ) {
|
|
|
|
|
$p->postCalled = false;
|
|
|
|
|
$p->expects( $this->atMost( 1 ) )->method( 'postAuthentication' )
|
|
|
|
|
->willReturnCallback( function ( $user, $response ) use ( $constraint, $p ) {
|
|
|
|
|
if ( $user !== null ) {
|
2018-01-13 00:02:09 +00:00
|
|
|
$this->assertInstanceOf( \User::class, $user );
|
2015-11-22 20:17:00 +00:00
|
|
|
$this->assertSame( 'UTSysop', $user->getName() );
|
|
|
|
|
}
|
|
|
|
|
$this->assertInstanceOf( AuthenticationResponse::class, $response );
|
|
|
|
|
$this->assertThat( $response->status, $constraint );
|
|
|
|
|
$p->postCalled = $response->status;
|
|
|
|
|
} );
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
$session = $this->request->getSession();
|
|
|
|
|
$session->setRememberUser( !$req->rememberMe );
|
|
|
|
|
|
|
|
|
|
foreach ( $managerResponses as $i => $response ) {
|
|
|
|
|
$success = $response instanceof AuthenticationResponse &&
|
|
|
|
|
$response->status === AuthenticationResponse::PASS;
|
|
|
|
|
if ( $success ) {
|
Hooks::run() call site migration
Migrate all callers of Hooks::run() to use the new
HookContainer/HookRunner system.
General principles:
* Use DI if it is already used. We're not changing the way state is
managed in this patch.
* HookContainer is always injected, not HookRunner. HookContainer
is a service, it's a more generic interface, it is the only
thing that provides isRegistered() which is needed in some cases,
and a HookRunner can be efficiently constructed from it
(confirmed by benchmark). Because HookContainer is needed
for object construction, it is also needed by all factories.
* "Ask your friendly local base class". Big hierarchies like
SpecialPage and ApiBase have getHookContainer() and getHookRunner()
methods in the base class, and classes that extend that base class
are not expected to know or care where the base class gets its
HookContainer from.
* ProtectedHookAccessorTrait provides protected getHookContainer() and
getHookRunner() methods, getting them from the global service
container. The point of this is to ease migration to DI by ensuring
that call sites ask their local friendly base class rather than
getting a HookRunner from the service container directly.
* Private $this->hookRunner. In some smaller classes where accessor
methods did not seem warranted, there is a private HookRunner property
which is accessed directly. Very rarely (two cases), there is a
protected property, for consistency with code that conventionally
assumes protected=private, but in cases where the class might actually
be overridden, a protected accessor is preferred over a protected
property.
* The last resort: Hooks::runner(). Mostly for static, file-scope and
global code. In a few cases it was used for objects with broken
construction schemes, out of horror or laziness.
Constructors with new required arguments:
* AuthManager
* BadFileLookup
* BlockManager
* ClassicInterwikiLookup
* ContentHandlerFactory
* ContentSecurityPolicy
* DefaultOptionsManager
* DerivedPageDataUpdater
* FullSearchResultWidget
* HtmlCacheUpdater
* LanguageFactory
* LanguageNameUtils
* LinkRenderer
* LinkRendererFactory
* LocalisationCache
* MagicWordFactory
* MessageCache
* NamespaceInfo
* PageEditStash
* PageHandlerFactory
* PageUpdater
* ParserFactory
* PermissionManager
* RevisionStore
* RevisionStoreFactory
* SearchEngineConfig
* SearchEngineFactory
* SearchFormWidget
* SearchNearMatcher
* SessionBackend
* SpecialPageFactory
* UserNameUtils
* UserOptionsManager
* WatchedItemQueryService
* WatchedItemStore
Constructors with new optional arguments:
* DefaultPreferencesFactory
* Language
* LinkHolderArray
* MovePage
* Parser
* ParserCache
* PasswordReset
* Router
setHookContainer() now required after construction:
* AuthenticationProvider
* ResourceLoaderModule
* SearchEngine
Change-Id: Id442b0dbe43aba84bd5cf801d86dedc768b082c7
2020-03-19 02:42:09 +00:00
|
|
|
$this->hook( 'UserLoggedIn', UserLoggedInHook::class, $this->once() )
|
2021-02-07 13:10:36 +00:00
|
|
|
->with( $this->callback( static function ( $user ) use ( $id, $name ) {
|
2015-11-22 20:17:00 +00:00
|
|
|
return $user->getId() === $id && $user->getName() === $name;
|
|
|
|
|
} ) );
|
|
|
|
|
} else {
|
Hooks::run() call site migration
Migrate all callers of Hooks::run() to use the new
HookContainer/HookRunner system.
General principles:
* Use DI if it is already used. We're not changing the way state is
managed in this patch.
* HookContainer is always injected, not HookRunner. HookContainer
is a service, it's a more generic interface, it is the only
thing that provides isRegistered() which is needed in some cases,
and a HookRunner can be efficiently constructed from it
(confirmed by benchmark). Because HookContainer is needed
for object construction, it is also needed by all factories.
* "Ask your friendly local base class". Big hierarchies like
SpecialPage and ApiBase have getHookContainer() and getHookRunner()
methods in the base class, and classes that extend that base class
are not expected to know or care where the base class gets its
HookContainer from.
* ProtectedHookAccessorTrait provides protected getHookContainer() and
getHookRunner() methods, getting them from the global service
container. The point of this is to ease migration to DI by ensuring
that call sites ask their local friendly base class rather than
getting a HookRunner from the service container directly.
* Private $this->hookRunner. In some smaller classes where accessor
methods did not seem warranted, there is a private HookRunner property
which is accessed directly. Very rarely (two cases), there is a
protected property, for consistency with code that conventionally
assumes protected=private, but in cases where the class might actually
be overridden, a protected accessor is preferred over a protected
property.
* The last resort: Hooks::runner(). Mostly for static, file-scope and
global code. In a few cases it was used for objects with broken
construction schemes, out of horror or laziness.
Constructors with new required arguments:
* AuthManager
* BadFileLookup
* BlockManager
* ClassicInterwikiLookup
* ContentHandlerFactory
* ContentSecurityPolicy
* DefaultOptionsManager
* DerivedPageDataUpdater
* FullSearchResultWidget
* HtmlCacheUpdater
* LanguageFactory
* LanguageNameUtils
* LinkRenderer
* LinkRendererFactory
* LocalisationCache
* MagicWordFactory
* MessageCache
* NamespaceInfo
* PageEditStash
* PageHandlerFactory
* PageUpdater
* ParserFactory
* PermissionManager
* RevisionStore
* RevisionStoreFactory
* SearchEngineConfig
* SearchEngineFactory
* SearchFormWidget
* SearchNearMatcher
* SessionBackend
* SpecialPageFactory
* UserNameUtils
* UserOptionsManager
* WatchedItemQueryService
* WatchedItemStore
Constructors with new optional arguments:
* DefaultPreferencesFactory
* Language
* LinkHolderArray
* MovePage
* Parser
* ParserCache
* PasswordReset
* Router
setHookContainer() now required after construction:
* AuthenticationProvider
* ResourceLoaderModule
* SearchEngine
Change-Id: Id442b0dbe43aba84bd5cf801d86dedc768b082c7
2020-03-19 02:42:09 +00:00
|
|
|
$this->hook( 'UserLoggedIn', UserLoggedInHook::class, $this->never() );
|
2015-11-22 20:17:00 +00:00
|
|
|
}
|
|
|
|
|
if ( $success || (
|
|
|
|
|
$response instanceof AuthenticationResponse &&
|
|
|
|
|
$response->status === AuthenticationResponse::FAIL &&
|
|
|
|
|
$response->message->getKey() !== 'authmanager-authn-not-in-progress' &&
|
|
|
|
|
$response->message->getKey() !== 'authmanager-authn-no-primary'
|
|
|
|
|
)
|
|
|
|
|
) {
|
Hooks::run() call site migration
Migrate all callers of Hooks::run() to use the new
HookContainer/HookRunner system.
General principles:
* Use DI if it is already used. We're not changing the way state is
managed in this patch.
* HookContainer is always injected, not HookRunner. HookContainer
is a service, it's a more generic interface, it is the only
thing that provides isRegistered() which is needed in some cases,
and a HookRunner can be efficiently constructed from it
(confirmed by benchmark). Because HookContainer is needed
for object construction, it is also needed by all factories.
* "Ask your friendly local base class". Big hierarchies like
SpecialPage and ApiBase have getHookContainer() and getHookRunner()
methods in the base class, and classes that extend that base class
are not expected to know or care where the base class gets its
HookContainer from.
* ProtectedHookAccessorTrait provides protected getHookContainer() and
getHookRunner() methods, getting them from the global service
container. The point of this is to ease migration to DI by ensuring
that call sites ask their local friendly base class rather than
getting a HookRunner from the service container directly.
* Private $this->hookRunner. In some smaller classes where accessor
methods did not seem warranted, there is a private HookRunner property
which is accessed directly. Very rarely (two cases), there is a
protected property, for consistency with code that conventionally
assumes protected=private, but in cases where the class might actually
be overridden, a protected accessor is preferred over a protected
property.
* The last resort: Hooks::runner(). Mostly for static, file-scope and
global code. In a few cases it was used for objects with broken
construction schemes, out of horror or laziness.
Constructors with new required arguments:
* AuthManager
* BadFileLookup
* BlockManager
* ClassicInterwikiLookup
* ContentHandlerFactory
* ContentSecurityPolicy
* DefaultOptionsManager
* DerivedPageDataUpdater
* FullSearchResultWidget
* HtmlCacheUpdater
* LanguageFactory
* LanguageNameUtils
* LinkRenderer
* LinkRendererFactory
* LocalisationCache
* MagicWordFactory
* MessageCache
* NamespaceInfo
* PageEditStash
* PageHandlerFactory
* PageUpdater
* ParserFactory
* PermissionManager
* RevisionStore
* RevisionStoreFactory
* SearchEngineConfig
* SearchEngineFactory
* SearchFormWidget
* SearchNearMatcher
* SessionBackend
* SpecialPageFactory
* UserNameUtils
* UserOptionsManager
* WatchedItemQueryService
* WatchedItemStore
Constructors with new optional arguments:
* DefaultPreferencesFactory
* Language
* LinkHolderArray
* MovePage
* Parser
* ParserCache
* PasswordReset
* Router
setHookContainer() now required after construction:
* AuthenticationProvider
* ResourceLoaderModule
* SearchEngine
Change-Id: Id442b0dbe43aba84bd5cf801d86dedc768b082c7
2020-03-19 02:42:09 +00:00
|
|
|
$this->hook( 'AuthManagerLoginAuthenticateAudit',
|
|
|
|
|
AuthManagerLoginAuthenticateAuditHook::class, $this->once() );
|
2015-11-22 20:17:00 +00:00
|
|
|
} else {
|
Hooks::run() call site migration
Migrate all callers of Hooks::run() to use the new
HookContainer/HookRunner system.
General principles:
* Use DI if it is already used. We're not changing the way state is
managed in this patch.
* HookContainer is always injected, not HookRunner. HookContainer
is a service, it's a more generic interface, it is the only
thing that provides isRegistered() which is needed in some cases,
and a HookRunner can be efficiently constructed from it
(confirmed by benchmark). Because HookContainer is needed
for object construction, it is also needed by all factories.
* "Ask your friendly local base class". Big hierarchies like
SpecialPage and ApiBase have getHookContainer() and getHookRunner()
methods in the base class, and classes that extend that base class
are not expected to know or care where the base class gets its
HookContainer from.
* ProtectedHookAccessorTrait provides protected getHookContainer() and
getHookRunner() methods, getting them from the global service
container. The point of this is to ease migration to DI by ensuring
that call sites ask their local friendly base class rather than
getting a HookRunner from the service container directly.
* Private $this->hookRunner. In some smaller classes where accessor
methods did not seem warranted, there is a private HookRunner property
which is accessed directly. Very rarely (two cases), there is a
protected property, for consistency with code that conventionally
assumes protected=private, but in cases where the class might actually
be overridden, a protected accessor is preferred over a protected
property.
* The last resort: Hooks::runner(). Mostly for static, file-scope and
global code. In a few cases it was used for objects with broken
construction schemes, out of horror or laziness.
Constructors with new required arguments:
* AuthManager
* BadFileLookup
* BlockManager
* ClassicInterwikiLookup
* ContentHandlerFactory
* ContentSecurityPolicy
* DefaultOptionsManager
* DerivedPageDataUpdater
* FullSearchResultWidget
* HtmlCacheUpdater
* LanguageFactory
* LanguageNameUtils
* LinkRenderer
* LinkRendererFactory
* LocalisationCache
* MagicWordFactory
* MessageCache
* NamespaceInfo
* PageEditStash
* PageHandlerFactory
* PageUpdater
* ParserFactory
* PermissionManager
* RevisionStore
* RevisionStoreFactory
* SearchEngineConfig
* SearchEngineFactory
* SearchFormWidget
* SearchNearMatcher
* SessionBackend
* SpecialPageFactory
* UserNameUtils
* UserOptionsManager
* WatchedItemQueryService
* WatchedItemStore
Constructors with new optional arguments:
* DefaultPreferencesFactory
* Language
* LinkHolderArray
* MovePage
* Parser
* ParserCache
* PasswordReset
* Router
setHookContainer() now required after construction:
* AuthenticationProvider
* ResourceLoaderModule
* SearchEngine
Change-Id: Id442b0dbe43aba84bd5cf801d86dedc768b082c7
2020-03-19 02:42:09 +00:00
|
|
|
$this->hook( 'AuthManagerLoginAuthenticateAudit',
|
|
|
|
|
AuthManagerLoginAuthenticateAuditHook::class, $this->never() );
|
2015-11-22 20:17:00 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
$ex = null;
|
|
|
|
|
try {
|
|
|
|
|
if ( !$i ) {
|
|
|
|
|
$ret = $this->manager->beginAuthentication( [ $req ], 'http://localhost/' );
|
|
|
|
|
} else {
|
|
|
|
|
$ret = $this->manager->continueAuthentication( [ $req ] );
|
|
|
|
|
}
|
|
|
|
|
if ( $response instanceof \Exception ) {
|
|
|
|
|
$this->fail( 'Expected exception not thrown', "Response $i" );
|
|
|
|
|
}
|
|
|
|
|
} catch ( \Exception $ex ) {
|
|
|
|
|
if ( !$response instanceof \Exception ) {
|
|
|
|
|
throw $ex;
|
|
|
|
|
}
|
|
|
|
|
$this->assertEquals( $response->getMessage(), $ex->getMessage(), "Response $i, exception" );
|
|
|
|
|
$this->assertNull( $session->getSecret( 'AuthManager::authnState' ),
|
|
|
|
|
"Response $i, exception, session state" );
|
|
|
|
|
$this->unhook( 'UserLoggedIn' );
|
|
|
|
|
$this->unhook( 'AuthManagerLoginAuthenticateAudit' );
|
|
|
|
|
return;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
$this->unhook( 'UserLoggedIn' );
|
|
|
|
|
$this->unhook( 'AuthManagerLoginAuthenticateAudit' );
|
|
|
|
|
|
|
|
|
|
$this->assertSame( 'http://localhost/', $req->returnToUrl );
|
|
|
|
|
|
|
|
|
|
$ret->message = $this->message( $ret->message );
|
2018-08-01 12:40:47 +00:00
|
|
|
$this->assertResponseEquals( $response, $ret, "Response $i, response" );
|
2015-11-22 20:17:00 +00:00
|
|
|
if ( $success ) {
|
|
|
|
|
$this->assertSame( $id, $session->getUser()->getId(),
|
|
|
|
|
"Response $i, authn" );
|
|
|
|
|
} else {
|
|
|
|
|
$this->assertSame( 0, $session->getUser()->getId(),
|
|
|
|
|
"Response $i, authn" );
|
|
|
|
|
}
|
|
|
|
|
if ( $success || $response->status === AuthenticationResponse::FAIL ) {
|
|
|
|
|
$this->assertNull( $session->getSecret( 'AuthManager::authnState' ),
|
|
|
|
|
"Response $i, session state" );
|
|
|
|
|
foreach ( $providers as $p ) {
|
|
|
|
|
$this->assertSame( $response->status, $p->postCalled,
|
|
|
|
|
"Response $i, post-auth callback called" );
|
|
|
|
|
}
|
|
|
|
|
} else {
|
|
|
|
|
$this->assertNotNull( $session->getSecret( 'AuthManager::authnState' ),
|
|
|
|
|
"Response $i, session state" );
|
2016-06-01 15:58:44 +00:00
|
|
|
foreach ( $ret->neededRequests as $neededReq ) {
|
|
|
|
|
$this->assertEquals( AuthManager::ACTION_LOGIN, $neededReq->action,
|
|
|
|
|
"Response $i, neededRequest action" );
|
|
|
|
|
}
|
2015-11-22 20:17:00 +00:00
|
|
|
$this->assertEquals(
|
|
|
|
|
$ret->neededRequests,
|
|
|
|
|
$this->manager->getAuthenticationRequests( AuthManager::ACTION_LOGIN_CONTINUE ),
|
|
|
|
|
"Response $i, continuation check"
|
|
|
|
|
);
|
|
|
|
|
foreach ( $providers as $p ) {
|
|
|
|
|
$this->assertFalse( $p->postCalled, "Response $i, post-auth callback not called" );
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
$state = $session->getSecret( 'AuthManager::authnState' );
|
2017-10-06 22:17:58 +00:00
|
|
|
$maybeLink = $state['maybeLink'] ?? [];
|
2015-11-22 20:17:00 +00:00
|
|
|
if ( $link && $response->status === AuthenticationResponse::RESTART ) {
|
|
|
|
|
$this->assertEquals(
|
|
|
|
|
$response->createRequest->maybeLink,
|
|
|
|
|
$maybeLink,
|
|
|
|
|
"Response $i, maybeLink"
|
|
|
|
|
);
|
|
|
|
|
} else {
|
|
|
|
|
$this->assertEquals( [], $maybeLink, "Response $i, maybeLink" );
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if ( $success ) {
|
|
|
|
|
$this->assertSame( $req->rememberMe, $session->shouldRememberUser(),
|
|
|
|
|
'rememberMe checkbox had effect' );
|
|
|
|
|
} else {
|
|
|
|
|
$this->assertNotSame( $req->rememberMe, $session->shouldRememberUser(),
|
|
|
|
|
'rememberMe checkbox wasn\'t applied' );
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
public function provideAuthentication() {
|
|
|
|
|
$rememberReq = new RememberMeAuthenticationRequest;
|
|
|
|
|
$rememberReq->action = AuthManager::ACTION_LOGIN;
|
|
|
|
|
|
|
|
|
|
$req = $this->getMockForAbstractClass( AuthenticationRequest::class );
|
|
|
|
|
$req->foobar = 'baz';
|
|
|
|
|
$restartResponse = AuthenticationResponse::newRestart(
|
|
|
|
|
$this->message( 'authmanager-authn-no-local-user' )
|
|
|
|
|
);
|
|
|
|
|
$restartResponse->neededRequests = [ $rememberReq ];
|
|
|
|
|
|
|
|
|
|
$restartResponse2Pass = AuthenticationResponse::newPass( null );
|
|
|
|
|
$restartResponse2Pass->linkRequest = $req;
|
|
|
|
|
$restartResponse2 = AuthenticationResponse::newRestart(
|
|
|
|
|
$this->message( 'authmanager-authn-no-local-user-link' )
|
|
|
|
|
);
|
|
|
|
|
$restartResponse2->createRequest = new CreateFromLoginAuthenticationRequest(
|
|
|
|
|
null, [ $req->getUniqueId() => $req ]
|
|
|
|
|
);
|
2016-06-01 15:58:44 +00:00
|
|
|
$restartResponse2->createRequest->action = AuthManager::ACTION_LOGIN;
|
2015-11-22 20:17:00 +00:00
|
|
|
$restartResponse2->neededRequests = [ $rememberReq, $restartResponse2->createRequest ];
|
|
|
|
|
|
2017-03-18 18:26:25 +00:00
|
|
|
$userName = 'UTSysop';
|
|
|
|
|
|
2015-11-22 20:17:00 +00:00
|
|
|
return [
|
|
|
|
|
'Failure in pre-auth' => [
|
|
|
|
|
StatusValue::newFatal( 'fail-from-pre' ),
|
|
|
|
|
[],
|
|
|
|
|
[],
|
|
|
|
|
[
|
|
|
|
|
AuthenticationResponse::newFail( $this->message( 'fail-from-pre' ) ),
|
|
|
|
|
AuthenticationResponse::newFail(
|
|
|
|
|
$this->message( 'authmanager-authn-not-in-progress' )
|
|
|
|
|
),
|
|
|
|
|
]
|
|
|
|
|
],
|
|
|
|
|
'Failure in primary' => [
|
|
|
|
|
StatusValue::newGood(),
|
|
|
|
|
$tmp = [
|
|
|
|
|
AuthenticationResponse::newFail( $this->message( 'fail-from-primary' ) ),
|
|
|
|
|
],
|
|
|
|
|
[],
|
|
|
|
|
$tmp
|
|
|
|
|
],
|
|
|
|
|
'All primary abstain' => [
|
|
|
|
|
StatusValue::newGood(),
|
|
|
|
|
[
|
|
|
|
|
AuthenticationResponse::newAbstain(),
|
|
|
|
|
],
|
|
|
|
|
[],
|
|
|
|
|
[
|
|
|
|
|
AuthenticationResponse::newFail( $this->message( 'authmanager-authn-no-primary' ) )
|
|
|
|
|
]
|
|
|
|
|
],
|
|
|
|
|
'Primary UI, then redirect, then fail' => [
|
|
|
|
|
StatusValue::newGood(),
|
|
|
|
|
$tmp = [
|
|
|
|
|
AuthenticationResponse::newUI( [ $req ], $this->message( '...' ) ),
|
|
|
|
|
AuthenticationResponse::newRedirect( [ $req ], '/foo.html', [ 'foo' => 'bar' ] ),
|
|
|
|
|
AuthenticationResponse::newFail( $this->message( 'fail-in-primary-continue' ) ),
|
|
|
|
|
],
|
|
|
|
|
[],
|
|
|
|
|
$tmp
|
|
|
|
|
],
|
|
|
|
|
'Primary redirect, then abstain' => [
|
|
|
|
|
StatusValue::newGood(),
|
|
|
|
|
[
|
|
|
|
|
$tmp = AuthenticationResponse::newRedirect(
|
|
|
|
|
[ $req ], '/foo.html', [ 'foo' => 'bar' ]
|
|
|
|
|
),
|
|
|
|
|
AuthenticationResponse::newAbstain(),
|
|
|
|
|
],
|
|
|
|
|
[],
|
|
|
|
|
[
|
|
|
|
|
$tmp,
|
|
|
|
|
new \DomainException(
|
2021-04-16 13:17:10 +00:00
|
|
|
'MockAbstractPrimaryAuthenticationProvider::continuePrimaryAuthentication() returned ABSTAIN'
|
2015-11-22 20:17:00 +00:00
|
|
|
)
|
|
|
|
|
]
|
|
|
|
|
],
|
|
|
|
|
'Primary UI, then pass with no local user' => [
|
|
|
|
|
StatusValue::newGood(),
|
|
|
|
|
[
|
|
|
|
|
$tmp = AuthenticationResponse::newUI( [ $req ], $this->message( '...' ) ),
|
|
|
|
|
AuthenticationResponse::newPass( null ),
|
|
|
|
|
],
|
|
|
|
|
[],
|
|
|
|
|
[
|
|
|
|
|
$tmp,
|
|
|
|
|
$restartResponse,
|
|
|
|
|
]
|
|
|
|
|
],
|
|
|
|
|
'Primary UI, then pass with no local user (link type)' => [
|
|
|
|
|
StatusValue::newGood(),
|
|
|
|
|
[
|
|
|
|
|
$tmp = AuthenticationResponse::newUI( [ $req ], $this->message( '...' ) ),
|
|
|
|
|
$restartResponse2Pass,
|
|
|
|
|
],
|
|
|
|
|
[],
|
|
|
|
|
[
|
|
|
|
|
$tmp,
|
|
|
|
|
$restartResponse2,
|
|
|
|
|
],
|
|
|
|
|
true
|
|
|
|
|
],
|
|
|
|
|
'Primary pass with invalid username' => [
|
|
|
|
|
StatusValue::newGood(),
|
|
|
|
|
[
|
|
|
|
|
AuthenticationResponse::newPass( '<>' ),
|
|
|
|
|
],
|
|
|
|
|
[],
|
|
|
|
|
[
|
2021-04-16 13:17:10 +00:00
|
|
|
new \DomainException(
|
|
|
|
|
'MockAbstractPrimaryAuthenticationProvider returned an invalid username: <>'
|
|
|
|
|
),
|
2015-11-22 20:17:00 +00:00
|
|
|
]
|
|
|
|
|
],
|
|
|
|
|
'Secondary fail' => [
|
|
|
|
|
StatusValue::newGood(),
|
|
|
|
|
[
|
2017-03-18 18:26:25 +00:00
|
|
|
AuthenticationResponse::newPass( $userName ),
|
2015-11-22 20:17:00 +00:00
|
|
|
],
|
|
|
|
|
$tmp = [
|
|
|
|
|
AuthenticationResponse::newFail( $this->message( 'fail-in-secondary' ) ),
|
|
|
|
|
],
|
|
|
|
|
$tmp
|
|
|
|
|
],
|
|
|
|
|
'Secondary UI, then abstain' => [
|
|
|
|
|
StatusValue::newGood(),
|
|
|
|
|
[
|
2017-03-18 18:26:25 +00:00
|
|
|
AuthenticationResponse::newPass( $userName ),
|
2015-11-22 20:17:00 +00:00
|
|
|
],
|
|
|
|
|
[
|
|
|
|
|
$tmp = AuthenticationResponse::newUI( [ $req ], $this->message( '...' ) ),
|
|
|
|
|
AuthenticationResponse::newAbstain()
|
|
|
|
|
],
|
|
|
|
|
[
|
|
|
|
|
$tmp,
|
2017-03-18 18:26:25 +00:00
|
|
|
AuthenticationResponse::newPass( $userName ),
|
2015-11-22 20:17:00 +00:00
|
|
|
]
|
|
|
|
|
],
|
|
|
|
|
'Secondary pass' => [
|
|
|
|
|
StatusValue::newGood(),
|
|
|
|
|
[
|
2017-03-18 18:26:25 +00:00
|
|
|
AuthenticationResponse::newPass( $userName ),
|
2015-11-22 20:17:00 +00:00
|
|
|
],
|
|
|
|
|
[
|
|
|
|
|
AuthenticationResponse::newPass()
|
|
|
|
|
],
|
|
|
|
|
[
|
2017-03-18 18:26:25 +00:00
|
|
|
AuthenticationResponse::newPass( $userName ),
|
2015-11-22 20:17:00 +00:00
|
|
|
]
|
|
|
|
|
],
|
|
|
|
|
];
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/**
|
|
|
|
|
* @dataProvider provideUserExists
|
|
|
|
|
* @param bool $primary1Exists
|
|
|
|
|
* @param bool $primary2Exists
|
|
|
|
|
* @param bool $expect
|
|
|
|
|
*/
|
|
|
|
|
public function testUserExists( $primary1Exists, $primary2Exists, $expect ) {
|
2021-04-16 13:17:10 +00:00
|
|
|
$mock1 = $this->createMock( AbstractPrimaryAuthenticationProvider::class );
|
2021-04-22 07:56:11 +00:00
|
|
|
$mock1->method( 'getUniqueId' )
|
|
|
|
|
->willReturn( 'primary1' );
|
|
|
|
|
$mock1->method( 'testUserExists' )
|
|
|
|
|
->with( 'UTSysop' )
|
|
|
|
|
->willReturn( $primary1Exists );
|
2021-04-16 13:17:10 +00:00
|
|
|
$mock2 = $this->createMock( AbstractPrimaryAuthenticationProvider::class );
|
2021-04-22 07:56:11 +00:00
|
|
|
$mock2->method( 'getUniqueId' )
|
|
|
|
|
->willReturn( 'primary2' );
|
|
|
|
|
$mock2->method( 'testUserExists' )
|
|
|
|
|
->with( 'UTSysop' )
|
|
|
|
|
->willReturn( $primary2Exists );
|
2015-11-22 20:17:00 +00:00
|
|
|
$this->primaryauthMocks = [ $mock1, $mock2 ];
|
|
|
|
|
|
|
|
|
|
$this->initializeManager( true );
|
|
|
|
|
$this->assertSame( $expect, $this->manager->userExists( 'UTSysop' ) );
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
public static function provideUserExists() {
|
|
|
|
|
return [
|
|
|
|
|
[ false, false, false ],
|
|
|
|
|
[ true, false, true ],
|
|
|
|
|
[ false, true, true ],
|
|
|
|
|
[ true, true, true ],
|
|
|
|
|
];
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/**
|
|
|
|
|
* @dataProvider provideAllowsAuthenticationDataChange
|
|
|
|
|
* @param StatusValue $primaryReturn
|
|
|
|
|
* @param StatusValue $secondaryReturn
|
|
|
|
|
* @param Status $expect
|
|
|
|
|
*/
|
|
|
|
|
public function testAllowsAuthenticationDataChange( $primaryReturn, $secondaryReturn, $expect ) {
|
|
|
|
|
$req = $this->getMockForAbstractClass( AuthenticationRequest::class );
|
|
|
|
|
|
2021-04-16 13:17:10 +00:00
|
|
|
$mock1 = $this->createMock( AbstractPrimaryAuthenticationProvider::class );
|
2021-04-22 07:56:11 +00:00
|
|
|
$mock1->method( 'getUniqueId' )->willReturn( '1' );
|
|
|
|
|
$mock1->method( 'providerAllowsAuthenticationDataChange' )
|
|
|
|
|
->with( $req )
|
|
|
|
|
->willReturn( $primaryReturn );
|
2021-04-16 13:17:10 +00:00
|
|
|
$mock2 = $this->createMock( AbstractSecondaryAuthenticationProvider::class );
|
2021-04-22 07:56:11 +00:00
|
|
|
$mock2->method( 'getUniqueId' )->willReturn( '2' );
|
|
|
|
|
$mock2->method( 'providerAllowsAuthenticationDataChange' )
|
|
|
|
|
->with( $req )
|
|
|
|
|
->willReturn( $secondaryReturn );
|
2015-11-22 20:17:00 +00:00
|
|
|
|
|
|
|
|
$this->primaryauthMocks = [ $mock1 ];
|
|
|
|
|
$this->secondaryauthMocks = [ $mock2 ];
|
|
|
|
|
$this->initializeManager( true );
|
|
|
|
|
$this->assertEquals( $expect, $this->manager->allowsAuthenticationDataChange( $req ) );
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
public static function provideAllowsAuthenticationDataChange() {
|
2021-04-21 16:25:17 +00:00
|
|
|
$ignored = Status::newGood( 'ignored' );
|
2015-11-22 20:17:00 +00:00
|
|
|
$ignored->warning( 'authmanager-change-not-supported' );
|
|
|
|
|
|
|
|
|
|
$okFromPrimary = StatusValue::newGood();
|
|
|
|
|
$okFromPrimary->warning( 'warning-from-primary' );
|
|
|
|
|
$okFromSecondary = StatusValue::newGood();
|
|
|
|
|
$okFromSecondary->warning( 'warning-from-secondary' );
|
|
|
|
|
|
2020-03-10 21:11:50 +00:00
|
|
|
$throttledMailPassword = \StatusValue::newFatal( 'throttled-mailpassword' );
|
|
|
|
|
|
2015-11-22 20:17:00 +00:00
|
|
|
return [
|
|
|
|
|
[
|
|
|
|
|
StatusValue::newGood(),
|
|
|
|
|
StatusValue::newGood(),
|
2021-04-21 16:25:17 +00:00
|
|
|
Status::newGood(),
|
2015-11-22 20:17:00 +00:00
|
|
|
],
|
|
|
|
|
[
|
|
|
|
|
StatusValue::newGood(),
|
|
|
|
|
StatusValue::newGood( 'ignore' ),
|
2021-04-21 16:25:17 +00:00
|
|
|
Status::newGood(),
|
2015-11-22 20:17:00 +00:00
|
|
|
],
|
|
|
|
|
[
|
|
|
|
|
StatusValue::newGood( 'ignored' ),
|
|
|
|
|
StatusValue::newGood(),
|
2021-04-21 16:25:17 +00:00
|
|
|
Status::newGood(),
|
2015-11-22 20:17:00 +00:00
|
|
|
],
|
|
|
|
|
[
|
|
|
|
|
StatusValue::newGood( 'ignored' ),
|
|
|
|
|
StatusValue::newGood( 'ignored' ),
|
|
|
|
|
$ignored,
|
|
|
|
|
],
|
|
|
|
|
[
|
|
|
|
|
StatusValue::newFatal( 'fail from primary' ),
|
|
|
|
|
StatusValue::newGood(),
|
2021-04-21 16:25:17 +00:00
|
|
|
Status::newFatal( 'fail from primary' ),
|
2015-11-22 20:17:00 +00:00
|
|
|
],
|
|
|
|
|
[
|
|
|
|
|
$okFromPrimary,
|
|
|
|
|
StatusValue::newGood(),
|
2021-04-21 16:25:17 +00:00
|
|
|
Status::wrap( $okFromPrimary ),
|
2015-11-22 20:17:00 +00:00
|
|
|
],
|
|
|
|
|
[
|
|
|
|
|
StatusValue::newGood(),
|
|
|
|
|
StatusValue::newFatal( 'fail from secondary' ),
|
2021-04-21 16:25:17 +00:00
|
|
|
Status::newFatal( 'fail from secondary' ),
|
2015-11-22 20:17:00 +00:00
|
|
|
],
|
|
|
|
|
[
|
|
|
|
|
StatusValue::newGood(),
|
|
|
|
|
$okFromSecondary,
|
2021-04-21 16:25:17 +00:00
|
|
|
Status::wrap( $okFromSecondary ),
|
2015-11-22 20:17:00 +00:00
|
|
|
],
|
2020-03-10 21:11:50 +00:00
|
|
|
[
|
|
|
|
|
StatusValue::newGood(),
|
|
|
|
|
$throttledMailPassword,
|
2021-04-21 16:25:17 +00:00
|
|
|
Status::newGood( 'throttled-mailpassword' ),
|
2020-03-10 21:11:50 +00:00
|
|
|
]
|
2015-11-22 20:17:00 +00:00
|
|
|
];
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
public function testChangeAuthenticationData() {
|
|
|
|
|
$req = $this->getMockForAbstractClass( AuthenticationRequest::class );
|
|
|
|
|
$req->username = 'UTSysop';
|
|
|
|
|
|
2021-04-16 13:17:10 +00:00
|
|
|
$mock1 = $this->createMock( AbstractPrimaryAuthenticationProvider::class );
|
2021-04-22 08:28:11 +00:00
|
|
|
$mock1->method( 'getUniqueId' )->willReturn( '1' );
|
2015-11-22 20:17:00 +00:00
|
|
|
$mock1->expects( $this->once() )->method( 'providerChangeAuthenticationData' )
|
2021-04-22 07:56:11 +00:00
|
|
|
->with( $req );
|
2021-04-16 13:17:10 +00:00
|
|
|
$mock2 = $this->createMock( AbstractPrimaryAuthenticationProvider::class );
|
2021-04-22 08:28:11 +00:00
|
|
|
$mock2->method( 'getUniqueId' )->willReturn( '2' );
|
2015-11-22 20:17:00 +00:00
|
|
|
$mock2->expects( $this->once() )->method( 'providerChangeAuthenticationData' )
|
2021-04-22 07:56:11 +00:00
|
|
|
->with( $req );
|
2015-11-22 20:17:00 +00:00
|
|
|
|
|
|
|
|
$this->primaryauthMocks = [ $mock1, $mock2 ];
|
|
|
|
|
$this->initializeManager( true );
|
|
|
|
|
$this->logger->setCollect( true );
|
|
|
|
|
$this->manager->changeAuthenticationData( $req );
|
|
|
|
|
$this->assertSame( [
|
|
|
|
|
[ LogLevel::INFO, 'Changing authentication data for {user} class {what}' ],
|
|
|
|
|
], $this->logger->getBuffer() );
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
public function testCanCreateAccounts() {
|
|
|
|
|
$types = [
|
|
|
|
|
PrimaryAuthenticationProvider::TYPE_CREATE => true,
|
|
|
|
|
PrimaryAuthenticationProvider::TYPE_LINK => true,
|
|
|
|
|
PrimaryAuthenticationProvider::TYPE_NONE => false,
|
|
|
|
|
];
|
|
|
|
|
|
|
|
|
|
foreach ( $types as $type => $can ) {
|
2021-04-16 13:17:10 +00:00
|
|
|
$mock = $this->createMock( AbstractPrimaryAuthenticationProvider::class );
|
2021-04-22 08:28:11 +00:00
|
|
|
$mock->method( 'getUniqueId' )->willReturn( $type );
|
|
|
|
|
$mock->method( 'accountCreationType' )
|
|
|
|
|
->willReturn( $type );
|
2015-11-22 20:17:00 +00:00
|
|
|
$this->primaryauthMocks = [ $mock ];
|
|
|
|
|
$this->initializeManager( true );
|
|
|
|
|
$this->assertSame( $can, $this->manager->canCreateAccounts(), $type );
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
2021-04-21 16:25:17 +00:00
|
|
|
/**
|
2021-05-24 13:40:37 +00:00
|
|
|
* @covers \MediaWiki\Auth\AuthManager::probablyCanCreateAccount()
|
2021-04-21 16:25:17 +00:00
|
|
|
*/
|
2021-05-24 13:40:37 +00:00
|
|
|
public function testProbablyCanCreateAccount() {
|
2018-10-07 12:26:18 +00:00
|
|
|
$this->setGroupPermissions( '*', 'createaccount', true );
|
2020-02-20 09:45:13 +00:00
|
|
|
$this->initializeManager( true );
|
2015-11-22 20:17:00 +00:00
|
|
|
$this->assertEquals(
|
2021-05-24 13:40:37 +00:00
|
|
|
StatusValue::newGood(),
|
|
|
|
|
$this->manager->probablyCanCreateAccount( new \User )
|
2015-11-22 20:17:00 +00:00
|
|
|
);
|
2021-04-21 16:25:17 +00:00
|
|
|
}
|
2015-11-22 20:17:00 +00:00
|
|
|
|
2021-04-21 16:25:17 +00:00
|
|
|
/**
|
2021-05-24 13:40:37 +00:00
|
|
|
* @covers \MediaWiki\Auth\AuthManager::authorizeCreateAccount()
|
2021-04-21 16:25:17 +00:00
|
|
|
*/
|
2021-05-24 13:40:37 +00:00
|
|
|
public function testAuthorizeCreateAccount_anon() {
|
|
|
|
|
$this->setGroupPermissions( '*', 'createaccount', true );
|
|
|
|
|
$this->initializeManager( true );
|
|
|
|
|
$this->assertEquals(
|
|
|
|
|
StatusValue::newGood(),
|
|
|
|
|
$this->manager->authorizeCreateAccount( new \User )
|
|
|
|
|
);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/**
|
|
|
|
|
* @covers \MediaWiki\Auth\AuthManager::authorizeCreateAccount()
|
|
|
|
|
*/
|
|
|
|
|
public function testAuthorizeCreateAccount_anonNotAllowed() {
|
2021-04-21 16:25:17 +00:00
|
|
|
$this->setGroupPermissions( '*', 'createaccount', false );
|
|
|
|
|
$this->initializeManager( true );
|
2021-05-24 13:40:37 +00:00
|
|
|
$status = $this->manager->authorizeCreateAccount( new \User );
|
2022-03-04 22:00:02 +00:00
|
|
|
$this->assertStatusError( 'badaccess-groups', $status );
|
2021-04-21 16:25:17 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/**
|
2021-05-24 13:40:37 +00:00
|
|
|
* @covers \MediaWiki\Auth\AuthManager::authorizeCreateAccount()
|
2021-04-21 16:25:17 +00:00
|
|
|
*/
|
2021-05-24 13:40:37 +00:00
|
|
|
public function testAuthorizeCreateAccount_readOnly() {
|
2021-04-21 16:25:17 +00:00
|
|
|
$this->initializeManager( true );
|
|
|
|
|
$readOnlyMode = $this->getServiceContainer()->getReadOnlyMode();
|
2017-04-10 05:34:30 +00:00
|
|
|
$readOnlyMode->setReason( 'Because' );
|
2015-11-22 20:17:00 +00:00
|
|
|
$this->assertEquals(
|
2021-05-24 13:40:37 +00:00
|
|
|
StatusValue::newFatal( wfMessage( 'readonlytext', 'Because' ) ),
|
|
|
|
|
$this->manager->authorizeCreateAccount( new \User )
|
2015-11-22 20:17:00 +00:00
|
|
|
);
|
2017-04-10 05:34:30 +00:00
|
|
|
$readOnlyMode->setReason( false );
|
2021-04-21 16:25:17 +00:00
|
|
|
}
|
2015-11-22 20:17:00 +00:00
|
|
|
|
2021-04-21 16:25:17 +00:00
|
|
|
/**
|
2021-05-24 13:40:37 +00:00
|
|
|
* @covers \MediaWiki\Auth\AuthManager::authorizeCreateAccount()
|
2021-04-21 16:25:17 +00:00
|
|
|
* @covers \MediaWiki\Permissions\PermissionManager::checkUserBlock()
|
|
|
|
|
*/
|
2021-05-24 13:40:37 +00:00
|
|
|
public function testAuthorizeCreateAccount_blocked() {
|
2020-02-20 09:45:13 +00:00
|
|
|
$this->initializeManager( true );
|
2015-11-22 20:17:00 +00:00
|
|
|
|
|
|
|
|
$user = \User::newFromName( 'UTBlockee' );
|
2020-05-26 13:14:46 +00:00
|
|
|
if ( $user->getId() == 0 ) {
|
2015-11-22 20:17:00 +00:00
|
|
|
$user->addToDatabase();
|
|
|
|
|
\TestUser::setPasswordForUser( $user, 'UTBlockeePassword' );
|
|
|
|
|
$user->saveSettings();
|
|
|
|
|
}
|
2021-04-21 16:25:17 +00:00
|
|
|
$blockStore = $this->getServiceContainer()->getDatabaseBlockStore();
|
2015-11-22 20:17:00 +00:00
|
|
|
$blockOptions = [
|
|
|
|
|
'address' => 'UTBlockee',
|
2020-05-26 13:14:46 +00:00
|
|
|
'user' => $user->getId(),
|
2021-06-02 09:44:38 +00:00
|
|
|
'by' => $this->getTestSysop()->getUser(),
|
2015-11-22 20:17:00 +00:00
|
|
|
'reason' => __METHOD__,
|
|
|
|
|
'expiry' => time() + 100500,
|
|
|
|
|
'createAccount' => true,
|
|
|
|
|
];
|
2019-05-13 14:18:07 +00:00
|
|
|
$block = new DatabaseBlock( $blockOptions );
|
2020-08-27 09:27:10 +00:00
|
|
|
$blockStore->insertBlock( $block );
|
2019-04-09 06:58:04 +00:00
|
|
|
$this->resetServices();
|
2020-02-20 09:45:13 +00:00
|
|
|
$this->initializeManager( true );
|
2021-05-24 13:40:37 +00:00
|
|
|
$status = $this->manager->authorizeCreateAccount( $user );
|
2022-03-04 22:00:02 +00:00
|
|
|
$this->assertStatusError( 'blockedtext', $status );
|
2021-04-21 16:25:17 +00:00
|
|
|
}
|
2015-11-22 20:17:00 +00:00
|
|
|
|
2021-04-21 16:25:17 +00:00
|
|
|
/**
|
2021-05-24 13:40:37 +00:00
|
|
|
* @covers \MediaWiki\Auth\AuthManager::authorizeCreateAccount()
|
2021-04-21 16:25:17 +00:00
|
|
|
* @covers \MediaWiki\Permissions\PermissionManager::checkUserBlock()
|
|
|
|
|
*/
|
2021-05-24 13:40:37 +00:00
|
|
|
public function testAuthorizeCreateAccount_ipBlocked() {
|
2021-04-21 16:25:17 +00:00
|
|
|
$this->setGroupPermissions( '*', 'createaccount', true );
|
|
|
|
|
$this->initializeManager( true );
|
|
|
|
|
$blockStore = $this->getServiceContainer()->getDatabaseBlockStore();
|
2015-11-22 20:17:00 +00:00
|
|
|
$blockOptions = [
|
|
|
|
|
'address' => '127.0.0.0/24',
|
2021-06-02 09:44:38 +00:00
|
|
|
'by' => $this->getTestSysop()->getUser(),
|
2015-11-22 20:17:00 +00:00
|
|
|
'reason' => __METHOD__,
|
|
|
|
|
'expiry' => time() + 100500,
|
|
|
|
|
'createAccount' => true,
|
2019-10-17 14:54:01 +00:00
|
|
|
'sitewide' => false,
|
2015-11-22 20:17:00 +00:00
|
|
|
];
|
2019-05-13 14:18:07 +00:00
|
|
|
$block = new DatabaseBlock( $blockOptions );
|
2020-08-27 09:27:10 +00:00
|
|
|
$blockStore->insertBlock( $block );
|
2021-05-24 13:40:37 +00:00
|
|
|
$status = $this->manager->authorizeCreateAccount( new \User );
|
2022-03-04 22:00:02 +00:00
|
|
|
$this->assertStatusError( 'blockedtext-partial', $status );
|
2021-04-21 16:25:17 +00:00
|
|
|
}
|
2015-11-22 20:17:00 +00:00
|
|
|
|
2021-04-21 16:25:17 +00:00
|
|
|
/**
|
2021-05-24 13:40:37 +00:00
|
|
|
* @covers \MediaWiki\Auth\AuthManager::authorizeCreateAccount()
|
2021-04-21 16:25:17 +00:00
|
|
|
*/
|
2021-05-24 13:40:37 +00:00
|
|
|
public function testAuthorizeCreateAccount_DNSBlacklist() {
|
2022-06-17 16:01:36 +00:00
|
|
|
$this->overrideConfigValues( [
|
|
|
|
|
'EnableDnsBlacklist' => true,
|
|
|
|
|
'DnsBlacklistUrls' => [
|
2015-11-22 20:17:00 +00:00
|
|
|
'local.wmftest.net', // This will resolve for every subdomain, which works to test "listed?"
|
|
|
|
|
],
|
2022-06-17 16:01:36 +00:00
|
|
|
'ProxyWhitelist' => [],
|
2015-11-22 20:17:00 +00:00
|
|
|
] );
|
2020-02-20 09:45:13 +00:00
|
|
|
$this->initializeManager( true );
|
2021-05-24 13:40:37 +00:00
|
|
|
$status = $this->manager->authorizeCreateAccount( new \User );
|
2022-03-04 22:00:02 +00:00
|
|
|
$this->assertStatusError( 'sorbs_create_account_reason', $status );
|
2022-06-17 16:01:36 +00:00
|
|
|
$this->overrideConfigValue( 'ProxyWhitelist', [ '127.0.0.1' ] );
|
2020-02-20 09:45:13 +00:00
|
|
|
$this->initializeManager( true );
|
2021-05-24 13:40:37 +00:00
|
|
|
$status = $this->manager->authorizeCreateAccount( new \User );
|
2022-03-04 22:00:02 +00:00
|
|
|
$this->assertStatusGood( $status );
|
2015-11-22 20:17:00 +00:00
|
|
|
}
|
|
|
|
|
|
2021-04-21 16:25:17 +00:00
|
|
|
/**
|
2021-05-24 13:40:37 +00:00
|
|
|
* @covers \MediaWiki\Auth\AuthManager::authorizeCreateAccount()
|
2021-04-21 16:25:17 +00:00
|
|
|
* @covers \MediaWiki\Permissions\PermissionManager::checkUserBlock()
|
|
|
|
|
*/
|
2021-05-24 13:40:37 +00:00
|
|
|
public function testAuthorizeCreateAccount_ipIsBlockedByUserNot() {
|
2021-04-21 16:25:17 +00:00
|
|
|
$this->initializeManager( true );
|
|
|
|
|
|
|
|
|
|
$user = \User::newFromName( 'UTBlockee' );
|
|
|
|
|
if ( $user->getId() == 0 ) {
|
|
|
|
|
$user->addToDatabase();
|
|
|
|
|
\TestUser::setPasswordForUser( $user, 'UTBlockeePassword' );
|
|
|
|
|
$user->saveSettings();
|
|
|
|
|
}
|
|
|
|
|
$blockStore = $this->getServiceContainer()->getDatabaseBlockStore();
|
|
|
|
|
$blockOptions = [
|
|
|
|
|
'address' => 'UTBlockee',
|
|
|
|
|
'user' => $user->getId(),
|
2021-06-02 09:44:38 +00:00
|
|
|
'by' => $this->getTestSysop()->getUser(),
|
2021-04-21 16:25:17 +00:00
|
|
|
'reason' => __METHOD__,
|
|
|
|
|
'expiry' => time() + 100500,
|
|
|
|
|
'createAccount' => false,
|
|
|
|
|
];
|
|
|
|
|
$block = new DatabaseBlock( $blockOptions );
|
|
|
|
|
$blockStore->insertBlock( $block );
|
|
|
|
|
|
|
|
|
|
$blockOptions = [
|
|
|
|
|
'address' => '127.0.0.0/24',
|
2021-06-02 09:44:38 +00:00
|
|
|
'by' => $this->getTestSysop()->getUser(),
|
2021-04-21 16:25:17 +00:00
|
|
|
'reason' => __METHOD__,
|
|
|
|
|
'expiry' => time() + 100500,
|
|
|
|
|
'createAccount' => true,
|
|
|
|
|
'sitewide' => false,
|
|
|
|
|
];
|
|
|
|
|
$block = new DatabaseBlock( $blockOptions );
|
|
|
|
|
$blockStore->insertBlock( $block );
|
|
|
|
|
|
|
|
|
|
$this->resetServices();
|
|
|
|
|
$this->initializeManager( true );
|
2021-05-24 13:40:37 +00:00
|
|
|
$status = $this->manager->authorizeCreateAccount( $user );
|
2022-03-04 22:00:02 +00:00
|
|
|
$this->assertStatusError( 'blockedtext-partial', $status );
|
2021-04-21 16:25:17 +00:00
|
|
|
}
|
|
|
|
|
|
2015-11-22 20:17:00 +00:00
|
|
|
/**
|
|
|
|
|
* @param string $uniq
|
|
|
|
|
* @return string
|
|
|
|
|
*/
|
|
|
|
|
private static function usernameForCreation( $uniq = '' ) {
|
|
|
|
|
$i = 0;
|
|
|
|
|
do {
|
|
|
|
|
$username = "UTAuthManagerTestAccountCreation" . $uniq . ++$i;
|
|
|
|
|
} while ( \User::newFromName( $username )->getId() !== 0 );
|
|
|
|
|
return $username;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
public function testCanCreateAccount() {
|
|
|
|
|
$username = self::usernameForCreation();
|
|
|
|
|
$this->initializeManager();
|
|
|
|
|
|
|
|
|
|
$this->assertEquals(
|
2021-04-21 16:25:17 +00:00
|
|
|
Status::newFatal( 'authmanager-create-disabled' ),
|
2015-11-22 20:17:00 +00:00
|
|
|
$this->manager->canCreateAccount( $username )
|
|
|
|
|
);
|
|
|
|
|
|
2021-04-16 13:17:10 +00:00
|
|
|
$mock = $this->createMock( AbstractPrimaryAuthenticationProvider::class );
|
2021-04-22 08:28:11 +00:00
|
|
|
$mock->method( 'getUniqueId' )->willReturn( 'X' );
|
|
|
|
|
$mock->method( 'accountCreationType' )
|
|
|
|
|
->willReturn( PrimaryAuthenticationProvider::TYPE_CREATE );
|
|
|
|
|
$mock->method( 'testUserExists' )->willReturn( true );
|
|
|
|
|
$mock->method( 'testUserForCreation' )
|
|
|
|
|
->willReturn( StatusValue::newGood() );
|
2015-11-22 20:17:00 +00:00
|
|
|
$this->primaryauthMocks = [ $mock ];
|
|
|
|
|
$this->initializeManager( true );
|
|
|
|
|
|
|
|
|
|
$this->assertEquals(
|
2021-04-21 16:25:17 +00:00
|
|
|
Status::newFatal( 'userexists' ),
|
2015-11-22 20:17:00 +00:00
|
|
|
$this->manager->canCreateAccount( $username )
|
|
|
|
|
);
|
|
|
|
|
|
2021-04-16 13:17:10 +00:00
|
|
|
$mock = $this->createMock( AbstractPrimaryAuthenticationProvider::class );
|
2021-04-22 08:28:11 +00:00
|
|
|
$mock->method( 'getUniqueId' )->willReturn( 'X' );
|
|
|
|
|
$mock->method( 'accountCreationType' )
|
|
|
|
|
->willReturn( PrimaryAuthenticationProvider::TYPE_CREATE );
|
|
|
|
|
$mock->method( 'testUserExists' )->willReturn( false );
|
|
|
|
|
$mock->method( 'testUserForCreation' )
|
|
|
|
|
->willReturn( StatusValue::newGood() );
|
2015-11-22 20:17:00 +00:00
|
|
|
$this->primaryauthMocks = [ $mock ];
|
|
|
|
|
$this->initializeManager( true );
|
|
|
|
|
|
|
|
|
|
$this->assertEquals(
|
2021-04-21 16:25:17 +00:00
|
|
|
Status::newFatal( 'noname' ),
|
2015-11-22 20:17:00 +00:00
|
|
|
$this->manager->canCreateAccount( $username . '<>' )
|
|
|
|
|
);
|
|
|
|
|
|
|
|
|
|
$this->assertEquals(
|
2021-04-21 16:25:17 +00:00
|
|
|
Status::newFatal( 'userexists' ),
|
2015-11-22 20:17:00 +00:00
|
|
|
$this->manager->canCreateAccount( 'UTSysop' )
|
|
|
|
|
);
|
|
|
|
|
|
|
|
|
|
$this->assertEquals(
|
2021-04-21 16:25:17 +00:00
|
|
|
Status::newGood(),
|
2015-11-22 20:17:00 +00:00
|
|
|
$this->manager->canCreateAccount( $username )
|
|
|
|
|
);
|
|
|
|
|
|
2021-04-16 13:17:10 +00:00
|
|
|
$mock = $this->createMock( AbstractPrimaryAuthenticationProvider::class );
|
2021-04-22 08:28:11 +00:00
|
|
|
$mock->method( 'getUniqueId' )->willReturn( 'X' );
|
|
|
|
|
$mock->method( 'accountCreationType' )
|
|
|
|
|
->willReturn( PrimaryAuthenticationProvider::TYPE_CREATE );
|
|
|
|
|
$mock->method( 'testUserExists' )->willReturn( false );
|
|
|
|
|
$mock->method( 'testUserForCreation' )
|
|
|
|
|
->willReturn( StatusValue::newFatal( 'fail' ) );
|
2015-11-22 20:17:00 +00:00
|
|
|
$this->primaryauthMocks = [ $mock ];
|
|
|
|
|
$this->initializeManager( true );
|
|
|
|
|
|
|
|
|
|
$this->assertEquals(
|
2021-04-21 16:25:17 +00:00
|
|
|
Status::newFatal( 'fail' ),
|
2015-11-22 20:17:00 +00:00
|
|
|
$this->manager->canCreateAccount( $username )
|
|
|
|
|
);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
public function testBeginAccountCreation() {
|
|
|
|
|
$creator = \User::newFromName( 'UTSysop' );
|
|
|
|
|
$userReq = new UsernameAuthenticationRequest;
|
2021-02-07 13:10:36 +00:00
|
|
|
$this->logger = new \TestLogger( false, static function ( $message, $level ) {
|
2015-11-22 20:17:00 +00:00
|
|
|
return $level === LogLevel::DEBUG ? null : $message;
|
|
|
|
|
} );
|
|
|
|
|
$this->initializeManager();
|
|
|
|
|
|
|
|
|
|
$this->request->getSession()->setSecret( 'AuthManager::accountCreationState', 'test' );
|
Hooks::run() call site migration
Migrate all callers of Hooks::run() to use the new
HookContainer/HookRunner system.
General principles:
* Use DI if it is already used. We're not changing the way state is
managed in this patch.
* HookContainer is always injected, not HookRunner. HookContainer
is a service, it's a more generic interface, it is the only
thing that provides isRegistered() which is needed in some cases,
and a HookRunner can be efficiently constructed from it
(confirmed by benchmark). Because HookContainer is needed
for object construction, it is also needed by all factories.
* "Ask your friendly local base class". Big hierarchies like
SpecialPage and ApiBase have getHookContainer() and getHookRunner()
methods in the base class, and classes that extend that base class
are not expected to know or care where the base class gets its
HookContainer from.
* ProtectedHookAccessorTrait provides protected getHookContainer() and
getHookRunner() methods, getting them from the global service
container. The point of this is to ease migration to DI by ensuring
that call sites ask their local friendly base class rather than
getting a HookRunner from the service container directly.
* Private $this->hookRunner. In some smaller classes where accessor
methods did not seem warranted, there is a private HookRunner property
which is accessed directly. Very rarely (two cases), there is a
protected property, for consistency with code that conventionally
assumes protected=private, but in cases where the class might actually
be overridden, a protected accessor is preferred over a protected
property.
* The last resort: Hooks::runner(). Mostly for static, file-scope and
global code. In a few cases it was used for objects with broken
construction schemes, out of horror or laziness.
Constructors with new required arguments:
* AuthManager
* BadFileLookup
* BlockManager
* ClassicInterwikiLookup
* ContentHandlerFactory
* ContentSecurityPolicy
* DefaultOptionsManager
* DerivedPageDataUpdater
* FullSearchResultWidget
* HtmlCacheUpdater
* LanguageFactory
* LanguageNameUtils
* LinkRenderer
* LinkRendererFactory
* LocalisationCache
* MagicWordFactory
* MessageCache
* NamespaceInfo
* PageEditStash
* PageHandlerFactory
* PageUpdater
* ParserFactory
* PermissionManager
* RevisionStore
* RevisionStoreFactory
* SearchEngineConfig
* SearchEngineFactory
* SearchFormWidget
* SearchNearMatcher
* SessionBackend
* SpecialPageFactory
* UserNameUtils
* UserOptionsManager
* WatchedItemQueryService
* WatchedItemStore
Constructors with new optional arguments:
* DefaultPreferencesFactory
* Language
* LinkHolderArray
* MovePage
* Parser
* ParserCache
* PasswordReset
* Router
setHookContainer() now required after construction:
* AuthenticationProvider
* ResourceLoaderModule
* SearchEngine
Change-Id: Id442b0dbe43aba84bd5cf801d86dedc768b082c7
2020-03-19 02:42:09 +00:00
|
|
|
$this->hook( 'LocalUserCreated', LocalUserCreatedHook::class, $this->never() );
|
2015-11-22 20:17:00 +00:00
|
|
|
try {
|
|
|
|
|
$this->manager->beginAccountCreation(
|
|
|
|
|
$creator, [], 'http://localhost/'
|
|
|
|
|
);
|
|
|
|
|
$this->fail( 'Expected exception not thrown' );
|
|
|
|
|
} catch ( \LogicException $ex ) {
|
|
|
|
|
$this->assertEquals( 'Account creation is not possible', $ex->getMessage() );
|
|
|
|
|
}
|
|
|
|
|
$this->unhook( 'LocalUserCreated' );
|
|
|
|
|
$this->assertNull(
|
|
|
|
|
$this->request->getSession()->getSecret( 'AuthManager::accountCreationState' )
|
|
|
|
|
);
|
|
|
|
|
|
2021-04-16 13:17:10 +00:00
|
|
|
$mock = $this->createMock( AbstractPrimaryAuthenticationProvider::class );
|
2021-04-22 08:28:11 +00:00
|
|
|
$mock->method( 'getUniqueId' )->willReturn( 'X' );
|
|
|
|
|
$mock->method( 'accountCreationType' )
|
|
|
|
|
->willReturn( PrimaryAuthenticationProvider::TYPE_CREATE );
|
|
|
|
|
$mock->method( 'testUserExists' )->willReturn( true );
|
|
|
|
|
$mock->method( 'testUserForCreation' )
|
|
|
|
|
->willReturn( StatusValue::newGood() );
|
2015-11-22 20:17:00 +00:00
|
|
|
$this->primaryauthMocks = [ $mock ];
|
|
|
|
|
$this->initializeManager( true );
|
|
|
|
|
|
Hooks::run() call site migration
Migrate all callers of Hooks::run() to use the new
HookContainer/HookRunner system.
General principles:
* Use DI if it is already used. We're not changing the way state is
managed in this patch.
* HookContainer is always injected, not HookRunner. HookContainer
is a service, it's a more generic interface, it is the only
thing that provides isRegistered() which is needed in some cases,
and a HookRunner can be efficiently constructed from it
(confirmed by benchmark). Because HookContainer is needed
for object construction, it is also needed by all factories.
* "Ask your friendly local base class". Big hierarchies like
SpecialPage and ApiBase have getHookContainer() and getHookRunner()
methods in the base class, and classes that extend that base class
are not expected to know or care where the base class gets its
HookContainer from.
* ProtectedHookAccessorTrait provides protected getHookContainer() and
getHookRunner() methods, getting them from the global service
container. The point of this is to ease migration to DI by ensuring
that call sites ask their local friendly base class rather than
getting a HookRunner from the service container directly.
* Private $this->hookRunner. In some smaller classes where accessor
methods did not seem warranted, there is a private HookRunner property
which is accessed directly. Very rarely (two cases), there is a
protected property, for consistency with code that conventionally
assumes protected=private, but in cases where the class might actually
be overridden, a protected accessor is preferred over a protected
property.
* The last resort: Hooks::runner(). Mostly for static, file-scope and
global code. In a few cases it was used for objects with broken
construction schemes, out of horror or laziness.
Constructors with new required arguments:
* AuthManager
* BadFileLookup
* BlockManager
* ClassicInterwikiLookup
* ContentHandlerFactory
* ContentSecurityPolicy
* DefaultOptionsManager
* DerivedPageDataUpdater
* FullSearchResultWidget
* HtmlCacheUpdater
* LanguageFactory
* LanguageNameUtils
* LinkRenderer
* LinkRendererFactory
* LocalisationCache
* MagicWordFactory
* MessageCache
* NamespaceInfo
* PageEditStash
* PageHandlerFactory
* PageUpdater
* ParserFactory
* PermissionManager
* RevisionStore
* RevisionStoreFactory
* SearchEngineConfig
* SearchEngineFactory
* SearchFormWidget
* SearchNearMatcher
* SessionBackend
* SpecialPageFactory
* UserNameUtils
* UserOptionsManager
* WatchedItemQueryService
* WatchedItemStore
Constructors with new optional arguments:
* DefaultPreferencesFactory
* Language
* LinkHolderArray
* MovePage
* Parser
* ParserCache
* PasswordReset
* Router
setHookContainer() now required after construction:
* AuthenticationProvider
* ResourceLoaderModule
* SearchEngine
Change-Id: Id442b0dbe43aba84bd5cf801d86dedc768b082c7
2020-03-19 02:42:09 +00:00
|
|
|
$this->hook( 'LocalUserCreated', LocalUserCreatedHook::class, $this->never() );
|
2015-11-22 20:17:00 +00:00
|
|
|
$ret = $this->manager->beginAccountCreation( $creator, [], 'http://localhost/' );
|
|
|
|
|
$this->unhook( 'LocalUserCreated' );
|
|
|
|
|
$this->assertSame( AuthenticationResponse::FAIL, $ret->status );
|
|
|
|
|
$this->assertSame( 'noname', $ret->message->getKey() );
|
|
|
|
|
|
Hooks::run() call site migration
Migrate all callers of Hooks::run() to use the new
HookContainer/HookRunner system.
General principles:
* Use DI if it is already used. We're not changing the way state is
managed in this patch.
* HookContainer is always injected, not HookRunner. HookContainer
is a service, it's a more generic interface, it is the only
thing that provides isRegistered() which is needed in some cases,
and a HookRunner can be efficiently constructed from it
(confirmed by benchmark). Because HookContainer is needed
for object construction, it is also needed by all factories.
* "Ask your friendly local base class". Big hierarchies like
SpecialPage and ApiBase have getHookContainer() and getHookRunner()
methods in the base class, and classes that extend that base class
are not expected to know or care where the base class gets its
HookContainer from.
* ProtectedHookAccessorTrait provides protected getHookContainer() and
getHookRunner() methods, getting them from the global service
container. The point of this is to ease migration to DI by ensuring
that call sites ask their local friendly base class rather than
getting a HookRunner from the service container directly.
* Private $this->hookRunner. In some smaller classes where accessor
methods did not seem warranted, there is a private HookRunner property
which is accessed directly. Very rarely (two cases), there is a
protected property, for consistency with code that conventionally
assumes protected=private, but in cases where the class might actually
be overridden, a protected accessor is preferred over a protected
property.
* The last resort: Hooks::runner(). Mostly for static, file-scope and
global code. In a few cases it was used for objects with broken
construction schemes, out of horror or laziness.
Constructors with new required arguments:
* AuthManager
* BadFileLookup
* BlockManager
* ClassicInterwikiLookup
* ContentHandlerFactory
* ContentSecurityPolicy
* DefaultOptionsManager
* DerivedPageDataUpdater
* FullSearchResultWidget
* HtmlCacheUpdater
* LanguageFactory
* LanguageNameUtils
* LinkRenderer
* LinkRendererFactory
* LocalisationCache
* MagicWordFactory
* MessageCache
* NamespaceInfo
* PageEditStash
* PageHandlerFactory
* PageUpdater
* ParserFactory
* PermissionManager
* RevisionStore
* RevisionStoreFactory
* SearchEngineConfig
* SearchEngineFactory
* SearchFormWidget
* SearchNearMatcher
* SessionBackend
* SpecialPageFactory
* UserNameUtils
* UserOptionsManager
* WatchedItemQueryService
* WatchedItemStore
Constructors with new optional arguments:
* DefaultPreferencesFactory
* Language
* LinkHolderArray
* MovePage
* Parser
* ParserCache
* PasswordReset
* Router
setHookContainer() now required after construction:
* AuthenticationProvider
* ResourceLoaderModule
* SearchEngine
Change-Id: Id442b0dbe43aba84bd5cf801d86dedc768b082c7
2020-03-19 02:42:09 +00:00
|
|
|
$this->hook( 'LocalUserCreated', LocalUserCreatedHook::class, $this->never() );
|
2015-11-22 20:17:00 +00:00
|
|
|
$userReq->username = self::usernameForCreation();
|
|
|
|
|
$userReq2 = new UsernameAuthenticationRequest;
|
|
|
|
|
$userReq2->username = $userReq->username . 'X';
|
|
|
|
|
$ret = $this->manager->beginAccountCreation(
|
|
|
|
|
$creator, [ $userReq, $userReq2 ], 'http://localhost/'
|
|
|
|
|
);
|
|
|
|
|
$this->unhook( 'LocalUserCreated' );
|
|
|
|
|
$this->assertSame( AuthenticationResponse::FAIL, $ret->status );
|
|
|
|
|
$this->assertSame( 'noname', $ret->message->getKey() );
|
|
|
|
|
|
Hooks::run() call site migration
Migrate all callers of Hooks::run() to use the new
HookContainer/HookRunner system.
General principles:
* Use DI if it is already used. We're not changing the way state is
managed in this patch.
* HookContainer is always injected, not HookRunner. HookContainer
is a service, it's a more generic interface, it is the only
thing that provides isRegistered() which is needed in some cases,
and a HookRunner can be efficiently constructed from it
(confirmed by benchmark). Because HookContainer is needed
for object construction, it is also needed by all factories.
* "Ask your friendly local base class". Big hierarchies like
SpecialPage and ApiBase have getHookContainer() and getHookRunner()
methods in the base class, and classes that extend that base class
are not expected to know or care where the base class gets its
HookContainer from.
* ProtectedHookAccessorTrait provides protected getHookContainer() and
getHookRunner() methods, getting them from the global service
container. The point of this is to ease migration to DI by ensuring
that call sites ask their local friendly base class rather than
getting a HookRunner from the service container directly.
* Private $this->hookRunner. In some smaller classes where accessor
methods did not seem warranted, there is a private HookRunner property
which is accessed directly. Very rarely (two cases), there is a
protected property, for consistency with code that conventionally
assumes protected=private, but in cases where the class might actually
be overridden, a protected accessor is preferred over a protected
property.
* The last resort: Hooks::runner(). Mostly for static, file-scope and
global code. In a few cases it was used for objects with broken
construction schemes, out of horror or laziness.
Constructors with new required arguments:
* AuthManager
* BadFileLookup
* BlockManager
* ClassicInterwikiLookup
* ContentHandlerFactory
* ContentSecurityPolicy
* DefaultOptionsManager
* DerivedPageDataUpdater
* FullSearchResultWidget
* HtmlCacheUpdater
* LanguageFactory
* LanguageNameUtils
* LinkRenderer
* LinkRendererFactory
* LocalisationCache
* MagicWordFactory
* MessageCache
* NamespaceInfo
* PageEditStash
* PageHandlerFactory
* PageUpdater
* ParserFactory
* PermissionManager
* RevisionStore
* RevisionStoreFactory
* SearchEngineConfig
* SearchEngineFactory
* SearchFormWidget
* SearchNearMatcher
* SessionBackend
* SpecialPageFactory
* UserNameUtils
* UserOptionsManager
* WatchedItemQueryService
* WatchedItemStore
Constructors with new optional arguments:
* DefaultPreferencesFactory
* Language
* LinkHolderArray
* MovePage
* Parser
* ParserCache
* PasswordReset
* Router
setHookContainer() now required after construction:
* AuthenticationProvider
* ResourceLoaderModule
* SearchEngine
Change-Id: Id442b0dbe43aba84bd5cf801d86dedc768b082c7
2020-03-19 02:42:09 +00:00
|
|
|
$this->hook( 'LocalUserCreated', LocalUserCreatedHook::class, $this->never() );
|
2022-01-12 20:13:39 +00:00
|
|
|
$readOnlyMode = $this->getServiceContainer()->getReadOnlyMode();
|
2017-04-10 05:34:30 +00:00
|
|
|
$readOnlyMode->setReason( 'Because' );
|
2015-11-22 20:17:00 +00:00
|
|
|
$userReq->username = self::usernameForCreation();
|
|
|
|
|
$ret = $this->manager->beginAccountCreation( $creator, [ $userReq ], 'http://localhost/' );
|
|
|
|
|
$this->unhook( 'LocalUserCreated' );
|
|
|
|
|
$this->assertSame( AuthenticationResponse::FAIL, $ret->status );
|
|
|
|
|
$this->assertSame( 'readonlytext', $ret->message->getKey() );
|
|
|
|
|
$this->assertSame( [ 'Because' ], $ret->message->getParams() );
|
2017-04-10 05:34:30 +00:00
|
|
|
$readOnlyMode->setReason( false );
|
2015-11-22 20:17:00 +00:00
|
|
|
|
Hooks::run() call site migration
Migrate all callers of Hooks::run() to use the new
HookContainer/HookRunner system.
General principles:
* Use DI if it is already used. We're not changing the way state is
managed in this patch.
* HookContainer is always injected, not HookRunner. HookContainer
is a service, it's a more generic interface, it is the only
thing that provides isRegistered() which is needed in some cases,
and a HookRunner can be efficiently constructed from it
(confirmed by benchmark). Because HookContainer is needed
for object construction, it is also needed by all factories.
* "Ask your friendly local base class". Big hierarchies like
SpecialPage and ApiBase have getHookContainer() and getHookRunner()
methods in the base class, and classes that extend that base class
are not expected to know or care where the base class gets its
HookContainer from.
* ProtectedHookAccessorTrait provides protected getHookContainer() and
getHookRunner() methods, getting them from the global service
container. The point of this is to ease migration to DI by ensuring
that call sites ask their local friendly base class rather than
getting a HookRunner from the service container directly.
* Private $this->hookRunner. In some smaller classes where accessor
methods did not seem warranted, there is a private HookRunner property
which is accessed directly. Very rarely (two cases), there is a
protected property, for consistency with code that conventionally
assumes protected=private, but in cases where the class might actually
be overridden, a protected accessor is preferred over a protected
property.
* The last resort: Hooks::runner(). Mostly for static, file-scope and
global code. In a few cases it was used for objects with broken
construction schemes, out of horror or laziness.
Constructors with new required arguments:
* AuthManager
* BadFileLookup
* BlockManager
* ClassicInterwikiLookup
* ContentHandlerFactory
* ContentSecurityPolicy
* DefaultOptionsManager
* DerivedPageDataUpdater
* FullSearchResultWidget
* HtmlCacheUpdater
* LanguageFactory
* LanguageNameUtils
* LinkRenderer
* LinkRendererFactory
* LocalisationCache
* MagicWordFactory
* MessageCache
* NamespaceInfo
* PageEditStash
* PageHandlerFactory
* PageUpdater
* ParserFactory
* PermissionManager
* RevisionStore
* RevisionStoreFactory
* SearchEngineConfig
* SearchEngineFactory
* SearchFormWidget
* SearchNearMatcher
* SessionBackend
* SpecialPageFactory
* UserNameUtils
* UserOptionsManager
* WatchedItemQueryService
* WatchedItemStore
Constructors with new optional arguments:
* DefaultPreferencesFactory
* Language
* LinkHolderArray
* MovePage
* Parser
* ParserCache
* PasswordReset
* Router
setHookContainer() now required after construction:
* AuthenticationProvider
* ResourceLoaderModule
* SearchEngine
Change-Id: Id442b0dbe43aba84bd5cf801d86dedc768b082c7
2020-03-19 02:42:09 +00:00
|
|
|
$this->hook( 'LocalUserCreated', LocalUserCreatedHook::class, $this->never() );
|
2015-11-22 20:17:00 +00:00
|
|
|
$userReq->username = self::usernameForCreation();
|
|
|
|
|
$ret = $this->manager->beginAccountCreation( $creator, [ $userReq ], 'http://localhost/' );
|
|
|
|
|
$this->unhook( 'LocalUserCreated' );
|
|
|
|
|
$this->assertSame( AuthenticationResponse::FAIL, $ret->status );
|
|
|
|
|
$this->assertSame( 'userexists', $ret->message->getKey() );
|
|
|
|
|
|
2021-04-16 13:17:10 +00:00
|
|
|
$mock = $this->createMock( AbstractPrimaryAuthenticationProvider::class );
|
2021-04-22 08:28:11 +00:00
|
|
|
$mock->method( 'getUniqueId' )->willReturn( 'X' );
|
|
|
|
|
$mock->method( 'accountCreationType' )
|
|
|
|
|
->willReturn( PrimaryAuthenticationProvider::TYPE_CREATE );
|
|
|
|
|
$mock->method( 'testUserExists' )->willReturn( false );
|
|
|
|
|
$mock->method( 'testUserForCreation' )
|
|
|
|
|
->willReturn( StatusValue::newFatal( 'fail' ) );
|
2015-11-22 20:17:00 +00:00
|
|
|
$this->primaryauthMocks = [ $mock ];
|
|
|
|
|
$this->initializeManager( true );
|
|
|
|
|
|
Hooks::run() call site migration
Migrate all callers of Hooks::run() to use the new
HookContainer/HookRunner system.
General principles:
* Use DI if it is already used. We're not changing the way state is
managed in this patch.
* HookContainer is always injected, not HookRunner. HookContainer
is a service, it's a more generic interface, it is the only
thing that provides isRegistered() which is needed in some cases,
and a HookRunner can be efficiently constructed from it
(confirmed by benchmark). Because HookContainer is needed
for object construction, it is also needed by all factories.
* "Ask your friendly local base class". Big hierarchies like
SpecialPage and ApiBase have getHookContainer() and getHookRunner()
methods in the base class, and classes that extend that base class
are not expected to know or care where the base class gets its
HookContainer from.
* ProtectedHookAccessorTrait provides protected getHookContainer() and
getHookRunner() methods, getting them from the global service
container. The point of this is to ease migration to DI by ensuring
that call sites ask their local friendly base class rather than
getting a HookRunner from the service container directly.
* Private $this->hookRunner. In some smaller classes where accessor
methods did not seem warranted, there is a private HookRunner property
which is accessed directly. Very rarely (two cases), there is a
protected property, for consistency with code that conventionally
assumes protected=private, but in cases where the class might actually
be overridden, a protected accessor is preferred over a protected
property.
* The last resort: Hooks::runner(). Mostly for static, file-scope and
global code. In a few cases it was used for objects with broken
construction schemes, out of horror or laziness.
Constructors with new required arguments:
* AuthManager
* BadFileLookup
* BlockManager
* ClassicInterwikiLookup
* ContentHandlerFactory
* ContentSecurityPolicy
* DefaultOptionsManager
* DerivedPageDataUpdater
* FullSearchResultWidget
* HtmlCacheUpdater
* LanguageFactory
* LanguageNameUtils
* LinkRenderer
* LinkRendererFactory
* LocalisationCache
* MagicWordFactory
* MessageCache
* NamespaceInfo
* PageEditStash
* PageHandlerFactory
* PageUpdater
* ParserFactory
* PermissionManager
* RevisionStore
* RevisionStoreFactory
* SearchEngineConfig
* SearchEngineFactory
* SearchFormWidget
* SearchNearMatcher
* SessionBackend
* SpecialPageFactory
* UserNameUtils
* UserOptionsManager
* WatchedItemQueryService
* WatchedItemStore
Constructors with new optional arguments:
* DefaultPreferencesFactory
* Language
* LinkHolderArray
* MovePage
* Parser
* ParserCache
* PasswordReset
* Router
setHookContainer() now required after construction:
* AuthenticationProvider
* ResourceLoaderModule
* SearchEngine
Change-Id: Id442b0dbe43aba84bd5cf801d86dedc768b082c7
2020-03-19 02:42:09 +00:00
|
|
|
$this->hook( 'LocalUserCreated', LocalUserCreatedHook::class, $this->never() );
|
2015-11-22 20:17:00 +00:00
|
|
|
$userReq->username = self::usernameForCreation();
|
|
|
|
|
$ret = $this->manager->beginAccountCreation( $creator, [ $userReq ], 'http://localhost/' );
|
|
|
|
|
$this->unhook( 'LocalUserCreated' );
|
|
|
|
|
$this->assertSame( AuthenticationResponse::FAIL, $ret->status );
|
|
|
|
|
$this->assertSame( 'fail', $ret->message->getKey() );
|
|
|
|
|
|
2021-04-16 13:17:10 +00:00
|
|
|
$mock = $this->createMock( AbstractPrimaryAuthenticationProvider::class );
|
2021-04-22 08:28:11 +00:00
|
|
|
$mock->method( 'getUniqueId' )->willReturn( 'X' );
|
|
|
|
|
$mock->method( 'accountCreationType' )
|
|
|
|
|
->willReturn( PrimaryAuthenticationProvider::TYPE_CREATE );
|
|
|
|
|
$mock->method( 'testUserExists' )->willReturn( false );
|
|
|
|
|
$mock->method( 'testUserForCreation' )
|
|
|
|
|
->willReturn( StatusValue::newGood() );
|
2015-11-22 20:17:00 +00:00
|
|
|
$this->primaryauthMocks = [ $mock ];
|
|
|
|
|
$this->initializeManager( true );
|
|
|
|
|
|
Hooks::run() call site migration
Migrate all callers of Hooks::run() to use the new
HookContainer/HookRunner system.
General principles:
* Use DI if it is already used. We're not changing the way state is
managed in this patch.
* HookContainer is always injected, not HookRunner. HookContainer
is a service, it's a more generic interface, it is the only
thing that provides isRegistered() which is needed in some cases,
and a HookRunner can be efficiently constructed from it
(confirmed by benchmark). Because HookContainer is needed
for object construction, it is also needed by all factories.
* "Ask your friendly local base class". Big hierarchies like
SpecialPage and ApiBase have getHookContainer() and getHookRunner()
methods in the base class, and classes that extend that base class
are not expected to know or care where the base class gets its
HookContainer from.
* ProtectedHookAccessorTrait provides protected getHookContainer() and
getHookRunner() methods, getting them from the global service
container. The point of this is to ease migration to DI by ensuring
that call sites ask their local friendly base class rather than
getting a HookRunner from the service container directly.
* Private $this->hookRunner. In some smaller classes where accessor
methods did not seem warranted, there is a private HookRunner property
which is accessed directly. Very rarely (two cases), there is a
protected property, for consistency with code that conventionally
assumes protected=private, but in cases where the class might actually
be overridden, a protected accessor is preferred over a protected
property.
* The last resort: Hooks::runner(). Mostly for static, file-scope and
global code. In a few cases it was used for objects with broken
construction schemes, out of horror or laziness.
Constructors with new required arguments:
* AuthManager
* BadFileLookup
* BlockManager
* ClassicInterwikiLookup
* ContentHandlerFactory
* ContentSecurityPolicy
* DefaultOptionsManager
* DerivedPageDataUpdater
* FullSearchResultWidget
* HtmlCacheUpdater
* LanguageFactory
* LanguageNameUtils
* LinkRenderer
* LinkRendererFactory
* LocalisationCache
* MagicWordFactory
* MessageCache
* NamespaceInfo
* PageEditStash
* PageHandlerFactory
* PageUpdater
* ParserFactory
* PermissionManager
* RevisionStore
* RevisionStoreFactory
* SearchEngineConfig
* SearchEngineFactory
* SearchFormWidget
* SearchNearMatcher
* SessionBackend
* SpecialPageFactory
* UserNameUtils
* UserOptionsManager
* WatchedItemQueryService
* WatchedItemStore
Constructors with new optional arguments:
* DefaultPreferencesFactory
* Language
* LinkHolderArray
* MovePage
* Parser
* ParserCache
* PasswordReset
* Router
setHookContainer() now required after construction:
* AuthenticationProvider
* ResourceLoaderModule
* SearchEngine
Change-Id: Id442b0dbe43aba84bd5cf801d86dedc768b082c7
2020-03-19 02:42:09 +00:00
|
|
|
$this->hook( 'LocalUserCreated', LocalUserCreatedHook::class, $this->never() );
|
2015-11-22 20:17:00 +00:00
|
|
|
$userReq->username = self::usernameForCreation() . '<>';
|
|
|
|
|
$ret = $this->manager->beginAccountCreation( $creator, [ $userReq ], 'http://localhost/' );
|
|
|
|
|
$this->unhook( 'LocalUserCreated' );
|
|
|
|
|
$this->assertSame( AuthenticationResponse::FAIL, $ret->status );
|
|
|
|
|
$this->assertSame( 'noname', $ret->message->getKey() );
|
|
|
|
|
|
Hooks::run() call site migration
Migrate all callers of Hooks::run() to use the new
HookContainer/HookRunner system.
General principles:
* Use DI if it is already used. We're not changing the way state is
managed in this patch.
* HookContainer is always injected, not HookRunner. HookContainer
is a service, it's a more generic interface, it is the only
thing that provides isRegistered() which is needed in some cases,
and a HookRunner can be efficiently constructed from it
(confirmed by benchmark). Because HookContainer is needed
for object construction, it is also needed by all factories.
* "Ask your friendly local base class". Big hierarchies like
SpecialPage and ApiBase have getHookContainer() and getHookRunner()
methods in the base class, and classes that extend that base class
are not expected to know or care where the base class gets its
HookContainer from.
* ProtectedHookAccessorTrait provides protected getHookContainer() and
getHookRunner() methods, getting them from the global service
container. The point of this is to ease migration to DI by ensuring
that call sites ask their local friendly base class rather than
getting a HookRunner from the service container directly.
* Private $this->hookRunner. In some smaller classes where accessor
methods did not seem warranted, there is a private HookRunner property
which is accessed directly. Very rarely (two cases), there is a
protected property, for consistency with code that conventionally
assumes protected=private, but in cases where the class might actually
be overridden, a protected accessor is preferred over a protected
property.
* The last resort: Hooks::runner(). Mostly for static, file-scope and
global code. In a few cases it was used for objects with broken
construction schemes, out of horror or laziness.
Constructors with new required arguments:
* AuthManager
* BadFileLookup
* BlockManager
* ClassicInterwikiLookup
* ContentHandlerFactory
* ContentSecurityPolicy
* DefaultOptionsManager
* DerivedPageDataUpdater
* FullSearchResultWidget
* HtmlCacheUpdater
* LanguageFactory
* LanguageNameUtils
* LinkRenderer
* LinkRendererFactory
* LocalisationCache
* MagicWordFactory
* MessageCache
* NamespaceInfo
* PageEditStash
* PageHandlerFactory
* PageUpdater
* ParserFactory
* PermissionManager
* RevisionStore
* RevisionStoreFactory
* SearchEngineConfig
* SearchEngineFactory
* SearchFormWidget
* SearchNearMatcher
* SessionBackend
* SpecialPageFactory
* UserNameUtils
* UserOptionsManager
* WatchedItemQueryService
* WatchedItemStore
Constructors with new optional arguments:
* DefaultPreferencesFactory
* Language
* LinkHolderArray
* MovePage
* Parser
* ParserCache
* PasswordReset
* Router
setHookContainer() now required after construction:
* AuthenticationProvider
* ResourceLoaderModule
* SearchEngine
Change-Id: Id442b0dbe43aba84bd5cf801d86dedc768b082c7
2020-03-19 02:42:09 +00:00
|
|
|
$this->hook( 'LocalUserCreated', LocalUserCreatedHook::class, $this->never() );
|
2015-11-22 20:17:00 +00:00
|
|
|
$userReq->username = $creator->getName();
|
|
|
|
|
$ret = $this->manager->beginAccountCreation( $creator, [ $userReq ], 'http://localhost/' );
|
|
|
|
|
$this->unhook( 'LocalUserCreated' );
|
|
|
|
|
$this->assertSame( AuthenticationResponse::FAIL, $ret->status );
|
|
|
|
|
$this->assertSame( 'userexists', $ret->message->getKey() );
|
|
|
|
|
|
2021-04-16 13:17:10 +00:00
|
|
|
$mock = $this->createMock( AbstractPrimaryAuthenticationProvider::class );
|
2021-04-22 08:28:11 +00:00
|
|
|
$mock->method( 'getUniqueId' )->willReturn( 'X' );
|
|
|
|
|
$mock->method( 'accountCreationType' )
|
|
|
|
|
->willReturn( PrimaryAuthenticationProvider::TYPE_CREATE );
|
|
|
|
|
$mock->method( 'testUserExists' )->willReturn( false );
|
|
|
|
|
$mock->method( 'testUserForCreation' )
|
|
|
|
|
->willReturn( StatusValue::newGood() );
|
|
|
|
|
$mock->method( 'testForAccountCreation' )
|
|
|
|
|
->willReturn( StatusValue::newFatal( 'fail' ) );
|
2015-11-22 20:17:00 +00:00
|
|
|
$this->primaryauthMocks = [ $mock ];
|
|
|
|
|
$this->initializeManager( true );
|
|
|
|
|
|
|
|
|
|
$req = $this->getMockBuilder( UserDataAuthenticationRequest::class )
|
2021-03-20 15:18:58 +00:00
|
|
|
->onlyMethods( [ 'populateUser' ] )
|
2015-11-22 20:17:00 +00:00
|
|
|
->getMock();
|
2021-04-22 08:40:46 +00:00
|
|
|
$req->method( 'populateUser' )
|
2015-11-22 20:17:00 +00:00
|
|
|
->willReturn( \StatusValue::newFatal( 'populatefail' ) );
|
|
|
|
|
$userReq->username = self::usernameForCreation();
|
|
|
|
|
$ret = $this->manager->beginAccountCreation(
|
|
|
|
|
$creator, [ $userReq, $req ], 'http://localhost/'
|
|
|
|
|
);
|
|
|
|
|
$this->assertSame( AuthenticationResponse::FAIL, $ret->status );
|
|
|
|
|
$this->assertSame( 'populatefail', $ret->message->getKey() );
|
|
|
|
|
|
|
|
|
|
$req = new UserDataAuthenticationRequest;
|
|
|
|
|
$userReq->username = self::usernameForCreation();
|
|
|
|
|
|
|
|
|
|
$ret = $this->manager->beginAccountCreation(
|
|
|
|
|
$creator, [ $userReq, $req ], 'http://localhost/'
|
|
|
|
|
);
|
|
|
|
|
$this->assertSame( AuthenticationResponse::FAIL, $ret->status );
|
|
|
|
|
$this->assertSame( 'fail', $ret->message->getKey() );
|
|
|
|
|
|
|
|
|
|
$this->manager->beginAccountCreation(
|
|
|
|
|
\User::newFromName( $userReq->username ), [ $userReq, $req ], 'http://localhost/'
|
|
|
|
|
);
|
|
|
|
|
$this->assertSame( AuthenticationResponse::FAIL, $ret->status );
|
|
|
|
|
$this->assertSame( 'fail', $ret->message->getKey() );
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
public function testContinueAccountCreation() {
|
|
|
|
|
$creator = \User::newFromName( 'UTSysop' );
|
|
|
|
|
$username = self::usernameForCreation();
|
2021-02-07 13:10:36 +00:00
|
|
|
$this->logger = new \TestLogger( false, static function ( $message, $level ) {
|
2015-11-22 20:17:00 +00:00
|
|
|
return $level === LogLevel::DEBUG ? null : $message;
|
|
|
|
|
} );
|
|
|
|
|
$this->initializeManager();
|
|
|
|
|
|
|
|
|
|
$session = [
|
|
|
|
|
'userid' => 0,
|
|
|
|
|
'username' => $username,
|
|
|
|
|
'creatorid' => 0,
|
|
|
|
|
'creatorname' => $username,
|
|
|
|
|
'reqs' => [],
|
|
|
|
|
'primary' => null,
|
|
|
|
|
'primaryResponse' => null,
|
|
|
|
|
'secondary' => [],
|
|
|
|
|
'ranPreTests' => true,
|
|
|
|
|
];
|
|
|
|
|
|
Hooks::run() call site migration
Migrate all callers of Hooks::run() to use the new
HookContainer/HookRunner system.
General principles:
* Use DI if it is already used. We're not changing the way state is
managed in this patch.
* HookContainer is always injected, not HookRunner. HookContainer
is a service, it's a more generic interface, it is the only
thing that provides isRegistered() which is needed in some cases,
and a HookRunner can be efficiently constructed from it
(confirmed by benchmark). Because HookContainer is needed
for object construction, it is also needed by all factories.
* "Ask your friendly local base class". Big hierarchies like
SpecialPage and ApiBase have getHookContainer() and getHookRunner()
methods in the base class, and classes that extend that base class
are not expected to know or care where the base class gets its
HookContainer from.
* ProtectedHookAccessorTrait provides protected getHookContainer() and
getHookRunner() methods, getting them from the global service
container. The point of this is to ease migration to DI by ensuring
that call sites ask their local friendly base class rather than
getting a HookRunner from the service container directly.
* Private $this->hookRunner. In some smaller classes where accessor
methods did not seem warranted, there is a private HookRunner property
which is accessed directly. Very rarely (two cases), there is a
protected property, for consistency with code that conventionally
assumes protected=private, but in cases where the class might actually
be overridden, a protected accessor is preferred over a protected
property.
* The last resort: Hooks::runner(). Mostly for static, file-scope and
global code. In a few cases it was used for objects with broken
construction schemes, out of horror or laziness.
Constructors with new required arguments:
* AuthManager
* BadFileLookup
* BlockManager
* ClassicInterwikiLookup
* ContentHandlerFactory
* ContentSecurityPolicy
* DefaultOptionsManager
* DerivedPageDataUpdater
* FullSearchResultWidget
* HtmlCacheUpdater
* LanguageFactory
* LanguageNameUtils
* LinkRenderer
* LinkRendererFactory
* LocalisationCache
* MagicWordFactory
* MessageCache
* NamespaceInfo
* PageEditStash
* PageHandlerFactory
* PageUpdater
* ParserFactory
* PermissionManager
* RevisionStore
* RevisionStoreFactory
* SearchEngineConfig
* SearchEngineFactory
* SearchFormWidget
* SearchNearMatcher
* SessionBackend
* SpecialPageFactory
* UserNameUtils
* UserOptionsManager
* WatchedItemQueryService
* WatchedItemStore
Constructors with new optional arguments:
* DefaultPreferencesFactory
* Language
* LinkHolderArray
* MovePage
* Parser
* ParserCache
* PasswordReset
* Router
setHookContainer() now required after construction:
* AuthenticationProvider
* ResourceLoaderModule
* SearchEngine
Change-Id: Id442b0dbe43aba84bd5cf801d86dedc768b082c7
2020-03-19 02:42:09 +00:00
|
|
|
$this->hook( 'LocalUserCreated', LocalUserCreatedHook::class, $this->never() );
|
2015-11-22 20:17:00 +00:00
|
|
|
try {
|
|
|
|
|
$this->manager->continueAccountCreation( [] );
|
|
|
|
|
$this->fail( 'Expected exception not thrown' );
|
|
|
|
|
} catch ( \LogicException $ex ) {
|
|
|
|
|
$this->assertEquals( 'Account creation is not possible', $ex->getMessage() );
|
|
|
|
|
}
|
|
|
|
|
$this->unhook( 'LocalUserCreated' );
|
|
|
|
|
|
2021-04-16 13:17:10 +00:00
|
|
|
$mock = $this->createMock( AbstractPrimaryAuthenticationProvider::class );
|
2021-04-22 08:28:11 +00:00
|
|
|
$mock->method( 'getUniqueId' )->willReturn( 'X' );
|
|
|
|
|
$mock->method( 'accountCreationType' )
|
|
|
|
|
->willReturn( PrimaryAuthenticationProvider::TYPE_CREATE );
|
|
|
|
|
$mock->method( 'testUserExists' )->willReturn( false );
|
|
|
|
|
$mock->method( 'beginPrimaryAccountCreation' )
|
|
|
|
|
->willReturn( AuthenticationResponse::newFail( $this->message( 'fail' ) ) );
|
2015-11-22 20:17:00 +00:00
|
|
|
$this->primaryauthMocks = [ $mock ];
|
|
|
|
|
$this->initializeManager( true );
|
|
|
|
|
|
|
|
|
|
$this->request->getSession()->setSecret( 'AuthManager::accountCreationState', null );
|
Hooks::run() call site migration
Migrate all callers of Hooks::run() to use the new
HookContainer/HookRunner system.
General principles:
* Use DI if it is already used. We're not changing the way state is
managed in this patch.
* HookContainer is always injected, not HookRunner. HookContainer
is a service, it's a more generic interface, it is the only
thing that provides isRegistered() which is needed in some cases,
and a HookRunner can be efficiently constructed from it
(confirmed by benchmark). Because HookContainer is needed
for object construction, it is also needed by all factories.
* "Ask your friendly local base class". Big hierarchies like
SpecialPage and ApiBase have getHookContainer() and getHookRunner()
methods in the base class, and classes that extend that base class
are not expected to know or care where the base class gets its
HookContainer from.
* ProtectedHookAccessorTrait provides protected getHookContainer() and
getHookRunner() methods, getting them from the global service
container. The point of this is to ease migration to DI by ensuring
that call sites ask their local friendly base class rather than
getting a HookRunner from the service container directly.
* Private $this->hookRunner. In some smaller classes where accessor
methods did not seem warranted, there is a private HookRunner property
which is accessed directly. Very rarely (two cases), there is a
protected property, for consistency with code that conventionally
assumes protected=private, but in cases where the class might actually
be overridden, a protected accessor is preferred over a protected
property.
* The last resort: Hooks::runner(). Mostly for static, file-scope and
global code. In a few cases it was used for objects with broken
construction schemes, out of horror or laziness.
Constructors with new required arguments:
* AuthManager
* BadFileLookup
* BlockManager
* ClassicInterwikiLookup
* ContentHandlerFactory
* ContentSecurityPolicy
* DefaultOptionsManager
* DerivedPageDataUpdater
* FullSearchResultWidget
* HtmlCacheUpdater
* LanguageFactory
* LanguageNameUtils
* LinkRenderer
* LinkRendererFactory
* LocalisationCache
* MagicWordFactory
* MessageCache
* NamespaceInfo
* PageEditStash
* PageHandlerFactory
* PageUpdater
* ParserFactory
* PermissionManager
* RevisionStore
* RevisionStoreFactory
* SearchEngineConfig
* SearchEngineFactory
* SearchFormWidget
* SearchNearMatcher
* SessionBackend
* SpecialPageFactory
* UserNameUtils
* UserOptionsManager
* WatchedItemQueryService
* WatchedItemStore
Constructors with new optional arguments:
* DefaultPreferencesFactory
* Language
* LinkHolderArray
* MovePage
* Parser
* ParserCache
* PasswordReset
* Router
setHookContainer() now required after construction:
* AuthenticationProvider
* ResourceLoaderModule
* SearchEngine
Change-Id: Id442b0dbe43aba84bd5cf801d86dedc768b082c7
2020-03-19 02:42:09 +00:00
|
|
|
$this->hook( 'LocalUserCreated', LocalUserCreatedHook::class, $this->never() );
|
2015-11-22 20:17:00 +00:00
|
|
|
$ret = $this->manager->continueAccountCreation( [] );
|
|
|
|
|
$this->unhook( 'LocalUserCreated' );
|
|
|
|
|
$this->assertSame( AuthenticationResponse::FAIL, $ret->status );
|
|
|
|
|
$this->assertSame( 'authmanager-create-not-in-progress', $ret->message->getKey() );
|
|
|
|
|
|
|
|
|
|
$this->request->getSession()->setSecret( 'AuthManager::accountCreationState',
|
|
|
|
|
[ 'username' => "$username<>" ] + $session );
|
Hooks::run() call site migration
Migrate all callers of Hooks::run() to use the new
HookContainer/HookRunner system.
General principles:
* Use DI if it is already used. We're not changing the way state is
managed in this patch.
* HookContainer is always injected, not HookRunner. HookContainer
is a service, it's a more generic interface, it is the only
thing that provides isRegistered() which is needed in some cases,
and a HookRunner can be efficiently constructed from it
(confirmed by benchmark). Because HookContainer is needed
for object construction, it is also needed by all factories.
* "Ask your friendly local base class". Big hierarchies like
SpecialPage and ApiBase have getHookContainer() and getHookRunner()
methods in the base class, and classes that extend that base class
are not expected to know or care where the base class gets its
HookContainer from.
* ProtectedHookAccessorTrait provides protected getHookContainer() and
getHookRunner() methods, getting them from the global service
container. The point of this is to ease migration to DI by ensuring
that call sites ask their local friendly base class rather than
getting a HookRunner from the service container directly.
* Private $this->hookRunner. In some smaller classes where accessor
methods did not seem warranted, there is a private HookRunner property
which is accessed directly. Very rarely (two cases), there is a
protected property, for consistency with code that conventionally
assumes protected=private, but in cases where the class might actually
be overridden, a protected accessor is preferred over a protected
property.
* The last resort: Hooks::runner(). Mostly for static, file-scope and
global code. In a few cases it was used for objects with broken
construction schemes, out of horror or laziness.
Constructors with new required arguments:
* AuthManager
* BadFileLookup
* BlockManager
* ClassicInterwikiLookup
* ContentHandlerFactory
* ContentSecurityPolicy
* DefaultOptionsManager
* DerivedPageDataUpdater
* FullSearchResultWidget
* HtmlCacheUpdater
* LanguageFactory
* LanguageNameUtils
* LinkRenderer
* LinkRendererFactory
* LocalisationCache
* MagicWordFactory
* MessageCache
* NamespaceInfo
* PageEditStash
* PageHandlerFactory
* PageUpdater
* ParserFactory
* PermissionManager
* RevisionStore
* RevisionStoreFactory
* SearchEngineConfig
* SearchEngineFactory
* SearchFormWidget
* SearchNearMatcher
* SessionBackend
* SpecialPageFactory
* UserNameUtils
* UserOptionsManager
* WatchedItemQueryService
* WatchedItemStore
Constructors with new optional arguments:
* DefaultPreferencesFactory
* Language
* LinkHolderArray
* MovePage
* Parser
* ParserCache
* PasswordReset
* Router
setHookContainer() now required after construction:
* AuthenticationProvider
* ResourceLoaderModule
* SearchEngine
Change-Id: Id442b0dbe43aba84bd5cf801d86dedc768b082c7
2020-03-19 02:42:09 +00:00
|
|
|
$this->hook( 'LocalUserCreated', LocalUserCreatedHook::class, $this->never() );
|
2015-11-22 20:17:00 +00:00
|
|
|
$ret = $this->manager->continueAccountCreation( [] );
|
|
|
|
|
$this->unhook( 'LocalUserCreated' );
|
|
|
|
|
$this->assertSame( AuthenticationResponse::FAIL, $ret->status );
|
|
|
|
|
$this->assertSame( 'noname', $ret->message->getKey() );
|
|
|
|
|
$this->assertNull(
|
|
|
|
|
$this->request->getSession()->getSecret( 'AuthManager::accountCreationState' )
|
|
|
|
|
);
|
|
|
|
|
|
|
|
|
|
$this->request->getSession()->setSecret( 'AuthManager::accountCreationState', $session );
|
Hooks::run() call site migration
Migrate all callers of Hooks::run() to use the new
HookContainer/HookRunner system.
General principles:
* Use DI if it is already used. We're not changing the way state is
managed in this patch.
* HookContainer is always injected, not HookRunner. HookContainer
is a service, it's a more generic interface, it is the only
thing that provides isRegistered() which is needed in some cases,
and a HookRunner can be efficiently constructed from it
(confirmed by benchmark). Because HookContainer is needed
for object construction, it is also needed by all factories.
* "Ask your friendly local base class". Big hierarchies like
SpecialPage and ApiBase have getHookContainer() and getHookRunner()
methods in the base class, and classes that extend that base class
are not expected to know or care where the base class gets its
HookContainer from.
* ProtectedHookAccessorTrait provides protected getHookContainer() and
getHookRunner() methods, getting them from the global service
container. The point of this is to ease migration to DI by ensuring
that call sites ask their local friendly base class rather than
getting a HookRunner from the service container directly.
* Private $this->hookRunner. In some smaller classes where accessor
methods did not seem warranted, there is a private HookRunner property
which is accessed directly. Very rarely (two cases), there is a
protected property, for consistency with code that conventionally
assumes protected=private, but in cases where the class might actually
be overridden, a protected accessor is preferred over a protected
property.
* The last resort: Hooks::runner(). Mostly for static, file-scope and
global code. In a few cases it was used for objects with broken
construction schemes, out of horror or laziness.
Constructors with new required arguments:
* AuthManager
* BadFileLookup
* BlockManager
* ClassicInterwikiLookup
* ContentHandlerFactory
* ContentSecurityPolicy
* DefaultOptionsManager
* DerivedPageDataUpdater
* FullSearchResultWidget
* HtmlCacheUpdater
* LanguageFactory
* LanguageNameUtils
* LinkRenderer
* LinkRendererFactory
* LocalisationCache
* MagicWordFactory
* MessageCache
* NamespaceInfo
* PageEditStash
* PageHandlerFactory
* PageUpdater
* ParserFactory
* PermissionManager
* RevisionStore
* RevisionStoreFactory
* SearchEngineConfig
* SearchEngineFactory
* SearchFormWidget
* SearchNearMatcher
* SessionBackend
* SpecialPageFactory
* UserNameUtils
* UserOptionsManager
* WatchedItemQueryService
* WatchedItemStore
Constructors with new optional arguments:
* DefaultPreferencesFactory
* Language
* LinkHolderArray
* MovePage
* Parser
* ParserCache
* PasswordReset
* Router
setHookContainer() now required after construction:
* AuthenticationProvider
* ResourceLoaderModule
* SearchEngine
Change-Id: Id442b0dbe43aba84bd5cf801d86dedc768b082c7
2020-03-19 02:42:09 +00:00
|
|
|
$this->hook( 'LocalUserCreated', LocalUserCreatedHook::class, $this->never() );
|
2015-11-22 20:17:00 +00:00
|
|
|
$cache = \ObjectCache::getLocalClusterInstance();
|
|
|
|
|
$lock = $cache->getScopedLock( $cache->makeGlobalKey( 'account', md5( $username ) ) );
|
|
|
|
|
$ret = $this->manager->continueAccountCreation( [] );
|
|
|
|
|
unset( $lock );
|
|
|
|
|
$this->unhook( 'LocalUserCreated' );
|
|
|
|
|
$this->assertSame( AuthenticationResponse::FAIL, $ret->status );
|
|
|
|
|
$this->assertSame( 'usernameinprogress', $ret->message->getKey() );
|
|
|
|
|
// This error shouldn't remove the existing session, because the
|
|
|
|
|
// raced-with process "owns" it.
|
|
|
|
|
$this->assertSame(
|
|
|
|
|
$session, $this->request->getSession()->getSecret( 'AuthManager::accountCreationState' )
|
|
|
|
|
);
|
|
|
|
|
|
Hooks::run() call site migration
Migrate all callers of Hooks::run() to use the new
HookContainer/HookRunner system.
General principles:
* Use DI if it is already used. We're not changing the way state is
managed in this patch.
* HookContainer is always injected, not HookRunner. HookContainer
is a service, it's a more generic interface, it is the only
thing that provides isRegistered() which is needed in some cases,
and a HookRunner can be efficiently constructed from it
(confirmed by benchmark). Because HookContainer is needed
for object construction, it is also needed by all factories.
* "Ask your friendly local base class". Big hierarchies like
SpecialPage and ApiBase have getHookContainer() and getHookRunner()
methods in the base class, and classes that extend that base class
are not expected to know or care where the base class gets its
HookContainer from.
* ProtectedHookAccessorTrait provides protected getHookContainer() and
getHookRunner() methods, getting them from the global service
container. The point of this is to ease migration to DI by ensuring
that call sites ask their local friendly base class rather than
getting a HookRunner from the service container directly.
* Private $this->hookRunner. In some smaller classes where accessor
methods did not seem warranted, there is a private HookRunner property
which is accessed directly. Very rarely (two cases), there is a
protected property, for consistency with code that conventionally
assumes protected=private, but in cases where the class might actually
be overridden, a protected accessor is preferred over a protected
property.
* The last resort: Hooks::runner(). Mostly for static, file-scope and
global code. In a few cases it was used for objects with broken
construction schemes, out of horror or laziness.
Constructors with new required arguments:
* AuthManager
* BadFileLookup
* BlockManager
* ClassicInterwikiLookup
* ContentHandlerFactory
* ContentSecurityPolicy
* DefaultOptionsManager
* DerivedPageDataUpdater
* FullSearchResultWidget
* HtmlCacheUpdater
* LanguageFactory
* LanguageNameUtils
* LinkRenderer
* LinkRendererFactory
* LocalisationCache
* MagicWordFactory
* MessageCache
* NamespaceInfo
* PageEditStash
* PageHandlerFactory
* PageUpdater
* ParserFactory
* PermissionManager
* RevisionStore
* RevisionStoreFactory
* SearchEngineConfig
* SearchEngineFactory
* SearchFormWidget
* SearchNearMatcher
* SessionBackend
* SpecialPageFactory
* UserNameUtils
* UserOptionsManager
* WatchedItemQueryService
* WatchedItemStore
Constructors with new optional arguments:
* DefaultPreferencesFactory
* Language
* LinkHolderArray
* MovePage
* Parser
* ParserCache
* PasswordReset
* Router
setHookContainer() now required after construction:
* AuthenticationProvider
* ResourceLoaderModule
* SearchEngine
Change-Id: Id442b0dbe43aba84bd5cf801d86dedc768b082c7
2020-03-19 02:42:09 +00:00
|
|
|
$this->hook( 'LocalUserCreated', LocalUserCreatedHook::class, $this->never() );
|
2015-11-22 20:17:00 +00:00
|
|
|
$this->request->getSession()->setSecret( 'AuthManager::accountCreationState',
|
|
|
|
|
[ 'username' => $creator->getName() ] + $session );
|
2022-01-12 20:13:39 +00:00
|
|
|
$readOnlyMode = $this->getServiceContainer()->getReadOnlyMode();
|
2017-04-10 05:34:30 +00:00
|
|
|
$readOnlyMode->setReason( 'Because' );
|
2015-11-22 20:17:00 +00:00
|
|
|
$ret = $this->manager->continueAccountCreation( [] );
|
|
|
|
|
$this->unhook( 'LocalUserCreated' );
|
|
|
|
|
$this->assertSame( AuthenticationResponse::FAIL, $ret->status );
|
|
|
|
|
$this->assertSame( 'readonlytext', $ret->message->getKey() );
|
|
|
|
|
$this->assertSame( [ 'Because' ], $ret->message->getParams() );
|
2017-04-10 05:34:30 +00:00
|
|
|
$readOnlyMode->setReason( false );
|
2015-11-22 20:17:00 +00:00
|
|
|
|
|
|
|
|
$this->request->getSession()->setSecret( 'AuthManager::accountCreationState',
|
|
|
|
|
[ 'username' => $creator->getName() ] + $session );
|
Hooks::run() call site migration
Migrate all callers of Hooks::run() to use the new
HookContainer/HookRunner system.
General principles:
* Use DI if it is already used. We're not changing the way state is
managed in this patch.
* HookContainer is always injected, not HookRunner. HookContainer
is a service, it's a more generic interface, it is the only
thing that provides isRegistered() which is needed in some cases,
and a HookRunner can be efficiently constructed from it
(confirmed by benchmark). Because HookContainer is needed
for object construction, it is also needed by all factories.
* "Ask your friendly local base class". Big hierarchies like
SpecialPage and ApiBase have getHookContainer() and getHookRunner()
methods in the base class, and classes that extend that base class
are not expected to know or care where the base class gets its
HookContainer from.
* ProtectedHookAccessorTrait provides protected getHookContainer() and
getHookRunner() methods, getting them from the global service
container. The point of this is to ease migration to DI by ensuring
that call sites ask their local friendly base class rather than
getting a HookRunner from the service container directly.
* Private $this->hookRunner. In some smaller classes where accessor
methods did not seem warranted, there is a private HookRunner property
which is accessed directly. Very rarely (two cases), there is a
protected property, for consistency with code that conventionally
assumes protected=private, but in cases where the class might actually
be overridden, a protected accessor is preferred over a protected
property.
* The last resort: Hooks::runner(). Mostly for static, file-scope and
global code. In a few cases it was used for objects with broken
construction schemes, out of horror or laziness.
Constructors with new required arguments:
* AuthManager
* BadFileLookup
* BlockManager
* ClassicInterwikiLookup
* ContentHandlerFactory
* ContentSecurityPolicy
* DefaultOptionsManager
* DerivedPageDataUpdater
* FullSearchResultWidget
* HtmlCacheUpdater
* LanguageFactory
* LanguageNameUtils
* LinkRenderer
* LinkRendererFactory
* LocalisationCache
* MagicWordFactory
* MessageCache
* NamespaceInfo
* PageEditStash
* PageHandlerFactory
* PageUpdater
* ParserFactory
* PermissionManager
* RevisionStore
* RevisionStoreFactory
* SearchEngineConfig
* SearchEngineFactory
* SearchFormWidget
* SearchNearMatcher
* SessionBackend
* SpecialPageFactory
* UserNameUtils
* UserOptionsManager
* WatchedItemQueryService
* WatchedItemStore
Constructors with new optional arguments:
* DefaultPreferencesFactory
* Language
* LinkHolderArray
* MovePage
* Parser
* ParserCache
* PasswordReset
* Router
setHookContainer() now required after construction:
* AuthenticationProvider
* ResourceLoaderModule
* SearchEngine
Change-Id: Id442b0dbe43aba84bd5cf801d86dedc768b082c7
2020-03-19 02:42:09 +00:00
|
|
|
$this->hook( 'LocalUserCreated', LocalUserCreatedHook::class, $this->never() );
|
2015-11-22 20:17:00 +00:00
|
|
|
$ret = $this->manager->continueAccountCreation( [] );
|
|
|
|
|
$this->unhook( 'LocalUserCreated' );
|
|
|
|
|
$this->assertSame( AuthenticationResponse::FAIL, $ret->status );
|
|
|
|
|
$this->assertSame( 'userexists', $ret->message->getKey() );
|
|
|
|
|
$this->assertNull(
|
|
|
|
|
$this->request->getSession()->getSecret( 'AuthManager::accountCreationState' )
|
|
|
|
|
);
|
|
|
|
|
|
|
|
|
|
$this->request->getSession()->setSecret( 'AuthManager::accountCreationState',
|
|
|
|
|
[ 'userid' => $creator->getId() ] + $session );
|
Hooks::run() call site migration
Migrate all callers of Hooks::run() to use the new
HookContainer/HookRunner system.
General principles:
* Use DI if it is already used. We're not changing the way state is
managed in this patch.
* HookContainer is always injected, not HookRunner. HookContainer
is a service, it's a more generic interface, it is the only
thing that provides isRegistered() which is needed in some cases,
and a HookRunner can be efficiently constructed from it
(confirmed by benchmark). Because HookContainer is needed
for object construction, it is also needed by all factories.
* "Ask your friendly local base class". Big hierarchies like
SpecialPage and ApiBase have getHookContainer() and getHookRunner()
methods in the base class, and classes that extend that base class
are not expected to know or care where the base class gets its
HookContainer from.
* ProtectedHookAccessorTrait provides protected getHookContainer() and
getHookRunner() methods, getting them from the global service
container. The point of this is to ease migration to DI by ensuring
that call sites ask their local friendly base class rather than
getting a HookRunner from the service container directly.
* Private $this->hookRunner. In some smaller classes where accessor
methods did not seem warranted, there is a private HookRunner property
which is accessed directly. Very rarely (two cases), there is a
protected property, for consistency with code that conventionally
assumes protected=private, but in cases where the class might actually
be overridden, a protected accessor is preferred over a protected
property.
* The last resort: Hooks::runner(). Mostly for static, file-scope and
global code. In a few cases it was used for objects with broken
construction schemes, out of horror or laziness.
Constructors with new required arguments:
* AuthManager
* BadFileLookup
* BlockManager
* ClassicInterwikiLookup
* ContentHandlerFactory
* ContentSecurityPolicy
* DefaultOptionsManager
* DerivedPageDataUpdater
* FullSearchResultWidget
* HtmlCacheUpdater
* LanguageFactory
* LanguageNameUtils
* LinkRenderer
* LinkRendererFactory
* LocalisationCache
* MagicWordFactory
* MessageCache
* NamespaceInfo
* PageEditStash
* PageHandlerFactory
* PageUpdater
* ParserFactory
* PermissionManager
* RevisionStore
* RevisionStoreFactory
* SearchEngineConfig
* SearchEngineFactory
* SearchFormWidget
* SearchNearMatcher
* SessionBackend
* SpecialPageFactory
* UserNameUtils
* UserOptionsManager
* WatchedItemQueryService
* WatchedItemStore
Constructors with new optional arguments:
* DefaultPreferencesFactory
* Language
* LinkHolderArray
* MovePage
* Parser
* ParserCache
* PasswordReset
* Router
setHookContainer() now required after construction:
* AuthenticationProvider
* ResourceLoaderModule
* SearchEngine
Change-Id: Id442b0dbe43aba84bd5cf801d86dedc768b082c7
2020-03-19 02:42:09 +00:00
|
|
|
$this->hook( 'LocalUserCreated', LocalUserCreatedHook::class, $this->never() );
|
2015-11-22 20:17:00 +00:00
|
|
|
try {
|
|
|
|
|
$ret = $this->manager->continueAccountCreation( [] );
|
|
|
|
|
$this->fail( 'Expected exception not thrown' );
|
|
|
|
|
} catch ( \UnexpectedValueException $ex ) {
|
|
|
|
|
$this->assertEquals( "User \"{$username}\" should exist now, but doesn't!", $ex->getMessage() );
|
|
|
|
|
}
|
|
|
|
|
$this->unhook( 'LocalUserCreated' );
|
|
|
|
|
$this->assertNull(
|
|
|
|
|
$this->request->getSession()->getSecret( 'AuthManager::accountCreationState' )
|
|
|
|
|
);
|
|
|
|
|
|
|
|
|
|
$id = $creator->getId();
|
|
|
|
|
$name = $creator->getName();
|
|
|
|
|
$this->request->getSession()->setSecret( 'AuthManager::accountCreationState',
|
|
|
|
|
[ 'username' => $name, 'userid' => $id + 1 ] + $session );
|
Hooks::run() call site migration
Migrate all callers of Hooks::run() to use the new
HookContainer/HookRunner system.
General principles:
* Use DI if it is already used. We're not changing the way state is
managed in this patch.
* HookContainer is always injected, not HookRunner. HookContainer
is a service, it's a more generic interface, it is the only
thing that provides isRegistered() which is needed in some cases,
and a HookRunner can be efficiently constructed from it
(confirmed by benchmark). Because HookContainer is needed
for object construction, it is also needed by all factories.
* "Ask your friendly local base class". Big hierarchies like
SpecialPage and ApiBase have getHookContainer() and getHookRunner()
methods in the base class, and classes that extend that base class
are not expected to know or care where the base class gets its
HookContainer from.
* ProtectedHookAccessorTrait provides protected getHookContainer() and
getHookRunner() methods, getting them from the global service
container. The point of this is to ease migration to DI by ensuring
that call sites ask their local friendly base class rather than
getting a HookRunner from the service container directly.
* Private $this->hookRunner. In some smaller classes where accessor
methods did not seem warranted, there is a private HookRunner property
which is accessed directly. Very rarely (two cases), there is a
protected property, for consistency with code that conventionally
assumes protected=private, but in cases where the class might actually
be overridden, a protected accessor is preferred over a protected
property.
* The last resort: Hooks::runner(). Mostly for static, file-scope and
global code. In a few cases it was used for objects with broken
construction schemes, out of horror or laziness.
Constructors with new required arguments:
* AuthManager
* BadFileLookup
* BlockManager
* ClassicInterwikiLookup
* ContentHandlerFactory
* ContentSecurityPolicy
* DefaultOptionsManager
* DerivedPageDataUpdater
* FullSearchResultWidget
* HtmlCacheUpdater
* LanguageFactory
* LanguageNameUtils
* LinkRenderer
* LinkRendererFactory
* LocalisationCache
* MagicWordFactory
* MessageCache
* NamespaceInfo
* PageEditStash
* PageHandlerFactory
* PageUpdater
* ParserFactory
* PermissionManager
* RevisionStore
* RevisionStoreFactory
* SearchEngineConfig
* SearchEngineFactory
* SearchFormWidget
* SearchNearMatcher
* SessionBackend
* SpecialPageFactory
* UserNameUtils
* UserOptionsManager
* WatchedItemQueryService
* WatchedItemStore
Constructors with new optional arguments:
* DefaultPreferencesFactory
* Language
* LinkHolderArray
* MovePage
* Parser
* ParserCache
* PasswordReset
* Router
setHookContainer() now required after construction:
* AuthenticationProvider
* ResourceLoaderModule
* SearchEngine
Change-Id: Id442b0dbe43aba84bd5cf801d86dedc768b082c7
2020-03-19 02:42:09 +00:00
|
|
|
$this->hook( 'LocalUserCreated', LocalUserCreatedHook::class, $this->never() );
|
2015-11-22 20:17:00 +00:00
|
|
|
try {
|
|
|
|
|
$ret = $this->manager->continueAccountCreation( [] );
|
|
|
|
|
$this->fail( 'Expected exception not thrown' );
|
|
|
|
|
} catch ( \UnexpectedValueException $ex ) {
|
|
|
|
|
$this->assertEquals(
|
2018-10-31 13:22:47 +00:00
|
|
|
"User \"{$name}\" exists, but ID $id !== " . ( $id + 1 ) . '!', $ex->getMessage()
|
2015-11-22 20:17:00 +00:00
|
|
|
);
|
|
|
|
|
}
|
|
|
|
|
$this->unhook( 'LocalUserCreated' );
|
|
|
|
|
$this->assertNull(
|
|
|
|
|
$this->request->getSession()->getSecret( 'AuthManager::accountCreationState' )
|
|
|
|
|
);
|
|
|
|
|
|
|
|
|
|
$req = $this->getMockBuilder( UserDataAuthenticationRequest::class )
|
2021-03-20 15:18:58 +00:00
|
|
|
->onlyMethods( [ 'populateUser' ] )
|
2015-11-22 20:17:00 +00:00
|
|
|
->getMock();
|
2021-04-22 08:40:46 +00:00
|
|
|
$req->method( 'populateUser' )
|
2015-11-22 20:17:00 +00:00
|
|
|
->willReturn( \StatusValue::newFatal( 'populatefail' ) );
|
|
|
|
|
$this->request->getSession()->setSecret( 'AuthManager::accountCreationState',
|
|
|
|
|
[ 'reqs' => [ $req ] ] + $session );
|
|
|
|
|
$ret = $this->manager->continueAccountCreation( [] );
|
|
|
|
|
$this->assertSame( AuthenticationResponse::FAIL, $ret->status );
|
|
|
|
|
$this->assertSame( 'populatefail', $ret->message->getKey() );
|
|
|
|
|
$this->assertNull(
|
|
|
|
|
$this->request->getSession()->getSecret( 'AuthManager::accountCreationState' )
|
|
|
|
|
);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/**
|
|
|
|
|
* @dataProvider provideAccountCreation
|
|
|
|
|
* @param StatusValue $preTest
|
|
|
|
|
* @param StatusValue $primaryTest
|
|
|
|
|
* @param StatusValue $secondaryTest
|
|
|
|
|
* @param array $primaryResponses
|
|
|
|
|
* @param array $secondaryResponses
|
|
|
|
|
* @param array $managerResponses
|
|
|
|
|
*/
|
|
|
|
|
public function testAccountCreation(
|
|
|
|
|
StatusValue $preTest, $primaryTest, $secondaryTest,
|
|
|
|
|
array $primaryResponses, array $secondaryResponses, array $managerResponses
|
|
|
|
|
) {
|
|
|
|
|
$creator = \User::newFromName( 'UTSysop' );
|
|
|
|
|
$username = self::usernameForCreation();
|
|
|
|
|
|
|
|
|
|
$this->initializeManager();
|
|
|
|
|
|
|
|
|
|
// Set up lots of mocks...
|
|
|
|
|
$req = $this->getMockForAbstractClass( AuthenticationRequest::class );
|
|
|
|
|
$req->preTest = $preTest;
|
|
|
|
|
$req->primaryTest = $primaryTest;
|
|
|
|
|
$req->secondaryTest = $secondaryTest;
|
|
|
|
|
$req->primary = $primaryResponses;
|
|
|
|
|
$req->secondary = $secondaryResponses;
|
|
|
|
|
$mocks = [];
|
|
|
|
|
foreach ( [ 'pre', 'primary', 'secondary' ] as $key ) {
|
|
|
|
|
$class = ucfirst( $key ) . 'AuthenticationProvider';
|
2021-04-16 13:17:10 +00:00
|
|
|
$mocks[$key] = $this->getMockBuilder( "MediaWiki\\Auth\\Abstract$class" )
|
|
|
|
|
->setMockClassName( "MockAbstract$class" )
|
|
|
|
|
->getMock();
|
2021-04-22 08:28:11 +00:00
|
|
|
$mocks[$key]->method( 'getUniqueId' )
|
|
|
|
|
->willReturn( $key );
|
|
|
|
|
$mocks[$key]->method( 'testUserForCreation' )
|
|
|
|
|
->willReturn( StatusValue::newGood() );
|
|
|
|
|
$mocks[$key]->method( 'testForAccountCreation' )
|
2022-06-05 23:39:02 +00:00
|
|
|
->willReturnCallback(
|
2015-11-22 20:17:00 +00:00
|
|
|
function ( $user, $creatorIn, $reqs )
|
|
|
|
|
use ( $username, $creator, $req, $key )
|
|
|
|
|
{
|
|
|
|
|
$this->assertSame( $username, $user->getName() );
|
|
|
|
|
$this->assertSame( $creator->getId(), $creatorIn->getId() );
|
|
|
|
|
$this->assertSame( $creator->getName(), $creatorIn->getName() );
|
|
|
|
|
$foundReq = false;
|
|
|
|
|
foreach ( $reqs as $r ) {
|
|
|
|
|
$this->assertSame( $username, $r->username );
|
|
|
|
|
$foundReq = $foundReq || get_class( $r ) === get_class( $req );
|
|
|
|
|
}
|
|
|
|
|
$this->assertTrue( $foundReq, '$reqs contains $req' );
|
|
|
|
|
$k = $key . 'Test';
|
|
|
|
|
return $req->$k;
|
|
|
|
|
}
|
2022-06-05 23:39:02 +00:00
|
|
|
);
|
2015-11-22 20:17:00 +00:00
|
|
|
|
|
|
|
|
for ( $i = 2; $i <= 3; $i++ ) {
|
2021-04-16 13:17:10 +00:00
|
|
|
$mocks[$key . $i] = $this->createMock( "MediaWiki\\Auth\\Abstract$class" );
|
2021-04-22 08:28:11 +00:00
|
|
|
$mocks[$key . $i]->method( 'getUniqueId' )
|
|
|
|
|
->willReturn( $key . $i );
|
|
|
|
|
$mocks[$key . $i]->method( 'testUserForCreation' )
|
|
|
|
|
->willReturn( StatusValue::newGood() );
|
2015-11-22 20:17:00 +00:00
|
|
|
$mocks[$key . $i]->expects( $this->atMost( 1 ) )->method( 'testForAccountCreation' )
|
2021-04-22 08:28:11 +00:00
|
|
|
->willReturn( StatusValue::newGood() );
|
2015-11-22 20:17:00 +00:00
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
2021-04-22 08:28:11 +00:00
|
|
|
$mocks['primary']->method( 'accountCreationType' )
|
|
|
|
|
->willReturn( PrimaryAuthenticationProvider::TYPE_CREATE );
|
|
|
|
|
$mocks['primary']->method( 'testUserExists' )
|
|
|
|
|
->willReturn( false );
|
2015-11-22 20:17:00 +00:00
|
|
|
$ct = count( $req->primary );
|
|
|
|
|
$callback = $this->returnCallback( function ( $user, $creator, $reqs ) use ( $username, $req ) {
|
|
|
|
|
$this->assertSame( $username, $user->getName() );
|
|
|
|
|
$this->assertSame( 'UTSysop', $creator->getName() );
|
|
|
|
|
$foundReq = false;
|
|
|
|
|
foreach ( $reqs as $r ) {
|
|
|
|
|
$this->assertSame( $username, $r->username );
|
|
|
|
|
$foundReq = $foundReq || get_class( $r ) === get_class( $req );
|
|
|
|
|
}
|
|
|
|
|
$this->assertTrue( $foundReq, '$reqs contains $req' );
|
|
|
|
|
return array_shift( $req->primary );
|
|
|
|
|
} );
|
|
|
|
|
$mocks['primary']->expects( $this->exactly( min( 1, $ct ) ) )
|
|
|
|
|
->method( 'beginPrimaryAccountCreation' )
|
|
|
|
|
->will( $callback );
|
|
|
|
|
$mocks['primary']->expects( $this->exactly( max( 0, $ct - 1 ) ) )
|
|
|
|
|
->method( 'continuePrimaryAccountCreation' )
|
|
|
|
|
->will( $callback );
|
|
|
|
|
|
|
|
|
|
$ct = count( $req->secondary );
|
|
|
|
|
$callback = $this->returnCallback( function ( $user, $creator, $reqs ) use ( $username, $req ) {
|
|
|
|
|
$this->assertSame( $username, $user->getName() );
|
|
|
|
|
$this->assertSame( 'UTSysop', $creator->getName() );
|
|
|
|
|
$foundReq = false;
|
|
|
|
|
foreach ( $reqs as $r ) {
|
|
|
|
|
$this->assertSame( $username, $r->username );
|
|
|
|
|
$foundReq = $foundReq || get_class( $r ) === get_class( $req );
|
|
|
|
|
}
|
|
|
|
|
$this->assertTrue( $foundReq, '$reqs contains $req' );
|
|
|
|
|
return array_shift( $req->secondary );
|
|
|
|
|
} );
|
|
|
|
|
$mocks['secondary']->expects( $this->exactly( min( 1, $ct ) ) )
|
|
|
|
|
->method( 'beginSecondaryAccountCreation' )
|
|
|
|
|
->will( $callback );
|
|
|
|
|
$mocks['secondary']->expects( $this->exactly( max( 0, $ct - 1 ) ) )
|
|
|
|
|
->method( 'continueSecondaryAccountCreation' )
|
|
|
|
|
->will( $callback );
|
|
|
|
|
|
|
|
|
|
$abstain = AuthenticationResponse::newAbstain();
|
2021-04-22 08:28:11 +00:00
|
|
|
$mocks['primary2']->method( 'accountCreationType' )
|
|
|
|
|
->willReturn( PrimaryAuthenticationProvider::TYPE_LINK );
|
|
|
|
|
$mocks['primary2']->method( 'testUserExists' )
|
|
|
|
|
->willReturn( false );
|
2015-11-22 20:17:00 +00:00
|
|
|
$mocks['primary2']->expects( $this->atMost( 1 ) )->method( 'beginPrimaryAccountCreation' )
|
2021-04-22 08:28:11 +00:00
|
|
|
->willReturn( $abstain );
|
2015-11-22 20:17:00 +00:00
|
|
|
$mocks['primary2']->expects( $this->never() )->method( 'continuePrimaryAccountCreation' );
|
2021-04-22 08:28:11 +00:00
|
|
|
$mocks['primary3']->method( 'accountCreationType' )
|
|
|
|
|
->willReturn( PrimaryAuthenticationProvider::TYPE_NONE );
|
|
|
|
|
$mocks['primary3']->method( 'testUserExists' )
|
|
|
|
|
->willReturn( false );
|
2015-11-22 20:17:00 +00:00
|
|
|
$mocks['primary3']->expects( $this->never() )->method( 'beginPrimaryAccountCreation' );
|
|
|
|
|
$mocks['primary3']->expects( $this->never() )->method( 'continuePrimaryAccountCreation' );
|
|
|
|
|
$mocks['secondary2']->expects( $this->atMost( 1 ) )
|
|
|
|
|
->method( 'beginSecondaryAccountCreation' )
|
2021-04-22 08:28:11 +00:00
|
|
|
->willReturn( $abstain );
|
2015-11-22 20:17:00 +00:00
|
|
|
$mocks['secondary2']->expects( $this->never() )->method( 'continueSecondaryAccountCreation' );
|
|
|
|
|
$mocks['secondary3']->expects( $this->atMost( 1 ) )
|
|
|
|
|
->method( 'beginSecondaryAccountCreation' )
|
2021-04-22 08:28:11 +00:00
|
|
|
->willReturn( $abstain );
|
2015-11-22 20:17:00 +00:00
|
|
|
$mocks['secondary3']->expects( $this->never() )->method( 'continueSecondaryAccountCreation' );
|
|
|
|
|
|
|
|
|
|
$this->preauthMocks = [ $mocks['pre'], $mocks['pre2'] ];
|
|
|
|
|
$this->primaryauthMocks = [ $mocks['primary3'], $mocks['primary'], $mocks['primary2'] ];
|
|
|
|
|
$this->secondaryauthMocks = [
|
|
|
|
|
$mocks['secondary3'], $mocks['secondary'], $mocks['secondary2']
|
|
|
|
|
];
|
|
|
|
|
|
2021-02-07 13:10:36 +00:00
|
|
|
$this->logger = new \TestLogger( true, static function ( $message, $level ) {
|
2015-11-22 20:17:00 +00:00
|
|
|
return $level === LogLevel::DEBUG ? null : $message;
|
|
|
|
|
} );
|
|
|
|
|
$expectLog = [];
|
|
|
|
|
$this->initializeManager( true );
|
|
|
|
|
|
2019-10-06 04:54:59 +00:00
|
|
|
$constraint = Assert::logicalOr(
|
2015-11-22 20:17:00 +00:00
|
|
|
$this->equalTo( AuthenticationResponse::PASS ),
|
|
|
|
|
$this->equalTo( AuthenticationResponse::FAIL )
|
|
|
|
|
);
|
|
|
|
|
$providers = array_merge(
|
|
|
|
|
$this->preauthMocks, $this->primaryauthMocks, $this->secondaryauthMocks
|
|
|
|
|
);
|
|
|
|
|
foreach ( $providers as $p ) {
|
|
|
|
|
$p->postCalled = false;
|
|
|
|
|
$p->expects( $this->atMost( 1 ) )->method( 'postAccountCreation' )
|
|
|
|
|
->willReturnCallback( function ( $user, $creator, $response )
|
|
|
|
|
use ( $constraint, $p, $username )
|
|
|
|
|
{
|
2018-01-13 00:02:09 +00:00
|
|
|
$this->assertInstanceOf( \User::class, $user );
|
2015-11-22 20:17:00 +00:00
|
|
|
$this->assertSame( $username, $user->getName() );
|
|
|
|
|
$this->assertSame( 'UTSysop', $creator->getName() );
|
|
|
|
|
$this->assertInstanceOf( AuthenticationResponse::class, $response );
|
|
|
|
|
$this->assertThat( $response->status, $constraint );
|
|
|
|
|
$p->postCalled = $response->status;
|
|
|
|
|
} );
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// We're testing with $wgNewUserLog = false, so assert that it worked
|
2021-04-29 02:37:11 +00:00
|
|
|
$dbw = wfGetDB( DB_PRIMARY );
|
2015-11-22 20:17:00 +00:00
|
|
|
$maxLogId = $dbw->selectField( 'logging', 'MAX(log_id)', [ 'log_type' => 'newusers' ] );
|
|
|
|
|
|
|
|
|
|
$first = true;
|
|
|
|
|
$created = false;
|
|
|
|
|
foreach ( $managerResponses as $i => $response ) {
|
|
|
|
|
$success = $response instanceof AuthenticationResponse &&
|
|
|
|
|
$response->status === AuthenticationResponse::PASS;
|
|
|
|
|
if ( $i === 'created' ) {
|
|
|
|
|
$created = true;
|
Hooks::run() call site migration
Migrate all callers of Hooks::run() to use the new
HookContainer/HookRunner system.
General principles:
* Use DI if it is already used. We're not changing the way state is
managed in this patch.
* HookContainer is always injected, not HookRunner. HookContainer
is a service, it's a more generic interface, it is the only
thing that provides isRegistered() which is needed in some cases,
and a HookRunner can be efficiently constructed from it
(confirmed by benchmark). Because HookContainer is needed
for object construction, it is also needed by all factories.
* "Ask your friendly local base class". Big hierarchies like
SpecialPage and ApiBase have getHookContainer() and getHookRunner()
methods in the base class, and classes that extend that base class
are not expected to know or care where the base class gets its
HookContainer from.
* ProtectedHookAccessorTrait provides protected getHookContainer() and
getHookRunner() methods, getting them from the global service
container. The point of this is to ease migration to DI by ensuring
that call sites ask their local friendly base class rather than
getting a HookRunner from the service container directly.
* Private $this->hookRunner. In some smaller classes where accessor
methods did not seem warranted, there is a private HookRunner property
which is accessed directly. Very rarely (two cases), there is a
protected property, for consistency with code that conventionally
assumes protected=private, but in cases where the class might actually
be overridden, a protected accessor is preferred over a protected
property.
* The last resort: Hooks::runner(). Mostly for static, file-scope and
global code. In a few cases it was used for objects with broken
construction schemes, out of horror or laziness.
Constructors with new required arguments:
* AuthManager
* BadFileLookup
* BlockManager
* ClassicInterwikiLookup
* ContentHandlerFactory
* ContentSecurityPolicy
* DefaultOptionsManager
* DerivedPageDataUpdater
* FullSearchResultWidget
* HtmlCacheUpdater
* LanguageFactory
* LanguageNameUtils
* LinkRenderer
* LinkRendererFactory
* LocalisationCache
* MagicWordFactory
* MessageCache
* NamespaceInfo
* PageEditStash
* PageHandlerFactory
* PageUpdater
* ParserFactory
* PermissionManager
* RevisionStore
* RevisionStoreFactory
* SearchEngineConfig
* SearchEngineFactory
* SearchFormWidget
* SearchNearMatcher
* SessionBackend
* SpecialPageFactory
* UserNameUtils
* UserOptionsManager
* WatchedItemQueryService
* WatchedItemStore
Constructors with new optional arguments:
* DefaultPreferencesFactory
* Language
* LinkHolderArray
* MovePage
* Parser
* ParserCache
* PasswordReset
* Router
setHookContainer() now required after construction:
* AuthenticationProvider
* ResourceLoaderModule
* SearchEngine
Change-Id: Id442b0dbe43aba84bd5cf801d86dedc768b082c7
2020-03-19 02:42:09 +00:00
|
|
|
$this->hook( 'LocalUserCreated', LocalUserCreatedHook::class, $this->once() )
|
2015-11-22 20:17:00 +00:00
|
|
|
->with(
|
2021-02-07 13:10:36 +00:00
|
|
|
$this->callback( static function ( $user ) use ( $username ) {
|
2015-11-22 20:17:00 +00:00
|
|
|
return $user->getName() === $username;
|
|
|
|
|
} ),
|
|
|
|
|
$this->equalTo( false )
|
|
|
|
|
);
|
|
|
|
|
$expectLog[] = [ LogLevel::INFO, "Creating user {user} during account creation" ];
|
|
|
|
|
} else {
|
Hooks::run() call site migration
Migrate all callers of Hooks::run() to use the new
HookContainer/HookRunner system.
General principles:
* Use DI if it is already used. We're not changing the way state is
managed in this patch.
* HookContainer is always injected, not HookRunner. HookContainer
is a service, it's a more generic interface, it is the only
thing that provides isRegistered() which is needed in some cases,
and a HookRunner can be efficiently constructed from it
(confirmed by benchmark). Because HookContainer is needed
for object construction, it is also needed by all factories.
* "Ask your friendly local base class". Big hierarchies like
SpecialPage and ApiBase have getHookContainer() and getHookRunner()
methods in the base class, and classes that extend that base class
are not expected to know or care where the base class gets its
HookContainer from.
* ProtectedHookAccessorTrait provides protected getHookContainer() and
getHookRunner() methods, getting them from the global service
container. The point of this is to ease migration to DI by ensuring
that call sites ask their local friendly base class rather than
getting a HookRunner from the service container directly.
* Private $this->hookRunner. In some smaller classes where accessor
methods did not seem warranted, there is a private HookRunner property
which is accessed directly. Very rarely (two cases), there is a
protected property, for consistency with code that conventionally
assumes protected=private, but in cases where the class might actually
be overridden, a protected accessor is preferred over a protected
property.
* The last resort: Hooks::runner(). Mostly for static, file-scope and
global code. In a few cases it was used for objects with broken
construction schemes, out of horror or laziness.
Constructors with new required arguments:
* AuthManager
* BadFileLookup
* BlockManager
* ClassicInterwikiLookup
* ContentHandlerFactory
* ContentSecurityPolicy
* DefaultOptionsManager
* DerivedPageDataUpdater
* FullSearchResultWidget
* HtmlCacheUpdater
* LanguageFactory
* LanguageNameUtils
* LinkRenderer
* LinkRendererFactory
* LocalisationCache
* MagicWordFactory
* MessageCache
* NamespaceInfo
* PageEditStash
* PageHandlerFactory
* PageUpdater
* ParserFactory
* PermissionManager
* RevisionStore
* RevisionStoreFactory
* SearchEngineConfig
* SearchEngineFactory
* SearchFormWidget
* SearchNearMatcher
* SessionBackend
* SpecialPageFactory
* UserNameUtils
* UserOptionsManager
* WatchedItemQueryService
* WatchedItemStore
Constructors with new optional arguments:
* DefaultPreferencesFactory
* Language
* LinkHolderArray
* MovePage
* Parser
* ParserCache
* PasswordReset
* Router
setHookContainer() now required after construction:
* AuthenticationProvider
* ResourceLoaderModule
* SearchEngine
Change-Id: Id442b0dbe43aba84bd5cf801d86dedc768b082c7
2020-03-19 02:42:09 +00:00
|
|
|
$this->hook( 'LocalUserCreated', LocalUserCreatedHook::class, $this->never() );
|
2015-11-22 20:17:00 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
$ex = null;
|
|
|
|
|
try {
|
|
|
|
|
if ( $first ) {
|
|
|
|
|
$userReq = new UsernameAuthenticationRequest;
|
|
|
|
|
$userReq->username = $username;
|
|
|
|
|
$ret = $this->manager->beginAccountCreation(
|
|
|
|
|
$creator, [ $userReq, $req ], 'http://localhost/'
|
|
|
|
|
);
|
|
|
|
|
} else {
|
|
|
|
|
$ret = $this->manager->continueAccountCreation( [ $req ] );
|
|
|
|
|
}
|
|
|
|
|
if ( $response instanceof \Exception ) {
|
|
|
|
|
$this->fail( 'Expected exception not thrown', "Response $i" );
|
|
|
|
|
}
|
|
|
|
|
} catch ( \Exception $ex ) {
|
|
|
|
|
if ( !$response instanceof \Exception ) {
|
|
|
|
|
throw $ex;
|
|
|
|
|
}
|
|
|
|
|
$this->assertEquals( $response->getMessage(), $ex->getMessage(), "Response $i, exception" );
|
|
|
|
|
$this->assertNull(
|
|
|
|
|
$this->request->getSession()->getSecret( 'AuthManager::accountCreationState' ),
|
|
|
|
|
"Response $i, exception, session state"
|
|
|
|
|
);
|
|
|
|
|
$this->unhook( 'LocalUserCreated' );
|
|
|
|
|
return;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
$this->unhook( 'LocalUserCreated' );
|
|
|
|
|
|
|
|
|
|
$this->assertSame( 'http://localhost/', $req->returnToUrl );
|
|
|
|
|
|
|
|
|
|
if ( $success ) {
|
|
|
|
|
$this->assertNotNull( $ret->loginRequest, "Response $i, login marker" );
|
|
|
|
|
$this->assertContains(
|
|
|
|
|
$ret->loginRequest, $this->managerPriv->createdAccountAuthenticationRequests,
|
|
|
|
|
"Response $i, login marker"
|
|
|
|
|
);
|
|
|
|
|
|
|
|
|
|
$expectLog[] = [
|
|
|
|
|
LogLevel::INFO,
|
|
|
|
|
"MediaWiki\Auth\AuthManager::continueAccountCreation: Account creation succeeded for {user}"
|
|
|
|
|
];
|
|
|
|
|
|
|
|
|
|
// Set some fields in the expected $response that we couldn't
|
|
|
|
|
// know in provideAccountCreation().
|
|
|
|
|
$response->username = $username;
|
|
|
|
|
$response->loginRequest = $ret->loginRequest;
|
|
|
|
|
} else {
|
|
|
|
|
$this->assertNull( $ret->loginRequest, "Response $i, login marker" );
|
|
|
|
|
$this->assertSame( [], $this->managerPriv->createdAccountAuthenticationRequests,
|
|
|
|
|
"Response $i, login marker" );
|
|
|
|
|
}
|
|
|
|
|
$ret->message = $this->message( $ret->message );
|
2018-08-01 12:40:47 +00:00
|
|
|
$this->assertResponseEquals( $response, $ret, "Response $i, response" );
|
2015-11-22 20:17:00 +00:00
|
|
|
if ( $success || $response->status === AuthenticationResponse::FAIL ) {
|
|
|
|
|
$this->assertNull(
|
|
|
|
|
$this->request->getSession()->getSecret( 'AuthManager::accountCreationState' ),
|
|
|
|
|
"Response $i, session state"
|
|
|
|
|
);
|
|
|
|
|
foreach ( $providers as $p ) {
|
|
|
|
|
$this->assertSame( $response->status, $p->postCalled,
|
|
|
|
|
"Response $i, post-auth callback called" );
|
|
|
|
|
}
|
|
|
|
|
} else {
|
|
|
|
|
$this->assertNotNull(
|
|
|
|
|
$this->request->getSession()->getSecret( 'AuthManager::accountCreationState' ),
|
|
|
|
|
"Response $i, session state"
|
|
|
|
|
);
|
2016-06-01 15:58:44 +00:00
|
|
|
foreach ( $ret->neededRequests as $neededReq ) {
|
|
|
|
|
$this->assertEquals( AuthManager::ACTION_CREATE, $neededReq->action,
|
|
|
|
|
"Response $i, neededRequest action" );
|
|
|
|
|
}
|
2015-11-22 20:17:00 +00:00
|
|
|
$this->assertEquals(
|
|
|
|
|
$ret->neededRequests,
|
|
|
|
|
$this->manager->getAuthenticationRequests( AuthManager::ACTION_CREATE_CONTINUE ),
|
|
|
|
|
"Response $i, continuation check"
|
|
|
|
|
);
|
|
|
|
|
foreach ( $providers as $p ) {
|
|
|
|
|
$this->assertFalse( $p->postCalled, "Response $i, post-auth callback not called" );
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if ( $created ) {
|
2019-09-17 14:31:49 +00:00
|
|
|
$this->assertNotNull( \User::idFromName( $username ) );
|
2015-11-22 20:17:00 +00:00
|
|
|
} else {
|
2019-09-17 14:31:49 +00:00
|
|
|
$this->assertNull( \User::idFromName( $username ) );
|
2015-11-22 20:17:00 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
$first = false;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
$this->assertSame( $expectLog, $this->logger->getBuffer() );
|
|
|
|
|
|
|
|
|
|
$this->assertSame(
|
|
|
|
|
$maxLogId,
|
|
|
|
|
$dbw->selectField( 'logging', 'MAX(log_id)', [ 'log_type' => 'newusers' ] )
|
|
|
|
|
);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
public function provideAccountCreation() {
|
|
|
|
|
$req = $this->getMockForAbstractClass( AuthenticationRequest::class );
|
|
|
|
|
$good = StatusValue::newGood();
|
|
|
|
|
|
|
|
|
|
return [
|
|
|
|
|
'Pre-creation test fail in pre' => [
|
|
|
|
|
StatusValue::newFatal( 'fail-from-pre' ), $good, $good,
|
|
|
|
|
[],
|
|
|
|
|
[],
|
|
|
|
|
[
|
|
|
|
|
AuthenticationResponse::newFail( $this->message( 'fail-from-pre' ) ),
|
|
|
|
|
]
|
|
|
|
|
],
|
|
|
|
|
'Pre-creation test fail in primary' => [
|
|
|
|
|
$good, StatusValue::newFatal( 'fail-from-primary' ), $good,
|
|
|
|
|
[],
|
|
|
|
|
[],
|
|
|
|
|
[
|
|
|
|
|
AuthenticationResponse::newFail( $this->message( 'fail-from-primary' ) ),
|
|
|
|
|
]
|
|
|
|
|
],
|
|
|
|
|
'Pre-creation test fail in secondary' => [
|
|
|
|
|
$good, $good, StatusValue::newFatal( 'fail-from-secondary' ),
|
|
|
|
|
[],
|
|
|
|
|
[],
|
|
|
|
|
[
|
|
|
|
|
AuthenticationResponse::newFail( $this->message( 'fail-from-secondary' ) ),
|
|
|
|
|
]
|
|
|
|
|
],
|
|
|
|
|
'Failure in primary' => [
|
|
|
|
|
$good, $good, $good,
|
|
|
|
|
$tmp = [
|
|
|
|
|
AuthenticationResponse::newFail( $this->message( 'fail-from-primary' ) ),
|
|
|
|
|
],
|
|
|
|
|
[],
|
|
|
|
|
$tmp
|
|
|
|
|
],
|
|
|
|
|
'All primary abstain' => [
|
|
|
|
|
$good, $good, $good,
|
|
|
|
|
[
|
|
|
|
|
AuthenticationResponse::newAbstain(),
|
|
|
|
|
],
|
|
|
|
|
[],
|
|
|
|
|
[
|
|
|
|
|
AuthenticationResponse::newFail( $this->message( 'authmanager-create-no-primary' ) )
|
|
|
|
|
]
|
|
|
|
|
],
|
|
|
|
|
'Primary UI, then redirect, then fail' => [
|
|
|
|
|
$good, $good, $good,
|
|
|
|
|
$tmp = [
|
|
|
|
|
AuthenticationResponse::newUI( [ $req ], $this->message( '...' ) ),
|
|
|
|
|
AuthenticationResponse::newRedirect( [ $req ], '/foo.html', [ 'foo' => 'bar' ] ),
|
|
|
|
|
AuthenticationResponse::newFail( $this->message( 'fail-in-primary-continue' ) ),
|
|
|
|
|
],
|
|
|
|
|
[],
|
|
|
|
|
$tmp
|
|
|
|
|
],
|
|
|
|
|
'Primary redirect, then abstain' => [
|
|
|
|
|
$good, $good, $good,
|
|
|
|
|
[
|
|
|
|
|
$tmp = AuthenticationResponse::newRedirect(
|
|
|
|
|
[ $req ], '/foo.html', [ 'foo' => 'bar' ]
|
|
|
|
|
),
|
|
|
|
|
AuthenticationResponse::newAbstain(),
|
|
|
|
|
],
|
|
|
|
|
[],
|
|
|
|
|
[
|
|
|
|
|
$tmp,
|
|
|
|
|
new \DomainException(
|
2021-04-16 13:17:10 +00:00
|
|
|
'MockAbstractPrimaryAuthenticationProvider::continuePrimaryAccountCreation() returned ABSTAIN'
|
2015-11-22 20:17:00 +00:00
|
|
|
)
|
|
|
|
|
]
|
|
|
|
|
],
|
|
|
|
|
'Primary UI, then pass; secondary abstain' => [
|
|
|
|
|
$good, $good, $good,
|
|
|
|
|
[
|
|
|
|
|
$tmp1 = AuthenticationResponse::newUI( [ $req ], $this->message( '...' ) ),
|
|
|
|
|
AuthenticationResponse::newPass(),
|
|
|
|
|
],
|
|
|
|
|
[
|
|
|
|
|
AuthenticationResponse::newAbstain(),
|
|
|
|
|
],
|
|
|
|
|
[
|
|
|
|
|
$tmp1,
|
|
|
|
|
'created' => AuthenticationResponse::newPass( '' ),
|
|
|
|
|
]
|
|
|
|
|
],
|
|
|
|
|
'Primary pass; secondary UI then pass' => [
|
|
|
|
|
$good, $good, $good,
|
|
|
|
|
[
|
|
|
|
|
AuthenticationResponse::newPass( '' ),
|
|
|
|
|
],
|
|
|
|
|
[
|
|
|
|
|
$tmp1 = AuthenticationResponse::newUI( [ $req ], $this->message( '...' ) ),
|
|
|
|
|
AuthenticationResponse::newPass( '' ),
|
|
|
|
|
],
|
|
|
|
|
[
|
|
|
|
|
'created' => $tmp1,
|
|
|
|
|
AuthenticationResponse::newPass( '' ),
|
|
|
|
|
]
|
|
|
|
|
],
|
|
|
|
|
'Primary pass; secondary fail' => [
|
|
|
|
|
$good, $good, $good,
|
|
|
|
|
[
|
|
|
|
|
AuthenticationResponse::newPass(),
|
|
|
|
|
],
|
|
|
|
|
[
|
|
|
|
|
AuthenticationResponse::newFail( $this->message( '...' ) ),
|
|
|
|
|
],
|
|
|
|
|
[
|
|
|
|
|
'created' => new \DomainException(
|
2021-04-16 13:17:10 +00:00
|
|
|
'MockAbstractSecondaryAuthenticationProvider::beginSecondaryAccountCreation() returned FAIL. ' .
|
2015-11-22 20:17:00 +00:00
|
|
|
'Secondary providers are not allowed to fail account creation, ' .
|
|
|
|
|
'that should have been done via testForAccountCreation().'
|
|
|
|
|
)
|
|
|
|
|
]
|
|
|
|
|
],
|
|
|
|
|
];
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/**
|
|
|
|
|
* @dataProvider provideAccountCreationLogging
|
|
|
|
|
* @param bool $isAnon
|
|
|
|
|
* @param string|null $logSubtype
|
|
|
|
|
*/
|
|
|
|
|
public function testAccountCreationLogging( $isAnon, $logSubtype ) {
|
|
|
|
|
$creator = $isAnon ? new \User : \User::newFromName( 'UTSysop' );
|
|
|
|
|
$username = self::usernameForCreation();
|
|
|
|
|
|
|
|
|
|
$this->initializeManager();
|
|
|
|
|
|
|
|
|
|
// Set up lots of mocks...
|
2021-04-16 13:17:10 +00:00
|
|
|
$mock = $this->createMock( AbstractPrimaryAuthenticationProvider::class );
|
2021-04-22 08:28:11 +00:00
|
|
|
$mock->method( 'getUniqueId' )
|
|
|
|
|
->willReturn( 'primary' );
|
|
|
|
|
$mock->method( 'testUserForCreation' )
|
|
|
|
|
->willReturn( StatusValue::newGood() );
|
|
|
|
|
$mock->method( 'testForAccountCreation' )
|
|
|
|
|
->willReturn( StatusValue::newGood() );
|
|
|
|
|
$mock->method( 'accountCreationType' )
|
|
|
|
|
->willReturn( PrimaryAuthenticationProvider::TYPE_CREATE );
|
|
|
|
|
$mock->method( 'testUserExists' )
|
|
|
|
|
->willReturn( false );
|
|
|
|
|
$mock->method( 'beginPrimaryAccountCreation' )
|
|
|
|
|
->willReturn( AuthenticationResponse::newPass( $username ) );
|
|
|
|
|
$mock->method( 'finishAccountCreation' )
|
|
|
|
|
->willReturn( $logSubtype );
|
2015-11-22 20:17:00 +00:00
|
|
|
|
|
|
|
|
$this->primaryauthMocks = [ $mock ];
|
|
|
|
|
$this->initializeManager( true );
|
|
|
|
|
$this->logger->setCollect( true );
|
|
|
|
|
|
|
|
|
|
$this->config->set( 'NewUserLog', true );
|
|
|
|
|
|
2021-04-29 02:37:11 +00:00
|
|
|
$dbw = wfGetDB( DB_PRIMARY );
|
2015-11-22 20:17:00 +00:00
|
|
|
$maxLogId = $dbw->selectField( 'logging', 'MAX(log_id)', [ 'log_type' => 'newusers' ] );
|
|
|
|
|
|
|
|
|
|
$userReq = new UsernameAuthenticationRequest;
|
|
|
|
|
$userReq->username = $username;
|
|
|
|
|
$reasonReq = new CreationReasonAuthenticationRequest;
|
|
|
|
|
$reasonReq->reason = $this->toString();
|
|
|
|
|
$ret = $this->manager->beginAccountCreation(
|
|
|
|
|
$creator, [ $userReq, $reasonReq ], 'http://localhost/'
|
|
|
|
|
);
|
|
|
|
|
|
|
|
|
|
$this->assertSame( AuthenticationResponse::PASS, $ret->status );
|
|
|
|
|
|
|
|
|
|
$user = \User::newFromName( $username );
|
2021-11-21 19:13:24 +00:00
|
|
|
$this->assertNotEquals( 0, $user->getId() );
|
|
|
|
|
$this->assertNotEquals( $creator->getId(), $user->getId() );
|
2015-11-22 20:17:00 +00:00
|
|
|
|
|
|
|
|
$data = \DatabaseLogEntry::getSelectQueryData();
|
|
|
|
|
$rows = iterator_to_array( $dbw->select(
|
|
|
|
|
$data['tables'],
|
|
|
|
|
$data['fields'],
|
|
|
|
|
[
|
|
|
|
|
'log_id > ' . (int)$maxLogId,
|
|
|
|
|
'log_type' => 'newusers'
|
|
|
|
|
] + $data['conds'],
|
|
|
|
|
__METHOD__,
|
|
|
|
|
$data['options'],
|
|
|
|
|
$data['join_conds']
|
|
|
|
|
) );
|
|
|
|
|
$this->assertCount( 1, $rows );
|
|
|
|
|
$entry = \DatabaseLogEntry::newFromRow( reset( $rows ) );
|
|
|
|
|
|
|
|
|
|
$this->assertSame( $logSubtype ?: ( $isAnon ? 'create' : 'create2' ), $entry->getSubtype() );
|
|
|
|
|
$this->assertSame(
|
|
|
|
|
$isAnon ? $user->getId() : $creator->getId(),
|
2021-02-15 18:53:00 +00:00
|
|
|
$entry->getPerformerIdentity()->getId()
|
2015-11-22 20:17:00 +00:00
|
|
|
);
|
|
|
|
|
$this->assertSame(
|
|
|
|
|
$isAnon ? $user->getName() : $creator->getName(),
|
2021-02-15 18:53:00 +00:00
|
|
|
$entry->getPerformerIdentity()->getName()
|
2015-11-22 20:17:00 +00:00
|
|
|
);
|
|
|
|
|
$this->assertSame( $user->getUserPage()->getFullText(), $entry->getTarget()->getFullText() );
|
|
|
|
|
$this->assertSame( [ '4::userid' => $user->getId() ], $entry->getParameters() );
|
|
|
|
|
$this->assertSame( $this->toString(), $entry->getComment() );
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
public static function provideAccountCreationLogging() {
|
|
|
|
|
return [
|
|
|
|
|
[ true, null ],
|
|
|
|
|
[ true, 'foobar' ],
|
|
|
|
|
[ false, null ],
|
|
|
|
|
[ false, 'byemail' ],
|
|
|
|
|
];
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
public function testAutoAccountCreation() {
|
|
|
|
|
// PHPUnit seems to have a bug where it will call the ->with()
|
|
|
|
|
// callbacks for our hooks again after the test is run (WTF?), which
|
|
|
|
|
// breaks here because $username no longer matches $user by the end of
|
|
|
|
|
// the testing.
|
|
|
|
|
$workaroundPHPUnitBug = false;
|
|
|
|
|
|
|
|
|
|
$username = self::usernameForCreation();
|
2019-01-23 20:14:37 +00:00
|
|
|
$expectedSource = AuthManager::AUTOCREATE_SOURCE_SESSION;
|
2015-11-22 20:17:00 +00:00
|
|
|
|
2018-10-07 12:26:18 +00:00
|
|
|
$this->setGroupPermissions( '*', 'createaccount', true );
|
|
|
|
|
$this->setGroupPermissions( '*', 'autocreateaccount', false );
|
2020-10-16 17:36:29 +00:00
|
|
|
$this->initializeManager( true );
|
2015-11-22 20:17:00 +00:00
|
|
|
|
2022-06-21 12:56:19 +00:00
|
|
|
$this->setMainCache( CACHE_HASH );
|
2015-11-22 20:17:00 +00:00
|
|
|
|
|
|
|
|
// Set up lots of mocks...
|
|
|
|
|
$mocks = [];
|
|
|
|
|
foreach ( [ 'pre', 'primary', 'secondary' ] as $key ) {
|
|
|
|
|
$class = ucfirst( $key ) . 'AuthenticationProvider';
|
2021-04-16 13:17:10 +00:00
|
|
|
$mocks[$key] = $this->createMock( "MediaWiki\\Auth\\Abstract$class" );
|
2021-04-22 08:28:11 +00:00
|
|
|
$mocks[$key]->method( 'getUniqueId' )
|
|
|
|
|
->willReturn( $key );
|
2015-11-22 20:17:00 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
$good = StatusValue::newGood();
|
2019-01-23 20:14:37 +00:00
|
|
|
$ok = StatusValue::newFatal( 'ok' );
|
2021-02-07 13:10:36 +00:00
|
|
|
$callback = $this->callback( static function ( $user ) use ( &$username, &$workaroundPHPUnitBug ) {
|
2015-11-22 20:17:00 +00:00
|
|
|
return $workaroundPHPUnitBug || $user->getName() === $username;
|
|
|
|
|
} );
|
2019-01-23 20:14:37 +00:00
|
|
|
$callback2 = $this->callback(
|
2021-02-07 13:10:36 +00:00
|
|
|
static function ( $source ) use ( &$expectedSource, &$workaroundPHPUnitBug ) {
|
2019-01-23 20:14:37 +00:00
|
|
|
return $workaroundPHPUnitBug || $source === $expectedSource;
|
|
|
|
|
}
|
|
|
|
|
);
|
2015-11-22 20:17:00 +00:00
|
|
|
|
2019-01-23 20:14:37 +00:00
|
|
|
$mocks['pre']->expects( $this->exactly( 13 ) )->method( 'testUserForCreation' )
|
|
|
|
|
->with( $callback, $callback2 )
|
2015-11-22 20:17:00 +00:00
|
|
|
->will( $this->onConsecutiveCalls(
|
2019-01-23 20:14:37 +00:00
|
|
|
$ok, $ok, $ok, // For testing permissions
|
2015-11-22 20:17:00 +00:00
|
|
|
StatusValue::newFatal( 'fail-in-pre' ), $good, $good,
|
|
|
|
|
$good, // backoff test
|
|
|
|
|
$good, // addToDatabase fails test
|
|
|
|
|
$good, // addToDatabase throws test
|
|
|
|
|
$good, // addToDatabase exists test
|
|
|
|
|
$good, $good, $good // success
|
|
|
|
|
) );
|
|
|
|
|
|
2021-04-22 08:28:11 +00:00
|
|
|
$mocks['primary']->method( 'accountCreationType' )
|
|
|
|
|
->willReturn( PrimaryAuthenticationProvider::TYPE_CREATE );
|
|
|
|
|
$mocks['primary']->method( 'testUserExists' )
|
|
|
|
|
->willReturn( true );
|
2015-11-22 20:17:00 +00:00
|
|
|
$mocks['primary']->expects( $this->exactly( 9 ) )->method( 'testUserForCreation' )
|
2019-01-23 20:14:37 +00:00
|
|
|
->with( $callback, $callback2 )
|
2015-11-22 20:17:00 +00:00
|
|
|
->will( $this->onConsecutiveCalls(
|
|
|
|
|
StatusValue::newFatal( 'fail-in-primary' ), $good,
|
|
|
|
|
$good, // backoff test
|
|
|
|
|
$good, // addToDatabase fails test
|
|
|
|
|
$good, // addToDatabase throws test
|
|
|
|
|
$good, // addToDatabase exists test
|
|
|
|
|
$good, $good, $good
|
|
|
|
|
) );
|
|
|
|
|
$mocks['primary']->expects( $this->exactly( 3 ) )->method( 'autoCreatedAccount' )
|
2019-01-23 20:14:37 +00:00
|
|
|
->with( $callback, $callback2 );
|
2015-11-22 20:17:00 +00:00
|
|
|
|
|
|
|
|
$mocks['secondary']->expects( $this->exactly( 8 ) )->method( 'testUserForCreation' )
|
2019-01-23 20:14:37 +00:00
|
|
|
->with( $callback, $callback2 )
|
2015-11-22 20:17:00 +00:00
|
|
|
->will( $this->onConsecutiveCalls(
|
|
|
|
|
StatusValue::newFatal( 'fail-in-secondary' ),
|
|
|
|
|
$good, // backoff test
|
|
|
|
|
$good, // addToDatabase fails test
|
|
|
|
|
$good, // addToDatabase throws test
|
|
|
|
|
$good, // addToDatabase exists test
|
|
|
|
|
$good, $good, $good
|
|
|
|
|
) );
|
|
|
|
|
$mocks['secondary']->expects( $this->exactly( 3 ) )->method( 'autoCreatedAccount' )
|
2019-01-23 20:14:37 +00:00
|
|
|
->with( $callback, $callback2 );
|
2015-11-22 20:17:00 +00:00
|
|
|
|
|
|
|
|
$this->preauthMocks = [ $mocks['pre'] ];
|
|
|
|
|
$this->primaryauthMocks = [ $mocks['primary'] ];
|
|
|
|
|
$this->secondaryauthMocks = [ $mocks['secondary'] ];
|
|
|
|
|
$this->initializeManager( true );
|
|
|
|
|
$session = $this->request->getSession();
|
|
|
|
|
|
2021-02-07 13:10:36 +00:00
|
|
|
$logger = new \TestLogger( true, static function ( $m ) {
|
2015-11-22 20:17:00 +00:00
|
|
|
$m = str_replace( 'MediaWiki\\Auth\\AuthManager::autoCreateUser: ', '', $m );
|
|
|
|
|
return $m;
|
|
|
|
|
} );
|
2020-10-16 17:36:29 +00:00
|
|
|
$this->logger = $logger;
|
2015-11-22 20:17:00 +00:00
|
|
|
$this->manager->setLogger( $logger );
|
|
|
|
|
|
|
|
|
|
try {
|
|
|
|
|
$user = \User::newFromName( 'UTSysop' );
|
2021-02-28 15:00:07 +00:00
|
|
|
$this->manager->autoCreateUser( $user, 'InvalidSource', true, true );
|
2015-11-22 20:17:00 +00:00
|
|
|
$this->fail( 'Expected exception not thrown' );
|
|
|
|
|
} catch ( \InvalidArgumentException $ex ) {
|
|
|
|
|
$this->assertSame( 'Unknown auto-creation source: InvalidSource', $ex->getMessage() );
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// First, check an existing user
|
|
|
|
|
$session->clear();
|
|
|
|
|
$user = \User::newFromName( 'UTSysop' );
|
Hooks::run() call site migration
Migrate all callers of Hooks::run() to use the new
HookContainer/HookRunner system.
General principles:
* Use DI if it is already used. We're not changing the way state is
managed in this patch.
* HookContainer is always injected, not HookRunner. HookContainer
is a service, it's a more generic interface, it is the only
thing that provides isRegistered() which is needed in some cases,
and a HookRunner can be efficiently constructed from it
(confirmed by benchmark). Because HookContainer is needed
for object construction, it is also needed by all factories.
* "Ask your friendly local base class". Big hierarchies like
SpecialPage and ApiBase have getHookContainer() and getHookRunner()
methods in the base class, and classes that extend that base class
are not expected to know or care where the base class gets its
HookContainer from.
* ProtectedHookAccessorTrait provides protected getHookContainer() and
getHookRunner() methods, getting them from the global service
container. The point of this is to ease migration to DI by ensuring
that call sites ask their local friendly base class rather than
getting a HookRunner from the service container directly.
* Private $this->hookRunner. In some smaller classes where accessor
methods did not seem warranted, there is a private HookRunner property
which is accessed directly. Very rarely (two cases), there is a
protected property, for consistency with code that conventionally
assumes protected=private, but in cases where the class might actually
be overridden, a protected accessor is preferred over a protected
property.
* The last resort: Hooks::runner(). Mostly for static, file-scope and
global code. In a few cases it was used for objects with broken
construction schemes, out of horror or laziness.
Constructors with new required arguments:
* AuthManager
* BadFileLookup
* BlockManager
* ClassicInterwikiLookup
* ContentHandlerFactory
* ContentSecurityPolicy
* DefaultOptionsManager
* DerivedPageDataUpdater
* FullSearchResultWidget
* HtmlCacheUpdater
* LanguageFactory
* LanguageNameUtils
* LinkRenderer
* LinkRendererFactory
* LocalisationCache
* MagicWordFactory
* MessageCache
* NamespaceInfo
* PageEditStash
* PageHandlerFactory
* PageUpdater
* ParserFactory
* PermissionManager
* RevisionStore
* RevisionStoreFactory
* SearchEngineConfig
* SearchEngineFactory
* SearchFormWidget
* SearchNearMatcher
* SessionBackend
* SpecialPageFactory
* UserNameUtils
* UserOptionsManager
* WatchedItemQueryService
* WatchedItemStore
Constructors with new optional arguments:
* DefaultPreferencesFactory
* Language
* LinkHolderArray
* MovePage
* Parser
* ParserCache
* PasswordReset
* Router
setHookContainer() now required after construction:
* AuthenticationProvider
* ResourceLoaderModule
* SearchEngine
Change-Id: Id442b0dbe43aba84bd5cf801d86dedc768b082c7
2020-03-19 02:42:09 +00:00
|
|
|
$this->hook( 'LocalUserCreated', LocalUserCreatedHook::class, $this->never() );
|
2021-02-28 15:00:07 +00:00
|
|
|
$ret = $this->manager->autoCreateUser( $user, AuthManager::AUTOCREATE_SOURCE_SESSION, true, true );
|
2015-11-22 20:17:00 +00:00
|
|
|
$this->unhook( 'LocalUserCreated' );
|
2021-04-21 16:25:17 +00:00
|
|
|
$expect = Status::newGood();
|
2015-11-22 20:17:00 +00:00
|
|
|
$expect->warning( 'userexists' );
|
|
|
|
|
$this->assertEquals( $expect, $ret );
|
|
|
|
|
$this->assertNotEquals( 0, $user->getId() );
|
|
|
|
|
$this->assertSame( 'UTSysop', $user->getName() );
|
|
|
|
|
$this->assertEquals( $user->getId(), $session->getUser()->getId() );
|
|
|
|
|
$this->assertSame( [
|
|
|
|
|
[ LogLevel::DEBUG, '{username} already exists locally' ],
|
|
|
|
|
], $logger->getBuffer() );
|
|
|
|
|
$logger->clearBuffer();
|
|
|
|
|
|
|
|
|
|
$session->clear();
|
|
|
|
|
$user = \User::newFromName( 'UTSysop' );
|
Hooks::run() call site migration
Migrate all callers of Hooks::run() to use the new
HookContainer/HookRunner system.
General principles:
* Use DI if it is already used. We're not changing the way state is
managed in this patch.
* HookContainer is always injected, not HookRunner. HookContainer
is a service, it's a more generic interface, it is the only
thing that provides isRegistered() which is needed in some cases,
and a HookRunner can be efficiently constructed from it
(confirmed by benchmark). Because HookContainer is needed
for object construction, it is also needed by all factories.
* "Ask your friendly local base class". Big hierarchies like
SpecialPage and ApiBase have getHookContainer() and getHookRunner()
methods in the base class, and classes that extend that base class
are not expected to know or care where the base class gets its
HookContainer from.
* ProtectedHookAccessorTrait provides protected getHookContainer() and
getHookRunner() methods, getting them from the global service
container. The point of this is to ease migration to DI by ensuring
that call sites ask their local friendly base class rather than
getting a HookRunner from the service container directly.
* Private $this->hookRunner. In some smaller classes where accessor
methods did not seem warranted, there is a private HookRunner property
which is accessed directly. Very rarely (two cases), there is a
protected property, for consistency with code that conventionally
assumes protected=private, but in cases where the class might actually
be overridden, a protected accessor is preferred over a protected
property.
* The last resort: Hooks::runner(). Mostly for static, file-scope and
global code. In a few cases it was used for objects with broken
construction schemes, out of horror or laziness.
Constructors with new required arguments:
* AuthManager
* BadFileLookup
* BlockManager
* ClassicInterwikiLookup
* ContentHandlerFactory
* ContentSecurityPolicy
* DefaultOptionsManager
* DerivedPageDataUpdater
* FullSearchResultWidget
* HtmlCacheUpdater
* LanguageFactory
* LanguageNameUtils
* LinkRenderer
* LinkRendererFactory
* LocalisationCache
* MagicWordFactory
* MessageCache
* NamespaceInfo
* PageEditStash
* PageHandlerFactory
* PageUpdater
* ParserFactory
* PermissionManager
* RevisionStore
* RevisionStoreFactory
* SearchEngineConfig
* SearchEngineFactory
* SearchFormWidget
* SearchNearMatcher
* SessionBackend
* SpecialPageFactory
* UserNameUtils
* UserOptionsManager
* WatchedItemQueryService
* WatchedItemStore
Constructors with new optional arguments:
* DefaultPreferencesFactory
* Language
* LinkHolderArray
* MovePage
* Parser
* ParserCache
* PasswordReset
* Router
setHookContainer() now required after construction:
* AuthenticationProvider
* ResourceLoaderModule
* SearchEngine
Change-Id: Id442b0dbe43aba84bd5cf801d86dedc768b082c7
2020-03-19 02:42:09 +00:00
|
|
|
$this->hook( 'LocalUserCreated', LocalUserCreatedHook::class, $this->never() );
|
2021-02-28 15:00:07 +00:00
|
|
|
$ret = $this->manager->autoCreateUser( $user, AuthManager::AUTOCREATE_SOURCE_SESSION, false, true );
|
2015-11-22 20:17:00 +00:00
|
|
|
$this->unhook( 'LocalUserCreated' );
|
2021-04-21 16:25:17 +00:00
|
|
|
$expect = Status::newGood();
|
2015-11-22 20:17:00 +00:00
|
|
|
$expect->warning( 'userexists' );
|
|
|
|
|
$this->assertEquals( $expect, $ret );
|
|
|
|
|
$this->assertNotEquals( 0, $user->getId() );
|
|
|
|
|
$this->assertSame( 'UTSysop', $user->getName() );
|
2019-09-17 14:31:49 +00:00
|
|
|
$this->assertSame( 0, $session->getUser()->getId() );
|
2015-11-22 20:17:00 +00:00
|
|
|
$this->assertSame( [
|
|
|
|
|
[ LogLevel::DEBUG, '{username} already exists locally' ],
|
|
|
|
|
], $logger->getBuffer() );
|
|
|
|
|
$logger->clearBuffer();
|
|
|
|
|
|
|
|
|
|
// Wiki is read-only
|
|
|
|
|
$session->clear();
|
Hooks::run() call site migration
Migrate all callers of Hooks::run() to use the new
HookContainer/HookRunner system.
General principles:
* Use DI if it is already used. We're not changing the way state is
managed in this patch.
* HookContainer is always injected, not HookRunner. HookContainer
is a service, it's a more generic interface, it is the only
thing that provides isRegistered() which is needed in some cases,
and a HookRunner can be efficiently constructed from it
(confirmed by benchmark). Because HookContainer is needed
for object construction, it is also needed by all factories.
* "Ask your friendly local base class". Big hierarchies like
SpecialPage and ApiBase have getHookContainer() and getHookRunner()
methods in the base class, and classes that extend that base class
are not expected to know or care where the base class gets its
HookContainer from.
* ProtectedHookAccessorTrait provides protected getHookContainer() and
getHookRunner() methods, getting them from the global service
container. The point of this is to ease migration to DI by ensuring
that call sites ask their local friendly base class rather than
getting a HookRunner from the service container directly.
* Private $this->hookRunner. In some smaller classes where accessor
methods did not seem warranted, there is a private HookRunner property
which is accessed directly. Very rarely (two cases), there is a
protected property, for consistency with code that conventionally
assumes protected=private, but in cases where the class might actually
be overridden, a protected accessor is preferred over a protected
property.
* The last resort: Hooks::runner(). Mostly for static, file-scope and
global code. In a few cases it was used for objects with broken
construction schemes, out of horror or laziness.
Constructors with new required arguments:
* AuthManager
* BadFileLookup
* BlockManager
* ClassicInterwikiLookup
* ContentHandlerFactory
* ContentSecurityPolicy
* DefaultOptionsManager
* DerivedPageDataUpdater
* FullSearchResultWidget
* HtmlCacheUpdater
* LanguageFactory
* LanguageNameUtils
* LinkRenderer
* LinkRendererFactory
* LocalisationCache
* MagicWordFactory
* MessageCache
* NamespaceInfo
* PageEditStash
* PageHandlerFactory
* PageUpdater
* ParserFactory
* PermissionManager
* RevisionStore
* RevisionStoreFactory
* SearchEngineConfig
* SearchEngineFactory
* SearchFormWidget
* SearchNearMatcher
* SessionBackend
* SpecialPageFactory
* UserNameUtils
* UserOptionsManager
* WatchedItemQueryService
* WatchedItemStore
Constructors with new optional arguments:
* DefaultPreferencesFactory
* Language
* LinkHolderArray
* MovePage
* Parser
* ParserCache
* PasswordReset
* Router
setHookContainer() now required after construction:
* AuthenticationProvider
* ResourceLoaderModule
* SearchEngine
Change-Id: Id442b0dbe43aba84bd5cf801d86dedc768b082c7
2020-03-19 02:42:09 +00:00
|
|
|
$this->hook( 'LocalUserCreated', LocalUserCreatedHook::class, $this->never() );
|
2022-01-12 20:13:39 +00:00
|
|
|
$readOnlyMode = $this->getServiceContainer()->getReadOnlyMode();
|
2017-04-10 05:34:30 +00:00
|
|
|
$readOnlyMode->setReason( 'Because' );
|
2015-11-22 20:17:00 +00:00
|
|
|
$user = \User::newFromName( $username );
|
2021-02-28 15:00:07 +00:00
|
|
|
$ret = $this->manager->autoCreateUser( $user, AuthManager::AUTOCREATE_SOURCE_SESSION, true, true );
|
2015-11-22 20:17:00 +00:00
|
|
|
$this->unhook( 'LocalUserCreated' );
|
2021-04-21 16:25:17 +00:00
|
|
|
$this->assertEquals( Status::newFatal( wfMessage( 'readonlytext', 'Because' ) ), $ret );
|
2019-09-17 14:31:49 +00:00
|
|
|
$this->assertSame( 0, $user->getId() );
|
2015-11-22 20:17:00 +00:00
|
|
|
$this->assertNotEquals( $username, $user->getName() );
|
2019-09-17 14:31:49 +00:00
|
|
|
$this->assertSame( 0, $session->getUser()->getId() );
|
2015-11-22 20:17:00 +00:00
|
|
|
$this->assertSame( [
|
2020-10-10 21:03:11 +00:00
|
|
|
[ LogLevel::DEBUG, 'denied because of read only mode: {reason}' ],
|
2015-11-22 20:17:00 +00:00
|
|
|
], $logger->getBuffer() );
|
|
|
|
|
$logger->clearBuffer();
|
2017-04-10 05:34:30 +00:00
|
|
|
$readOnlyMode->setReason( false );
|
2015-11-22 20:17:00 +00:00
|
|
|
|
|
|
|
|
// Session blacklisted
|
|
|
|
|
$session->clear();
|
|
|
|
|
$session->set( 'AuthManager::AutoCreateBlacklist', 'test' );
|
|
|
|
|
$user = \User::newFromName( $username );
|
Hooks::run() call site migration
Migrate all callers of Hooks::run() to use the new
HookContainer/HookRunner system.
General principles:
* Use DI if it is already used. We're not changing the way state is
managed in this patch.
* HookContainer is always injected, not HookRunner. HookContainer
is a service, it's a more generic interface, it is the only
thing that provides isRegistered() which is needed in some cases,
and a HookRunner can be efficiently constructed from it
(confirmed by benchmark). Because HookContainer is needed
for object construction, it is also needed by all factories.
* "Ask your friendly local base class". Big hierarchies like
SpecialPage and ApiBase have getHookContainer() and getHookRunner()
methods in the base class, and classes that extend that base class
are not expected to know or care where the base class gets its
HookContainer from.
* ProtectedHookAccessorTrait provides protected getHookContainer() and
getHookRunner() methods, getting them from the global service
container. The point of this is to ease migration to DI by ensuring
that call sites ask their local friendly base class rather than
getting a HookRunner from the service container directly.
* Private $this->hookRunner. In some smaller classes where accessor
methods did not seem warranted, there is a private HookRunner property
which is accessed directly. Very rarely (two cases), there is a
protected property, for consistency with code that conventionally
assumes protected=private, but in cases where the class might actually
be overridden, a protected accessor is preferred over a protected
property.
* The last resort: Hooks::runner(). Mostly for static, file-scope and
global code. In a few cases it was used for objects with broken
construction schemes, out of horror or laziness.
Constructors with new required arguments:
* AuthManager
* BadFileLookup
* BlockManager
* ClassicInterwikiLookup
* ContentHandlerFactory
* ContentSecurityPolicy
* DefaultOptionsManager
* DerivedPageDataUpdater
* FullSearchResultWidget
* HtmlCacheUpdater
* LanguageFactory
* LanguageNameUtils
* LinkRenderer
* LinkRendererFactory
* LocalisationCache
* MagicWordFactory
* MessageCache
* NamespaceInfo
* PageEditStash
* PageHandlerFactory
* PageUpdater
* ParserFactory
* PermissionManager
* RevisionStore
* RevisionStoreFactory
* SearchEngineConfig
* SearchEngineFactory
* SearchFormWidget
* SearchNearMatcher
* SessionBackend
* SpecialPageFactory
* UserNameUtils
* UserOptionsManager
* WatchedItemQueryService
* WatchedItemStore
Constructors with new optional arguments:
* DefaultPreferencesFactory
* Language
* LinkHolderArray
* MovePage
* Parser
* ParserCache
* PasswordReset
* Router
setHookContainer() now required after construction:
* AuthenticationProvider
* ResourceLoaderModule
* SearchEngine
Change-Id: Id442b0dbe43aba84bd5cf801d86dedc768b082c7
2020-03-19 02:42:09 +00:00
|
|
|
$this->hook( 'LocalUserCreated', LocalUserCreatedHook::class, $this->never() );
|
2021-02-28 15:00:07 +00:00
|
|
|
$ret = $this->manager->autoCreateUser( $user, AuthManager::AUTOCREATE_SOURCE_SESSION, true, true );
|
2015-11-22 20:17:00 +00:00
|
|
|
$this->unhook( 'LocalUserCreated' );
|
2021-04-21 16:25:17 +00:00
|
|
|
$this->assertEquals( Status::newFatal( 'test' ), $ret );
|
2019-09-17 14:31:49 +00:00
|
|
|
$this->assertSame( 0, $user->getId() );
|
2015-11-22 20:17:00 +00:00
|
|
|
$this->assertNotEquals( $username, $user->getName() );
|
2019-09-17 14:31:49 +00:00
|
|
|
$this->assertSame( 0, $session->getUser()->getId() );
|
2015-11-22 20:17:00 +00:00
|
|
|
$this->assertSame( [
|
|
|
|
|
[ LogLevel::DEBUG, 'blacklisted in session {sessionid}' ],
|
|
|
|
|
], $logger->getBuffer() );
|
|
|
|
|
$logger->clearBuffer();
|
|
|
|
|
|
|
|
|
|
$session->clear();
|
|
|
|
|
$session->set( 'AuthManager::AutoCreateBlacklist', StatusValue::newFatal( 'test2' ) );
|
|
|
|
|
$user = \User::newFromName( $username );
|
Hooks::run() call site migration
Migrate all callers of Hooks::run() to use the new
HookContainer/HookRunner system.
General principles:
* Use DI if it is already used. We're not changing the way state is
managed in this patch.
* HookContainer is always injected, not HookRunner. HookContainer
is a service, it's a more generic interface, it is the only
thing that provides isRegistered() which is needed in some cases,
and a HookRunner can be efficiently constructed from it
(confirmed by benchmark). Because HookContainer is needed
for object construction, it is also needed by all factories.
* "Ask your friendly local base class". Big hierarchies like
SpecialPage and ApiBase have getHookContainer() and getHookRunner()
methods in the base class, and classes that extend that base class
are not expected to know or care where the base class gets its
HookContainer from.
* ProtectedHookAccessorTrait provides protected getHookContainer() and
getHookRunner() methods, getting them from the global service
container. The point of this is to ease migration to DI by ensuring
that call sites ask their local friendly base class rather than
getting a HookRunner from the service container directly.
* Private $this->hookRunner. In some smaller classes where accessor
methods did not seem warranted, there is a private HookRunner property
which is accessed directly. Very rarely (two cases), there is a
protected property, for consistency with code that conventionally
assumes protected=private, but in cases where the class might actually
be overridden, a protected accessor is preferred over a protected
property.
* The last resort: Hooks::runner(). Mostly for static, file-scope and
global code. In a few cases it was used for objects with broken
construction schemes, out of horror or laziness.
Constructors with new required arguments:
* AuthManager
* BadFileLookup
* BlockManager
* ClassicInterwikiLookup
* ContentHandlerFactory
* ContentSecurityPolicy
* DefaultOptionsManager
* DerivedPageDataUpdater
* FullSearchResultWidget
* HtmlCacheUpdater
* LanguageFactory
* LanguageNameUtils
* LinkRenderer
* LinkRendererFactory
* LocalisationCache
* MagicWordFactory
* MessageCache
* NamespaceInfo
* PageEditStash
* PageHandlerFactory
* PageUpdater
* ParserFactory
* PermissionManager
* RevisionStore
* RevisionStoreFactory
* SearchEngineConfig
* SearchEngineFactory
* SearchFormWidget
* SearchNearMatcher
* SessionBackend
* SpecialPageFactory
* UserNameUtils
* UserOptionsManager
* WatchedItemQueryService
* WatchedItemStore
Constructors with new optional arguments:
* DefaultPreferencesFactory
* Language
* LinkHolderArray
* MovePage
* Parser
* ParserCache
* PasswordReset
* Router
setHookContainer() now required after construction:
* AuthenticationProvider
* ResourceLoaderModule
* SearchEngine
Change-Id: Id442b0dbe43aba84bd5cf801d86dedc768b082c7
2020-03-19 02:42:09 +00:00
|
|
|
$this->hook( 'LocalUserCreated', LocalUserCreatedHook::class, $this->never() );
|
2021-02-28 15:00:07 +00:00
|
|
|
$ret = $this->manager->autoCreateUser( $user, AuthManager::AUTOCREATE_SOURCE_SESSION, true, true );
|
2015-11-22 20:17:00 +00:00
|
|
|
$this->unhook( 'LocalUserCreated' );
|
2021-04-21 16:25:17 +00:00
|
|
|
$this->assertEquals( Status::newFatal( 'test2' ), $ret );
|
2019-09-17 14:31:49 +00:00
|
|
|
$this->assertSame( 0, $user->getId() );
|
2015-11-22 20:17:00 +00:00
|
|
|
$this->assertNotEquals( $username, $user->getName() );
|
2019-09-17 14:31:49 +00:00
|
|
|
$this->assertSame( 0, $session->getUser()->getId() );
|
2015-11-22 20:17:00 +00:00
|
|
|
$this->assertSame( [
|
|
|
|
|
[ LogLevel::DEBUG, 'blacklisted in session {sessionid}' ],
|
|
|
|
|
], $logger->getBuffer() );
|
|
|
|
|
$logger->clearBuffer();
|
|
|
|
|
|
2022-03-23 23:24:38 +00:00
|
|
|
// Invalid name
|
2015-11-22 20:17:00 +00:00
|
|
|
$session->clear();
|
2022-03-23 23:24:38 +00:00
|
|
|
$user = \User::newFromName( $username . "\u{0080}", false );
|
Hooks::run() call site migration
Migrate all callers of Hooks::run() to use the new
HookContainer/HookRunner system.
General principles:
* Use DI if it is already used. We're not changing the way state is
managed in this patch.
* HookContainer is always injected, not HookRunner. HookContainer
is a service, it's a more generic interface, it is the only
thing that provides isRegistered() which is needed in some cases,
and a HookRunner can be efficiently constructed from it
(confirmed by benchmark). Because HookContainer is needed
for object construction, it is also needed by all factories.
* "Ask your friendly local base class". Big hierarchies like
SpecialPage and ApiBase have getHookContainer() and getHookRunner()
methods in the base class, and classes that extend that base class
are not expected to know or care where the base class gets its
HookContainer from.
* ProtectedHookAccessorTrait provides protected getHookContainer() and
getHookRunner() methods, getting them from the global service
container. The point of this is to ease migration to DI by ensuring
that call sites ask their local friendly base class rather than
getting a HookRunner from the service container directly.
* Private $this->hookRunner. In some smaller classes where accessor
methods did not seem warranted, there is a private HookRunner property
which is accessed directly. Very rarely (two cases), there is a
protected property, for consistency with code that conventionally
assumes protected=private, but in cases where the class might actually
be overridden, a protected accessor is preferred over a protected
property.
* The last resort: Hooks::runner(). Mostly for static, file-scope and
global code. In a few cases it was used for objects with broken
construction schemes, out of horror or laziness.
Constructors with new required arguments:
* AuthManager
* BadFileLookup
* BlockManager
* ClassicInterwikiLookup
* ContentHandlerFactory
* ContentSecurityPolicy
* DefaultOptionsManager
* DerivedPageDataUpdater
* FullSearchResultWidget
* HtmlCacheUpdater
* LanguageFactory
* LanguageNameUtils
* LinkRenderer
* LinkRendererFactory
* LocalisationCache
* MagicWordFactory
* MessageCache
* NamespaceInfo
* PageEditStash
* PageHandlerFactory
* PageUpdater
* ParserFactory
* PermissionManager
* RevisionStore
* RevisionStoreFactory
* SearchEngineConfig
* SearchEngineFactory
* SearchFormWidget
* SearchNearMatcher
* SessionBackend
* SpecialPageFactory
* UserNameUtils
* UserOptionsManager
* WatchedItemQueryService
* WatchedItemStore
Constructors with new optional arguments:
* DefaultPreferencesFactory
* Language
* LinkHolderArray
* MovePage
* Parser
* ParserCache
* PasswordReset
* Router
setHookContainer() now required after construction:
* AuthenticationProvider
* ResourceLoaderModule
* SearchEngine
Change-Id: Id442b0dbe43aba84bd5cf801d86dedc768b082c7
2020-03-19 02:42:09 +00:00
|
|
|
$this->hook( 'LocalUserCreated', LocalUserCreatedHook::class, $this->never() );
|
2021-02-28 15:00:07 +00:00
|
|
|
$ret = $this->manager->autoCreateUser( $user, AuthManager::AUTOCREATE_SOURCE_SESSION, true, true );
|
2015-11-22 20:17:00 +00:00
|
|
|
$this->unhook( 'LocalUserCreated' );
|
2021-04-21 16:25:17 +00:00
|
|
|
$this->assertEquals( Status::newFatal( 'noname' ), $ret );
|
2019-09-17 14:31:49 +00:00
|
|
|
$this->assertSame( 0, $user->getId() );
|
2022-03-23 23:24:38 +00:00
|
|
|
$this->assertNotEquals( $username . "\u{0080}", $user->getId() );
|
2019-09-17 14:31:49 +00:00
|
|
|
$this->assertSame( 0, $session->getUser()->getId() );
|
2015-11-22 20:17:00 +00:00
|
|
|
$this->assertSame( [
|
2022-03-23 23:24:38 +00:00
|
|
|
[ LogLevel::DEBUG, 'name "{username}" is not valid' ],
|
2015-11-22 20:17:00 +00:00
|
|
|
], $logger->getBuffer() );
|
|
|
|
|
$logger->clearBuffer();
|
|
|
|
|
$this->assertSame( 'noname', $session->get( 'AuthManager::AutoCreateBlacklist' ) );
|
|
|
|
|
|
|
|
|
|
// IP unable to create accounts
|
2018-10-07 12:26:18 +00:00
|
|
|
$this->setGroupPermissions( '*', 'createaccount', false );
|
|
|
|
|
$this->setGroupPermissions( '*', 'autocreateaccount', false );
|
2020-10-16 17:36:29 +00:00
|
|
|
$this->initializeManager( true );
|
|
|
|
|
$session = $this->request->getSession();
|
2015-11-22 20:17:00 +00:00
|
|
|
$user = \User::newFromName( $username );
|
Hooks::run() call site migration
Migrate all callers of Hooks::run() to use the new
HookContainer/HookRunner system.
General principles:
* Use DI if it is already used. We're not changing the way state is
managed in this patch.
* HookContainer is always injected, not HookRunner. HookContainer
is a service, it's a more generic interface, it is the only
thing that provides isRegistered() which is needed in some cases,
and a HookRunner can be efficiently constructed from it
(confirmed by benchmark). Because HookContainer is needed
for object construction, it is also needed by all factories.
* "Ask your friendly local base class". Big hierarchies like
SpecialPage and ApiBase have getHookContainer() and getHookRunner()
methods in the base class, and classes that extend that base class
are not expected to know or care where the base class gets its
HookContainer from.
* ProtectedHookAccessorTrait provides protected getHookContainer() and
getHookRunner() methods, getting them from the global service
container. The point of this is to ease migration to DI by ensuring
that call sites ask their local friendly base class rather than
getting a HookRunner from the service container directly.
* Private $this->hookRunner. In some smaller classes where accessor
methods did not seem warranted, there is a private HookRunner property
which is accessed directly. Very rarely (two cases), there is a
protected property, for consistency with code that conventionally
assumes protected=private, but in cases where the class might actually
be overridden, a protected accessor is preferred over a protected
property.
* The last resort: Hooks::runner(). Mostly for static, file-scope and
global code. In a few cases it was used for objects with broken
construction schemes, out of horror or laziness.
Constructors with new required arguments:
* AuthManager
* BadFileLookup
* BlockManager
* ClassicInterwikiLookup
* ContentHandlerFactory
* ContentSecurityPolicy
* DefaultOptionsManager
* DerivedPageDataUpdater
* FullSearchResultWidget
* HtmlCacheUpdater
* LanguageFactory
* LanguageNameUtils
* LinkRenderer
* LinkRendererFactory
* LocalisationCache
* MagicWordFactory
* MessageCache
* NamespaceInfo
* PageEditStash
* PageHandlerFactory
* PageUpdater
* ParserFactory
* PermissionManager
* RevisionStore
* RevisionStoreFactory
* SearchEngineConfig
* SearchEngineFactory
* SearchFormWidget
* SearchNearMatcher
* SessionBackend
* SpecialPageFactory
* UserNameUtils
* UserOptionsManager
* WatchedItemQueryService
* WatchedItemStore
Constructors with new optional arguments:
* DefaultPreferencesFactory
* Language
* LinkHolderArray
* MovePage
* Parser
* ParserCache
* PasswordReset
* Router
setHookContainer() now required after construction:
* AuthenticationProvider
* ResourceLoaderModule
* SearchEngine
Change-Id: Id442b0dbe43aba84bd5cf801d86dedc768b082c7
2020-03-19 02:42:09 +00:00
|
|
|
$this->hook( 'LocalUserCreated', LocalUserCreatedHook::class, $this->never() );
|
2021-02-28 15:00:07 +00:00
|
|
|
$ret = $this->manager->autoCreateUser( $user, AuthManager::AUTOCREATE_SOURCE_SESSION, true, true );
|
2015-11-22 20:17:00 +00:00
|
|
|
$this->unhook( 'LocalUserCreated' );
|
2021-04-21 16:25:17 +00:00
|
|
|
$this->assertEquals( Status::newFatal( 'authmanager-autocreate-noperm' ), $ret );
|
2019-09-17 14:31:49 +00:00
|
|
|
$this->assertSame( 0, $user->getId() );
|
2015-11-22 20:17:00 +00:00
|
|
|
$this->assertNotEquals( $username, $user->getName() );
|
2019-09-17 14:31:49 +00:00
|
|
|
$this->assertSame( 0, $session->getUser()->getId() );
|
2015-11-22 20:17:00 +00:00
|
|
|
$this->assertSame( [
|
|
|
|
|
[ LogLevel::DEBUG, 'IP lacks the ability to create or autocreate accounts' ],
|
|
|
|
|
], $logger->getBuffer() );
|
|
|
|
|
$logger->clearBuffer();
|
|
|
|
|
$this->assertSame(
|
|
|
|
|
'authmanager-autocreate-noperm', $session->get( 'AuthManager::AutoCreateBlacklist' )
|
|
|
|
|
);
|
|
|
|
|
|
2019-01-23 20:14:37 +00:00
|
|
|
// maintenance scripts always work
|
|
|
|
|
$expectedSource = AuthManager::AUTOCREATE_SOURCE_MAINT;
|
|
|
|
|
$this->setGroupPermissions( '*', 'createaccount', false );
|
|
|
|
|
$this->setGroupPermissions( '*', 'autocreateaccount', false );
|
2020-10-16 17:36:29 +00:00
|
|
|
$this->initializeManager( true );
|
|
|
|
|
$session = $this->request->getSession();
|
2019-01-23 20:14:37 +00:00
|
|
|
$user = \User::newFromName( $username );
|
Hooks::run() call site migration
Migrate all callers of Hooks::run() to use the new
HookContainer/HookRunner system.
General principles:
* Use DI if it is already used. We're not changing the way state is
managed in this patch.
* HookContainer is always injected, not HookRunner. HookContainer
is a service, it's a more generic interface, it is the only
thing that provides isRegistered() which is needed in some cases,
and a HookRunner can be efficiently constructed from it
(confirmed by benchmark). Because HookContainer is needed
for object construction, it is also needed by all factories.
* "Ask your friendly local base class". Big hierarchies like
SpecialPage and ApiBase have getHookContainer() and getHookRunner()
methods in the base class, and classes that extend that base class
are not expected to know or care where the base class gets its
HookContainer from.
* ProtectedHookAccessorTrait provides protected getHookContainer() and
getHookRunner() methods, getting them from the global service
container. The point of this is to ease migration to DI by ensuring
that call sites ask their local friendly base class rather than
getting a HookRunner from the service container directly.
* Private $this->hookRunner. In some smaller classes where accessor
methods did not seem warranted, there is a private HookRunner property
which is accessed directly. Very rarely (two cases), there is a
protected property, for consistency with code that conventionally
assumes protected=private, but in cases where the class might actually
be overridden, a protected accessor is preferred over a protected
property.
* The last resort: Hooks::runner(). Mostly for static, file-scope and
global code. In a few cases it was used for objects with broken
construction schemes, out of horror or laziness.
Constructors with new required arguments:
* AuthManager
* BadFileLookup
* BlockManager
* ClassicInterwikiLookup
* ContentHandlerFactory
* ContentSecurityPolicy
* DefaultOptionsManager
* DerivedPageDataUpdater
* FullSearchResultWidget
* HtmlCacheUpdater
* LanguageFactory
* LanguageNameUtils
* LinkRenderer
* LinkRendererFactory
* LocalisationCache
* MagicWordFactory
* MessageCache
* NamespaceInfo
* PageEditStash
* PageHandlerFactory
* PageUpdater
* ParserFactory
* PermissionManager
* RevisionStore
* RevisionStoreFactory
* SearchEngineConfig
* SearchEngineFactory
* SearchFormWidget
* SearchNearMatcher
* SessionBackend
* SpecialPageFactory
* UserNameUtils
* UserOptionsManager
* WatchedItemQueryService
* WatchedItemStore
Constructors with new optional arguments:
* DefaultPreferencesFactory
* Language
* LinkHolderArray
* MovePage
* Parser
* ParserCache
* PasswordReset
* Router
setHookContainer() now required after construction:
* AuthenticationProvider
* ResourceLoaderModule
* SearchEngine
Change-Id: Id442b0dbe43aba84bd5cf801d86dedc768b082c7
2020-03-19 02:42:09 +00:00
|
|
|
$this->hook( 'LocalUserCreated', LocalUserCreatedHook::class, $this->never() );
|
2021-02-28 15:00:07 +00:00
|
|
|
$ret = $this->manager->autoCreateUser( $user, AuthManager::AUTOCREATE_SOURCE_MAINT, true, false );
|
2019-01-23 20:14:37 +00:00
|
|
|
$this->unhook( 'LocalUserCreated' );
|
2021-04-21 16:25:17 +00:00
|
|
|
$this->assertEquals( Status::newFatal( 'ok' ), $ret );
|
2019-01-23 20:14:37 +00:00
|
|
|
|
2015-11-22 20:17:00 +00:00
|
|
|
// Test that both permutations of permissions are allowed
|
|
|
|
|
// (this hits the two "ok" entries in $mocks['pre'])
|
2019-01-23 20:14:37 +00:00
|
|
|
$expectedSource = AuthManager::AUTOCREATE_SOURCE_SESSION;
|
2018-10-07 12:26:18 +00:00
|
|
|
$this->setGroupPermissions( '*', 'createaccount', false );
|
|
|
|
|
$this->setGroupPermissions( '*', 'autocreateaccount', true );
|
2020-10-16 17:36:29 +00:00
|
|
|
$this->initializeManager( true );
|
|
|
|
|
$session = $this->request->getSession();
|
2015-11-22 20:17:00 +00:00
|
|
|
$user = \User::newFromName( $username );
|
Hooks::run() call site migration
Migrate all callers of Hooks::run() to use the new
HookContainer/HookRunner system.
General principles:
* Use DI if it is already used. We're not changing the way state is
managed in this patch.
* HookContainer is always injected, not HookRunner. HookContainer
is a service, it's a more generic interface, it is the only
thing that provides isRegistered() which is needed in some cases,
and a HookRunner can be efficiently constructed from it
(confirmed by benchmark). Because HookContainer is needed
for object construction, it is also needed by all factories.
* "Ask your friendly local base class". Big hierarchies like
SpecialPage and ApiBase have getHookContainer() and getHookRunner()
methods in the base class, and classes that extend that base class
are not expected to know or care where the base class gets its
HookContainer from.
* ProtectedHookAccessorTrait provides protected getHookContainer() and
getHookRunner() methods, getting them from the global service
container. The point of this is to ease migration to DI by ensuring
that call sites ask their local friendly base class rather than
getting a HookRunner from the service container directly.
* Private $this->hookRunner. In some smaller classes where accessor
methods did not seem warranted, there is a private HookRunner property
which is accessed directly. Very rarely (two cases), there is a
protected property, for consistency with code that conventionally
assumes protected=private, but in cases where the class might actually
be overridden, a protected accessor is preferred over a protected
property.
* The last resort: Hooks::runner(). Mostly for static, file-scope and
global code. In a few cases it was used for objects with broken
construction schemes, out of horror or laziness.
Constructors with new required arguments:
* AuthManager
* BadFileLookup
* BlockManager
* ClassicInterwikiLookup
* ContentHandlerFactory
* ContentSecurityPolicy
* DefaultOptionsManager
* DerivedPageDataUpdater
* FullSearchResultWidget
* HtmlCacheUpdater
* LanguageFactory
* LanguageNameUtils
* LinkRenderer
* LinkRendererFactory
* LocalisationCache
* MagicWordFactory
* MessageCache
* NamespaceInfo
* PageEditStash
* PageHandlerFactory
* PageUpdater
* ParserFactory
* PermissionManager
* RevisionStore
* RevisionStoreFactory
* SearchEngineConfig
* SearchEngineFactory
* SearchFormWidget
* SearchNearMatcher
* SessionBackend
* SpecialPageFactory
* UserNameUtils
* UserOptionsManager
* WatchedItemQueryService
* WatchedItemStore
Constructors with new optional arguments:
* DefaultPreferencesFactory
* Language
* LinkHolderArray
* MovePage
* Parser
* ParserCache
* PasswordReset
* Router
setHookContainer() now required after construction:
* AuthenticationProvider
* ResourceLoaderModule
* SearchEngine
Change-Id: Id442b0dbe43aba84bd5cf801d86dedc768b082c7
2020-03-19 02:42:09 +00:00
|
|
|
$this->hook( 'LocalUserCreated', LocalUserCreatedHook::class, $this->never() );
|
2021-02-28 15:00:07 +00:00
|
|
|
$ret = $this->manager->autoCreateUser( $user, AuthManager::AUTOCREATE_SOURCE_SESSION, true, true );
|
2015-11-22 20:17:00 +00:00
|
|
|
$this->unhook( 'LocalUserCreated' );
|
2021-04-21 16:25:17 +00:00
|
|
|
$this->assertEquals( Status::newFatal( 'ok' ), $ret );
|
2015-11-22 20:17:00 +00:00
|
|
|
|
2018-10-07 12:26:18 +00:00
|
|
|
$this->setGroupPermissions( '*', 'createaccount', true );
|
|
|
|
|
$this->setGroupPermissions( '*', 'autocreateaccount', false );
|
2020-10-16 17:36:29 +00:00
|
|
|
$this->initializeManager( true );
|
|
|
|
|
$session = $this->request->getSession();
|
2015-11-22 20:17:00 +00:00
|
|
|
$user = \User::newFromName( $username );
|
Hooks::run() call site migration
Migrate all callers of Hooks::run() to use the new
HookContainer/HookRunner system.
General principles:
* Use DI if it is already used. We're not changing the way state is
managed in this patch.
* HookContainer is always injected, not HookRunner. HookContainer
is a service, it's a more generic interface, it is the only
thing that provides isRegistered() which is needed in some cases,
and a HookRunner can be efficiently constructed from it
(confirmed by benchmark). Because HookContainer is needed
for object construction, it is also needed by all factories.
* "Ask your friendly local base class". Big hierarchies like
SpecialPage and ApiBase have getHookContainer() and getHookRunner()
methods in the base class, and classes that extend that base class
are not expected to know or care where the base class gets its
HookContainer from.
* ProtectedHookAccessorTrait provides protected getHookContainer() and
getHookRunner() methods, getting them from the global service
container. The point of this is to ease migration to DI by ensuring
that call sites ask their local friendly base class rather than
getting a HookRunner from the service container directly.
* Private $this->hookRunner. In some smaller classes where accessor
methods did not seem warranted, there is a private HookRunner property
which is accessed directly. Very rarely (two cases), there is a
protected property, for consistency with code that conventionally
assumes protected=private, but in cases where the class might actually
be overridden, a protected accessor is preferred over a protected
property.
* The last resort: Hooks::runner(). Mostly for static, file-scope and
global code. In a few cases it was used for objects with broken
construction schemes, out of horror or laziness.
Constructors with new required arguments:
* AuthManager
* BadFileLookup
* BlockManager
* ClassicInterwikiLookup
* ContentHandlerFactory
* ContentSecurityPolicy
* DefaultOptionsManager
* DerivedPageDataUpdater
* FullSearchResultWidget
* HtmlCacheUpdater
* LanguageFactory
* LanguageNameUtils
* LinkRenderer
* LinkRendererFactory
* LocalisationCache
* MagicWordFactory
* MessageCache
* NamespaceInfo
* PageEditStash
* PageHandlerFactory
* PageUpdater
* ParserFactory
* PermissionManager
* RevisionStore
* RevisionStoreFactory
* SearchEngineConfig
* SearchEngineFactory
* SearchFormWidget
* SearchNearMatcher
* SessionBackend
* SpecialPageFactory
* UserNameUtils
* UserOptionsManager
* WatchedItemQueryService
* WatchedItemStore
Constructors with new optional arguments:
* DefaultPreferencesFactory
* Language
* LinkHolderArray
* MovePage
* Parser
* ParserCache
* PasswordReset
* Router
setHookContainer() now required after construction:
* AuthenticationProvider
* ResourceLoaderModule
* SearchEngine
Change-Id: Id442b0dbe43aba84bd5cf801d86dedc768b082c7
2020-03-19 02:42:09 +00:00
|
|
|
$this->hook( 'LocalUserCreated', LocalUserCreatedHook::class, $this->never() );
|
2021-02-28 15:00:07 +00:00
|
|
|
$ret = $this->manager->autoCreateUser( $user, AuthManager::AUTOCREATE_SOURCE_SESSION, true, true );
|
2015-11-22 20:17:00 +00:00
|
|
|
$this->unhook( 'LocalUserCreated' );
|
2021-04-21 16:25:17 +00:00
|
|
|
$this->assertEquals( Status::newFatal( 'ok' ), $ret );
|
2015-11-22 20:17:00 +00:00
|
|
|
$logger->clearBuffer();
|
|
|
|
|
|
|
|
|
|
// Test lock fail
|
|
|
|
|
$session->clear();
|
|
|
|
|
$user = \User::newFromName( $username );
|
Hooks::run() call site migration
Migrate all callers of Hooks::run() to use the new
HookContainer/HookRunner system.
General principles:
* Use DI if it is already used. We're not changing the way state is
managed in this patch.
* HookContainer is always injected, not HookRunner. HookContainer
is a service, it's a more generic interface, it is the only
thing that provides isRegistered() which is needed in some cases,
and a HookRunner can be efficiently constructed from it
(confirmed by benchmark). Because HookContainer is needed
for object construction, it is also needed by all factories.
* "Ask your friendly local base class". Big hierarchies like
SpecialPage and ApiBase have getHookContainer() and getHookRunner()
methods in the base class, and classes that extend that base class
are not expected to know or care where the base class gets its
HookContainer from.
* ProtectedHookAccessorTrait provides protected getHookContainer() and
getHookRunner() methods, getting them from the global service
container. The point of this is to ease migration to DI by ensuring
that call sites ask their local friendly base class rather than
getting a HookRunner from the service container directly.
* Private $this->hookRunner. In some smaller classes where accessor
methods did not seem warranted, there is a private HookRunner property
which is accessed directly. Very rarely (two cases), there is a
protected property, for consistency with code that conventionally
assumes protected=private, but in cases where the class might actually
be overridden, a protected accessor is preferred over a protected
property.
* The last resort: Hooks::runner(). Mostly for static, file-scope and
global code. In a few cases it was used for objects with broken
construction schemes, out of horror or laziness.
Constructors with new required arguments:
* AuthManager
* BadFileLookup
* BlockManager
* ClassicInterwikiLookup
* ContentHandlerFactory
* ContentSecurityPolicy
* DefaultOptionsManager
* DerivedPageDataUpdater
* FullSearchResultWidget
* HtmlCacheUpdater
* LanguageFactory
* LanguageNameUtils
* LinkRenderer
* LinkRendererFactory
* LocalisationCache
* MagicWordFactory
* MessageCache
* NamespaceInfo
* PageEditStash
* PageHandlerFactory
* PageUpdater
* ParserFactory
* PermissionManager
* RevisionStore
* RevisionStoreFactory
* SearchEngineConfig
* SearchEngineFactory
* SearchFormWidget
* SearchNearMatcher
* SessionBackend
* SpecialPageFactory
* UserNameUtils
* UserOptionsManager
* WatchedItemQueryService
* WatchedItemStore
Constructors with new optional arguments:
* DefaultPreferencesFactory
* Language
* LinkHolderArray
* MovePage
* Parser
* ParserCache
* PasswordReset
* Router
setHookContainer() now required after construction:
* AuthenticationProvider
* ResourceLoaderModule
* SearchEngine
Change-Id: Id442b0dbe43aba84bd5cf801d86dedc768b082c7
2020-03-19 02:42:09 +00:00
|
|
|
$this->hook( 'LocalUserCreated', LocalUserCreatedHook::class, $this->never() );
|
2015-11-22 20:17:00 +00:00
|
|
|
$cache = \ObjectCache::getLocalClusterInstance();
|
|
|
|
|
$lock = $cache->getScopedLock( $cache->makeGlobalKey( 'account', md5( $username ) ) );
|
2021-02-28 15:00:07 +00:00
|
|
|
$ret = $this->manager->autoCreateUser( $user, AuthManager::AUTOCREATE_SOURCE_SESSION, true, true );
|
2015-11-22 20:17:00 +00:00
|
|
|
unset( $lock );
|
|
|
|
|
$this->unhook( 'LocalUserCreated' );
|
2021-04-21 16:25:17 +00:00
|
|
|
$this->assertEquals( Status::newFatal( 'usernameinprogress' ), $ret );
|
2019-09-17 14:31:49 +00:00
|
|
|
$this->assertSame( 0, $user->getId() );
|
2015-11-22 20:17:00 +00:00
|
|
|
$this->assertNotEquals( $username, $user->getName() );
|
2019-09-17 14:31:49 +00:00
|
|
|
$this->assertSame( 0, $session->getUser()->getId() );
|
2015-11-22 20:17:00 +00:00
|
|
|
$this->assertSame( [
|
|
|
|
|
[ LogLevel::DEBUG, 'Could not acquire account creation lock' ],
|
|
|
|
|
], $logger->getBuffer() );
|
|
|
|
|
$logger->clearBuffer();
|
|
|
|
|
|
|
|
|
|
// Test pre-authentication provider fail
|
|
|
|
|
$session->clear();
|
|
|
|
|
$user = \User::newFromName( $username );
|
Hooks::run() call site migration
Migrate all callers of Hooks::run() to use the new
HookContainer/HookRunner system.
General principles:
* Use DI if it is already used. We're not changing the way state is
managed in this patch.
* HookContainer is always injected, not HookRunner. HookContainer
is a service, it's a more generic interface, it is the only
thing that provides isRegistered() which is needed in some cases,
and a HookRunner can be efficiently constructed from it
(confirmed by benchmark). Because HookContainer is needed
for object construction, it is also needed by all factories.
* "Ask your friendly local base class". Big hierarchies like
SpecialPage and ApiBase have getHookContainer() and getHookRunner()
methods in the base class, and classes that extend that base class
are not expected to know or care where the base class gets its
HookContainer from.
* ProtectedHookAccessorTrait provides protected getHookContainer() and
getHookRunner() methods, getting them from the global service
container. The point of this is to ease migration to DI by ensuring
that call sites ask their local friendly base class rather than
getting a HookRunner from the service container directly.
* Private $this->hookRunner. In some smaller classes where accessor
methods did not seem warranted, there is a private HookRunner property
which is accessed directly. Very rarely (two cases), there is a
protected property, for consistency with code that conventionally
assumes protected=private, but in cases where the class might actually
be overridden, a protected accessor is preferred over a protected
property.
* The last resort: Hooks::runner(). Mostly for static, file-scope and
global code. In a few cases it was used for objects with broken
construction schemes, out of horror or laziness.
Constructors with new required arguments:
* AuthManager
* BadFileLookup
* BlockManager
* ClassicInterwikiLookup
* ContentHandlerFactory
* ContentSecurityPolicy
* DefaultOptionsManager
* DerivedPageDataUpdater
* FullSearchResultWidget
* HtmlCacheUpdater
* LanguageFactory
* LanguageNameUtils
* LinkRenderer
* LinkRendererFactory
* LocalisationCache
* MagicWordFactory
* MessageCache
* NamespaceInfo
* PageEditStash
* PageHandlerFactory
* PageUpdater
* ParserFactory
* PermissionManager
* RevisionStore
* RevisionStoreFactory
* SearchEngineConfig
* SearchEngineFactory
* SearchFormWidget
* SearchNearMatcher
* SessionBackend
* SpecialPageFactory
* UserNameUtils
* UserOptionsManager
* WatchedItemQueryService
* WatchedItemStore
Constructors with new optional arguments:
* DefaultPreferencesFactory
* Language
* LinkHolderArray
* MovePage
* Parser
* ParserCache
* PasswordReset
* Router
setHookContainer() now required after construction:
* AuthenticationProvider
* ResourceLoaderModule
* SearchEngine
Change-Id: Id442b0dbe43aba84bd5cf801d86dedc768b082c7
2020-03-19 02:42:09 +00:00
|
|
|
$this->hook( 'LocalUserCreated', LocalUserCreatedHook::class, $this->never() );
|
2021-02-28 15:00:07 +00:00
|
|
|
$ret = $this->manager->autoCreateUser( $user, AuthManager::AUTOCREATE_SOURCE_SESSION, true, true );
|
2015-11-22 20:17:00 +00:00
|
|
|
$this->unhook( 'LocalUserCreated' );
|
2021-04-21 16:25:17 +00:00
|
|
|
$this->assertEquals( Status::newFatal( 'fail-in-pre' ), $ret );
|
2019-09-17 14:31:49 +00:00
|
|
|
$this->assertSame( 0, $user->getId() );
|
2015-11-22 20:17:00 +00:00
|
|
|
$this->assertNotEquals( $username, $user->getName() );
|
2019-09-17 14:31:49 +00:00
|
|
|
$this->assertSame( 0, $session->getUser()->getId() );
|
2015-11-22 20:17:00 +00:00
|
|
|
$this->assertSame( [
|
|
|
|
|
[ LogLevel::DEBUG, 'Provider denied creation of {username}: {reason}' ],
|
|
|
|
|
], $logger->getBuffer() );
|
|
|
|
|
$logger->clearBuffer();
|
|
|
|
|
$this->assertEquals(
|
|
|
|
|
StatusValue::newFatal( 'fail-in-pre' ), $session->get( 'AuthManager::AutoCreateBlacklist' )
|
|
|
|
|
);
|
|
|
|
|
|
|
|
|
|
$session->clear();
|
|
|
|
|
$user = \User::newFromName( $username );
|
Hooks::run() call site migration
Migrate all callers of Hooks::run() to use the new
HookContainer/HookRunner system.
General principles:
* Use DI if it is already used. We're not changing the way state is
managed in this patch.
* HookContainer is always injected, not HookRunner. HookContainer
is a service, it's a more generic interface, it is the only
thing that provides isRegistered() which is needed in some cases,
and a HookRunner can be efficiently constructed from it
(confirmed by benchmark). Because HookContainer is needed
for object construction, it is also needed by all factories.
* "Ask your friendly local base class". Big hierarchies like
SpecialPage and ApiBase have getHookContainer() and getHookRunner()
methods in the base class, and classes that extend that base class
are not expected to know or care where the base class gets its
HookContainer from.
* ProtectedHookAccessorTrait provides protected getHookContainer() and
getHookRunner() methods, getting them from the global service
container. The point of this is to ease migration to DI by ensuring
that call sites ask their local friendly base class rather than
getting a HookRunner from the service container directly.
* Private $this->hookRunner. In some smaller classes where accessor
methods did not seem warranted, there is a private HookRunner property
which is accessed directly. Very rarely (two cases), there is a
protected property, for consistency with code that conventionally
assumes protected=private, but in cases where the class might actually
be overridden, a protected accessor is preferred over a protected
property.
* The last resort: Hooks::runner(). Mostly for static, file-scope and
global code. In a few cases it was used for objects with broken
construction schemes, out of horror or laziness.
Constructors with new required arguments:
* AuthManager
* BadFileLookup
* BlockManager
* ClassicInterwikiLookup
* ContentHandlerFactory
* ContentSecurityPolicy
* DefaultOptionsManager
* DerivedPageDataUpdater
* FullSearchResultWidget
* HtmlCacheUpdater
* LanguageFactory
* LanguageNameUtils
* LinkRenderer
* LinkRendererFactory
* LocalisationCache
* MagicWordFactory
* MessageCache
* NamespaceInfo
* PageEditStash
* PageHandlerFactory
* PageUpdater
* ParserFactory
* PermissionManager
* RevisionStore
* RevisionStoreFactory
* SearchEngineConfig
* SearchEngineFactory
* SearchFormWidget
* SearchNearMatcher
* SessionBackend
* SpecialPageFactory
* UserNameUtils
* UserOptionsManager
* WatchedItemQueryService
* WatchedItemStore
Constructors with new optional arguments:
* DefaultPreferencesFactory
* Language
* LinkHolderArray
* MovePage
* Parser
* ParserCache
* PasswordReset
* Router
setHookContainer() now required after construction:
* AuthenticationProvider
* ResourceLoaderModule
* SearchEngine
Change-Id: Id442b0dbe43aba84bd5cf801d86dedc768b082c7
2020-03-19 02:42:09 +00:00
|
|
|
$this->hook( 'LocalUserCreated', LocalUserCreatedHook::class, $this->never() );
|
2021-02-28 15:00:07 +00:00
|
|
|
$ret = $this->manager->autoCreateUser( $user, AuthManager::AUTOCREATE_SOURCE_SESSION, true, true );
|
2015-11-22 20:17:00 +00:00
|
|
|
$this->unhook( 'LocalUserCreated' );
|
2021-04-21 16:25:17 +00:00
|
|
|
$this->assertEquals( Status::newFatal( 'fail-in-primary' ), $ret );
|
2019-09-17 14:31:49 +00:00
|
|
|
$this->assertSame( 0, $user->getId() );
|
2015-11-22 20:17:00 +00:00
|
|
|
$this->assertNotEquals( $username, $user->getName() );
|
2019-09-17 14:31:49 +00:00
|
|
|
$this->assertSame( 0, $session->getUser()->getId() );
|
2015-11-22 20:17:00 +00:00
|
|
|
$this->assertSame( [
|
|
|
|
|
[ LogLevel::DEBUG, 'Provider denied creation of {username}: {reason}' ],
|
|
|
|
|
], $logger->getBuffer() );
|
|
|
|
|
$logger->clearBuffer();
|
|
|
|
|
$this->assertEquals(
|
|
|
|
|
StatusValue::newFatal( 'fail-in-primary' ), $session->get( 'AuthManager::AutoCreateBlacklist' )
|
|
|
|
|
);
|
|
|
|
|
|
|
|
|
|
$session->clear();
|
|
|
|
|
$user = \User::newFromName( $username );
|
Hooks::run() call site migration
Migrate all callers of Hooks::run() to use the new
HookContainer/HookRunner system.
General principles:
* Use DI if it is already used. We're not changing the way state is
managed in this patch.
* HookContainer is always injected, not HookRunner. HookContainer
is a service, it's a more generic interface, it is the only
thing that provides isRegistered() which is needed in some cases,
and a HookRunner can be efficiently constructed from it
(confirmed by benchmark). Because HookContainer is needed
for object construction, it is also needed by all factories.
* "Ask your friendly local base class". Big hierarchies like
SpecialPage and ApiBase have getHookContainer() and getHookRunner()
methods in the base class, and classes that extend that base class
are not expected to know or care where the base class gets its
HookContainer from.
* ProtectedHookAccessorTrait provides protected getHookContainer() and
getHookRunner() methods, getting them from the global service
container. The point of this is to ease migration to DI by ensuring
that call sites ask their local friendly base class rather than
getting a HookRunner from the service container directly.
* Private $this->hookRunner. In some smaller classes where accessor
methods did not seem warranted, there is a private HookRunner property
which is accessed directly. Very rarely (two cases), there is a
protected property, for consistency with code that conventionally
assumes protected=private, but in cases where the class might actually
be overridden, a protected accessor is preferred over a protected
property.
* The last resort: Hooks::runner(). Mostly for static, file-scope and
global code. In a few cases it was used for objects with broken
construction schemes, out of horror or laziness.
Constructors with new required arguments:
* AuthManager
* BadFileLookup
* BlockManager
* ClassicInterwikiLookup
* ContentHandlerFactory
* ContentSecurityPolicy
* DefaultOptionsManager
* DerivedPageDataUpdater
* FullSearchResultWidget
* HtmlCacheUpdater
* LanguageFactory
* LanguageNameUtils
* LinkRenderer
* LinkRendererFactory
* LocalisationCache
* MagicWordFactory
* MessageCache
* NamespaceInfo
* PageEditStash
* PageHandlerFactory
* PageUpdater
* ParserFactory
* PermissionManager
* RevisionStore
* RevisionStoreFactory
* SearchEngineConfig
* SearchEngineFactory
* SearchFormWidget
* SearchNearMatcher
* SessionBackend
* SpecialPageFactory
* UserNameUtils
* UserOptionsManager
* WatchedItemQueryService
* WatchedItemStore
Constructors with new optional arguments:
* DefaultPreferencesFactory
* Language
* LinkHolderArray
* MovePage
* Parser
* ParserCache
* PasswordReset
* Router
setHookContainer() now required after construction:
* AuthenticationProvider
* ResourceLoaderModule
* SearchEngine
Change-Id: Id442b0dbe43aba84bd5cf801d86dedc768b082c7
2020-03-19 02:42:09 +00:00
|
|
|
$this->hook( 'LocalUserCreated', LocalUserCreatedHook::class, $this->never() );
|
2021-02-28 15:00:07 +00:00
|
|
|
$ret = $this->manager->autoCreateUser( $user, AuthManager::AUTOCREATE_SOURCE_SESSION, true, true );
|
2015-11-22 20:17:00 +00:00
|
|
|
$this->unhook( 'LocalUserCreated' );
|
2021-04-21 16:25:17 +00:00
|
|
|
$this->assertEquals( Status::newFatal( 'fail-in-secondary' ), $ret );
|
2019-09-17 14:31:49 +00:00
|
|
|
$this->assertSame( 0, $user->getId() );
|
2015-11-22 20:17:00 +00:00
|
|
|
$this->assertNotEquals( $username, $user->getName() );
|
2019-09-17 14:31:49 +00:00
|
|
|
$this->assertSame( 0, $session->getUser()->getId() );
|
2015-11-22 20:17:00 +00:00
|
|
|
$this->assertSame( [
|
|
|
|
|
[ LogLevel::DEBUG, 'Provider denied creation of {username}: {reason}' ],
|
|
|
|
|
], $logger->getBuffer() );
|
|
|
|
|
$logger->clearBuffer();
|
|
|
|
|
$this->assertEquals(
|
|
|
|
|
StatusValue::newFatal( 'fail-in-secondary' ), $session->get( 'AuthManager::AutoCreateBlacklist' )
|
|
|
|
|
);
|
|
|
|
|
|
|
|
|
|
// Test backoff
|
|
|
|
|
$cache = \ObjectCache::getLocalClusterInstance();
|
2019-05-02 13:50:34 +00:00
|
|
|
$backoffKey = $cache->makeKey( 'AuthManager', 'autocreate-failed', md5( $username ) );
|
2015-11-22 20:17:00 +00:00
|
|
|
$cache->set( $backoffKey, true );
|
|
|
|
|
$session->clear();
|
|
|
|
|
$user = \User::newFromName( $username );
|
Hooks::run() call site migration
Migrate all callers of Hooks::run() to use the new
HookContainer/HookRunner system.
General principles:
* Use DI if it is already used. We're not changing the way state is
managed in this patch.
* HookContainer is always injected, not HookRunner. HookContainer
is a service, it's a more generic interface, it is the only
thing that provides isRegistered() which is needed in some cases,
and a HookRunner can be efficiently constructed from it
(confirmed by benchmark). Because HookContainer is needed
for object construction, it is also needed by all factories.
* "Ask your friendly local base class". Big hierarchies like
SpecialPage and ApiBase have getHookContainer() and getHookRunner()
methods in the base class, and classes that extend that base class
are not expected to know or care where the base class gets its
HookContainer from.
* ProtectedHookAccessorTrait provides protected getHookContainer() and
getHookRunner() methods, getting them from the global service
container. The point of this is to ease migration to DI by ensuring
that call sites ask their local friendly base class rather than
getting a HookRunner from the service container directly.
* Private $this->hookRunner. In some smaller classes where accessor
methods did not seem warranted, there is a private HookRunner property
which is accessed directly. Very rarely (two cases), there is a
protected property, for consistency with code that conventionally
assumes protected=private, but in cases where the class might actually
be overridden, a protected accessor is preferred over a protected
property.
* The last resort: Hooks::runner(). Mostly for static, file-scope and
global code. In a few cases it was used for objects with broken
construction schemes, out of horror or laziness.
Constructors with new required arguments:
* AuthManager
* BadFileLookup
* BlockManager
* ClassicInterwikiLookup
* ContentHandlerFactory
* ContentSecurityPolicy
* DefaultOptionsManager
* DerivedPageDataUpdater
* FullSearchResultWidget
* HtmlCacheUpdater
* LanguageFactory
* LanguageNameUtils
* LinkRenderer
* LinkRendererFactory
* LocalisationCache
* MagicWordFactory
* MessageCache
* NamespaceInfo
* PageEditStash
* PageHandlerFactory
* PageUpdater
* ParserFactory
* PermissionManager
* RevisionStore
* RevisionStoreFactory
* SearchEngineConfig
* SearchEngineFactory
* SearchFormWidget
* SearchNearMatcher
* SessionBackend
* SpecialPageFactory
* UserNameUtils
* UserOptionsManager
* WatchedItemQueryService
* WatchedItemStore
Constructors with new optional arguments:
* DefaultPreferencesFactory
* Language
* LinkHolderArray
* MovePage
* Parser
* ParserCache
* PasswordReset
* Router
setHookContainer() now required after construction:
* AuthenticationProvider
* ResourceLoaderModule
* SearchEngine
Change-Id: Id442b0dbe43aba84bd5cf801d86dedc768b082c7
2020-03-19 02:42:09 +00:00
|
|
|
$this->hook( 'LocalUserCreated', LocalUserCreatedHook::class, $this->never() );
|
2021-02-28 15:00:07 +00:00
|
|
|
$ret = $this->manager->autoCreateUser( $user, AuthManager::AUTOCREATE_SOURCE_SESSION, true, true );
|
2015-11-22 20:17:00 +00:00
|
|
|
$this->unhook( 'LocalUserCreated' );
|
2021-04-21 16:25:17 +00:00
|
|
|
$this->assertEquals( Status::newFatal( 'authmanager-autocreate-exception' ), $ret );
|
2019-09-17 14:31:49 +00:00
|
|
|
$this->assertSame( 0, $user->getId() );
|
2015-11-22 20:17:00 +00:00
|
|
|
$this->assertNotEquals( $username, $user->getName() );
|
2019-09-17 14:31:49 +00:00
|
|
|
$this->assertSame( 0, $session->getUser()->getId() );
|
2015-11-22 20:17:00 +00:00
|
|
|
$this->assertSame( [
|
|
|
|
|
[ LogLevel::DEBUG, '{username} denied by prior creation attempt failures' ],
|
|
|
|
|
], $logger->getBuffer() );
|
|
|
|
|
$logger->clearBuffer();
|
|
|
|
|
$this->assertSame( null, $session->get( 'AuthManager::AutoCreateBlacklist' ) );
|
|
|
|
|
$cache->delete( $backoffKey );
|
|
|
|
|
|
|
|
|
|
// Test addToDatabase fails
|
|
|
|
|
$session->clear();
|
2018-01-13 00:02:09 +00:00
|
|
|
$user = $this->getMockBuilder( \User::class )
|
2021-03-20 15:18:58 +00:00
|
|
|
->onlyMethods( [ 'addToDatabase' ] )->getMock();
|
2015-11-22 20:17:00 +00:00
|
|
|
$user->expects( $this->once() )->method( 'addToDatabase' )
|
2021-04-22 08:28:11 +00:00
|
|
|
->willReturn( \Status::newFatal( 'because' ) );
|
2015-11-22 20:17:00 +00:00
|
|
|
$user->setName( $username );
|
2021-02-28 15:00:07 +00:00
|
|
|
$ret = $this->manager->autoCreateUser( $user, AuthManager::AUTOCREATE_SOURCE_SESSION, true, true );
|
2021-04-21 16:25:17 +00:00
|
|
|
$this->assertEquals( Status::newFatal( 'because' ), $ret );
|
2019-09-17 14:31:49 +00:00
|
|
|
$this->assertSame( 0, $user->getId() );
|
2015-11-22 20:17:00 +00:00
|
|
|
$this->assertNotEquals( $username, $user->getName() );
|
2019-09-17 14:31:49 +00:00
|
|
|
$this->assertSame( 0, $session->getUser()->getId() );
|
2015-11-22 20:17:00 +00:00
|
|
|
$this->assertSame( [
|
|
|
|
|
[ LogLevel::INFO, 'creating new user ({username}) - from: {from}' ],
|
2016-10-01 01:10:56 +00:00
|
|
|
[ LogLevel::ERROR, '{username} failed with message {msg}' ],
|
2015-11-22 20:17:00 +00:00
|
|
|
], $logger->getBuffer() );
|
|
|
|
|
$logger->clearBuffer();
|
|
|
|
|
$this->assertSame( null, $session->get( 'AuthManager::AutoCreateBlacklist' ) );
|
|
|
|
|
|
|
|
|
|
// Test addToDatabase throws an exception
|
|
|
|
|
$cache = \ObjectCache::getLocalClusterInstance();
|
2019-05-02 13:50:34 +00:00
|
|
|
$backoffKey = $cache->makeKey( 'AuthManager', 'autocreate-failed', md5( $username ) );
|
2021-11-21 19:13:24 +00:00
|
|
|
$this->assertFalse( $cache->get( $backoffKey ) );
|
2015-11-22 20:17:00 +00:00
|
|
|
$session->clear();
|
2018-01-13 00:02:09 +00:00
|
|
|
$user = $this->getMockBuilder( \User::class )
|
2021-03-20 15:18:58 +00:00
|
|
|
->onlyMethods( [ 'addToDatabase' ] )->getMock();
|
2015-11-22 20:17:00 +00:00
|
|
|
$user->expects( $this->once() )->method( 'addToDatabase' )
|
|
|
|
|
->will( $this->throwException( new \Exception( 'Excepted' ) ) );
|
|
|
|
|
$user->setName( $username );
|
|
|
|
|
try {
|
2021-02-28 15:00:07 +00:00
|
|
|
$this->manager->autoCreateUser( $user, AuthManager::AUTOCREATE_SOURCE_SESSION, true, true );
|
2015-11-22 20:17:00 +00:00
|
|
|
$this->fail( 'Expected exception not thrown' );
|
|
|
|
|
} catch ( \Exception $ex ) {
|
|
|
|
|
$this->assertSame( 'Excepted', $ex->getMessage() );
|
|
|
|
|
}
|
2019-09-17 14:31:49 +00:00
|
|
|
$this->assertSame( 0, $user->getId() );
|
|
|
|
|
$this->assertSame( 0, $session->getUser()->getId() );
|
2015-11-22 20:17:00 +00:00
|
|
|
$this->assertSame( [
|
|
|
|
|
[ LogLevel::INFO, 'creating new user ({username}) - from: {from}' ],
|
|
|
|
|
[ LogLevel::ERROR, '{username} failed with exception {exception}' ],
|
|
|
|
|
], $logger->getBuffer() );
|
|
|
|
|
$logger->clearBuffer();
|
|
|
|
|
$this->assertSame( null, $session->get( 'AuthManager::AutoCreateBlacklist' ) );
|
2020-10-28 19:57:14 +00:00
|
|
|
$this->assertNotFalse( $cache->get( $backoffKey ) );
|
2015-11-22 20:17:00 +00:00
|
|
|
$cache->delete( $backoffKey );
|
|
|
|
|
|
|
|
|
|
// Test addToDatabase fails because the user already exists.
|
|
|
|
|
$session->clear();
|
2018-01-13 00:02:09 +00:00
|
|
|
$user = $this->getMockBuilder( \User::class )
|
2021-03-20 15:18:58 +00:00
|
|
|
->onlyMethods( [ 'addToDatabase' ] )->getMock();
|
2015-11-22 20:17:00 +00:00
|
|
|
$user->expects( $this->once() )->method( 'addToDatabase' )
|
2022-06-05 23:39:02 +00:00
|
|
|
->willReturnCallback( function () use ( $username, &$user ) {
|
2016-09-08 22:40:20 +00:00
|
|
|
$oldUser = \User::newFromName( $username );
|
|
|
|
|
$status = $oldUser->addToDatabase();
|
2022-03-04 22:00:02 +00:00
|
|
|
$this->assertStatusOK( $status );
|
2016-09-08 22:40:20 +00:00
|
|
|
$user->setId( $oldUser->getId() );
|
2021-04-21 16:25:17 +00:00
|
|
|
return Status::newFatal( 'userexists' );
|
2022-06-05 23:39:02 +00:00
|
|
|
} );
|
2015-11-22 20:17:00 +00:00
|
|
|
$user->setName( $username );
|
2021-02-28 15:00:07 +00:00
|
|
|
$ret = $this->manager->autoCreateUser( $user, AuthManager::AUTOCREATE_SOURCE_SESSION, true, true );
|
2021-04-21 16:25:17 +00:00
|
|
|
$expect = Status::newGood();
|
2015-11-22 20:17:00 +00:00
|
|
|
$expect->warning( 'userexists' );
|
|
|
|
|
$this->assertEquals( $expect, $ret );
|
|
|
|
|
$this->assertNotEquals( 0, $user->getId() );
|
|
|
|
|
$this->assertEquals( $username, $user->getName() );
|
|
|
|
|
$this->assertEquals( $user->getId(), $session->getUser()->getId() );
|
|
|
|
|
$this->assertSame( [
|
|
|
|
|
[ LogLevel::INFO, 'creating new user ({username}) - from: {from}' ],
|
|
|
|
|
[ LogLevel::INFO, '{username} already exists locally (race)' ],
|
|
|
|
|
], $logger->getBuffer() );
|
|
|
|
|
$logger->clearBuffer();
|
|
|
|
|
$this->assertSame( null, $session->get( 'AuthManager::AutoCreateBlacklist' ) );
|
|
|
|
|
|
|
|
|
|
// Success!
|
|
|
|
|
$session->clear();
|
|
|
|
|
$username = self::usernameForCreation();
|
|
|
|
|
$user = \User::newFromName( $username );
|
Hooks::run() call site migration
Migrate all callers of Hooks::run() to use the new
HookContainer/HookRunner system.
General principles:
* Use DI if it is already used. We're not changing the way state is
managed in this patch.
* HookContainer is always injected, not HookRunner. HookContainer
is a service, it's a more generic interface, it is the only
thing that provides isRegistered() which is needed in some cases,
and a HookRunner can be efficiently constructed from it
(confirmed by benchmark). Because HookContainer is needed
for object construction, it is also needed by all factories.
* "Ask your friendly local base class". Big hierarchies like
SpecialPage and ApiBase have getHookContainer() and getHookRunner()
methods in the base class, and classes that extend that base class
are not expected to know or care where the base class gets its
HookContainer from.
* ProtectedHookAccessorTrait provides protected getHookContainer() and
getHookRunner() methods, getting them from the global service
container. The point of this is to ease migration to DI by ensuring
that call sites ask their local friendly base class rather than
getting a HookRunner from the service container directly.
* Private $this->hookRunner. In some smaller classes where accessor
methods did not seem warranted, there is a private HookRunner property
which is accessed directly. Very rarely (two cases), there is a
protected property, for consistency with code that conventionally
assumes protected=private, but in cases where the class might actually
be overridden, a protected accessor is preferred over a protected
property.
* The last resort: Hooks::runner(). Mostly for static, file-scope and
global code. In a few cases it was used for objects with broken
construction schemes, out of horror or laziness.
Constructors with new required arguments:
* AuthManager
* BadFileLookup
* BlockManager
* ClassicInterwikiLookup
* ContentHandlerFactory
* ContentSecurityPolicy
* DefaultOptionsManager
* DerivedPageDataUpdater
* FullSearchResultWidget
* HtmlCacheUpdater
* LanguageFactory
* LanguageNameUtils
* LinkRenderer
* LinkRendererFactory
* LocalisationCache
* MagicWordFactory
* MessageCache
* NamespaceInfo
* PageEditStash
* PageHandlerFactory
* PageUpdater
* ParserFactory
* PermissionManager
* RevisionStore
* RevisionStoreFactory
* SearchEngineConfig
* SearchEngineFactory
* SearchFormWidget
* SearchNearMatcher
* SessionBackend
* SpecialPageFactory
* UserNameUtils
* UserOptionsManager
* WatchedItemQueryService
* WatchedItemStore
Constructors with new optional arguments:
* DefaultPreferencesFactory
* Language
* LinkHolderArray
* MovePage
* Parser
* ParserCache
* PasswordReset
* Router
setHookContainer() now required after construction:
* AuthenticationProvider
* ResourceLoaderModule
* SearchEngine
Change-Id: Id442b0dbe43aba84bd5cf801d86dedc768b082c7
2020-03-19 02:42:09 +00:00
|
|
|
$this->hook( 'LocalUserCreated', LocalUserCreatedHook::class, $this->once() )
|
2021-04-22 07:56:11 +00:00
|
|
|
->with( $callback, true );
|
2021-02-28 15:00:07 +00:00
|
|
|
$ret = $this->manager->autoCreateUser( $user, AuthManager::AUTOCREATE_SOURCE_SESSION, true, true );
|
2015-11-22 20:17:00 +00:00
|
|
|
$this->unhook( 'LocalUserCreated' );
|
2021-04-21 16:25:17 +00:00
|
|
|
$this->assertEquals( Status::newGood(), $ret );
|
2015-11-22 20:17:00 +00:00
|
|
|
$this->assertNotEquals( 0, $user->getId() );
|
|
|
|
|
$this->assertEquals( $username, $user->getName() );
|
|
|
|
|
$this->assertEquals( $user->getId(), $session->getUser()->getId() );
|
|
|
|
|
$this->assertSame( [
|
|
|
|
|
[ LogLevel::INFO, 'creating new user ({username}) - from: {from}' ],
|
|
|
|
|
], $logger->getBuffer() );
|
|
|
|
|
$logger->clearBuffer();
|
|
|
|
|
|
2021-04-29 02:37:11 +00:00
|
|
|
$dbw = wfGetDB( DB_PRIMARY );
|
2015-11-22 20:17:00 +00:00
|
|
|
$maxLogId = $dbw->selectField( 'logging', 'MAX(log_id)', [ 'log_type' => 'newusers' ] );
|
|
|
|
|
$session->clear();
|
|
|
|
|
$username = self::usernameForCreation();
|
|
|
|
|
$user = \User::newFromName( $username );
|
Hooks::run() call site migration
Migrate all callers of Hooks::run() to use the new
HookContainer/HookRunner system.
General principles:
* Use DI if it is already used. We're not changing the way state is
managed in this patch.
* HookContainer is always injected, not HookRunner. HookContainer
is a service, it's a more generic interface, it is the only
thing that provides isRegistered() which is needed in some cases,
and a HookRunner can be efficiently constructed from it
(confirmed by benchmark). Because HookContainer is needed
for object construction, it is also needed by all factories.
* "Ask your friendly local base class". Big hierarchies like
SpecialPage and ApiBase have getHookContainer() and getHookRunner()
methods in the base class, and classes that extend that base class
are not expected to know or care where the base class gets its
HookContainer from.
* ProtectedHookAccessorTrait provides protected getHookContainer() and
getHookRunner() methods, getting them from the global service
container. The point of this is to ease migration to DI by ensuring
that call sites ask their local friendly base class rather than
getting a HookRunner from the service container directly.
* Private $this->hookRunner. In some smaller classes where accessor
methods did not seem warranted, there is a private HookRunner property
which is accessed directly. Very rarely (two cases), there is a
protected property, for consistency with code that conventionally
assumes protected=private, but in cases where the class might actually
be overridden, a protected accessor is preferred over a protected
property.
* The last resort: Hooks::runner(). Mostly for static, file-scope and
global code. In a few cases it was used for objects with broken
construction schemes, out of horror or laziness.
Constructors with new required arguments:
* AuthManager
* BadFileLookup
* BlockManager
* ClassicInterwikiLookup
* ContentHandlerFactory
* ContentSecurityPolicy
* DefaultOptionsManager
* DerivedPageDataUpdater
* FullSearchResultWidget
* HtmlCacheUpdater
* LanguageFactory
* LanguageNameUtils
* LinkRenderer
* LinkRendererFactory
* LocalisationCache
* MagicWordFactory
* MessageCache
* NamespaceInfo
* PageEditStash
* PageHandlerFactory
* PageUpdater
* ParserFactory
* PermissionManager
* RevisionStore
* RevisionStoreFactory
* SearchEngineConfig
* SearchEngineFactory
* SearchFormWidget
* SearchNearMatcher
* SessionBackend
* SpecialPageFactory
* UserNameUtils
* UserOptionsManager
* WatchedItemQueryService
* WatchedItemStore
Constructors with new optional arguments:
* DefaultPreferencesFactory
* Language
* LinkHolderArray
* MovePage
* Parser
* ParserCache
* PasswordReset
* Router
setHookContainer() now required after construction:
* AuthenticationProvider
* ResourceLoaderModule
* SearchEngine
Change-Id: Id442b0dbe43aba84bd5cf801d86dedc768b082c7
2020-03-19 02:42:09 +00:00
|
|
|
$this->hook( 'LocalUserCreated', LocalUserCreatedHook::class, $this->once() )
|
2021-04-22 07:56:11 +00:00
|
|
|
->with( $callback, true );
|
2021-02-28 15:00:07 +00:00
|
|
|
$ret = $this->manager->autoCreateUser( $user, AuthManager::AUTOCREATE_SOURCE_SESSION, false, true );
|
2015-11-22 20:17:00 +00:00
|
|
|
$this->unhook( 'LocalUserCreated' );
|
2021-04-21 16:25:17 +00:00
|
|
|
$this->assertEquals( Status::newGood(), $ret );
|
2015-11-22 20:17:00 +00:00
|
|
|
$this->assertNotEquals( 0, $user->getId() );
|
|
|
|
|
$this->assertEquals( $username, $user->getName() );
|
2019-09-17 14:31:49 +00:00
|
|
|
$this->assertSame( 0, $session->getUser()->getId() );
|
2015-11-22 20:17:00 +00:00
|
|
|
$this->assertSame( [
|
|
|
|
|
[ LogLevel::INFO, 'creating new user ({username}) - from: {from}' ],
|
|
|
|
|
], $logger->getBuffer() );
|
|
|
|
|
$logger->clearBuffer();
|
|
|
|
|
$this->assertSame(
|
|
|
|
|
$maxLogId,
|
|
|
|
|
$dbw->selectField( 'logging', 'MAX(log_id)', [ 'log_type' => 'newusers' ] )
|
|
|
|
|
);
|
|
|
|
|
|
|
|
|
|
$this->config->set( 'NewUserLog', true );
|
|
|
|
|
$session->clear();
|
|
|
|
|
$username = self::usernameForCreation();
|
|
|
|
|
$user = \User::newFromName( $username );
|
2021-02-28 15:00:07 +00:00
|
|
|
$ret = $this->manager->autoCreateUser( $user, AuthManager::AUTOCREATE_SOURCE_SESSION, false, true );
|
2021-04-21 16:25:17 +00:00
|
|
|
$this->assertEquals( Status::newGood(), $ret );
|
2015-11-22 20:17:00 +00:00
|
|
|
$logger->clearBuffer();
|
|
|
|
|
|
|
|
|
|
$data = \DatabaseLogEntry::getSelectQueryData();
|
|
|
|
|
$rows = iterator_to_array( $dbw->select(
|
|
|
|
|
$data['tables'],
|
|
|
|
|
$data['fields'],
|
|
|
|
|
[
|
|
|
|
|
'log_id > ' . (int)$maxLogId,
|
|
|
|
|
'log_type' => 'newusers'
|
|
|
|
|
] + $data['conds'],
|
|
|
|
|
__METHOD__,
|
|
|
|
|
$data['options'],
|
|
|
|
|
$data['join_conds']
|
|
|
|
|
) );
|
|
|
|
|
$this->assertCount( 1, $rows );
|
|
|
|
|
$entry = \DatabaseLogEntry::newFromRow( reset( $rows ) );
|
|
|
|
|
|
|
|
|
|
$this->assertSame( 'autocreate', $entry->getSubtype() );
|
2021-02-15 18:53:00 +00:00
|
|
|
$this->assertSame( $user->getId(), $entry->getPerformerIdentity()->getId() );
|
|
|
|
|
$this->assertSame( $user->getName(), $entry->getPerformerIdentity()->getName() );
|
2015-11-22 20:17:00 +00:00
|
|
|
$this->assertSame( $user->getUserPage()->getFullText(), $entry->getTarget()->getFullText() );
|
|
|
|
|
$this->assertSame( [ '4::userid' => $user->getId() ], $entry->getParameters() );
|
|
|
|
|
|
|
|
|
|
$workaroundPHPUnitBug = true;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/**
|
|
|
|
|
* @dataProvider provideGetAuthenticationRequests
|
|
|
|
|
* @param string $action
|
|
|
|
|
* @param array $expect
|
|
|
|
|
* @param array $state
|
|
|
|
|
*/
|
|
|
|
|
public function testGetAuthenticationRequests( $action, $expect, $state = [] ) {
|
|
|
|
|
$makeReq = function ( $key ) use ( $action ) {
|
2017-04-05 23:39:50 +00:00
|
|
|
$req = $this->createMock( AuthenticationRequest::class );
|
2021-04-22 08:28:11 +00:00
|
|
|
$req->method( 'getUniqueId' )
|
|
|
|
|
->willReturn( $key );
|
2015-11-22 20:17:00 +00:00
|
|
|
$req->action = $action === AuthManager::ACTION_UNLINK ? AuthManager::ACTION_REMOVE : $action;
|
|
|
|
|
$req->key = $key;
|
|
|
|
|
return $req;
|
|
|
|
|
};
|
2021-02-06 19:30:20 +00:00
|
|
|
$cmpReqs = static function ( $a, $b ) {
|
2015-11-22 20:17:00 +00:00
|
|
|
$ret = strcmp( get_class( $a ), get_class( $b ) );
|
|
|
|
|
if ( !$ret ) {
|
|
|
|
|
$ret = strcmp( $a->key, $b->key );
|
|
|
|
|
}
|
|
|
|
|
return $ret;
|
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
$good = StatusValue::newGood();
|
|
|
|
|
|
|
|
|
|
$mocks = [];
|
2021-04-16 13:17:10 +00:00
|
|
|
$mocks['pre'] = $this->createMock( AbstractPreAuthenticationProvider::class );
|
2021-04-22 08:40:46 +00:00
|
|
|
$mocks['pre']->method( 'getUniqueId' )
|
2021-03-20 15:18:58 +00:00
|
|
|
->willReturn( 'pre' );
|
2021-04-22 08:40:46 +00:00
|
|
|
$mocks['pre']->method( 'getAuthenticationRequests' )
|
2022-06-05 23:39:02 +00:00
|
|
|
->willReturnCallback( static function ( $action ) use ( $makeReq ) {
|
2021-03-20 15:18:58 +00:00
|
|
|
return [ $makeReq( "pre-$action" ), $makeReq( 'generic' ) ];
|
2022-06-05 23:39:02 +00:00
|
|
|
} );
|
2021-03-20 15:18:58 +00:00
|
|
|
foreach ( [ 'primary', 'secondary' ] as $key ) {
|
2015-11-22 20:17:00 +00:00
|
|
|
$class = ucfirst( $key ) . 'AuthenticationProvider';
|
2021-04-16 13:17:10 +00:00
|
|
|
$mocks[$key] = $this->createMock( "MediaWiki\\Auth\\Abstract$class" );
|
2021-04-22 08:28:11 +00:00
|
|
|
$mocks[$key]->method( 'getUniqueId' )
|
|
|
|
|
->willReturn( $key );
|
|
|
|
|
$mocks[$key]->method( 'getAuthenticationRequests' )
|
2022-06-05 23:39:02 +00:00
|
|
|
->willReturnCallback( static function ( $action ) use ( $key, $makeReq ) {
|
2015-11-22 20:17:00 +00:00
|
|
|
return [ $makeReq( "$key-$action" ), $makeReq( 'generic' ) ];
|
2022-06-05 23:39:02 +00:00
|
|
|
} );
|
2021-04-22 08:28:11 +00:00
|
|
|
$mocks[$key]->method( 'providerAllowsAuthenticationDataChange' )
|
|
|
|
|
->willReturn( $good );
|
2015-11-22 20:17:00 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
$primaries = [];
|
|
|
|
|
foreach ( [
|
|
|
|
|
PrimaryAuthenticationProvider::TYPE_NONE,
|
|
|
|
|
PrimaryAuthenticationProvider::TYPE_CREATE,
|
|
|
|
|
PrimaryAuthenticationProvider::TYPE_LINK
|
|
|
|
|
] as $type ) {
|
|
|
|
|
$class = 'PrimaryAuthenticationProvider';
|
2021-04-16 13:17:10 +00:00
|
|
|
$mocks["primary-$type"] = $this->createMock( "MediaWiki\\Auth\\Abstract$class" );
|
2021-04-22 08:28:11 +00:00
|
|
|
$mocks["primary-$type"]->method( 'getUniqueId' )
|
|
|
|
|
->willReturn( "primary-$type" );
|
|
|
|
|
$mocks["primary-$type"]->method( 'accountCreationType' )
|
|
|
|
|
->willReturn( $type );
|
|
|
|
|
$mocks["primary-$type"]->method( 'getAuthenticationRequests' )
|
2022-06-05 23:39:02 +00:00
|
|
|
->willReturnCallback( static function ( $action ) use ( $type, $makeReq ) {
|
2015-11-22 20:17:00 +00:00
|
|
|
return [ $makeReq( "primary-$type-$action" ), $makeReq( 'generic' ) ];
|
2022-06-05 23:39:02 +00:00
|
|
|
} );
|
2021-04-22 08:28:11 +00:00
|
|
|
$mocks["primary-$type"]->method( 'providerAllowsAuthenticationDataChange' )
|
|
|
|
|
->willReturn( $good );
|
2015-11-22 20:17:00 +00:00
|
|
|
$this->primaryauthMocks[] = $mocks["primary-$type"];
|
|
|
|
|
}
|
|
|
|
|
|
2021-04-16 13:17:10 +00:00
|
|
|
$mocks['primary2'] = $this->createMock( AbstractPrimaryAuthenticationProvider::class );
|
2021-04-22 08:28:11 +00:00
|
|
|
$mocks['primary2']->method( 'getUniqueId' )
|
|
|
|
|
->willReturn( 'primary2' );
|
|
|
|
|
$mocks['primary2']->method( 'accountCreationType' )
|
|
|
|
|
->willReturn( PrimaryAuthenticationProvider::TYPE_LINK );
|
|
|
|
|
$mocks['primary2']->method( 'getAuthenticationRequests' )
|
|
|
|
|
->willReturn( [] );
|
|
|
|
|
$mocks['primary2']->method( 'providerAllowsAuthenticationDataChange' )
|
2022-06-05 23:39:02 +00:00
|
|
|
->willReturnCallback( static function ( $req ) use ( $good ) {
|
2015-11-22 20:17:00 +00:00
|
|
|
return $req->key === 'generic' ? StatusValue::newFatal( 'no' ) : $good;
|
2022-06-05 23:39:02 +00:00
|
|
|
} );
|
2015-11-22 20:17:00 +00:00
|
|
|
$this->primaryauthMocks[] = $mocks['primary2'];
|
|
|
|
|
|
|
|
|
|
$this->preauthMocks = [ $mocks['pre'] ];
|
|
|
|
|
$this->secondaryauthMocks = [ $mocks['secondary'] ];
|
|
|
|
|
$this->initializeManager( true );
|
|
|
|
|
|
|
|
|
|
if ( $state ) {
|
|
|
|
|
if ( isset( $state['continueRequests'] ) ) {
|
|
|
|
|
$state['continueRequests'] = array_map( $makeReq, $state['continueRequests'] );
|
|
|
|
|
}
|
|
|
|
|
if ( $action === AuthManager::ACTION_LOGIN_CONTINUE ) {
|
|
|
|
|
$this->request->getSession()->setSecret( 'AuthManager::authnState', $state );
|
|
|
|
|
} elseif ( $action === AuthManager::ACTION_CREATE_CONTINUE ) {
|
|
|
|
|
$this->request->getSession()->setSecret( 'AuthManager::accountCreationState', $state );
|
|
|
|
|
} elseif ( $action === AuthManager::ACTION_LINK_CONTINUE ) {
|
|
|
|
|
$this->request->getSession()->setSecret( 'AuthManager::accountLinkState', $state );
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
$expectReqs = array_map( $makeReq, $expect );
|
|
|
|
|
if ( $action === AuthManager::ACTION_LOGIN ) {
|
|
|
|
|
$req = new RememberMeAuthenticationRequest;
|
|
|
|
|
$req->action = $action;
|
|
|
|
|
$req->required = AuthenticationRequest::REQUIRED;
|
|
|
|
|
$expectReqs[] = $req;
|
|
|
|
|
} elseif ( $action === AuthManager::ACTION_CREATE ) {
|
|
|
|
|
$req = new UsernameAuthenticationRequest;
|
|
|
|
|
$req->action = $action;
|
|
|
|
|
$expectReqs[] = $req;
|
|
|
|
|
$req = new UserDataAuthenticationRequest;
|
|
|
|
|
$req->action = $action;
|
|
|
|
|
$req->required = AuthenticationRequest::REQUIRED;
|
|
|
|
|
$expectReqs[] = $req;
|
|
|
|
|
}
|
|
|
|
|
usort( $expectReqs, $cmpReqs );
|
|
|
|
|
|
|
|
|
|
$actual = $this->manager->getAuthenticationRequests( $action );
|
|
|
|
|
foreach ( $actual as $req ) {
|
|
|
|
|
// Don't test this here.
|
|
|
|
|
$req->required = AuthenticationRequest::REQUIRED;
|
|
|
|
|
}
|
|
|
|
|
usort( $actual, $cmpReqs );
|
|
|
|
|
|
|
|
|
|
$this->assertEquals( $expectReqs, $actual );
|
|
|
|
|
|
|
|
|
|
// Test CreationReasonAuthenticationRequest gets returned
|
|
|
|
|
if ( $action === AuthManager::ACTION_CREATE ) {
|
|
|
|
|
$req = new CreationReasonAuthenticationRequest;
|
|
|
|
|
$req->action = $action;
|
|
|
|
|
$req->required = AuthenticationRequest::REQUIRED;
|
|
|
|
|
$expectReqs[] = $req;
|
|
|
|
|
usort( $expectReqs, $cmpReqs );
|
|
|
|
|
|
|
|
|
|
$actual = $this->manager->getAuthenticationRequests( $action, \User::newFromName( 'UTSysop' ) );
|
|
|
|
|
foreach ( $actual as $req ) {
|
|
|
|
|
// Don't test this here.
|
|
|
|
|
$req->required = AuthenticationRequest::REQUIRED;
|
|
|
|
|
}
|
|
|
|
|
usort( $actual, $cmpReqs );
|
|
|
|
|
|
|
|
|
|
$this->assertEquals( $expectReqs, $actual );
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
public static function provideGetAuthenticationRequests() {
|
|
|
|
|
return [
|
|
|
|
|
[
|
|
|
|
|
AuthManager::ACTION_LOGIN,
|
|
|
|
|
[ 'pre-login', 'primary-none-login', 'primary-create-login',
|
|
|
|
|
'primary-link-login', 'secondary-login', 'generic' ],
|
|
|
|
|
],
|
|
|
|
|
[
|
|
|
|
|
AuthManager::ACTION_CREATE,
|
|
|
|
|
[ 'pre-create', 'primary-none-create', 'primary-create-create',
|
|
|
|
|
'primary-link-create', 'secondary-create', 'generic' ],
|
|
|
|
|
],
|
|
|
|
|
[
|
|
|
|
|
AuthManager::ACTION_LINK,
|
|
|
|
|
[ 'primary-link-link', 'generic' ],
|
|
|
|
|
],
|
|
|
|
|
[
|
|
|
|
|
AuthManager::ACTION_CHANGE,
|
|
|
|
|
[ 'primary-none-change', 'primary-create-change', 'primary-link-change',
|
|
|
|
|
'secondary-change' ],
|
|
|
|
|
],
|
|
|
|
|
[
|
|
|
|
|
AuthManager::ACTION_REMOVE,
|
|
|
|
|
[ 'primary-none-remove', 'primary-create-remove', 'primary-link-remove',
|
|
|
|
|
'secondary-remove' ],
|
|
|
|
|
],
|
|
|
|
|
[
|
|
|
|
|
AuthManager::ACTION_UNLINK,
|
|
|
|
|
[ 'primary-link-remove' ],
|
|
|
|
|
],
|
|
|
|
|
[
|
|
|
|
|
AuthManager::ACTION_LOGIN_CONTINUE,
|
|
|
|
|
[],
|
|
|
|
|
],
|
|
|
|
|
[
|
|
|
|
|
AuthManager::ACTION_LOGIN_CONTINUE,
|
|
|
|
|
$reqs = [ 'continue-login', 'foo', 'bar' ],
|
|
|
|
|
[
|
|
|
|
|
'continueRequests' => $reqs,
|
|
|
|
|
],
|
|
|
|
|
],
|
|
|
|
|
[
|
|
|
|
|
AuthManager::ACTION_CREATE_CONTINUE,
|
|
|
|
|
[],
|
|
|
|
|
],
|
|
|
|
|
[
|
|
|
|
|
AuthManager::ACTION_CREATE_CONTINUE,
|
|
|
|
|
$reqs = [ 'continue-create', 'foo', 'bar' ],
|
|
|
|
|
[
|
|
|
|
|
'continueRequests' => $reqs,
|
|
|
|
|
],
|
|
|
|
|
],
|
|
|
|
|
[
|
|
|
|
|
AuthManager::ACTION_LINK_CONTINUE,
|
|
|
|
|
[],
|
|
|
|
|
],
|
|
|
|
|
[
|
|
|
|
|
AuthManager::ACTION_LINK_CONTINUE,
|
|
|
|
|
$reqs = [ 'continue-link', 'foo', 'bar' ],
|
|
|
|
|
[
|
|
|
|
|
'continueRequests' => $reqs,
|
|
|
|
|
],
|
|
|
|
|
],
|
|
|
|
|
];
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
public function testGetAuthenticationRequestsRequired() {
|
|
|
|
|
$makeReq = function ( $key, $required ) {
|
2017-04-05 23:39:50 +00:00
|
|
|
$req = $this->createMock( AuthenticationRequest::class );
|
2021-04-22 08:28:11 +00:00
|
|
|
$req->method( 'getUniqueId' )
|
|
|
|
|
->willReturn( $key );
|
2015-11-22 20:17:00 +00:00
|
|
|
$req->action = AuthManager::ACTION_LOGIN;
|
|
|
|
|
$req->key = $key;
|
|
|
|
|
$req->required = $required;
|
|
|
|
|
return $req;
|
|
|
|
|
};
|
2021-02-06 19:30:20 +00:00
|
|
|
$cmpReqs = static function ( $a, $b ) {
|
2015-11-22 20:17:00 +00:00
|
|
|
$ret = strcmp( get_class( $a ), get_class( $b ) );
|
|
|
|
|
if ( !$ret ) {
|
|
|
|
|
$ret = strcmp( $a->key, $b->key );
|
|
|
|
|
}
|
|
|
|
|
return $ret;
|
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
$good = StatusValue::newGood();
|
|
|
|
|
|
2021-04-16 13:17:10 +00:00
|
|
|
$primary1 = $this->createMock( AbstractPrimaryAuthenticationProvider::class );
|
2021-04-22 08:28:11 +00:00
|
|
|
$primary1->method( 'getUniqueId' )
|
|
|
|
|
->willReturn( 'primary1' );
|
|
|
|
|
$primary1->method( 'accountCreationType' )
|
|
|
|
|
->willReturn( PrimaryAuthenticationProvider::TYPE_CREATE );
|
|
|
|
|
$primary1->method( 'getAuthenticationRequests' )
|
2022-06-05 23:39:02 +00:00
|
|
|
->willReturnCallback( static function ( $action ) use ( $makeReq ) {
|
2015-11-22 20:17:00 +00:00
|
|
|
return [
|
|
|
|
|
$makeReq( "primary-shared", AuthenticationRequest::REQUIRED ),
|
|
|
|
|
$makeReq( "required", AuthenticationRequest::REQUIRED ),
|
|
|
|
|
$makeReq( "optional", AuthenticationRequest::OPTIONAL ),
|
|
|
|
|
$makeReq( "foo", AuthenticationRequest::REQUIRED ),
|
|
|
|
|
$makeReq( "bar", AuthenticationRequest::REQUIRED ),
|
|
|
|
|
$makeReq( "baz", AuthenticationRequest::OPTIONAL ),
|
|
|
|
|
];
|
2022-06-05 23:39:02 +00:00
|
|
|
} );
|
2015-11-22 20:17:00 +00:00
|
|
|
|
2021-04-16 13:17:10 +00:00
|
|
|
$primary2 = $this->createMock( AbstractPrimaryAuthenticationProvider::class );
|
2021-04-22 08:28:11 +00:00
|
|
|
$primary2->method( 'getUniqueId' )
|
|
|
|
|
->willReturn( 'primary2' );
|
|
|
|
|
$primary2->method( 'accountCreationType' )
|
|
|
|
|
->willReturn( PrimaryAuthenticationProvider::TYPE_CREATE );
|
|
|
|
|
$primary2->method( 'getAuthenticationRequests' )
|
2022-06-05 23:39:02 +00:00
|
|
|
->willReturnCallback( static function ( $action ) use ( $makeReq ) {
|
2015-11-22 20:17:00 +00:00
|
|
|
return [
|
|
|
|
|
$makeReq( "primary-shared", AuthenticationRequest::REQUIRED ),
|
|
|
|
|
$makeReq( "required2", AuthenticationRequest::REQUIRED ),
|
|
|
|
|
$makeReq( "optional2", AuthenticationRequest::OPTIONAL ),
|
|
|
|
|
];
|
2022-06-05 23:39:02 +00:00
|
|
|
} );
|
2015-11-22 20:17:00 +00:00
|
|
|
|
2021-04-16 13:17:10 +00:00
|
|
|
$secondary = $this->createMock( AbstractSecondaryAuthenticationProvider::class );
|
2021-04-22 08:28:11 +00:00
|
|
|
$secondary->method( 'getUniqueId' )
|
|
|
|
|
->willReturn( 'secondary' );
|
|
|
|
|
$secondary->method( 'getAuthenticationRequests' )
|
2022-06-05 23:39:02 +00:00
|
|
|
->willReturnCallback( static function ( $action ) use ( $makeReq ) {
|
2015-11-22 20:17:00 +00:00
|
|
|
return [
|
|
|
|
|
$makeReq( "foo", AuthenticationRequest::OPTIONAL ),
|
|
|
|
|
$makeReq( "bar", AuthenticationRequest::REQUIRED ),
|
|
|
|
|
$makeReq( "baz", AuthenticationRequest::REQUIRED ),
|
|
|
|
|
];
|
2022-06-05 23:39:02 +00:00
|
|
|
} );
|
2015-11-22 20:17:00 +00:00
|
|
|
|
|
|
|
|
$rememberReq = new RememberMeAuthenticationRequest;
|
|
|
|
|
$rememberReq->action = AuthManager::ACTION_LOGIN;
|
|
|
|
|
|
|
|
|
|
$this->primaryauthMocks = [ $primary1, $primary2 ];
|
|
|
|
|
$this->secondaryauthMocks = [ $secondary ];
|
|
|
|
|
$this->initializeManager( true );
|
|
|
|
|
|
|
|
|
|
$actual = $this->manager->getAuthenticationRequests( AuthManager::ACTION_LOGIN );
|
|
|
|
|
$expected = [
|
|
|
|
|
$rememberReq,
|
2016-08-04 20:47:57 +00:00
|
|
|
$makeReq( "primary-shared", AuthenticationRequest::PRIMARY_REQUIRED ),
|
2015-11-22 20:17:00 +00:00
|
|
|
$makeReq( "required", AuthenticationRequest::PRIMARY_REQUIRED ),
|
|
|
|
|
$makeReq( "required2", AuthenticationRequest::PRIMARY_REQUIRED ),
|
|
|
|
|
$makeReq( "optional", AuthenticationRequest::OPTIONAL ),
|
|
|
|
|
$makeReq( "optional2", AuthenticationRequest::OPTIONAL ),
|
|
|
|
|
$makeReq( "foo", AuthenticationRequest::PRIMARY_REQUIRED ),
|
|
|
|
|
$makeReq( "bar", AuthenticationRequest::REQUIRED ),
|
|
|
|
|
$makeReq( "baz", AuthenticationRequest::REQUIRED ),
|
|
|
|
|
];
|
|
|
|
|
usort( $actual, $cmpReqs );
|
|
|
|
|
usort( $expected, $cmpReqs );
|
|
|
|
|
$this->assertEquals( $expected, $actual );
|
|
|
|
|
|
|
|
|
|
$this->primaryauthMocks = [ $primary1 ];
|
|
|
|
|
$this->secondaryauthMocks = [ $secondary ];
|
|
|
|
|
$this->initializeManager( true );
|
|
|
|
|
|
|
|
|
|
$actual = $this->manager->getAuthenticationRequests( AuthManager::ACTION_LOGIN );
|
|
|
|
|
$expected = [
|
|
|
|
|
$rememberReq,
|
2016-08-04 20:47:57 +00:00
|
|
|
$makeReq( "primary-shared", AuthenticationRequest::PRIMARY_REQUIRED ),
|
|
|
|
|
$makeReq( "required", AuthenticationRequest::PRIMARY_REQUIRED ),
|
2015-11-22 20:17:00 +00:00
|
|
|
$makeReq( "optional", AuthenticationRequest::OPTIONAL ),
|
2016-08-04 20:47:57 +00:00
|
|
|
$makeReq( "foo", AuthenticationRequest::PRIMARY_REQUIRED ),
|
2015-11-22 20:17:00 +00:00
|
|
|
$makeReq( "bar", AuthenticationRequest::REQUIRED ),
|
|
|
|
|
$makeReq( "baz", AuthenticationRequest::REQUIRED ),
|
|
|
|
|
];
|
|
|
|
|
usort( $actual, $cmpReqs );
|
|
|
|
|
usort( $expected, $cmpReqs );
|
|
|
|
|
$this->assertEquals( $expected, $actual );
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
public function testAllowsPropertyChange() {
|
|
|
|
|
$mocks = [];
|
|
|
|
|
foreach ( [ 'primary', 'secondary' ] as $key ) {
|
|
|
|
|
$class = ucfirst( $key ) . 'AuthenticationProvider';
|
2021-04-16 13:17:10 +00:00
|
|
|
$mocks[$key] = $this->createMock( "MediaWiki\\Auth\\Abstract$class" );
|
2021-04-22 08:28:11 +00:00
|
|
|
$mocks[$key]->method( 'getUniqueId' )
|
|
|
|
|
->willReturn( $key );
|
|
|
|
|
$mocks[$key]->method( 'providerAllowsPropertyChange' )
|
2022-06-05 23:39:02 +00:00
|
|
|
->willReturnCallback( static function ( $prop ) use ( $key ) {
|
2015-11-22 20:17:00 +00:00
|
|
|
return $prop !== $key;
|
2022-06-05 23:39:02 +00:00
|
|
|
} );
|
2015-11-22 20:17:00 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
$this->primaryauthMocks = [ $mocks['primary'] ];
|
|
|
|
|
$this->secondaryauthMocks = [ $mocks['secondary'] ];
|
|
|
|
|
$this->initializeManager( true );
|
|
|
|
|
|
|
|
|
|
$this->assertTrue( $this->manager->allowsPropertyChange( 'foo' ) );
|
|
|
|
|
$this->assertFalse( $this->manager->allowsPropertyChange( 'primary' ) );
|
|
|
|
|
$this->assertFalse( $this->manager->allowsPropertyChange( 'secondary' ) );
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
public function testAutoCreateOnLogin() {
|
|
|
|
|
$username = self::usernameForCreation();
|
|
|
|
|
|
2017-04-05 23:39:50 +00:00
|
|
|
$req = $this->createMock( AuthenticationRequest::class );
|
2015-11-22 20:17:00 +00:00
|
|
|
|
2021-04-16 13:17:10 +00:00
|
|
|
$mock = $this->createMock( AbstractPrimaryAuthenticationProvider::class );
|
2021-04-22 08:28:11 +00:00
|
|
|
$mock->method( 'getUniqueId' )->willReturn( 'primary' );
|
|
|
|
|
$mock->method( 'beginPrimaryAuthentication' )
|
|
|
|
|
->willReturn( AuthenticationResponse::newPass( $username ) );
|
|
|
|
|
$mock->method( 'accountCreationType' )
|
|
|
|
|
->willReturn( PrimaryAuthenticationProvider::TYPE_CREATE );
|
|
|
|
|
$mock->method( 'testUserExists' )->willReturn( true );
|
|
|
|
|
$mock->method( 'testUserForCreation' )
|
|
|
|
|
->willReturn( StatusValue::newGood() );
|
2015-11-22 20:17:00 +00:00
|
|
|
|
2021-04-16 13:17:10 +00:00
|
|
|
$mock2 = $this->createMock( AbstractSecondaryAuthenticationProvider::class );
|
2021-04-22 08:28:11 +00:00
|
|
|
$mock2->method( 'getUniqueId' )
|
|
|
|
|
->willReturn( 'secondary' );
|
|
|
|
|
$mock2->method( 'beginSecondaryAuthentication' )
|
|
|
|
|
->willReturn( AuthenticationResponse::newUI( [ $req ], $this->message( '...' ) ) );
|
|
|
|
|
$mock2->method( 'continueSecondaryAuthentication' )
|
|
|
|
|
->willReturn( AuthenticationResponse::newAbstain() );
|
|
|
|
|
$mock2->method( 'testUserForCreation' )
|
|
|
|
|
->willReturn( StatusValue::newGood() );
|
2015-11-22 20:17:00 +00:00
|
|
|
|
|
|
|
|
$this->primaryauthMocks = [ $mock ];
|
|
|
|
|
$this->secondaryauthMocks = [ $mock2 ];
|
|
|
|
|
$this->initializeManager( true );
|
|
|
|
|
$this->manager->setLogger( new \Psr\Log\NullLogger() );
|
|
|
|
|
$session = $this->request->getSession();
|
|
|
|
|
$session->clear();
|
|
|
|
|
|
2021-11-21 19:13:24 +00:00
|
|
|
$this->assertSame( 0, \User::newFromName( $username )->getId() );
|
2015-11-22 20:17:00 +00:00
|
|
|
|
2021-02-07 13:10:36 +00:00
|
|
|
$callback = $this->callback( static function ( $user ) use ( $username ) {
|
2015-11-22 20:17:00 +00:00
|
|
|
return $user->getName() === $username;
|
|
|
|
|
} );
|
|
|
|
|
|
Hooks::run() call site migration
Migrate all callers of Hooks::run() to use the new
HookContainer/HookRunner system.
General principles:
* Use DI if it is already used. We're not changing the way state is
managed in this patch.
* HookContainer is always injected, not HookRunner. HookContainer
is a service, it's a more generic interface, it is the only
thing that provides isRegistered() which is needed in some cases,
and a HookRunner can be efficiently constructed from it
(confirmed by benchmark). Because HookContainer is needed
for object construction, it is also needed by all factories.
* "Ask your friendly local base class". Big hierarchies like
SpecialPage and ApiBase have getHookContainer() and getHookRunner()
methods in the base class, and classes that extend that base class
are not expected to know or care where the base class gets its
HookContainer from.
* ProtectedHookAccessorTrait provides protected getHookContainer() and
getHookRunner() methods, getting them from the global service
container. The point of this is to ease migration to DI by ensuring
that call sites ask their local friendly base class rather than
getting a HookRunner from the service container directly.
* Private $this->hookRunner. In some smaller classes where accessor
methods did not seem warranted, there is a private HookRunner property
which is accessed directly. Very rarely (two cases), there is a
protected property, for consistency with code that conventionally
assumes protected=private, but in cases where the class might actually
be overridden, a protected accessor is preferred over a protected
property.
* The last resort: Hooks::runner(). Mostly for static, file-scope and
global code. In a few cases it was used for objects with broken
construction schemes, out of horror or laziness.
Constructors with new required arguments:
* AuthManager
* BadFileLookup
* BlockManager
* ClassicInterwikiLookup
* ContentHandlerFactory
* ContentSecurityPolicy
* DefaultOptionsManager
* DerivedPageDataUpdater
* FullSearchResultWidget
* HtmlCacheUpdater
* LanguageFactory
* LanguageNameUtils
* LinkRenderer
* LinkRendererFactory
* LocalisationCache
* MagicWordFactory
* MessageCache
* NamespaceInfo
* PageEditStash
* PageHandlerFactory
* PageUpdater
* ParserFactory
* PermissionManager
* RevisionStore
* RevisionStoreFactory
* SearchEngineConfig
* SearchEngineFactory
* SearchFormWidget
* SearchNearMatcher
* SessionBackend
* SpecialPageFactory
* UserNameUtils
* UserOptionsManager
* WatchedItemQueryService
* WatchedItemStore
Constructors with new optional arguments:
* DefaultPreferencesFactory
* Language
* LinkHolderArray
* MovePage
* Parser
* ParserCache
* PasswordReset
* Router
setHookContainer() now required after construction:
* AuthenticationProvider
* ResourceLoaderModule
* SearchEngine
Change-Id: Id442b0dbe43aba84bd5cf801d86dedc768b082c7
2020-03-19 02:42:09 +00:00
|
|
|
$this->hook( 'UserLoggedIn', UserLoggedInHook::class, $this->never() );
|
|
|
|
|
$this->hook( 'LocalUserCreated', LocalUserCreatedHook::class, $this->once() )
|
2021-04-22 07:56:11 +00:00
|
|
|
->with( $callback, true );
|
2015-11-22 20:17:00 +00:00
|
|
|
$ret = $this->manager->beginAuthentication( [], 'http://localhost/' );
|
|
|
|
|
$this->unhook( 'LocalUserCreated' );
|
|
|
|
|
$this->unhook( 'UserLoggedIn' );
|
|
|
|
|
$this->assertSame( AuthenticationResponse::UI, $ret->status );
|
|
|
|
|
|
|
|
|
|
$id = (int)\User::newFromName( $username )->getId();
|
|
|
|
|
$this->assertNotSame( 0, \User::newFromName( $username )->getId() );
|
|
|
|
|
$this->assertSame( 0, $session->getUser()->getId() );
|
|
|
|
|
|
Hooks::run() call site migration
Migrate all callers of Hooks::run() to use the new
HookContainer/HookRunner system.
General principles:
* Use DI if it is already used. We're not changing the way state is
managed in this patch.
* HookContainer is always injected, not HookRunner. HookContainer
is a service, it's a more generic interface, it is the only
thing that provides isRegistered() which is needed in some cases,
and a HookRunner can be efficiently constructed from it
(confirmed by benchmark). Because HookContainer is needed
for object construction, it is also needed by all factories.
* "Ask your friendly local base class". Big hierarchies like
SpecialPage and ApiBase have getHookContainer() and getHookRunner()
methods in the base class, and classes that extend that base class
are not expected to know or care where the base class gets its
HookContainer from.
* ProtectedHookAccessorTrait provides protected getHookContainer() and
getHookRunner() methods, getting them from the global service
container. The point of this is to ease migration to DI by ensuring
that call sites ask their local friendly base class rather than
getting a HookRunner from the service container directly.
* Private $this->hookRunner. In some smaller classes where accessor
methods did not seem warranted, there is a private HookRunner property
which is accessed directly. Very rarely (two cases), there is a
protected property, for consistency with code that conventionally
assumes protected=private, but in cases where the class might actually
be overridden, a protected accessor is preferred over a protected
property.
* The last resort: Hooks::runner(). Mostly for static, file-scope and
global code. In a few cases it was used for objects with broken
construction schemes, out of horror or laziness.
Constructors with new required arguments:
* AuthManager
* BadFileLookup
* BlockManager
* ClassicInterwikiLookup
* ContentHandlerFactory
* ContentSecurityPolicy
* DefaultOptionsManager
* DerivedPageDataUpdater
* FullSearchResultWidget
* HtmlCacheUpdater
* LanguageFactory
* LanguageNameUtils
* LinkRenderer
* LinkRendererFactory
* LocalisationCache
* MagicWordFactory
* MessageCache
* NamespaceInfo
* PageEditStash
* PageHandlerFactory
* PageUpdater
* ParserFactory
* PermissionManager
* RevisionStore
* RevisionStoreFactory
* SearchEngineConfig
* SearchEngineFactory
* SearchFormWidget
* SearchNearMatcher
* SessionBackend
* SpecialPageFactory
* UserNameUtils
* UserOptionsManager
* WatchedItemQueryService
* WatchedItemStore
Constructors with new optional arguments:
* DefaultPreferencesFactory
* Language
* LinkHolderArray
* MovePage
* Parser
* ParserCache
* PasswordReset
* Router
setHookContainer() now required after construction:
* AuthenticationProvider
* ResourceLoaderModule
* SearchEngine
Change-Id: Id442b0dbe43aba84bd5cf801d86dedc768b082c7
2020-03-19 02:42:09 +00:00
|
|
|
$this->hook( 'UserLoggedIn', UserLoggedInHook::class, $this->once() )
|
|
|
|
|
->with( $callback );
|
|
|
|
|
$this->hook( 'LocalUserCreated', LocalUserCreatedHook::class, $this->never() );
|
2015-11-22 20:17:00 +00:00
|
|
|
$ret = $this->manager->continueAuthentication( [] );
|
|
|
|
|
$this->unhook( 'LocalUserCreated' );
|
|
|
|
|
$this->unhook( 'UserLoggedIn' );
|
|
|
|
|
$this->assertSame( AuthenticationResponse::PASS, $ret->status );
|
|
|
|
|
$this->assertSame( $username, $ret->username );
|
|
|
|
|
$this->assertSame( $id, $session->getUser()->getId() );
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
public function testAutoCreateFailOnLogin() {
|
|
|
|
|
$username = self::usernameForCreation();
|
|
|
|
|
|
2021-04-16 13:17:10 +00:00
|
|
|
$mock = $this->createMock( AbstractPrimaryAuthenticationProvider::class );
|
2021-04-22 08:28:11 +00:00
|
|
|
$mock->method( 'getUniqueId' )->willReturn( 'primary' );
|
|
|
|
|
$mock->method( 'beginPrimaryAuthentication' )
|
|
|
|
|
->willReturn( AuthenticationResponse::newPass( $username ) );
|
|
|
|
|
$mock->method( 'accountCreationType' )
|
|
|
|
|
->willReturn( PrimaryAuthenticationProvider::TYPE_CREATE );
|
|
|
|
|
$mock->method( 'testUserExists' )->willReturn( true );
|
|
|
|
|
$mock->method( 'testUserForCreation' )
|
|
|
|
|
->willReturn( StatusValue::newFatal( 'fail-from-primary' ) );
|
2015-11-22 20:17:00 +00:00
|
|
|
|
|
|
|
|
$this->primaryauthMocks = [ $mock ];
|
|
|
|
|
$this->initializeManager( true );
|
|
|
|
|
$this->manager->setLogger( new \Psr\Log\NullLogger() );
|
|
|
|
|
$session = $this->request->getSession();
|
|
|
|
|
$session->clear();
|
|
|
|
|
|
2021-11-21 19:13:24 +00:00
|
|
|
$this->assertSame( 0, $session->getUser()->getId() );
|
|
|
|
|
$this->assertSame( 0, \User::newFromName( $username )->getId() );
|
2015-11-22 20:17:00 +00:00
|
|
|
|
Hooks::run() call site migration
Migrate all callers of Hooks::run() to use the new
HookContainer/HookRunner system.
General principles:
* Use DI if it is already used. We're not changing the way state is
managed in this patch.
* HookContainer is always injected, not HookRunner. HookContainer
is a service, it's a more generic interface, it is the only
thing that provides isRegistered() which is needed in some cases,
and a HookRunner can be efficiently constructed from it
(confirmed by benchmark). Because HookContainer is needed
for object construction, it is also needed by all factories.
* "Ask your friendly local base class". Big hierarchies like
SpecialPage and ApiBase have getHookContainer() and getHookRunner()
methods in the base class, and classes that extend that base class
are not expected to know or care where the base class gets its
HookContainer from.
* ProtectedHookAccessorTrait provides protected getHookContainer() and
getHookRunner() methods, getting them from the global service
container. The point of this is to ease migration to DI by ensuring
that call sites ask their local friendly base class rather than
getting a HookRunner from the service container directly.
* Private $this->hookRunner. In some smaller classes where accessor
methods did not seem warranted, there is a private HookRunner property
which is accessed directly. Very rarely (two cases), there is a
protected property, for consistency with code that conventionally
assumes protected=private, but in cases where the class might actually
be overridden, a protected accessor is preferred over a protected
property.
* The last resort: Hooks::runner(). Mostly for static, file-scope and
global code. In a few cases it was used for objects with broken
construction schemes, out of horror or laziness.
Constructors with new required arguments:
* AuthManager
* BadFileLookup
* BlockManager
* ClassicInterwikiLookup
* ContentHandlerFactory
* ContentSecurityPolicy
* DefaultOptionsManager
* DerivedPageDataUpdater
* FullSearchResultWidget
* HtmlCacheUpdater
* LanguageFactory
* LanguageNameUtils
* LinkRenderer
* LinkRendererFactory
* LocalisationCache
* MagicWordFactory
* MessageCache
* NamespaceInfo
* PageEditStash
* PageHandlerFactory
* PageUpdater
* ParserFactory
* PermissionManager
* RevisionStore
* RevisionStoreFactory
* SearchEngineConfig
* SearchEngineFactory
* SearchFormWidget
* SearchNearMatcher
* SessionBackend
* SpecialPageFactory
* UserNameUtils
* UserOptionsManager
* WatchedItemQueryService
* WatchedItemStore
Constructors with new optional arguments:
* DefaultPreferencesFactory
* Language
* LinkHolderArray
* MovePage
* Parser
* ParserCache
* PasswordReset
* Router
setHookContainer() now required after construction:
* AuthenticationProvider
* ResourceLoaderModule
* SearchEngine
Change-Id: Id442b0dbe43aba84bd5cf801d86dedc768b082c7
2020-03-19 02:42:09 +00:00
|
|
|
$this->hook( 'UserLoggedIn', UserLoggedInHook::class, $this->never() );
|
|
|
|
|
$this->hook( 'LocalUserCreated', LocalUserCreatedHook::class, $this->never() );
|
2015-11-22 20:17:00 +00:00
|
|
|
$ret = $this->manager->beginAuthentication( [], 'http://localhost/' );
|
|
|
|
|
$this->unhook( 'LocalUserCreated' );
|
|
|
|
|
$this->unhook( 'UserLoggedIn' );
|
|
|
|
|
$this->assertSame( AuthenticationResponse::FAIL, $ret->status );
|
|
|
|
|
$this->assertSame( 'authmanager-authn-autocreate-failed', $ret->message->getKey() );
|
|
|
|
|
|
|
|
|
|
$this->assertSame( 0, \User::newFromName( $username )->getId() );
|
|
|
|
|
$this->assertSame( 0, $session->getUser()->getId() );
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
public function testAuthenticationSessionData() {
|
|
|
|
|
$this->initializeManager( true );
|
|
|
|
|
|
|
|
|
|
$this->assertNull( $this->manager->getAuthenticationSessionData( 'foo' ) );
|
|
|
|
|
$this->manager->setAuthenticationSessionData( 'foo', 'foo!' );
|
|
|
|
|
$this->manager->setAuthenticationSessionData( 'bar', 'bar!' );
|
|
|
|
|
$this->assertSame( 'foo!', $this->manager->getAuthenticationSessionData( 'foo' ) );
|
|
|
|
|
$this->assertSame( 'bar!', $this->manager->getAuthenticationSessionData( 'bar' ) );
|
|
|
|
|
$this->manager->removeAuthenticationSessionData( 'foo' );
|
|
|
|
|
$this->assertNull( $this->manager->getAuthenticationSessionData( 'foo' ) );
|
|
|
|
|
$this->assertSame( 'bar!', $this->manager->getAuthenticationSessionData( 'bar' ) );
|
|
|
|
|
$this->manager->removeAuthenticationSessionData( 'bar' );
|
|
|
|
|
$this->assertNull( $this->manager->getAuthenticationSessionData( 'bar' ) );
|
|
|
|
|
|
|
|
|
|
$this->manager->setAuthenticationSessionData( 'foo', 'foo!' );
|
|
|
|
|
$this->manager->setAuthenticationSessionData( 'bar', 'bar!' );
|
|
|
|
|
$this->manager->removeAuthenticationSessionData( null );
|
|
|
|
|
$this->assertNull( $this->manager->getAuthenticationSessionData( 'foo' ) );
|
|
|
|
|
$this->assertNull( $this->manager->getAuthenticationSessionData( 'bar' ) );
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
public function testCanLinkAccounts() {
|
|
|
|
|
$types = [
|
|
|
|
|
PrimaryAuthenticationProvider::TYPE_CREATE => true,
|
|
|
|
|
PrimaryAuthenticationProvider::TYPE_LINK => true,
|
|
|
|
|
PrimaryAuthenticationProvider::TYPE_NONE => false,
|
|
|
|
|
];
|
|
|
|
|
|
|
|
|
|
foreach ( $types as $type => $can ) {
|
2021-04-16 13:17:10 +00:00
|
|
|
$mock = $this->createMock( AbstractPrimaryAuthenticationProvider::class );
|
2021-04-22 08:28:11 +00:00
|
|
|
$mock->method( 'getUniqueId' )->willReturn( $type );
|
|
|
|
|
$mock->method( 'accountCreationType' )
|
|
|
|
|
->willReturn( $type );
|
2015-11-22 20:17:00 +00:00
|
|
|
$this->primaryauthMocks = [ $mock ];
|
|
|
|
|
$this->initializeManager( true );
|
|
|
|
|
$this->assertSame( $can, $this->manager->canCreateAccounts(), $type );
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
public function testBeginAccountLink() {
|
|
|
|
|
$user = \User::newFromName( 'UTSysop' );
|
|
|
|
|
$this->initializeManager();
|
|
|
|
|
|
|
|
|
|
$this->request->getSession()->setSecret( 'AuthManager::accountLinkState', 'test' );
|
|
|
|
|
try {
|
|
|
|
|
$this->manager->beginAccountLink( $user, [], 'http://localhost/' );
|
|
|
|
|
$this->fail( 'Expected exception not thrown' );
|
|
|
|
|
} catch ( \LogicException $ex ) {
|
|
|
|
|
$this->assertEquals( 'Account linking is not possible', $ex->getMessage() );
|
|
|
|
|
}
|
|
|
|
|
$this->assertNull( $this->request->getSession()->getSecret( 'AuthManager::accountLinkState' ) );
|
|
|
|
|
|
2021-04-16 13:17:10 +00:00
|
|
|
$mock = $this->createMock( AbstractPrimaryAuthenticationProvider::class );
|
2021-04-22 08:28:11 +00:00
|
|
|
$mock->method( 'getUniqueId' )->willReturn( 'X' );
|
|
|
|
|
$mock->method( 'accountCreationType' )
|
|
|
|
|
->willReturn( PrimaryAuthenticationProvider::TYPE_LINK );
|
2015-11-22 20:17:00 +00:00
|
|
|
$this->primaryauthMocks = [ $mock ];
|
|
|
|
|
$this->initializeManager( true );
|
|
|
|
|
|
|
|
|
|
$ret = $this->manager->beginAccountLink( new \User, [], 'http://localhost/' );
|
|
|
|
|
$this->assertSame( AuthenticationResponse::FAIL, $ret->status );
|
|
|
|
|
$this->assertSame( 'noname', $ret->message->getKey() );
|
|
|
|
|
|
|
|
|
|
$ret = $this->manager->beginAccountLink(
|
|
|
|
|
\User::newFromName( 'UTDoesNotExist' ), [], 'http://localhost/'
|
|
|
|
|
);
|
|
|
|
|
$this->assertSame( AuthenticationResponse::FAIL, $ret->status );
|
|
|
|
|
$this->assertSame( 'authmanager-userdoesnotexist', $ret->message->getKey() );
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
public function testContinueAccountLink() {
|
|
|
|
|
$user = \User::newFromName( 'UTSysop' );
|
|
|
|
|
$this->initializeManager();
|
|
|
|
|
|
|
|
|
|
$session = [
|
|
|
|
|
'userid' => $user->getId(),
|
|
|
|
|
'username' => $user->getName(),
|
|
|
|
|
'primary' => 'X',
|
|
|
|
|
];
|
|
|
|
|
|
|
|
|
|
try {
|
|
|
|
|
$this->manager->continueAccountLink( [] );
|
|
|
|
|
$this->fail( 'Expected exception not thrown' );
|
|
|
|
|
} catch ( \LogicException $ex ) {
|
|
|
|
|
$this->assertEquals( 'Account linking is not possible', $ex->getMessage() );
|
|
|
|
|
}
|
|
|
|
|
|
2021-04-16 13:17:10 +00:00
|
|
|
$mock = $this->createMock( AbstractPrimaryAuthenticationProvider::class );
|
2021-04-22 08:28:11 +00:00
|
|
|
$mock->method( 'getUniqueId' )->willReturn( 'X' );
|
|
|
|
|
$mock->method( 'accountCreationType' )
|
|
|
|
|
->willReturn( PrimaryAuthenticationProvider::TYPE_LINK );
|
|
|
|
|
$mock->method( 'beginPrimaryAccountLink' )
|
|
|
|
|
->willReturn( AuthenticationResponse::newFail( $this->message( 'fail' ) ) );
|
2015-11-22 20:17:00 +00:00
|
|
|
$this->primaryauthMocks = [ $mock ];
|
|
|
|
|
$this->initializeManager( true );
|
|
|
|
|
|
|
|
|
|
$this->request->getSession()->setSecret( 'AuthManager::accountLinkState', null );
|
|
|
|
|
$ret = $this->manager->continueAccountLink( [] );
|
|
|
|
|
$this->assertSame( AuthenticationResponse::FAIL, $ret->status );
|
|
|
|
|
$this->assertSame( 'authmanager-link-not-in-progress', $ret->message->getKey() );
|
|
|
|
|
|
|
|
|
|
$this->request->getSession()->setSecret( 'AuthManager::accountLinkState',
|
|
|
|
|
[ 'username' => $user->getName() . '<>' ] + $session );
|
|
|
|
|
$ret = $this->manager->continueAccountLink( [] );
|
|
|
|
|
$this->assertSame( AuthenticationResponse::FAIL, $ret->status );
|
|
|
|
|
$this->assertSame( 'noname', $ret->message->getKey() );
|
|
|
|
|
$this->assertNull( $this->request->getSession()->getSecret( 'AuthManager::accountLinkState' ) );
|
|
|
|
|
|
|
|
|
|
$id = $user->getId();
|
|
|
|
|
$this->request->getSession()->setSecret( 'AuthManager::accountLinkState',
|
|
|
|
|
[ 'userid' => $id + 1 ] + $session );
|
|
|
|
|
try {
|
|
|
|
|
$ret = $this->manager->continueAccountLink( [] );
|
|
|
|
|
$this->fail( 'Expected exception not thrown' );
|
|
|
|
|
} catch ( \UnexpectedValueException $ex ) {
|
|
|
|
|
$this->assertEquals(
|
2018-10-31 13:22:47 +00:00
|
|
|
"User \"{$user->getName()}\" is valid, but ID $id !== " . ( $id + 1 ) . '!',
|
2015-11-22 20:17:00 +00:00
|
|
|
$ex->getMessage()
|
|
|
|
|
);
|
|
|
|
|
}
|
|
|
|
|
$this->assertNull( $this->request->getSession()->getSecret( 'AuthManager::accountLinkState' ) );
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/**
|
|
|
|
|
* @dataProvider provideAccountLink
|
|
|
|
|
*/
|
|
|
|
|
public function testAccountLink(
|
|
|
|
|
StatusValue $preTest, array $primaryResponses, array $managerResponses
|
|
|
|
|
) {
|
|
|
|
|
$user = \User::newFromName( 'UTSysop' );
|
|
|
|
|
|
|
|
|
|
$this->initializeManager();
|
|
|
|
|
|
|
|
|
|
// Set up lots of mocks...
|
|
|
|
|
$req = $this->getMockForAbstractClass( AuthenticationRequest::class );
|
|
|
|
|
$req->primary = $primaryResponses;
|
|
|
|
|
$mocks = [];
|
|
|
|
|
|
|
|
|
|
foreach ( [ 'pre', 'primary' ] as $key ) {
|
|
|
|
|
$class = ucfirst( $key ) . 'AuthenticationProvider';
|
2021-04-16 13:17:10 +00:00
|
|
|
$mocks[$key] = $this->getMockBuilder( "MediaWiki\\Auth\\Abstract$class" )
|
|
|
|
|
->setMockClassName( "MockAbstract$class" )
|
|
|
|
|
->getMock();
|
2021-04-22 08:28:11 +00:00
|
|
|
$mocks[$key]->method( 'getUniqueId' )
|
|
|
|
|
->willReturn( $key );
|
2015-11-22 20:17:00 +00:00
|
|
|
|
|
|
|
|
for ( $i = 2; $i <= 3; $i++ ) {
|
2021-04-16 13:17:10 +00:00
|
|
|
$mocks[$key . $i] = $this->getMockBuilder( "MediaWiki\\Auth\\Abstract$class" )
|
|
|
|
|
->setMockClassName( "MockAbstract$class" )
|
|
|
|
|
->getMock();
|
2021-04-22 08:28:11 +00:00
|
|
|
$mocks[$key . $i]->method( 'getUniqueId' )
|
|
|
|
|
->willReturn( $key . $i );
|
2015-11-22 20:17:00 +00:00
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
2021-04-22 08:40:46 +00:00
|
|
|
$mocks['pre']->method( 'testForAccountLink' )
|
2022-06-05 23:39:02 +00:00
|
|
|
->willReturnCallback(
|
2015-11-22 20:17:00 +00:00
|
|
|
function ( $u )
|
|
|
|
|
use ( $user, $preTest )
|
|
|
|
|
{
|
|
|
|
|
$this->assertSame( $user->getId(), $u->getId() );
|
|
|
|
|
$this->assertSame( $user->getName(), $u->getName() );
|
|
|
|
|
return $preTest;
|
|
|
|
|
}
|
2022-06-05 23:39:02 +00:00
|
|
|
);
|
2015-11-22 20:17:00 +00:00
|
|
|
|
|
|
|
|
$mocks['pre2']->expects( $this->atMost( 1 ) )->method( 'testForAccountLink' )
|
2021-04-22 08:28:11 +00:00
|
|
|
->willReturn( StatusValue::newGood() );
|
2015-11-22 20:17:00 +00:00
|
|
|
|
2021-04-22 08:28:11 +00:00
|
|
|
$mocks['primary']->method( 'accountCreationType' )
|
|
|
|
|
->willReturn( PrimaryAuthenticationProvider::TYPE_LINK );
|
2015-11-22 20:17:00 +00:00
|
|
|
$ct = count( $req->primary );
|
|
|
|
|
$callback = $this->returnCallback( function ( $u, $reqs ) use ( $user, $req ) {
|
|
|
|
|
$this->assertSame( $user->getId(), $u->getId() );
|
|
|
|
|
$this->assertSame( $user->getName(), $u->getName() );
|
|
|
|
|
$foundReq = false;
|
|
|
|
|
foreach ( $reqs as $r ) {
|
|
|
|
|
$this->assertSame( $user->getName(), $r->username );
|
|
|
|
|
$foundReq = $foundReq || get_class( $r ) === get_class( $req );
|
|
|
|
|
}
|
|
|
|
|
$this->assertTrue( $foundReq, '$reqs contains $req' );
|
|
|
|
|
return array_shift( $req->primary );
|
|
|
|
|
} );
|
|
|
|
|
$mocks['primary']->expects( $this->exactly( min( 1, $ct ) ) )
|
|
|
|
|
->method( 'beginPrimaryAccountLink' )
|
|
|
|
|
->will( $callback );
|
|
|
|
|
$mocks['primary']->expects( $this->exactly( max( 0, $ct - 1 ) ) )
|
|
|
|
|
->method( 'continuePrimaryAccountLink' )
|
|
|
|
|
->will( $callback );
|
|
|
|
|
|
|
|
|
|
$abstain = AuthenticationResponse::newAbstain();
|
2021-04-22 08:28:11 +00:00
|
|
|
$mocks['primary2']->method( 'accountCreationType' )
|
|
|
|
|
->willReturn( PrimaryAuthenticationProvider::TYPE_LINK );
|
2015-11-22 20:17:00 +00:00
|
|
|
$mocks['primary2']->expects( $this->atMost( 1 ) )->method( 'beginPrimaryAccountLink' )
|
2021-04-22 08:28:11 +00:00
|
|
|
->willReturn( $abstain );
|
2015-11-22 20:17:00 +00:00
|
|
|
$mocks['primary2']->expects( $this->never() )->method( 'continuePrimaryAccountLink' );
|
2021-04-22 08:28:11 +00:00
|
|
|
$mocks['primary3']->method( 'accountCreationType' )
|
|
|
|
|
->willReturn( PrimaryAuthenticationProvider::TYPE_CREATE );
|
2015-11-22 20:17:00 +00:00
|
|
|
$mocks['primary3']->expects( $this->never() )->method( 'beginPrimaryAccountLink' );
|
|
|
|
|
$mocks['primary3']->expects( $this->never() )->method( 'continuePrimaryAccountLink' );
|
|
|
|
|
|
|
|
|
|
$this->preauthMocks = [ $mocks['pre'], $mocks['pre2'] ];
|
|
|
|
|
$this->primaryauthMocks = [ $mocks['primary3'], $mocks['primary2'], $mocks['primary'] ];
|
2021-02-07 13:10:36 +00:00
|
|
|
$this->logger = new \TestLogger( true, static function ( $message, $level ) {
|
2015-11-22 20:17:00 +00:00
|
|
|
return $level === LogLevel::DEBUG ? null : $message;
|
|
|
|
|
} );
|
|
|
|
|
$this->initializeManager( true );
|
|
|
|
|
|
2019-10-06 04:54:59 +00:00
|
|
|
$constraint = Assert::logicalOr(
|
2015-11-22 20:17:00 +00:00
|
|
|
$this->equalTo( AuthenticationResponse::PASS ),
|
|
|
|
|
$this->equalTo( AuthenticationResponse::FAIL )
|
|
|
|
|
);
|
|
|
|
|
$providers = array_merge( $this->preauthMocks, $this->primaryauthMocks );
|
|
|
|
|
foreach ( $providers as $p ) {
|
|
|
|
|
$p->postCalled = false;
|
|
|
|
|
$p->expects( $this->atMost( 1 ) )->method( 'postAccountLink' )
|
|
|
|
|
->willReturnCallback( function ( $user, $response ) use ( $constraint, $p ) {
|
2018-01-13 00:02:09 +00:00
|
|
|
$this->assertInstanceOf( \User::class, $user );
|
2015-11-22 20:17:00 +00:00
|
|
|
$this->assertSame( 'UTSysop', $user->getName() );
|
|
|
|
|
$this->assertInstanceOf( AuthenticationResponse::class, $response );
|
|
|
|
|
$this->assertThat( $response->status, $constraint );
|
|
|
|
|
$p->postCalled = $response->status;
|
|
|
|
|
} );
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
$first = true;
|
|
|
|
|
$created = false;
|
|
|
|
|
$expectLog = [];
|
|
|
|
|
foreach ( $managerResponses as $i => $response ) {
|
|
|
|
|
if ( $response instanceof AuthenticationResponse &&
|
|
|
|
|
$response->status === AuthenticationResponse::PASS
|
|
|
|
|
) {
|
|
|
|
|
$expectLog[] = [ LogLevel::INFO, 'Account linked to {user} by primary' ];
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
$ex = null;
|
|
|
|
|
try {
|
|
|
|
|
if ( $first ) {
|
|
|
|
|
$ret = $this->manager->beginAccountLink( $user, [ $req ], 'http://localhost/' );
|
|
|
|
|
} else {
|
|
|
|
|
$ret = $this->manager->continueAccountLink( [ $req ] );
|
|
|
|
|
}
|
|
|
|
|
if ( $response instanceof \Exception ) {
|
|
|
|
|
$this->fail( 'Expected exception not thrown', "Response $i" );
|
|
|
|
|
}
|
|
|
|
|
} catch ( \Exception $ex ) {
|
|
|
|
|
if ( !$response instanceof \Exception ) {
|
|
|
|
|
throw $ex;
|
|
|
|
|
}
|
|
|
|
|
$this->assertEquals( $response->getMessage(), $ex->getMessage(), "Response $i, exception" );
|
|
|
|
|
$this->assertNull( $this->request->getSession()->getSecret( 'AuthManager::accountLinkState' ),
|
|
|
|
|
"Response $i, exception, session state" );
|
|
|
|
|
return;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
$this->assertSame( 'http://localhost/', $req->returnToUrl );
|
|
|
|
|
|
|
|
|
|
$ret->message = $this->message( $ret->message );
|
2018-08-01 12:40:47 +00:00
|
|
|
$this->assertResponseEquals( $response, $ret, "Response $i, response" );
|
2015-11-22 20:17:00 +00:00
|
|
|
if ( $response->status === AuthenticationResponse::PASS ||
|
|
|
|
|
$response->status === AuthenticationResponse::FAIL
|
|
|
|
|
) {
|
|
|
|
|
$this->assertNull( $this->request->getSession()->getSecret( 'AuthManager::accountLinkState' ),
|
|
|
|
|
"Response $i, session state" );
|
|
|
|
|
foreach ( $providers as $p ) {
|
|
|
|
|
$this->assertSame( $response->status, $p->postCalled,
|
|
|
|
|
"Response $i, post-auth callback called" );
|
|
|
|
|
}
|
|
|
|
|
} else {
|
|
|
|
|
$this->assertNotNull(
|
|
|
|
|
$this->request->getSession()->getSecret( 'AuthManager::accountLinkState' ),
|
|
|
|
|
"Response $i, session state"
|
|
|
|
|
);
|
2016-06-01 15:58:44 +00:00
|
|
|
foreach ( $ret->neededRequests as $neededReq ) {
|
|
|
|
|
$this->assertEquals( AuthManager::ACTION_LINK, $neededReq->action,
|
|
|
|
|
"Response $i, neededRequest action" );
|
|
|
|
|
}
|
2015-11-22 20:17:00 +00:00
|
|
|
$this->assertEquals(
|
|
|
|
|
$ret->neededRequests,
|
|
|
|
|
$this->manager->getAuthenticationRequests( AuthManager::ACTION_LINK_CONTINUE ),
|
|
|
|
|
"Response $i, continuation check"
|
|
|
|
|
);
|
|
|
|
|
foreach ( $providers as $p ) {
|
|
|
|
|
$this->assertFalse( $p->postCalled, "Response $i, post-auth callback not called" );
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
$first = false;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
$this->assertSame( $expectLog, $this->logger->getBuffer() );
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
public function provideAccountLink() {
|
|
|
|
|
$req = $this->getMockForAbstractClass( AuthenticationRequest::class );
|
|
|
|
|
$good = StatusValue::newGood();
|
|
|
|
|
|
|
|
|
|
return [
|
|
|
|
|
'Pre-link test fail in pre' => [
|
|
|
|
|
StatusValue::newFatal( 'fail-from-pre' ),
|
|
|
|
|
[],
|
|
|
|
|
[
|
|
|
|
|
AuthenticationResponse::newFail( $this->message( 'fail-from-pre' ) ),
|
|
|
|
|
]
|
|
|
|
|
],
|
|
|
|
|
'Failure in primary' => [
|
|
|
|
|
$good,
|
|
|
|
|
$tmp = [
|
|
|
|
|
AuthenticationResponse::newFail( $this->message( 'fail-from-primary' ) ),
|
|
|
|
|
],
|
|
|
|
|
$tmp
|
|
|
|
|
],
|
|
|
|
|
'All primary abstain' => [
|
|
|
|
|
$good,
|
|
|
|
|
[
|
|
|
|
|
AuthenticationResponse::newAbstain(),
|
|
|
|
|
],
|
|
|
|
|
[
|
|
|
|
|
AuthenticationResponse::newFail( $this->message( 'authmanager-link-no-primary' ) )
|
|
|
|
|
]
|
|
|
|
|
],
|
|
|
|
|
'Primary UI, then redirect, then fail' => [
|
|
|
|
|
$good,
|
|
|
|
|
$tmp = [
|
|
|
|
|
AuthenticationResponse::newUI( [ $req ], $this->message( '...' ) ),
|
|
|
|
|
AuthenticationResponse::newRedirect( [ $req ], '/foo.html', [ 'foo' => 'bar' ] ),
|
|
|
|
|
AuthenticationResponse::newFail( $this->message( 'fail-in-primary-continue' ) ),
|
|
|
|
|
],
|
|
|
|
|
$tmp
|
|
|
|
|
],
|
|
|
|
|
'Primary redirect, then abstain' => [
|
|
|
|
|
$good,
|
|
|
|
|
[
|
|
|
|
|
$tmp = AuthenticationResponse::newRedirect(
|
|
|
|
|
[ $req ], '/foo.html', [ 'foo' => 'bar' ]
|
|
|
|
|
),
|
|
|
|
|
AuthenticationResponse::newAbstain(),
|
|
|
|
|
],
|
|
|
|
|
[
|
|
|
|
|
$tmp,
|
|
|
|
|
new \DomainException(
|
2021-04-16 13:17:10 +00:00
|
|
|
'MockAbstractPrimaryAuthenticationProvider::continuePrimaryAccountLink() returned ABSTAIN'
|
2015-11-22 20:17:00 +00:00
|
|
|
)
|
|
|
|
|
]
|
|
|
|
|
],
|
|
|
|
|
'Primary UI, then pass' => [
|
|
|
|
|
$good,
|
|
|
|
|
[
|
|
|
|
|
$tmp1 = AuthenticationResponse::newUI( [ $req ], $this->message( '...' ) ),
|
|
|
|
|
AuthenticationResponse::newPass(),
|
|
|
|
|
],
|
|
|
|
|
[
|
|
|
|
|
$tmp1,
|
|
|
|
|
AuthenticationResponse::newPass( '' ),
|
|
|
|
|
]
|
|
|
|
|
],
|
|
|
|
|
'Primary pass' => [
|
|
|
|
|
$good,
|
|
|
|
|
[
|
|
|
|
|
AuthenticationResponse::newPass( '' ),
|
|
|
|
|
],
|
|
|
|
|
[
|
|
|
|
|
AuthenticationResponse::newPass( '' ),
|
|
|
|
|
]
|
|
|
|
|
],
|
|
|
|
|
];
|
|
|
|
|
}
|
|
|
|
|
}
|
