Thijs/wiki.techinc.nl
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Merge "Move AuthManager::checkAccountCreatePermissions to Authority."

Browse source
This commit is contained in:
jenkins-bot 2021-04-26 21:53:51 +00:00 committed by Gerrit Code Review
commit d47ece1e62
6 changed files with 183 additions and 84 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

35
includes/Permissions/PermissionManager.php
View file

@ -23,6 +23,7 @@ use Action;
use Article;
use Exception;
use MediaWiki\Block\BlockErrorFormatter;
use MediaWiki\Block\DatabaseBlock;
use MediaWiki\Config\ServiceOptions;
use MediaWiki\HookContainer\HookContainer;
use MediaWiki\HookContainer\HookRunner;
@ -702,9 +703,8 @@ class PermissionManager {
$short,
LinkTarget $page
) {
// Account creation blocks handled at userlogin.
// Unblocking handled in SpecialUnblock
if ( $rigor === self::RIGOR_QUICK || in_array( $action, [ 'createaccount', 'unblock' ] ) ) {
if ( $rigor === self::RIGOR_QUICK || in_array( $action, [ 'unblock' ] ) ) {
return $errors;
}
@ -723,6 +723,37 @@ class PermissionManager {
$useReplica = ( $rigor !== self::RIGOR_SECURE );
$block = $user->getBlock( $useReplica );
if ( $action === 'createaccount' ) {
$applicableBlock = null;
if ( $block && $block->appliesToRight( 'createaccount' ) ) {
$applicableBlock = $block;
}
# T15611: if the IP address the user is trying to create an account from is
# blocked with createaccount disabled, prevent new account creation there even
# when the user is logged in
if ( !$this->userHasRight( $user, 'ipblock-exempt' ) ) {
$ipBlock = DatabaseBlock::newFromTarget(
null, $user->getRequest()->getIP()
);
if ( $ipBlock && $ipBlock->appliesToRight( 'createaccount' ) ) {
$applicableBlock = $ipBlock;
}
}
// @todo FIXME: Pass the relevant context into this function.
if ( $applicableBlock ) {
$context = RequestContext::getMain();
$message = $this->blockErrorFormatter->getMessage(
$applicableBlock,
$context->getUser(),
$context->getLanguage(),
$context->getRequest()->getIP()
);
$errors[] = array_merge( [ $message->getKey() ], $message->getParams() );
return $errors;
}
}
// If the user does not have a block, or the block they do have explicitly
// allows the action (like "read" or "upload").
if ( !$block || $block->appliesToRight( $action ) === false ) {

2
includes/api/ApiAMCreateAccount.php
View file

@ -91,7 +91,7 @@ class ApiAMCreateAccount extends ApiBase {
$reqs[] = $req;
}
}
$res = $manager->beginAccountCreation( $this->getUser(), $reqs, $params['returnurl'] );
$res = $manager->beginAccountCreation( $this->getAuthority(), $reqs, $params['returnurl'] );
}
$this->getResult()->addValue( null, 'createaccount',

39
includes/auth/AuthManager.php
View file

@ -29,7 +29,9 @@ use MediaWiki\Block\BlockManager;
use MediaWiki\HookContainer\HookContainer;
use MediaWiki\HookContainer\HookRunner;
use MediaWiki\MediaWikiServices;
use MediaWiki\Permissions\Authority;
use MediaWiki\Permissions\PermissionStatus;
use MediaWiki\User\UserIdentity;
use MediaWiki\User\UserNameUtils;
use MediaWiki\Watchlist\WatchlistManager;
use Psr\Log\LoggerAwareInterface;
@ -1039,10 +1041,10 @@ class AuthManager implements LoggerAwareInterface {
/**
* Basic permissions checks on whether a user can create accounts
* @param User $creator User doing the account creation
* @param Authority $creator User doing the account creation
* @return Status
*/
public function checkAccountCreatePermissions( User $creator ) {
public function checkAccountCreatePermissions( Authority $creator ) {
// Wiki is read-only?
if ( $this->readOnlyMode->isReadOnly() ) {
return Status::newFatal( wfMessage( 'readonlytext', $this->readOnlyMode->getReason() ) );
@ -1058,15 +1060,6 @@ class AuthManager implements LoggerAwareInterface {
}
$ip = $this->getRequest()->getIP();
$block = $creator->isBlockedFromCreateAccount();
if ( $block ) {
$language = \RequestContext::getMain()->getLanguage();
return Status::newFatal(
$this->blockErrorFormatter->getMessage( $block, $creator, $language, $ip )
);
}
if ( $this->blockManager->isDnsBlacklisted( $ip, true /* check $wgProxyWhitelist */ ) ) {
return Status::newFatal( 'sorbs_create_account_reason' );
}
@ -1087,13 +1080,13 @@ class AuthManager implements LoggerAwareInterface {
* should be omitted. If the CreateFromLoginAuthenticationRequest has a
* username set, that username must be used for all other requests.
*
* @param User $creator User doing the account creation
* @param Authority $creator User doing the account creation
* @param AuthenticationRequest[] $reqs
* @param string $returnToUrl Url that REDIRECT responses should eventually
* return to.
* @return AuthenticationResponse
*/
public function beginAccountCreation( User $creator, array $reqs, $returnToUrl ) {
public function beginAccountCreation( Authority $creator, array $reqs, $returnToUrl ) {
$session = $this->request->getSession();
if ( !$this->canCreateAccounts() ) {
// Caller should have called canCreateAccounts()
@ -1116,7 +1109,7 @@ class AuthManager implements LoggerAwareInterface {
if ( !$status->isGood() ) {
$this->logger->debug( __METHOD__ . ': {creator} cannot create users: {reason}', [
'user' => $username,
'creator' => $creator->getName(),
'creator' => $creator->getUser()->getName(),
'reason' => $status->getWikiText( null, null, 'en' )
] );
return AuthenticationResponse::newFail( $status->getMessage() );
@ -1128,7 +1121,7 @@ class AuthManager implements LoggerAwareInterface {
if ( !$status->isGood() ) {
$this->logger->debug( __METHOD__ . ': {user} cannot be created: {reason}', [
'user' => $username,
'creator' => $creator->getName(),
'creator' => $creator->getUser()->getName(),
'reason' => $status->getWikiText( null, null, 'en' )
] );
return AuthenticationResponse::newFail( $status->getMessage() );
@ -1145,7 +1138,7 @@ class AuthManager implements LoggerAwareInterface {
$session->remove( 'AuthManager::accountCreationState' );
$this->logger->debug( __METHOD__ . ': UserData is invalid: {reason}', [
'user' => $user->getName(),
'creator' => $creator->getName(),
'creator' => $creator->getUser()->getName(),
'reason' => $status->getWikiText( null, null, 'en' ),
] );
return AuthenticationResponse::newFail( $status->getMessage() );
@ -1158,8 +1151,8 @@ class AuthManager implements LoggerAwareInterface {
$state = [
'username' => $username,
'userid' => 0,
'creatorid' => $creator->getId(),
'creatorname' => $creator->getName(),
'creatorid' => $creator->getUser()->getId(),
'creatorname' => $creator->getUser()->getName(),
'reqs' => $reqs,
'returnToUrl' => $returnToUrl,
'primary' => null,
@ -2066,10 +2059,10 @@ class AuthManager implements LoggerAwareInterface {
* - ACTION_UNLINK: Same as ACTION_REMOVE, but limited to linked accounts.
*
* @param string $action One of the AuthManager::ACTION_* constants
* @param User|null $user User being acted on, instead of the current user.
* @param UserIdentity|null $user User being acted on, instead of the current user.
* @return AuthenticationRequest[]
*/
public function getAuthenticationRequests( $action, User $user = null ) {
public function getAuthenticationRequests( $action, UserIdentity $user = null ) {
$options = [];
$providerAction = $action;
@ -2136,14 +2129,14 @@ class AuthManager implements LoggerAwareInterface {
* @param string $providerAction Action to pass to providers
* @param array $options Options to pass to providers
* @param AuthenticationProvider[] $providers
* @param User|null $user
* @param UserIdentity|null $user being acted on
* @return AuthenticationRequest[]
*/
private function getAuthenticationRequestsInternal(
$providerAction, array $options, array $providers, User $user = null
$providerAction, array $options, array $providers, UserIdentity $user = null
) {
$user = $user ?: \RequestContext::getMain()->getUser();
$options['username'] = $user->isAnon() ? null : $user->getName();
$options['username'] = $user->isRegistered() ? $user->getName() : null;
// Query them and merge results
$reqs = [];

2
includes/specialpage/AuthManagerSpecialPage.php
View file

@ -373,7 +373,7 @@ abstract class AuthManagerSpecialPage extends SpecialPage {
case AuthManager::ACTION_LOGIN_CONTINUE:
return $authManager->continueAuthentication( $requests );
case AuthManager::ACTION_CREATE:
return $authManager->beginAccountCreation( $this->getUser(), $requests,
return $authManager->beginAccountCreation( $this->getAuthority(), $requests,
$returnToUrl );
case AuthManager::ACTION_CREATE_CONTINUE:
return $authManager->continueAccountCreation( $requests );

1
includes/user/User.php
View file

@ -3671,6 +3671,7 @@ class User implements Authority, IDBAccessObject, UserIdentity, UserEmailContact
/**
* Get whether the user is explicitly blocked from account creation.
* @deprecated since 1.37. Instead use Authority::authorize* for createaccount permission.
* @return bool|AbstractBlock
*/
public function isBlockedFromCreateAccount() {

188
tests/phpunit/includes/auth/AuthManagerTest.php
View file

@ -24,6 +24,7 @@ use Psr\Container\ContainerInterface;
use Psr\Log\LoggerInterface;
use Psr\Log\LogLevel;
use ReadOnlyMode;
use Status;
use StatusValue;
use WebRequest;
use Wikimedia\ObjectFactory;
@ -74,6 +75,11 @@ class AuthManagerTest extends \MediaWikiIntegrationTestCase {
/** @var WatchlistManager */
private $watchlistManager;
protected function setUp(): void {
parent::setUp();
$this->tablesUsed[] = 'ipblocks';
}
/**
* Sets a mock on a hook
* @param string $hook
@ -1403,7 +1409,7 @@ class AuthManagerTest extends \MediaWikiIntegrationTestCase {
}
public static function provideAllowsAuthenticationDataChange() {
$ignored = \Status::newGood( 'ignored' );
$ignored = Status::newGood( 'ignored' );
$ignored->warning( 'authmanager-change-not-supported' );
$okFromPrimary = StatusValue::newGood();
@ -1417,17 +1423,17 @@ class AuthManagerTest extends \MediaWikiIntegrationTestCase {
[
StatusValue::newGood(),
StatusValue::newGood(),
\Status::newGood(),
Status::newGood(),
],
[
StatusValue::newGood(),
StatusValue::newGood( 'ignore' ),
\Status::newGood(),
Status::newGood(),
],
[
StatusValue::newGood( 'ignored' ),
StatusValue::newGood(),
\Status::newGood(),
Status::newGood(),
],
[
StatusValue::newGood( 'ignored' ),
@ -1437,27 +1443,27 @@ class AuthManagerTest extends \MediaWikiIntegrationTestCase {
[
StatusValue::newFatal( 'fail from primary' ),
StatusValue::newGood(),
\Status::newFatal( 'fail from primary' ),
Status::newFatal( 'fail from primary' ),
],
[
$okFromPrimary,
StatusValue::newGood(),
\Status::wrap( $okFromPrimary ),
Status::wrap( $okFromPrimary ),
],
[
StatusValue::newGood(),
StatusValue::newFatal( 'fail from secondary' ),
\Status::newFatal( 'fail from secondary' ),
Status::newFatal( 'fail from secondary' ),
],
[
StatusValue::newGood(),
$okFromSecondary,
\Status::wrap( $okFromSecondary ),
Status::wrap( $okFromSecondary ),
],
[
StatusValue::newGood(),
$throttledMailPassword,
\Status::newGood( 'throttled-mailpassword' ),
Status::newGood( 'throttled-mailpassword' ),
]
];
}
@ -1502,30 +1508,48 @@ class AuthManagerTest extends \MediaWikiIntegrationTestCase {
}
}
public function testCheckAccountCreatePermissions() {
$this->initializeManager( true );
/**
* @covers \MediaWiki\Auth\AuthManager::checkAccountCreatePermissions()
*/
public function testCheckAccountCreatePermissions_anon() {
$this->setGroupPermissions( '*', 'createaccount', true );
$this->initializeManager( true );
$this->assertEquals(
\Status::newGood(),
Status::newGood(),
$this->manager->checkAccountCreatePermissions( new \User )
);
}
$readOnlyMode = \MediaWiki\MediaWikiServices::getInstance()->getReadOnlyMode();
$readOnlyMode->setReason( 'Because' );
$this->assertEquals(
\Status::newFatal( wfMessage( 'readonlytext', 'Because' ) ),
$this->manager->checkAccountCreatePermissions( new \User )
);
$readOnlyMode->setReason( false );
/**
* @covers \MediaWiki\Auth\AuthManager::checkAccountCreatePermissions()
*/
public function testCheckAccountCreatePermissions_anonNotAllowed() {
$this->setGroupPermissions( '*', 'createaccount', false );
$this->initializeManager( true );
$status = $this->manager->checkAccountCreatePermissions( new \User );
$this->assertFalse( $status->isOK() );
$this->assertTrue( $status->hasMessage( 'badaccess-groups' ) );
$this->setGroupPermissions( '*', 'createaccount', true );
}
/**
* @covers \MediaWiki\Auth\AuthManager::checkAccountCreatePermissions()
*/
public function testCheckAccountCreatePermissions_readOnly() {
$this->initializeManager( true );
$readOnlyMode = $this->getServiceContainer()->getReadOnlyMode();
$readOnlyMode->setReason( 'Because' );
$this->assertEquals(
Status::newFatal( wfMessage( 'readonlytext', 'Because' ) ),
$this->manager->checkAccountCreatePermissions( new \User )
);
$readOnlyMode->setReason( false );
}
/**
* @covers \MediaWiki\Auth\AuthManager::checkAccountCreatePermissions()
* @covers \MediaWiki\Permissions\PermissionManager::checkUserBlock()
*/
public function testCheckAccountCreatePermissions_blocked() {
$this->initializeManager( true );
$user = \User::newFromName( 'UTBlockee' );
@ -1534,12 +1558,7 @@ class AuthManagerTest extends \MediaWikiIntegrationTestCase {
\TestUser::setPasswordForUser( $user, 'UTBlockeePassword' );
$user->saveSettings();
}
$blockStore = MediaWikiServices::getInstance()->getDatabaseBlockStore();
$oldBlock = DatabaseBlock::newFromTarget( 'UTBlockee' );
if ( $oldBlock ) {
// An old block will prevent our new one from saving.
$blockStore->deleteBlock( $oldBlock );
}
$blockStore = $this->getServiceContainer()->getDatabaseBlockStore();
$blockOptions = [
'address' => 'UTBlockee',
'user' => $user->getId(),
@ -1555,7 +1574,16 @@ class AuthManagerTest extends \MediaWikiIntegrationTestCase {
$status = $this->manager->checkAccountCreatePermissions( $user );
$this->assertFalse( $status->isOK() );
$this->assertTrue( $status->hasMessage( 'blockedtext' ) );
}
/**
* @covers \MediaWiki\Auth\AuthManager::checkAccountCreatePermissions()
* @covers \MediaWiki\Permissions\PermissionManager::checkUserBlock()
*/
public function testCheckAccountCreatePermissions_ipBlocked() {
$this->setGroupPermissions( '*', 'createaccount', true );
$this->initializeManager( true );
$blockStore = $this->getServiceContainer()->getDatabaseBlockStore();
$blockOptions = [
'address' => '127.0.0.0/24',
'by' => $this->getTestSysop()->getUser()->getId(),
@ -1566,12 +1594,15 @@ class AuthManagerTest extends \MediaWikiIntegrationTestCase {
];
$block = new DatabaseBlock( $blockOptions );
$blockStore->insertBlock( $block );
$scopeVariable = new ScopedCallback( [ $block, 'delete' ] );
$status = $this->manager->checkAccountCreatePermissions( new \User );
$this->assertFalse( $status->isOK() );
$this->assertTrue( $status->hasMessage( 'blockedtext-partial' ) );
ScopedCallback::consume( $scopeVariable );
}
/**
* @covers \MediaWiki\Auth\AuthManager::checkAccountCreatePermissions()
*/
public function testCheckAccountCreatePermissions_DNSBlacklist() {
$this->setMwGlobals( [
'wgEnableDnsBlacklist' => true,
'wgDnsBlacklistUrls' => [
@ -1589,6 +1620,49 @@ class AuthManagerTest extends \MediaWikiIntegrationTestCase {
$this->assertTrue( $status->isGood() );
}
/**
* @covers \MediaWiki\Auth\AuthManager::checkAccountCreatePermissions()
* @covers \MediaWiki\Permissions\PermissionManager::checkUserBlock()
*/
public function testCheckAccountCreatePermissions_ipIsBlockedByUserNot() {
$this->initializeManager( true );
$user = \User::newFromName( 'UTBlockee' );
if ( $user->getId() == 0 ) {
$user->addToDatabase();
\TestUser::setPasswordForUser( $user, 'UTBlockeePassword' );
$user->saveSettings();
}
$blockStore = $this->getServiceContainer()->getDatabaseBlockStore();
$blockOptions = [
'address' => 'UTBlockee',
'user' => $user->getId(),
'by' => $this->getTestSysop()->getUser()->getId(),
'reason' => __METHOD__,
'expiry' => time() + 100500,
'createAccount' => false,
];
$block = new DatabaseBlock( $blockOptions );
$blockStore->insertBlock( $block );
$blockOptions = [
'address' => '127.0.0.0/24',
'by' => $this->getTestSysop()->getUser()->getId(),
'reason' => __METHOD__,
'expiry' => time() + 100500,
'createAccount' => true,
'sitewide' => false,
];
$block = new DatabaseBlock( $blockOptions );
$blockStore->insertBlock( $block );
$this->resetServices();
$this->initializeManager( true );
$status = $this->manager->checkAccountCreatePermissions( $user );
$this->assertFalse( $status->isOK() );
$this->assertTrue( $status->hasMessage( 'blockedtext-partial' ) );
}
/**
* @param string $uniq
* @return string
@ -1606,7 +1680,7 @@ class AuthManagerTest extends \MediaWikiIntegrationTestCase {
$this->initializeManager();
$this->assertEquals(
\Status::newFatal( 'authmanager-create-disabled' ),
Status::newFatal( 'authmanager-create-disabled' ),
$this->manager->canCreateAccount( $username )
);
@ -1621,7 +1695,7 @@ class AuthManagerTest extends \MediaWikiIntegrationTestCase {
$this->initializeManager( true );
$this->assertEquals(
\Status::newFatal( 'userexists' ),
Status::newFatal( 'userexists' ),
$this->manager->canCreateAccount( $username )
);
@ -1636,17 +1710,17 @@ class AuthManagerTest extends \MediaWikiIntegrationTestCase {
$this->initializeManager( true );
$this->assertEquals(
\Status::newFatal( 'noname' ),
Status::newFatal( 'noname' ),
$this->manager->canCreateAccount( $username . '<>' )
);
$this->assertEquals(
\Status::newFatal( 'userexists' ),
Status::newFatal( 'userexists' ),
$this->manager->canCreateAccount( 'UTSysop' )
);
$this->assertEquals(
\Status::newGood(),
Status::newGood(),
$this->manager->canCreateAccount( $username )
);
@ -1661,7 +1735,7 @@ class AuthManagerTest extends \MediaWikiIntegrationTestCase {
$this->initializeManager( true );
$this->assertEquals(
\Status::newFatal( 'fail' ),
Status::newFatal( 'fail' ),
$this->manager->canCreateAccount( $username )
);
}
@ -2559,7 +2633,7 @@ class AuthManagerTest extends \MediaWikiIntegrationTestCase {
$this->hook( 'LocalUserCreated', LocalUserCreatedHook::class, $this->never() );
$ret = $this->manager->autoCreateUser( $user, AuthManager::AUTOCREATE_SOURCE_SESSION, true, true );
$this->unhook( 'LocalUserCreated' );
$expect = \Status::newGood();
$expect = Status::newGood();
$expect->warning( 'userexists' );
$this->assertEquals( $expect, $ret );
$this->assertNotEquals( 0, $user->getId() );
@ -2575,7 +2649,7 @@ class AuthManagerTest extends \MediaWikiIntegrationTestCase {
$this->hook( 'LocalUserCreated', LocalUserCreatedHook::class, $this->never() );
$ret = $this->manager->autoCreateUser( $user, AuthManager::AUTOCREATE_SOURCE_SESSION, false, true );
$this->unhook( 'LocalUserCreated' );
$expect = \Status::newGood();
$expect = Status::newGood();
$expect->warning( 'userexists' );
$this->assertEquals( $expect, $ret );
$this->assertNotEquals( 0, $user->getId() );
@ -2594,7 +2668,7 @@ class AuthManagerTest extends \MediaWikiIntegrationTestCase {
$user = \User::newFromName( $username );
$ret = $this->manager->autoCreateUser( $user, AuthManager::AUTOCREATE_SOURCE_SESSION, true, true );
$this->unhook( 'LocalUserCreated' );
$this->assertEquals( \Status::newFatal( wfMessage( 'readonlytext', 'Because' ) ), $ret );
$this->assertEquals( Status::newFatal( wfMessage( 'readonlytext', 'Because' ) ), $ret );
$this->assertSame( 0, $user->getId() );
$this->assertNotEquals( $username, $user->getName() );
$this->assertSame( 0, $session->getUser()->getId() );
@ -2611,7 +2685,7 @@ class AuthManagerTest extends \MediaWikiIntegrationTestCase {
$this->hook( 'LocalUserCreated', LocalUserCreatedHook::class, $this->never() );
$ret = $this->manager->autoCreateUser( $user, AuthManager::AUTOCREATE_SOURCE_SESSION, true, true );
$this->unhook( 'LocalUserCreated' );
$this->assertEquals( \Status::newFatal( 'test' ), $ret );
$this->assertEquals( Status::newFatal( 'test' ), $ret );
$this->assertSame( 0, $user->getId() );
$this->assertNotEquals( $username, $user->getName() );
$this->assertSame( 0, $session->getUser()->getId() );
@ -2626,7 +2700,7 @@ class AuthManagerTest extends \MediaWikiIntegrationTestCase {
$this->hook( 'LocalUserCreated', LocalUserCreatedHook::class, $this->never() );
$ret = $this->manager->autoCreateUser( $user, AuthManager::AUTOCREATE_SOURCE_SESSION, true, true );
$this->unhook( 'LocalUserCreated' );
$this->assertEquals( \Status::newFatal( 'test2' ), $ret );
$this->assertEquals( Status::newFatal( 'test2' ), $ret );
$this->assertSame( 0, $user->getId() );
$this->assertNotEquals( $username, $user->getName() );
$this->assertSame( 0, $session->getUser()->getId() );
@ -2641,7 +2715,7 @@ class AuthManagerTest extends \MediaWikiIntegrationTestCase {
$this->hook( 'LocalUserCreated', LocalUserCreatedHook::class, $this->never() );
$ret = $this->manager->autoCreateUser( $user, AuthManager::AUTOCREATE_SOURCE_SESSION, true, true );
$this->unhook( 'LocalUserCreated' );
$this->assertEquals( \Status::newFatal( 'noname' ), $ret );
$this->assertEquals( Status::newFatal( 'noname' ), $ret );
$this->assertSame( 0, $user->getId() );
$this->assertNotEquals( $username . '@', $user->getId() );
$this->assertSame( 0, $session->getUser()->getId() );
@ -2660,7 +2734,7 @@ class AuthManagerTest extends \MediaWikiIntegrationTestCase {
$this->hook( 'LocalUserCreated', LocalUserCreatedHook::class, $this->never() );
$ret = $this->manager->autoCreateUser( $user, AuthManager::AUTOCREATE_SOURCE_SESSION, true, true );
$this->unhook( 'LocalUserCreated' );
$this->assertEquals( \Status::newFatal( 'authmanager-autocreate-noperm' ), $ret );
$this->assertEquals( Status::newFatal( 'authmanager-autocreate-noperm' ), $ret );
$this->assertSame( 0, $user->getId() );
$this->assertNotEquals( $username, $user->getName() );
$this->assertSame( 0, $session->getUser()->getId() );
@ -2682,7 +2756,7 @@ class AuthManagerTest extends \MediaWikiIntegrationTestCase {
$this->hook( 'LocalUserCreated', LocalUserCreatedHook::class, $this->never() );
$ret = $this->manager->autoCreateUser( $user, AuthManager::AUTOCREATE_SOURCE_MAINT, true, false );
$this->unhook( 'LocalUserCreated' );
$this->assertEquals( \Status::newFatal( 'ok' ), $ret );
$this->assertEquals( Status::newFatal( 'ok' ), $ret );
// Test that both permutations of permissions are allowed
// (this hits the two "ok" entries in $mocks['pre'])
@ -2695,7 +2769,7 @@ class AuthManagerTest extends \MediaWikiIntegrationTestCase {
$this->hook( 'LocalUserCreated', LocalUserCreatedHook::class, $this->never() );
$ret = $this->manager->autoCreateUser( $user, AuthManager::AUTOCREATE_SOURCE_SESSION, true, true );
$this->unhook( 'LocalUserCreated' );
$this->assertEquals( \Status::newFatal( 'ok' ), $ret );
$this->assertEquals( Status::newFatal( 'ok' ), $ret );
$this->setGroupPermissions( '*', 'createaccount', true );
$this->setGroupPermissions( '*', 'autocreateaccount', false );
@ -2705,7 +2779,7 @@ class AuthManagerTest extends \MediaWikiIntegrationTestCase {
$this->hook( 'LocalUserCreated', LocalUserCreatedHook::class, $this->never() );
$ret = $this->manager->autoCreateUser( $user, AuthManager::AUTOCREATE_SOURCE_SESSION, true, true );
$this->unhook( 'LocalUserCreated' );
$this->assertEquals( \Status::newFatal( 'ok' ), $ret );
$this->assertEquals( Status::newFatal( 'ok' ), $ret );
$logger->clearBuffer();
// Test lock fail
@ -2717,7 +2791,7 @@ class AuthManagerTest extends \MediaWikiIntegrationTestCase {
$ret = $this->manager->autoCreateUser( $user, AuthManager::AUTOCREATE_SOURCE_SESSION, true, true );
unset( $lock );
$this->unhook( 'LocalUserCreated' );
$this->assertEquals( \Status::newFatal( 'usernameinprogress' ), $ret );
$this->assertEquals( Status::newFatal( 'usernameinprogress' ), $ret );
$this->assertSame( 0, $user->getId() );
$this->assertNotEquals( $username, $user->getName() );
$this->assertSame( 0, $session->getUser()->getId() );
@ -2732,7 +2806,7 @@ class AuthManagerTest extends \MediaWikiIntegrationTestCase {
$this->hook( 'LocalUserCreated', LocalUserCreatedHook::class, $this->never() );
$ret = $this->manager->autoCreateUser( $user, AuthManager::AUTOCREATE_SOURCE_SESSION, true, true );
$this->unhook( 'LocalUserCreated' );
$this->assertEquals( \Status::newFatal( 'fail-in-pre' ), $ret );
$this->assertEquals( Status::newFatal( 'fail-in-pre' ), $ret );
$this->assertSame( 0, $user->getId() );
$this->assertNotEquals( $username, $user->getName() );
$this->assertSame( 0, $session->getUser()->getId() );
@ -2749,7 +2823,7 @@ class AuthManagerTest extends \MediaWikiIntegrationTestCase {
$this->hook( 'LocalUserCreated', LocalUserCreatedHook::class, $this->never() );
$ret = $this->manager->autoCreateUser( $user, AuthManager::AUTOCREATE_SOURCE_SESSION, true, true );
$this->unhook( 'LocalUserCreated' );
$this->assertEquals( \Status::newFatal( 'fail-in-primary' ), $ret );
$this->assertEquals( Status::newFatal( 'fail-in-primary' ), $ret );
$this->assertSame( 0, $user->getId() );
$this->assertNotEquals( $username, $user->getName() );
$this->assertSame( 0, $session->getUser()->getId() );
@ -2766,7 +2840,7 @@ class AuthManagerTest extends \MediaWikiIntegrationTestCase {
$this->hook( 'LocalUserCreated', LocalUserCreatedHook::class, $this->never() );
$ret = $this->manager->autoCreateUser( $user, AuthManager::AUTOCREATE_SOURCE_SESSION, true, true );
$this->unhook( 'LocalUserCreated' );
$this->assertEquals( \Status::newFatal( 'fail-in-secondary' ), $ret );
$this->assertEquals( Status::newFatal( 'fail-in-secondary' ), $ret );
$this->assertSame( 0, $user->getId() );
$this->assertNotEquals( $username, $user->getName() );
$this->assertSame( 0, $session->getUser()->getId() );
@ -2787,7 +2861,7 @@ class AuthManagerTest extends \MediaWikiIntegrationTestCase {
$this->hook( 'LocalUserCreated', LocalUserCreatedHook::class, $this->never() );
$ret = $this->manager->autoCreateUser( $user, AuthManager::AUTOCREATE_SOURCE_SESSION, true, true );
$this->unhook( 'LocalUserCreated' );
$this->assertEquals( \Status::newFatal( 'authmanager-autocreate-exception' ), $ret );
$this->assertEquals( Status::newFatal( 'authmanager-autocreate-exception' ), $ret );
$this->assertSame( 0, $user->getId() );
$this->assertNotEquals( $username, $user->getName() );
$this->assertSame( 0, $session->getUser()->getId() );
@ -2806,7 +2880,7 @@ class AuthManagerTest extends \MediaWikiIntegrationTestCase {
->willReturn( \Status::newFatal( 'because' ) );
$user->setName( $username );
$ret = $this->manager->autoCreateUser( $user, AuthManager::AUTOCREATE_SOURCE_SESSION, true, true );
$this->assertEquals( \Status::newFatal( 'because' ), $ret );
$this->assertEquals( Status::newFatal( 'because' ), $ret );
$this->assertSame( 0, $user->getId() );
$this->assertNotEquals( $username, $user->getName() );
$this->assertSame( 0, $session->getUser()->getId() );
@ -2854,11 +2928,11 @@ class AuthManagerTest extends \MediaWikiIntegrationTestCase {
$status = $oldUser->addToDatabase();
$this->assertTrue( $status->isOK(), 'sanity check' );
$user->setId( $oldUser->getId() );
return \Status::newFatal( 'userexists' );
return Status::newFatal( 'userexists' );
} ) );
$user->setName( $username );
$ret = $this->manager->autoCreateUser( $user, AuthManager::AUTOCREATE_SOURCE_SESSION, true, true );
$expect = \Status::newGood();
$expect = Status::newGood();
$expect->warning( 'userexists' );
$this->assertEquals( $expect, $ret );
$this->assertNotEquals( 0, $user->getId() );
@ -2879,7 +2953,7 @@ class AuthManagerTest extends \MediaWikiIntegrationTestCase {
->with( $callback, true );
$ret = $this->manager->autoCreateUser( $user, AuthManager::AUTOCREATE_SOURCE_SESSION, true, true );
$this->unhook( 'LocalUserCreated' );
$this->assertEquals( \Status::newGood(), $ret );
$this->assertEquals( Status::newGood(), $ret );
$this->assertNotEquals( 0, $user->getId() );
$this->assertEquals( $username, $user->getName() );
$this->assertEquals( $user->getId(), $session->getUser()->getId() );
@ -2897,7 +2971,7 @@ class AuthManagerTest extends \MediaWikiIntegrationTestCase {
->with( $callback, true );
$ret = $this->manager->autoCreateUser( $user, AuthManager::AUTOCREATE_SOURCE_SESSION, false, true );
$this->unhook( 'LocalUserCreated' );
$this->assertEquals( \Status::newGood(), $ret );
$this->assertEquals( Status::newGood(), $ret );
$this->assertNotEquals( 0, $user->getId() );
$this->assertEquals( $username, $user->getName() );
$this->assertSame( 0, $session->getUser()->getId() );
@ -2915,7 +2989,7 @@ class AuthManagerTest extends \MediaWikiIntegrationTestCase {
$username = self::usernameForCreation();
$user = \User::newFromName( $username );
$ret = $this->manager->autoCreateUser( $user, AuthManager::AUTOCREATE_SOURCE_SESSION, false, true );
$this->assertEquals( \Status::newGood(), $ret );
$this->assertEquals( Status::newGood(), $ret );
$logger->clearBuffer();
$data = \DatabaseLogEntry::getSelectQueryData();