Thijs/wiki.techinc.nl
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
wiki.techinc.nl/tests/phpunit/includes/password/UserPasswordPolicyTest.php
Brad Jorsch 27c61fb1e9 Add actor table and code to start using it 
Storing the user name or IP in every row in large tables like revision
and logging takes up space and makes operations on these tables slower.
This patch begins the process of moving those into one "actor" table
which other tables can reference with a single integer field.

A subsequent patch will remove the old columns.

Bug: T167246
Depends-On: I9293fd6e0f958d87e52965de925046f1bb8f8a50
Change-Id: I8d825eb02c69cc66d90bd41325133fd3f99f0226
2018-02-23 10:06:20 -08:00

232 lines
5.5 KiB
PHP
Raw Blame History

<?php
/**
* Testing for password-policy enforcement, based on a user's groups.
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation; either version 2 of the License, or
* (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License along
* with this program; if not, write to the Free Software Foundation, Inc.,
* 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
* http://www.gnu.org/copyleft/gpl.html
*
* @file
*/
/**
* @group Database
* @covers UserPasswordPolicy
*/
class UserPasswordPolicyTest extends MediaWikiTestCase {
protected $tablesUsed = [ 'user', 'user_groups' ];
protected $policies = [
'checkuser' => [
'MinimalPasswordLength' => 10,
'MinimumPasswordLengthToLogin' => 6,
'PasswordCannotMatchUsername' => true,
],
'sysop' => [
'MinimalPasswordLength' => 8,
'MinimumPasswordLengthToLogin' => 1,
'PasswordCannotMatchUsername' => true,
],
'default' => [
'MinimalPasswordLength' => 4,
'MinimumPasswordLengthToLogin' => 1,
'PasswordCannotMatchBlacklist' => true,
'MaximalPasswordLength' => 4096,
],
];
protected $checks = [
'MinimalPasswordLength' => 'PasswordPolicyChecks::checkMinimalPasswordLength',
'MinimumPasswordLengthToLogin' => 'PasswordPolicyChecks::checkMinimumPasswordLengthToLogin',
'PasswordCannotMatchUsername' => 'PasswordPolicyChecks::checkPasswordCannotMatchUsername',
'PasswordCannotMatchBlacklist' => 'PasswordPolicyChecks::checkPasswordCannotMatchBlacklist',
'MaximalPasswordLength' => 'PasswordPolicyChecks::checkMaximalPasswordLength',
];
private function getUserPasswordPolicy() {
return new UserPasswordPolicy( $this->policies, $this->checks );
}
public function testGetPoliciesForUser() {
$upp = $this->getUserPasswordPolicy();
$user = User::newFromName( 'TestUserPolicy' );
$user->addToDatabase();
$user->addGroup( 'sysop' );
$this->assertArrayEquals(
[
'MinimalPasswordLength' => 8,
'MinimumPasswordLengthToLogin' => 1,
'PasswordCannotMatchUsername' => 1,
'PasswordCannotMatchBlacklist' => true,
'MaximalPasswordLength' => 4096,
],
$upp->getPoliciesForUser( $user )
);
}
public function testGetPoliciesForGroups() {
$effective = UserPasswordPolicy::getPoliciesForGroups(
$this->policies,
[ 'user', 'checkuser' ],
$this->policies['default']
);
$this->assertArrayEquals(
[
'MinimalPasswordLength' => 10,
'MinimumPasswordLengthToLogin' => 6,
'PasswordCannotMatchUsername' => true,
'PasswordCannotMatchBlacklist' => true,
'MaximalPasswordLength' => 4096,
],
$effective
);
}
/**
* @dataProvider provideCheckUserPassword
*/
public function testCheckUserPassword( $username, $groups, $password, $valid, $ok, $msg ) {
$upp = $this->getUserPasswordPolicy();
$user = User::newFromName( $username );
$user->addToDatabase();
foreach ( $groups as $group ) {
$user->addGroup( $group );
}
$status = $upp->checkUserPassword( $user, $password );
$this->assertSame( $valid, $status->isGood(), $msg . ' - password valid' );
$this->assertSame( $ok, $status->isOK(), $msg . ' - can login' );
}
public function provideCheckUserPassword() {
return [
[
'PassPolicyUser',
[],
'',
false,
false,
'No groups, default policy, password too short to login'
],
[
'PassPolicyUser',
[ 'user' ],
'aaa',
false,
true,
'Default policy, short password'
],
[
'PassPolicyUser',
[ 'sysop' ],
'abcdabcdabcd',
true,
true,
'Sysop with good password'
],
[
'PassPolicyUser',
[ 'sysop' ],
'abcd',
false,
true,
'Sysop with short password'
],
[
'PassPolicyUser',
[ 'sysop', 'checkuser' ],
'abcdabcd',
false,
true,
'Checkuser with short password'
],
[
'PassPolicyUser',
[ 'sysop', 'checkuser' ],
'abcd',
false,
false,
'Checkuser with too short password to login'
],
[
'Useruser',
[ 'user' ],
'Passpass',
false,
true,
'Username & password on blacklist'
],
];
}
/**
* @dataProvider provideMaxOfPolicies
*/
public function testMaxOfPolicies( $p1, $p2, $max, $msg ) {
$this->assertArrayEquals(
$max,
UserPasswordPolicy::maxOfPolicies( $p1, $p2 ),
$msg
);
}
public function provideMaxOfPolicies() {
return [
[
[ 'MinimalPasswordLength' => 8 ], // p1
[ 'MinimalPasswordLength' => 2 ], // p2
[ 'MinimalPasswordLength' => 8 ], // max
'Basic max in p1'
],
[
[ 'MinimalPasswordLength' => 2 ], // p1
[ 'MinimalPasswordLength' => 8 ], // p2
[ 'MinimalPasswordLength' => 8 ], // max
'Basic max in p2'
],
[
[ 'MinimalPasswordLength' => 8 ], // p1
[
'MinimalPasswordLength' => 2,
'PasswordCannotMatchUsername' => 1,
], // p2
[
'MinimalPasswordLength' => 8,
'PasswordCannotMatchUsername' => 1,
], // max
'Missing items in p1'
],
[
[
'MinimalPasswordLength' => 8,
'PasswordCannotMatchUsername' => 1,
], // p1
[
'MinimalPasswordLength' => 2,
], // p2
[
'MinimalPasswordLength' => 8,
'PasswordCannotMatchUsername' => 1,
], // max
'Missing items in p2'
],
];
}
}
Reference in a new issue View git blame Copy permalink