e638075936
The unit tests spend nearly half of their run time resetting the user table for each test. But the majority of tests do not depend on the user table having the exact value that the setup code resets it to, and do not need to modify the user objects they require to run. Fix that by providing an API for tests to get User objects, and to indicate whether the User object will be subject to destructive modification or not. This allows User objects to be reused across multiple unit tests. Change-Id: I17ef1f519759c5e7796c259282afe730ef722e96
660 lines
21 KiB
PHP
660 lines
21 KiB
PHP
<?php
|
|
|
|
namespace MediaWiki\Auth;
|
|
|
|
/**
|
|
* @group AuthManager
|
|
* @group Database
|
|
* @covers MediaWiki\Auth\LocalPasswordPrimaryAuthenticationProvider
|
|
*/
|
|
class LocalPasswordPrimaryAuthenticationProviderTest extends \MediaWikiTestCase {
|
|
|
|
private $manager = null;
|
|
private $config = null;
|
|
private $validity = null;
|
|
|
|
protected function setUp() {
|
|
global $wgDisableAuthManager;
|
|
|
|
parent::setUp();
|
|
if ( $wgDisableAuthManager ) {
|
|
$this->markTestSkipped( '$wgDisableAuthManager is set' );
|
|
}
|
|
}
|
|
|
|
/**
|
|
* Get an instance of the provider
|
|
*
|
|
* $provider->checkPasswordValidity is mocked to return $this->validity,
|
|
* because we don't need to test that here.
|
|
*
|
|
* @param bool $loginOnly
|
|
* @return LocalPasswordPrimaryAuthenticationProvider
|
|
*/
|
|
protected function getProvider( $loginOnly = false ) {
|
|
if ( !$this->config ) {
|
|
$this->config = new \HashConfig();
|
|
}
|
|
$config = new \MultiConfig( [
|
|
$this->config,
|
|
\ConfigFactory::getDefaultInstance()->makeConfig( 'main' )
|
|
] );
|
|
|
|
if ( !$this->manager ) {
|
|
$this->manager = new AuthManager( new \FauxRequest(), $config );
|
|
}
|
|
$this->validity = \Status::newGood();
|
|
|
|
$provider = $this->getMock(
|
|
LocalPasswordPrimaryAuthenticationProvider::class,
|
|
[ 'checkPasswordValidity' ],
|
|
[ [ 'loginOnly' => $loginOnly ] ]
|
|
);
|
|
$provider->expects( $this->any() )->method( 'checkPasswordValidity' )
|
|
->will( $this->returnCallback( function () {
|
|
return $this->validity;
|
|
} ) );
|
|
$provider->setConfig( $config );
|
|
$provider->setLogger( new \Psr\Log\NullLogger() );
|
|
$provider->setManager( $this->manager );
|
|
|
|
return $provider;
|
|
}
|
|
|
|
public function testBasics() {
|
|
$user = $this->getMutableTestUser()->getUser();
|
|
$userName = $user->getName();
|
|
$lowerInitialUserName = mb_strtolower( $userName[0] ) . substr( $userName, 1 );
|
|
|
|
$provider = new LocalPasswordPrimaryAuthenticationProvider();
|
|
|
|
$this->assertSame(
|
|
PrimaryAuthenticationProvider::TYPE_CREATE,
|
|
$provider->accountCreationType()
|
|
);
|
|
|
|
$this->assertTrue( $provider->testUserExists( $userName ) );
|
|
$this->assertTrue( $provider->testUserExists( $lowerInitialUserName ) );
|
|
$this->assertFalse( $provider->testUserExists( 'DoesNotExist' ) );
|
|
$this->assertFalse( $provider->testUserExists( '<invalid>' ) );
|
|
|
|
$provider = new LocalPasswordPrimaryAuthenticationProvider( [ 'loginOnly' => true ] );
|
|
|
|
$this->assertSame(
|
|
PrimaryAuthenticationProvider::TYPE_NONE,
|
|
$provider->accountCreationType()
|
|
);
|
|
|
|
$this->assertTrue( $provider->testUserExists( $userName ) );
|
|
$this->assertFalse( $provider->testUserExists( 'DoesNotExist' ) );
|
|
|
|
$req = new PasswordAuthenticationRequest;
|
|
$req->action = AuthManager::ACTION_CHANGE;
|
|
$req->username = '<invalid>';
|
|
$provider->providerChangeAuthenticationData( $req );
|
|
}
|
|
|
|
public function testTestUserCanAuthenticate() {
|
|
$user = $this->getMutableTestUser()->getUser();
|
|
$userName = $user->getName();
|
|
$dbw = wfGetDB( DB_MASTER );
|
|
|
|
$provider = $this->getProvider();
|
|
|
|
$this->assertFalse( $provider->testUserCanAuthenticate( '<invalid>' ) );
|
|
|
|
$this->assertFalse( $provider->testUserCanAuthenticate( 'DoesNotExist' ) );
|
|
|
|
$this->assertTrue( $provider->testUserCanAuthenticate( $userName ) );
|
|
$lowerInitialUserName = mb_strtolower( $userName[0] ) . substr( $userName, 1 );
|
|
$this->assertTrue( $provider->testUserCanAuthenticate( $lowerInitialUserName ) );
|
|
|
|
$dbw->update(
|
|
'user',
|
|
[ 'user_password' => \PasswordFactory::newInvalidPassword()->toString() ],
|
|
[ 'user_name' => $userName ]
|
|
);
|
|
$this->assertFalse( $provider->testUserCanAuthenticate( $userName ) );
|
|
|
|
// Really old format
|
|
$dbw->update(
|
|
'user',
|
|
[ 'user_password' => '0123456789abcdef0123456789abcdef' ],
|
|
[ 'user_name' => $userName ]
|
|
);
|
|
$this->assertTrue( $provider->testUserCanAuthenticate( $userName ) );
|
|
}
|
|
|
|
public function testSetPasswordResetFlag() {
|
|
// Set instance vars
|
|
$this->getProvider();
|
|
|
|
/// @todo: Because we're currently using User, which uses the global config...
|
|
$this->setMwGlobals( [ 'wgPasswordExpireGrace' => 100 ] );
|
|
|
|
$this->config->set( 'PasswordExpireGrace', 100 );
|
|
$this->config->set( 'InvalidPasswordReset', true );
|
|
|
|
$provider = new LocalPasswordPrimaryAuthenticationProvider();
|
|
$provider->setConfig( $this->config );
|
|
$provider->setLogger( new \Psr\Log\NullLogger() );
|
|
$provider->setManager( $this->manager );
|
|
$providerPriv = \TestingAccessWrapper::newFromObject( $provider );
|
|
|
|
$user = $this->getMutableTestUser()->getUser();
|
|
$userName = $user->getName();
|
|
$dbw = wfGetDB( DB_MASTER );
|
|
$row = $dbw->selectRow(
|
|
'user',
|
|
'*',
|
|
[ 'user_name' => $userName ],
|
|
__METHOD__
|
|
);
|
|
|
|
$this->manager->removeAuthenticationSessionData( null );
|
|
$row->user_password_expires = wfTimestamp( TS_MW, time() + 200 );
|
|
$providerPriv->setPasswordResetFlag( $userName, \Status::newGood(), $row );
|
|
$this->assertNull( $this->manager->getAuthenticationSessionData( 'reset-pass' ) );
|
|
|
|
$this->manager->removeAuthenticationSessionData( null );
|
|
$row->user_password_expires = wfTimestamp( TS_MW, time() - 200 );
|
|
$providerPriv->setPasswordResetFlag( $userName, \Status::newGood(), $row );
|
|
$ret = $this->manager->getAuthenticationSessionData( 'reset-pass' );
|
|
$this->assertNotNull( $ret );
|
|
$this->assertSame( 'resetpass-expired', $ret->msg->getKey() );
|
|
$this->assertTrue( $ret->hard );
|
|
|
|
$this->manager->removeAuthenticationSessionData( null );
|
|
$row->user_password_expires = wfTimestamp( TS_MW, time() - 1 );
|
|
$providerPriv->setPasswordResetFlag( $userName, \Status::newGood(), $row );
|
|
$ret = $this->manager->getAuthenticationSessionData( 'reset-pass' );
|
|
$this->assertNotNull( $ret );
|
|
$this->assertSame( 'resetpass-expired-soft', $ret->msg->getKey() );
|
|
$this->assertFalse( $ret->hard );
|
|
|
|
$this->manager->removeAuthenticationSessionData( null );
|
|
$row->user_password_expires = null;
|
|
$status = \Status::newGood();
|
|
$status->error( 'testing' );
|
|
$providerPriv->setPasswordResetFlag( $userName, $status, $row );
|
|
$ret = $this->manager->getAuthenticationSessionData( 'reset-pass' );
|
|
$this->assertNotNull( $ret );
|
|
$this->assertSame( 'resetpass-validity-soft', $ret->msg->getKey() );
|
|
$this->assertFalse( $ret->hard );
|
|
}
|
|
|
|
public function testAuthentication() {
|
|
$testUser = $this->getMutableTestUser();
|
|
$userName = $testUser->getUser()->getName();
|
|
|
|
$dbw = wfGetDB( DB_MASTER );
|
|
$id = \User::idFromName( $userName );
|
|
|
|
$req = new PasswordAuthenticationRequest();
|
|
$req->action = AuthManager::ACTION_LOGIN;
|
|
$reqs = [ PasswordAuthenticationRequest::class => $req ];
|
|
|
|
$provider = $this->getProvider();
|
|
|
|
// General failures
|
|
$this->assertEquals(
|
|
AuthenticationResponse::newAbstain(),
|
|
$provider->beginPrimaryAuthentication( [] )
|
|
);
|
|
|
|
$req->username = 'foo';
|
|
$req->password = null;
|
|
$this->assertEquals(
|
|
AuthenticationResponse::newAbstain(),
|
|
$provider->beginPrimaryAuthentication( $reqs )
|
|
);
|
|
|
|
$req->username = null;
|
|
$req->password = 'bar';
|
|
$this->assertEquals(
|
|
AuthenticationResponse::newAbstain(),
|
|
$provider->beginPrimaryAuthentication( $reqs )
|
|
);
|
|
|
|
$req->username = '<invalid>';
|
|
$req->password = 'WhoCares';
|
|
$ret = $provider->beginPrimaryAuthentication( $reqs );
|
|
$this->assertEquals(
|
|
AuthenticationResponse::newAbstain(),
|
|
$provider->beginPrimaryAuthentication( $reqs )
|
|
);
|
|
|
|
$req->username = 'DoesNotExist';
|
|
$req->password = 'DoesNotExist';
|
|
$ret = $provider->beginPrimaryAuthentication( $reqs );
|
|
$this->assertEquals(
|
|
AuthenticationResponse::newAbstain(),
|
|
$provider->beginPrimaryAuthentication( $reqs )
|
|
);
|
|
|
|
// Validation failure
|
|
$req->username = $userName;
|
|
$req->password = $testUser->getPassword();
|
|
$this->validity = \Status::newFatal( 'arbitrary-failure' );
|
|
$ret = $provider->beginPrimaryAuthentication( $reqs );
|
|
$this->assertEquals(
|
|
AuthenticationResponse::FAIL,
|
|
$ret->status
|
|
);
|
|
$this->assertEquals(
|
|
'arbitrary-failure',
|
|
$ret->message->getKey()
|
|
);
|
|
|
|
// Successful auth
|
|
$this->manager->removeAuthenticationSessionData( null );
|
|
$this->validity = \Status::newGood();
|
|
$this->assertEquals(
|
|
AuthenticationResponse::newPass( $userName ),
|
|
$provider->beginPrimaryAuthentication( $reqs )
|
|
);
|
|
$this->assertNull( $this->manager->getAuthenticationSessionData( 'reset-pass' ) );
|
|
|
|
// Successful auth after normalizing name
|
|
$this->manager->removeAuthenticationSessionData( null );
|
|
$this->validity = \Status::newGood();
|
|
$req->username = mb_strtolower( $userName[0] ) . substr( $userName, 1 );
|
|
$this->assertEquals(
|
|
AuthenticationResponse::newPass( $userName ),
|
|
$provider->beginPrimaryAuthentication( $reqs )
|
|
);
|
|
$this->assertNull( $this->manager->getAuthenticationSessionData( 'reset-pass' ) );
|
|
$req->username = $userName;
|
|
|
|
// Successful auth with reset
|
|
$this->manager->removeAuthenticationSessionData( null );
|
|
$this->validity->error( 'arbitrary-warning' );
|
|
$this->assertEquals(
|
|
AuthenticationResponse::newPass( $userName ),
|
|
$provider->beginPrimaryAuthentication( $reqs )
|
|
);
|
|
$this->assertNotNull( $this->manager->getAuthenticationSessionData( 'reset-pass' ) );
|
|
|
|
// Wrong password
|
|
$this->validity = \Status::newGood();
|
|
$req->password = 'Wrong';
|
|
$ret = $provider->beginPrimaryAuthentication( $reqs );
|
|
$this->assertEquals(
|
|
AuthenticationResponse::FAIL,
|
|
$ret->status
|
|
);
|
|
$this->assertEquals(
|
|
'wrongpassword',
|
|
$ret->message->getKey()
|
|
);
|
|
|
|
// Correct handling of legacy encodings
|
|
$password = ':B:salt:' . md5( 'salt-' . md5( "\xe1\xe9\xed\xf3\xfa" ) );
|
|
$dbw->update( 'user', [ 'user_password' => $password ], [ 'user_name' => $userName ] );
|
|
$req->password = 'áéíóú';
|
|
$ret = $provider->beginPrimaryAuthentication( $reqs );
|
|
$this->assertEquals(
|
|
AuthenticationResponse::FAIL,
|
|
$ret->status
|
|
);
|
|
$this->assertEquals(
|
|
'wrongpassword',
|
|
$ret->message->getKey()
|
|
);
|
|
|
|
$this->config->set( 'LegacyEncoding', true );
|
|
$this->assertEquals(
|
|
AuthenticationResponse::newPass( $userName ),
|
|
$provider->beginPrimaryAuthentication( $reqs )
|
|
);
|
|
|
|
$req->password = 'áéíóú Wrong';
|
|
$ret = $provider->beginPrimaryAuthentication( $reqs );
|
|
$this->assertEquals(
|
|
AuthenticationResponse::FAIL,
|
|
$ret->status
|
|
);
|
|
$this->assertEquals(
|
|
'wrongpassword',
|
|
$ret->message->getKey()
|
|
);
|
|
|
|
// Correct handling of really old password hashes
|
|
$this->config->set( 'PasswordSalt', false );
|
|
$password = md5( 'FooBar' );
|
|
$dbw->update( 'user', [ 'user_password' => $password ], [ 'user_name' => $userName ] );
|
|
$req->password = 'FooBar';
|
|
$this->assertEquals(
|
|
AuthenticationResponse::newPass( $userName ),
|
|
$provider->beginPrimaryAuthentication( $reqs )
|
|
);
|
|
|
|
$this->config->set( 'PasswordSalt', true );
|
|
$password = md5( "$id-" . md5( 'FooBar' ) );
|
|
$dbw->update( 'user', [ 'user_password' => $password ], [ 'user_name' => $userName ] );
|
|
$req->password = 'FooBar';
|
|
$this->assertEquals(
|
|
AuthenticationResponse::newPass( $userName ),
|
|
$provider->beginPrimaryAuthentication( $reqs )
|
|
);
|
|
|
|
}
|
|
|
|
/**
|
|
* @dataProvider provideProviderAllowsAuthenticationDataChange
|
|
* @param string $type
|
|
* @param string $user
|
|
* @param \Status $validity Result of the password validity check
|
|
* @param \StatusValue $expect1 Expected result with $checkData = false
|
|
* @param \StatusValue $expect2 Expected result with $checkData = true
|
|
*/
|
|
public function testProviderAllowsAuthenticationDataChange( $type, $user, \Status $validity,
|
|
\StatusValue $expect1, \StatusValue $expect2
|
|
) {
|
|
if ( $type === PasswordAuthenticationRequest::class ) {
|
|
$req = new $type();
|
|
} elseif ( $type === PasswordDomainAuthenticationRequest::class ) {
|
|
$req = new $type( [] );
|
|
} else {
|
|
$req = $this->getMock( $type );
|
|
}
|
|
$req->action = AuthManager::ACTION_CHANGE;
|
|
$req->username = $user;
|
|
$req->password = 'NewPassword';
|
|
$req->retype = 'NewPassword';
|
|
|
|
$provider = $this->getProvider();
|
|
$this->validity = $validity;
|
|
$this->assertEquals( $expect1, $provider->providerAllowsAuthenticationDataChange( $req, false ) );
|
|
$this->assertEquals( $expect2, $provider->providerAllowsAuthenticationDataChange( $req, true ) );
|
|
|
|
$req->retype = 'BadRetype';
|
|
$this->assertEquals(
|
|
$expect1,
|
|
$provider->providerAllowsAuthenticationDataChange( $req, false )
|
|
);
|
|
$this->assertEquals(
|
|
$expect2->getValue() === 'ignored' ? $expect2 : \StatusValue::newFatal( 'badretype' ),
|
|
$provider->providerAllowsAuthenticationDataChange( $req, true )
|
|
);
|
|
|
|
$provider = $this->getProvider( true );
|
|
$this->assertEquals(
|
|
\StatusValue::newGood( 'ignored' ),
|
|
$provider->providerAllowsAuthenticationDataChange( $req, true ),
|
|
'loginOnly mode should claim to ignore all changes'
|
|
);
|
|
}
|
|
|
|
public static function provideProviderAllowsAuthenticationDataChange() {
|
|
$err = \StatusValue::newGood();
|
|
$err->error( 'arbitrary-warning' );
|
|
|
|
return [
|
|
[ AuthenticationRequest::class, 'UTSysop', \Status::newGood(),
|
|
\StatusValue::newGood( 'ignored' ), \StatusValue::newGood( 'ignored' ) ],
|
|
[ PasswordAuthenticationRequest::class, 'UTSysop', \Status::newGood(),
|
|
\StatusValue::newGood(), \StatusValue::newGood() ],
|
|
[ PasswordAuthenticationRequest::class, 'uTSysop', \Status::newGood(),
|
|
\StatusValue::newGood(), \StatusValue::newGood() ],
|
|
[ PasswordAuthenticationRequest::class, 'UTSysop', \Status::wrap( $err ),
|
|
\StatusValue::newGood(), $err ],
|
|
[ PasswordAuthenticationRequest::class, 'UTSysop', \Status::newFatal( 'arbitrary-error' ),
|
|
\StatusValue::newGood(), \StatusValue::newFatal( 'arbitrary-error' ) ],
|
|
[ PasswordAuthenticationRequest::class, 'DoesNotExist', \Status::newGood(),
|
|
\StatusValue::newGood(), \StatusValue::newGood( 'ignored' ) ],
|
|
[ PasswordDomainAuthenticationRequest::class, 'UTSysop', \Status::newGood(),
|
|
\StatusValue::newGood( 'ignored' ), \StatusValue::newGood( 'ignored' ) ],
|
|
];
|
|
}
|
|
|
|
/**
|
|
* @dataProvider provideProviderChangeAuthenticationData
|
|
* @param callable|bool $usernameTransform
|
|
* @param string $type
|
|
* @param bool $loginOnly
|
|
* @param bool $changed
|
|
*/
|
|
public function testProviderChangeAuthenticationData(
|
|
$usernameTransform, $type, $loginOnly, $changed ) {
|
|
$testUser = $this->getMutableTestUser();
|
|
$user = $testUser->getUser()->getName();
|
|
if ( is_callable( $usernameTransform ) ) {
|
|
$user = call_user_func( $usernameTransform, $user );
|
|
}
|
|
$cuser = ucfirst( $user );
|
|
$oldpass = $testUser->getPassword();
|
|
$newpass = 'NewPassword';
|
|
|
|
$dbw = wfGetDB( DB_MASTER );
|
|
$oldExpiry = $dbw->selectField( 'user', 'user_password_expires', [ 'user_name' => $cuser ] );
|
|
|
|
$this->mergeMwGlobalArrayValue( 'wgHooks', [
|
|
'ResetPasswordExpiration' => [ function ( $user, &$expires ) {
|
|
$expires = '30001231235959';
|
|
} ]
|
|
] );
|
|
|
|
$provider = $this->getProvider( $loginOnly );
|
|
|
|
// Sanity check
|
|
$loginReq = new PasswordAuthenticationRequest();
|
|
$loginReq->action = AuthManager::ACTION_LOGIN;
|
|
$loginReq->username = $user;
|
|
$loginReq->password = $oldpass;
|
|
$loginReqs = [ PasswordAuthenticationRequest::class => $loginReq ];
|
|
$this->assertEquals(
|
|
AuthenticationResponse::newPass( $cuser ),
|
|
$provider->beginPrimaryAuthentication( $loginReqs ),
|
|
'Sanity check'
|
|
);
|
|
|
|
if ( $type === PasswordAuthenticationRequest::class ) {
|
|
$changeReq = new $type();
|
|
} else {
|
|
$changeReq = $this->getMock( $type );
|
|
}
|
|
$changeReq->action = AuthManager::ACTION_CHANGE;
|
|
$changeReq->username = $user;
|
|
$changeReq->password = $newpass;
|
|
$provider->providerChangeAuthenticationData( $changeReq );
|
|
|
|
if ( $loginOnly ) {
|
|
$old = 'fail';
|
|
$new = 'fail';
|
|
$expectExpiry = null;
|
|
} elseif ( $changed ) {
|
|
$old = 'fail';
|
|
$new = 'pass';
|
|
$expectExpiry = '30001231235959';
|
|
} else {
|
|
$old = 'pass';
|
|
$new = 'fail';
|
|
$expectExpiry = $oldExpiry;
|
|
}
|
|
|
|
$loginReq->password = $oldpass;
|
|
$ret = $provider->beginPrimaryAuthentication( $loginReqs );
|
|
if ( $old === 'pass' ) {
|
|
$this->assertEquals(
|
|
AuthenticationResponse::newPass( $cuser ),
|
|
$ret,
|
|
'old password should pass'
|
|
);
|
|
} else {
|
|
$this->assertEquals(
|
|
AuthenticationResponse::FAIL,
|
|
$ret->status,
|
|
'old password should fail'
|
|
);
|
|
$this->assertEquals(
|
|
'wrongpassword',
|
|
$ret->message->getKey(),
|
|
'old password should fail'
|
|
);
|
|
}
|
|
|
|
$loginReq->password = $newpass;
|
|
$ret = $provider->beginPrimaryAuthentication( $loginReqs );
|
|
if ( $new === 'pass' ) {
|
|
$this->assertEquals(
|
|
AuthenticationResponse::newPass( $cuser ),
|
|
$ret,
|
|
'new password should pass'
|
|
);
|
|
} else {
|
|
$this->assertEquals(
|
|
AuthenticationResponse::FAIL,
|
|
$ret->status,
|
|
'new password should fail'
|
|
);
|
|
$this->assertEquals(
|
|
'wrongpassword',
|
|
$ret->message->getKey(),
|
|
'new password should fail'
|
|
);
|
|
}
|
|
|
|
$this->assertSame(
|
|
$expectExpiry,
|
|
$dbw->selectField( 'user', 'user_password_expires', [ 'user_name' => $cuser ] )
|
|
);
|
|
}
|
|
|
|
public static function provideProviderChangeAuthenticationData() {
|
|
return [
|
|
[ false, AuthenticationRequest::class, false, false ],
|
|
[ false, PasswordAuthenticationRequest::class, false, true ],
|
|
[ false, AuthenticationRequest::class, true, false ],
|
|
[ false, PasswordAuthenticationRequest::class, true, true ],
|
|
[ 'ucfirst', PasswordAuthenticationRequest::class, false, true ],
|
|
[ 'ucfirst', PasswordAuthenticationRequest::class, true, true ],
|
|
];
|
|
}
|
|
|
|
public function testTestForAccountCreation() {
|
|
$user = \User::newFromName( 'foo' );
|
|
$req = new PasswordAuthenticationRequest();
|
|
$req->action = AuthManager::ACTION_CREATE;
|
|
$req->username = 'Foo';
|
|
$req->password = 'Bar';
|
|
$req->retype = 'Bar';
|
|
$reqs = [ PasswordAuthenticationRequest::class => $req ];
|
|
|
|
$provider = $this->getProvider();
|
|
$this->assertEquals(
|
|
\StatusValue::newGood(),
|
|
$provider->testForAccountCreation( $user, $user, [] ),
|
|
'No password request'
|
|
);
|
|
|
|
$this->assertEquals(
|
|
\StatusValue::newGood(),
|
|
$provider->testForAccountCreation( $user, $user, $reqs ),
|
|
'Password request, validated'
|
|
);
|
|
|
|
$req->retype = 'Baz';
|
|
$this->assertEquals(
|
|
\StatusValue::newFatal( 'badretype' ),
|
|
$provider->testForAccountCreation( $user, $user, $reqs ),
|
|
'Password request, bad retype'
|
|
);
|
|
$req->retype = 'Bar';
|
|
|
|
$this->validity->error( 'arbitrary warning' );
|
|
$expect = \StatusValue::newGood();
|
|
$expect->error( 'arbitrary warning' );
|
|
$this->assertEquals(
|
|
$expect,
|
|
$provider->testForAccountCreation( $user, $user, $reqs ),
|
|
'Password request, not validated'
|
|
);
|
|
|
|
$provider = $this->getProvider( true );
|
|
$this->validity->error( 'arbitrary warning' );
|
|
$this->assertEquals(
|
|
\StatusValue::newGood(),
|
|
$provider->testForAccountCreation( $user, $user, $reqs ),
|
|
'Password request, not validated, loginOnly'
|
|
);
|
|
}
|
|
|
|
public function testAccountCreation() {
|
|
$user = \User::newFromName( 'Foo' );
|
|
|
|
$req = new PasswordAuthenticationRequest();
|
|
$req->action = AuthManager::ACTION_CREATE;
|
|
$reqs = [ PasswordAuthenticationRequest::class => $req ];
|
|
|
|
$provider = $this->getProvider( true );
|
|
try {
|
|
$provider->beginPrimaryAccountCreation( $user, $user, [] );
|
|
$this->fail( 'Expected exception was not thrown' );
|
|
} catch ( \BadMethodCallException $ex ) {
|
|
$this->assertSame(
|
|
'Shouldn\'t call this when accountCreationType() is NONE', $ex->getMessage()
|
|
);
|
|
}
|
|
|
|
try {
|
|
$provider->finishAccountCreation( $user, $user, AuthenticationResponse::newPass() );
|
|
$this->fail( 'Expected exception was not thrown' );
|
|
} catch ( \BadMethodCallException $ex ) {
|
|
$this->assertSame(
|
|
'Shouldn\'t call this when accountCreationType() is NONE', $ex->getMessage()
|
|
);
|
|
}
|
|
|
|
$provider = $this->getProvider( false );
|
|
|
|
$this->assertEquals(
|
|
AuthenticationResponse::newAbstain(),
|
|
$provider->beginPrimaryAccountCreation( $user, $user, [] )
|
|
);
|
|
|
|
$req->username = 'foo';
|
|
$req->password = null;
|
|
$this->assertEquals(
|
|
AuthenticationResponse::newAbstain(),
|
|
$provider->beginPrimaryAccountCreation( $user, $user, $reqs )
|
|
);
|
|
|
|
$req->username = null;
|
|
$req->password = 'bar';
|
|
$this->assertEquals(
|
|
AuthenticationResponse::newAbstain(),
|
|
$provider->beginPrimaryAccountCreation( $user, $user, $reqs )
|
|
);
|
|
|
|
$req->username = 'foo';
|
|
$req->password = 'bar';
|
|
|
|
$expect = AuthenticationResponse::newPass( 'Foo' );
|
|
$expect->createRequest = clone( $req );
|
|
$expect->createRequest->username = 'Foo';
|
|
$this->assertEquals( $expect, $provider->beginPrimaryAccountCreation( $user, $user, $reqs ) );
|
|
|
|
// We have to cheat a bit to avoid having to add a new user to
|
|
// the database to test the actual setting of the password works right
|
|
$dbw = wfGetDB( DB_MASTER );
|
|
|
|
$user = \User::newFromName( 'UTSysop' );
|
|
$req->username = $user->getName();
|
|
$req->password = 'NewPassword';
|
|
$expect = AuthenticationResponse::newPass( 'UTSysop' );
|
|
$expect->createRequest = $req;
|
|
|
|
$res2 = $provider->beginPrimaryAccountCreation( $user, $user, $reqs );
|
|
$this->assertEquals( $expect, $res2, 'Sanity check' );
|
|
|
|
$ret = $provider->beginPrimaryAuthentication( $reqs );
|
|
$this->assertEquals( AuthenticationResponse::FAIL, $ret->status, 'sanity check' );
|
|
|
|
$this->assertNull( $provider->finishAccountCreation( $user, $user, $res2 ) );
|
|
$ret = $provider->beginPrimaryAuthentication( $reqs );
|
|
$this->assertEquals( AuthenticationResponse::PASS, $ret->status, 'new password is set' );
|
|
|
|
}
|
|
|
|
}
|