Thijs/wiki.techinc.nl
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
wiki.techinc.nl/tests/phpunit/includes/auth/LocalPasswordPrimaryAuthenticationProviderTest.php
umherirrender 34fe90ac52 Remove empty lines at end of functions 
It looks like there is something missing after the last statement
Also remove some other empty lines at begin of functions, ifs or loops
while at these files

Change-Id: Ib00b5cfd31ca4dcd0c32ce33754d3c80bae70641
2016-11-05 11:55:10 +01:00

649 lines
21 KiB
PHP
Raw Blame History

<?php
namespace MediaWiki\Auth;
/**
* @group AuthManager
* @group Database
* @covers MediaWiki\Auth\LocalPasswordPrimaryAuthenticationProvider
*/
class LocalPasswordPrimaryAuthenticationProviderTest extends \MediaWikiTestCase {
private $manager = null;
private $config = null;
private $validity = null;
/**
* Get an instance of the provider
*
* $provider->checkPasswordValidity is mocked to return $this->validity,
* because we don't need to test that here.
*
* @param bool $loginOnly
* @return LocalPasswordPrimaryAuthenticationProvider
*/
protected function getProvider( $loginOnly = false ) {
if ( !$this->config ) {
$this->config = new \HashConfig();
}
$config = new \MultiConfig( [
$this->config,
\ConfigFactory::getDefaultInstance()->makeConfig( 'main' )
] );
if ( !$this->manager ) {
$this->manager = new AuthManager( new \FauxRequest(), $config );
}
$this->validity = \Status::newGood();
$provider = $this->getMock(
LocalPasswordPrimaryAuthenticationProvider::class,
[ 'checkPasswordValidity' ],
[ [ 'loginOnly' => $loginOnly ] ]
);
$provider->expects( $this->any() )->method( 'checkPasswordValidity' )
->will( $this->returnCallback( function () {
return $this->validity;
} ) );
$provider->setConfig( $config );
$provider->setLogger( new \Psr\Log\NullLogger() );
$provider->setManager( $this->manager );
return $provider;
}
public function testBasics() {
$user = $this->getMutableTestUser()->getUser();
$userName = $user->getName();
$lowerInitialUserName = mb_strtolower( $userName[0] ) . substr( $userName, 1 );
$provider = new LocalPasswordPrimaryAuthenticationProvider();
$this->assertSame(
PrimaryAuthenticationProvider::TYPE_CREATE,
$provider->accountCreationType()
);
$this->assertTrue( $provider->testUserExists( $userName ) );
$this->assertTrue( $provider->testUserExists( $lowerInitialUserName ) );
$this->assertFalse( $provider->testUserExists( 'DoesNotExist' ) );
$this->assertFalse( $provider->testUserExists( '<invalid>' ) );
$provider = new LocalPasswordPrimaryAuthenticationProvider( [ 'loginOnly' => true ] );
$this->assertSame(
PrimaryAuthenticationProvider::TYPE_NONE,
$provider->accountCreationType()
);
$this->assertTrue( $provider->testUserExists( $userName ) );
$this->assertFalse( $provider->testUserExists( 'DoesNotExist' ) );
$req = new PasswordAuthenticationRequest;
$req->action = AuthManager::ACTION_CHANGE;
$req->username = '<invalid>';
$provider->providerChangeAuthenticationData( $req );
}
public function testTestUserCanAuthenticate() {
$user = $this->getMutableTestUser()->getUser();
$userName = $user->getName();
$dbw = wfGetDB( DB_MASTER );
$provider = $this->getProvider();
$this->assertFalse( $provider->testUserCanAuthenticate( '<invalid>' ) );
$this->assertFalse( $provider->testUserCanAuthenticate( 'DoesNotExist' ) );
$this->assertTrue( $provider->testUserCanAuthenticate( $userName ) );
$lowerInitialUserName = mb_strtolower( $userName[0] ) . substr( $userName, 1 );
$this->assertTrue( $provider->testUserCanAuthenticate( $lowerInitialUserName ) );
$dbw->update(
'user',
[ 'user_password' => \PasswordFactory::newInvalidPassword()->toString() ],
[ 'user_name' => $userName ]
);
$this->assertFalse( $provider->testUserCanAuthenticate( $userName ) );
// Really old format
$dbw->update(
'user',
[ 'user_password' => '0123456789abcdef0123456789abcdef' ],
[ 'user_name' => $userName ]
);
$this->assertTrue( $provider->testUserCanAuthenticate( $userName ) );
}
public function testSetPasswordResetFlag() {
// Set instance vars
$this->getProvider();
/// @todo: Because we're currently using User, which uses the global config...
$this->setMwGlobals( [ 'wgPasswordExpireGrace' => 100 ] );
$this->config->set( 'PasswordExpireGrace', 100 );
$this->config->set( 'InvalidPasswordReset', true );
$provider = new LocalPasswordPrimaryAuthenticationProvider();
$provider->setConfig( $this->config );
$provider->setLogger( new \Psr\Log\NullLogger() );
$provider->setManager( $this->manager );
$providerPriv = \TestingAccessWrapper::newFromObject( $provider );
$user = $this->getMutableTestUser()->getUser();
$userName = $user->getName();
$dbw = wfGetDB( DB_MASTER );
$row = $dbw->selectRow(
'user',
'*',
[ 'user_name' => $userName ],
__METHOD__
);
$this->manager->removeAuthenticationSessionData( null );
$row->user_password_expires = wfTimestamp( TS_MW, time() + 200 );
$providerPriv->setPasswordResetFlag( $userName, \Status::newGood(), $row );
$this->assertNull( $this->manager->getAuthenticationSessionData( 'reset-pass' ) );
$this->manager->removeAuthenticationSessionData( null );
$row->user_password_expires = wfTimestamp( TS_MW, time() - 200 );
$providerPriv->setPasswordResetFlag( $userName, \Status::newGood(), $row );
$ret = $this->manager->getAuthenticationSessionData( 'reset-pass' );
$this->assertNotNull( $ret );
$this->assertSame( 'resetpass-expired', $ret->msg->getKey() );
$this->assertTrue( $ret->hard );
$this->manager->removeAuthenticationSessionData( null );
$row->user_password_expires = wfTimestamp( TS_MW, time() - 1 );
$providerPriv->setPasswordResetFlag( $userName, \Status::newGood(), $row );
$ret = $this->manager->getAuthenticationSessionData( 'reset-pass' );
$this->assertNotNull( $ret );
$this->assertSame( 'resetpass-expired-soft', $ret->msg->getKey() );
$this->assertFalse( $ret->hard );
$this->manager->removeAuthenticationSessionData( null );
$row->user_password_expires = null;
$status = \Status::newGood();
$status->error( 'testing' );
$providerPriv->setPasswordResetFlag( $userName, $status, $row );
$ret = $this->manager->getAuthenticationSessionData( 'reset-pass' );
$this->assertNotNull( $ret );
$this->assertSame( 'resetpass-validity-soft', $ret->msg->getKey() );
$this->assertFalse( $ret->hard );
}
public function testAuthentication() {
$testUser = $this->getMutableTestUser();
$userName = $testUser->getUser()->getName();
$dbw = wfGetDB( DB_MASTER );
$id = \User::idFromName( $userName );
$req = new PasswordAuthenticationRequest();
$req->action = AuthManager::ACTION_LOGIN;
$reqs = [ PasswordAuthenticationRequest::class => $req ];
$provider = $this->getProvider();
// General failures
$this->assertEquals(
AuthenticationResponse::newAbstain(),
$provider->beginPrimaryAuthentication( [] )
);
$req->username = 'foo';
$req->password = null;
$this->assertEquals(
AuthenticationResponse::newAbstain(),
$provider->beginPrimaryAuthentication( $reqs )
);
$req->username = null;
$req->password = 'bar';
$this->assertEquals(
AuthenticationResponse::newAbstain(),
$provider->beginPrimaryAuthentication( $reqs )
);
$req->username = '<invalid>';
$req->password = 'WhoCares';
$ret = $provider->beginPrimaryAuthentication( $reqs );
$this->assertEquals(
AuthenticationResponse::newAbstain(),
$provider->beginPrimaryAuthentication( $reqs )
);
$req->username = 'DoesNotExist';
$req->password = 'DoesNotExist';
$ret = $provider->beginPrimaryAuthentication( $reqs );
$this->assertEquals(
AuthenticationResponse::newAbstain(),
$provider->beginPrimaryAuthentication( $reqs )
);
// Validation failure
$req->username = $userName;
$req->password = $testUser->getPassword();
$this->validity = \Status::newFatal( 'arbitrary-failure' );
$ret = $provider->beginPrimaryAuthentication( $reqs );
$this->assertEquals(
AuthenticationResponse::FAIL,
$ret->status
);
$this->assertEquals(
'arbitrary-failure',
$ret->message->getKey()
);
// Successful auth
$this->manager->removeAuthenticationSessionData( null );
$this->validity = \Status::newGood();
$this->assertEquals(
AuthenticationResponse::newPass( $userName ),
$provider->beginPrimaryAuthentication( $reqs )
);
$this->assertNull( $this->manager->getAuthenticationSessionData( 'reset-pass' ) );
// Successful auth after normalizing name
$this->manager->removeAuthenticationSessionData( null );
$this->validity = \Status::newGood();
$req->username = mb_strtolower( $userName[0] ) . substr( $userName, 1 );
$this->assertEquals(
AuthenticationResponse::newPass( $userName ),
$provider->beginPrimaryAuthentication( $reqs )
);
$this->assertNull( $this->manager->getAuthenticationSessionData( 'reset-pass' ) );
$req->username = $userName;
// Successful auth with reset
$this->manager->removeAuthenticationSessionData( null );
$this->validity->error( 'arbitrary-warning' );
$this->assertEquals(
AuthenticationResponse::newPass( $userName ),
$provider->beginPrimaryAuthentication( $reqs )
);
$this->assertNotNull( $this->manager->getAuthenticationSessionData( 'reset-pass' ) );
// Wrong password
$this->validity = \Status::newGood();
$req->password = 'Wrong';
$ret = $provider->beginPrimaryAuthentication( $reqs );
$this->assertEquals(
AuthenticationResponse::FAIL,
$ret->status
);
$this->assertEquals(
'wrongpassword',
$ret->message->getKey()
);
// Correct handling of legacy encodings
$password = ':B:salt:' . md5( 'salt-' . md5( "\xe1\xe9\xed\xf3\xfa" ) );
$dbw->update( 'user', [ 'user_password' => $password ], [ 'user_name' => $userName ] );
$req->password = 'áéíóú';
$ret = $provider->beginPrimaryAuthentication( $reqs );
$this->assertEquals(
AuthenticationResponse::FAIL,
$ret->status
);
$this->assertEquals(
'wrongpassword',
$ret->message->getKey()
);
$this->config->set( 'LegacyEncoding', true );
$this->assertEquals(
AuthenticationResponse::newPass( $userName ),
$provider->beginPrimaryAuthentication( $reqs )
);
$req->password = 'áéíóú Wrong';
$ret = $provider->beginPrimaryAuthentication( $reqs );
$this->assertEquals(
AuthenticationResponse::FAIL,
$ret->status
);
$this->assertEquals(
'wrongpassword',
$ret->message->getKey()
);
// Correct handling of really old password hashes
$this->config->set( 'PasswordSalt', false );
$password = md5( 'FooBar' );
$dbw->update( 'user', [ 'user_password' => $password ], [ 'user_name' => $userName ] );
$req->password = 'FooBar';
$this->assertEquals(
AuthenticationResponse::newPass( $userName ),
$provider->beginPrimaryAuthentication( $reqs )
);
$this->config->set( 'PasswordSalt', true );
$password = md5( "$id-" . md5( 'FooBar' ) );
$dbw->update( 'user', [ 'user_password' => $password ], [ 'user_name' => $userName ] );
$req->password = 'FooBar';
$this->assertEquals(
AuthenticationResponse::newPass( $userName ),
$provider->beginPrimaryAuthentication( $reqs )
);
}
/**
* @dataProvider provideProviderAllowsAuthenticationDataChange
* @param string $type
* @param string $user
* @param \Status $validity Result of the password validity check
* @param \StatusValue $expect1 Expected result with $checkData = false
* @param \StatusValue $expect2 Expected result with $checkData = true
*/
public function testProviderAllowsAuthenticationDataChange( $type, $user, \Status $validity,
\StatusValue $expect1, \StatusValue $expect2
) {
if ( $type === PasswordAuthenticationRequest::class ) {
$req = new $type();
} elseif ( $type === PasswordDomainAuthenticationRequest::class ) {
$req = new $type( [] );
} else {
$req = $this->getMock( $type );
}
$req->action = AuthManager::ACTION_CHANGE;
$req->username = $user;
$req->password = 'NewPassword';
$req->retype = 'NewPassword';
$provider = $this->getProvider();
$this->validity = $validity;
$this->assertEquals( $expect1, $provider->providerAllowsAuthenticationDataChange( $req, false ) );
$this->assertEquals( $expect2, $provider->providerAllowsAuthenticationDataChange( $req, true ) );
$req->retype = 'BadRetype';
$this->assertEquals(
$expect1,
$provider->providerAllowsAuthenticationDataChange( $req, false )
);
$this->assertEquals(
$expect2->getValue() === 'ignored' ? $expect2 : \StatusValue::newFatal( 'badretype' ),
$provider->providerAllowsAuthenticationDataChange( $req, true )
);
$provider = $this->getProvider( true );
$this->assertEquals(
\StatusValue::newGood( 'ignored' ),
$provider->providerAllowsAuthenticationDataChange( $req, true ),
'loginOnly mode should claim to ignore all changes'
);
}
public static function provideProviderAllowsAuthenticationDataChange() {
$err = \StatusValue::newGood();
$err->error( 'arbitrary-warning' );
return [
[ AuthenticationRequest::class, 'UTSysop', \Status::newGood(),
\StatusValue::newGood( 'ignored' ), \StatusValue::newGood( 'ignored' ) ],
[ PasswordAuthenticationRequest::class, 'UTSysop', \Status::newGood(),
\StatusValue::newGood(), \StatusValue::newGood() ],
[ PasswordAuthenticationRequest::class, 'uTSysop', \Status::newGood(),
\StatusValue::newGood(), \StatusValue::newGood() ],
[ PasswordAuthenticationRequest::class, 'UTSysop', \Status::wrap( $err ),
\StatusValue::newGood(), $err ],
[ PasswordAuthenticationRequest::class, 'UTSysop', \Status::newFatal( 'arbitrary-error' ),
\StatusValue::newGood(), \StatusValue::newFatal( 'arbitrary-error' ) ],
[ PasswordAuthenticationRequest::class, 'DoesNotExist', \Status::newGood(),
\StatusValue::newGood(), \StatusValue::newGood( 'ignored' ) ],
[ PasswordDomainAuthenticationRequest::class, 'UTSysop', \Status::newGood(),
\StatusValue::newGood( 'ignored' ), \StatusValue::newGood( 'ignored' ) ],
];
}
/**
* @dataProvider provideProviderChangeAuthenticationData
* @param callable|bool $usernameTransform
* @param string $type
* @param bool $loginOnly
* @param bool $changed
*/
public function testProviderChangeAuthenticationData(
$usernameTransform, $type, $loginOnly, $changed ) {
$testUser = $this->getMutableTestUser();
$user = $testUser->getUser()->getName();
if ( is_callable( $usernameTransform ) ) {
$user = call_user_func( $usernameTransform, $user );
}
$cuser = ucfirst( $user );
$oldpass = $testUser->getPassword();
$newpass = 'NewPassword';
$dbw = wfGetDB( DB_MASTER );
$oldExpiry = $dbw->selectField( 'user', 'user_password_expires', [ 'user_name' => $cuser ] );
$this->mergeMwGlobalArrayValue( 'wgHooks', [
'ResetPasswordExpiration' => [ function ( $user, &$expires ) {
$expires = '30001231235959';
} ]
] );
$provider = $this->getProvider( $loginOnly );
// Sanity check
$loginReq = new PasswordAuthenticationRequest();
$loginReq->action = AuthManager::ACTION_LOGIN;
$loginReq->username = $user;
$loginReq->password = $oldpass;
$loginReqs = [ PasswordAuthenticationRequest::class => $loginReq ];
$this->assertEquals(
AuthenticationResponse::newPass( $cuser ),
$provider->beginPrimaryAuthentication( $loginReqs ),
'Sanity check'
);
if ( $type === PasswordAuthenticationRequest::class ) {
$changeReq = new $type();
} else {
$changeReq = $this->getMock( $type );
}
$changeReq->action = AuthManager::ACTION_CHANGE;
$changeReq->username = $user;
$changeReq->password = $newpass;
$provider->providerChangeAuthenticationData( $changeReq );
if ( $loginOnly ) {
$old = 'fail';
$new = 'fail';
$expectExpiry = null;
} elseif ( $changed ) {
$old = 'fail';
$new = 'pass';
$expectExpiry = '30001231235959';
} else {
$old = 'pass';
$new = 'fail';
$expectExpiry = $oldExpiry;
}
$loginReq->password = $oldpass;
$ret = $provider->beginPrimaryAuthentication( $loginReqs );
if ( $old === 'pass' ) {
$this->assertEquals(
AuthenticationResponse::newPass( $cuser ),
$ret,
'old password should pass'
);
} else {
$this->assertEquals(
AuthenticationResponse::FAIL,
$ret->status,
'old password should fail'
);
$this->assertEquals(
'wrongpassword',
$ret->message->getKey(),
'old password should fail'
);
}
$loginReq->password = $newpass;
$ret = $provider->beginPrimaryAuthentication( $loginReqs );
if ( $new === 'pass' ) {
$this->assertEquals(
AuthenticationResponse::newPass( $cuser ),
$ret,
'new password should pass'
);
} else {
$this->assertEquals(
AuthenticationResponse::FAIL,
$ret->status,
'new password should fail'
);
$this->assertEquals(
'wrongpassword',
$ret->message->getKey(),
'new password should fail'
);
}
$this->assertSame(
$expectExpiry,
$dbw->selectField( 'user', 'user_password_expires', [ 'user_name' => $cuser ] )
);
}
public static function provideProviderChangeAuthenticationData() {
return [
[ false, AuthenticationRequest::class, false, false ],
[ false, PasswordAuthenticationRequest::class, false, true ],
[ false, AuthenticationRequest::class, true, false ],
[ false, PasswordAuthenticationRequest::class, true, true ],
[ 'ucfirst', PasswordAuthenticationRequest::class, false, true ],
[ 'ucfirst', PasswordAuthenticationRequest::class, true, true ],
];
}
public function testTestForAccountCreation() {
$user = \User::newFromName( 'foo' );
$req = new PasswordAuthenticationRequest();
$req->action = AuthManager::ACTION_CREATE;
$req->username = 'Foo';
$req->password = 'Bar';
$req->retype = 'Bar';
$reqs = [ PasswordAuthenticationRequest::class => $req ];
$provider = $this->getProvider();
$this->assertEquals(
\StatusValue::newGood(),
$provider->testForAccountCreation( $user, $user, [] ),
'No password request'
);
$this->assertEquals(
\StatusValue::newGood(),
$provider->testForAccountCreation( $user, $user, $reqs ),
'Password request, validated'
);
$req->retype = 'Baz';
$this->assertEquals(
\StatusValue::newFatal( 'badretype' ),
$provider->testForAccountCreation( $user, $user, $reqs ),
'Password request, bad retype'
);
$req->retype = 'Bar';
$this->validity->error( 'arbitrary warning' );
$expect = \StatusValue::newGood();
$expect->error( 'arbitrary warning' );
$this->assertEquals(
$expect,
$provider->testForAccountCreation( $user, $user, $reqs ),
'Password request, not validated'
);
$provider = $this->getProvider( true );
$this->validity->error( 'arbitrary warning' );
$this->assertEquals(
\StatusValue::newGood(),
$provider->testForAccountCreation( $user, $user, $reqs ),
'Password request, not validated, loginOnly'
);
}
public function testAccountCreation() {
$user = \User::newFromName( 'Foo' );
$req = new PasswordAuthenticationRequest();
$req->action = AuthManager::ACTION_CREATE;
$reqs = [ PasswordAuthenticationRequest::class => $req ];
$provider = $this->getProvider( true );
try {
$provider->beginPrimaryAccountCreation( $user, $user, [] );
$this->fail( 'Expected exception was not thrown' );
} catch ( \BadMethodCallException $ex ) {
$this->assertSame(
'Shouldn\'t call this when accountCreationType() is NONE', $ex->getMessage()
);
}
try {
$provider->finishAccountCreation( $user, $user, AuthenticationResponse::newPass() );
$this->fail( 'Expected exception was not thrown' );
} catch ( \BadMethodCallException $ex ) {
$this->assertSame(
'Shouldn\'t call this when accountCreationType() is NONE', $ex->getMessage()
);
}
$provider = $this->getProvider( false );
$this->assertEquals(
AuthenticationResponse::newAbstain(),
$provider->beginPrimaryAccountCreation( $user, $user, [] )
);
$req->username = 'foo';
$req->password = null;
$this->assertEquals(
AuthenticationResponse::newAbstain(),
$provider->beginPrimaryAccountCreation( $user, $user, $reqs )
);
$req->username = null;
$req->password = 'bar';
$this->assertEquals(
AuthenticationResponse::newAbstain(),
$provider->beginPrimaryAccountCreation( $user, $user, $reqs )
);
$req->username = 'foo';
$req->password = 'bar';
$expect = AuthenticationResponse::newPass( 'Foo' );
$expect->createRequest = clone( $req );
$expect->createRequest->username = 'Foo';
$this->assertEquals( $expect, $provider->beginPrimaryAccountCreation( $user, $user, $reqs ) );
// We have to cheat a bit to avoid having to add a new user to
// the database to test the actual setting of the password works right
$dbw = wfGetDB( DB_MASTER );
$user = \User::newFromName( 'UTSysop' );
$req->username = $user->getName();
$req->password = 'NewPassword';
$expect = AuthenticationResponse::newPass( 'UTSysop' );
$expect->createRequest = $req;
$res2 = $provider->beginPrimaryAccountCreation( $user, $user, $reqs );
$this->assertEquals( $expect, $res2, 'Sanity check' );
$ret = $provider->beginPrimaryAuthentication( $reqs );
$this->assertEquals( AuthenticationResponse::FAIL, $ret->status, 'sanity check' );
$this->assertNull( $provider->finishAccountCreation( $user, $user, $res2 ) );
$ret = $provider->beginPrimaryAuthentication( $reqs );
$this->assertEquals( AuthenticationResponse::PASS, $ret->status, 'new password is set' );
}
}
Reference in a new issue View git blame Copy permalink