3d0b4fea3d
AuthManager is coming, which will make it easier to add alternative methods of authentication. But in order to do that, we need to finally get around to ripping the password-related bits out of the User class. The password expiration handling isn't used anywhere in core or extensions in Gerrit beyond testing for expired passwords on login and resetting the expiry date on password change. Those bits have been inlined and the functions removed; AuthManager will allow each "authentication provider" to handle its own password expiration. The methods for fetching passwords, including the fact that mPassword and other fields are public, has also been removed. This is already broken in combination with basically any extension that messes with authentication, and the major use outside of that was in creating system users like MassMessage's "MediaWiki message delivery" user. Password setting methods are silently deprecated, since most of the replacements won't be available until AuthManager. But uses in unit testing can be replaced with TestUser::setPasswordForUser() immediately. User::randomPassword() and User::getPasswordFactory() don't really belong in User either. For the former a new PasswordFactory method has been created, while the latter should just be replaced by the two lines to create a PasswordFactory via its constructor. Bug: T47716 Change-Id: I2c736ad72d946fa9b859e6cd335fa58aececc0d5
161 lines
3.8 KiB
PHP
161 lines
3.8 KiB
PHP
<?php
|
|
|
|
/**
|
|
* @group Database
|
|
* @group API
|
|
* @group medium
|
|
*
|
|
* @covers ApiCreateAccount
|
|
*/
|
|
class ApiCreateAccountTest extends ApiTestCase {
|
|
protected function setUp() {
|
|
parent::setUp();
|
|
LoginForm::setCreateaccountToken();
|
|
$this->setMwGlobals( array( 'wgEnableEmail' => true ) );
|
|
}
|
|
|
|
/**
|
|
* Test the account creation API with a valid request. Also
|
|
* make sure the new account can log in and is valid.
|
|
*
|
|
* This test does multiple API requests so it might end up being
|
|
* a bit slow. Raise the default timeout.
|
|
* @group medium
|
|
*/
|
|
public function testValid() {
|
|
global $wgServer;
|
|
|
|
if ( !isset( $wgServer ) ) {
|
|
$this->markTestIncomplete( 'This test needs $wgServer to be set in LocalSettings.php' );
|
|
}
|
|
|
|
$password = PasswordFactory::generateRandomPasswordString();
|
|
|
|
$ret = $this->doApiRequest( array(
|
|
'action' => 'createaccount',
|
|
'name' => 'Apitestnew',
|
|
'password' => $password,
|
|
'email' => 'test@domain.test',
|
|
'realname' => 'Test Name'
|
|
) );
|
|
|
|
$result = $ret[0];
|
|
$this->assertNotInternalType( 'bool', $result );
|
|
$this->assertNotInternalType( 'null', $result['createaccount'] );
|
|
|
|
// Should first ask for token.
|
|
$a = $result['createaccount'];
|
|
$this->assertEquals( 'NeedToken', $a['result'] );
|
|
$token = $a['token'];
|
|
|
|
// Finally create the account
|
|
$ret = $this->doApiRequest(
|
|
array(
|
|
'action' => 'createaccount',
|
|
'name' => 'Apitestnew',
|
|
'password' => $password,
|
|
'token' => $token,
|
|
'email' => 'test@domain.test',
|
|
'realname' => 'Test Name'
|
|
),
|
|
$ret[2]
|
|
);
|
|
|
|
$result = $ret[0];
|
|
$this->assertNotInternalType( 'bool', $result );
|
|
$this->assertEquals( 'Success', $result['createaccount']['result'] );
|
|
|
|
// Try logging in with the new user.
|
|
$ret = $this->doApiRequest( array(
|
|
'action' => 'login',
|
|
'lgname' => 'Apitestnew',
|
|
'lgpassword' => $password,
|
|
) );
|
|
|
|
$result = $ret[0];
|
|
$this->assertNotInternalType( 'bool', $result );
|
|
$this->assertNotInternalType( 'null', $result['login'] );
|
|
|
|
$a = $result['login']['result'];
|
|
$this->assertEquals( 'NeedToken', $a );
|
|
$token = $result['login']['token'];
|
|
|
|
$ret = $this->doApiRequest(
|
|
array(
|
|
'action' => 'login',
|
|
'lgtoken' => $token,
|
|
'lgname' => 'Apitestnew',
|
|
'lgpassword' => $password,
|
|
),
|
|
$ret[2]
|
|
);
|
|
|
|
$result = $ret[0];
|
|
|
|
$this->assertNotInternalType( 'bool', $result );
|
|
$a = $result['login']['result'];
|
|
|
|
$this->assertEquals( 'Success', $a );
|
|
|
|
// log out to destroy the session
|
|
$ret = $this->doApiRequest(
|
|
array(
|
|
'action' => 'logout',
|
|
),
|
|
$ret[2]
|
|
);
|
|
$this->assertEquals( array(), $ret[0] );
|
|
}
|
|
|
|
/**
|
|
* Make sure requests with no names are invalid.
|
|
* @expectedException UsageException
|
|
*/
|
|
public function testNoName() {
|
|
$this->doApiRequest( array(
|
|
'action' => 'createaccount',
|
|
'token' => LoginForm::getCreateaccountToken(),
|
|
'password' => 'password',
|
|
) );
|
|
}
|
|
|
|
/**
|
|
* Make sure requests with no password are invalid.
|
|
* @expectedException UsageException
|
|
*/
|
|
public function testNoPassword() {
|
|
$this->doApiRequest( array(
|
|
'action' => 'createaccount',
|
|
'name' => 'testName',
|
|
'token' => LoginForm::getCreateaccountToken(),
|
|
) );
|
|
}
|
|
|
|
/**
|
|
* Make sure requests with existing users are invalid.
|
|
* @expectedException UsageException
|
|
*/
|
|
public function testExistingUser() {
|
|
$this->doApiRequest( array(
|
|
'action' => 'createaccount',
|
|
'name' => 'Apitestsysop',
|
|
'token' => LoginForm::getCreateaccountToken(),
|
|
'password' => 'password',
|
|
'email' => 'test@domain.test',
|
|
) );
|
|
}
|
|
|
|
/**
|
|
* Make sure requests with invalid emails are invalid.
|
|
* @expectedException UsageException
|
|
*/
|
|
public function testInvalidEmail() {
|
|
$this->doApiRequest( array(
|
|
'action' => 'createaccount',
|
|
'name' => 'Test User',
|
|
'token' => LoginForm::getCreateaccountToken(),
|
|
'password' => 'password',
|
|
'email' => 'invalid',
|
|
) );
|
|
}
|
|
}
|