search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
rdbms: Rename "memCache" to "memStash" in LBFactory
[mediawiki.git] / tests / phpunit / includes / password / UserPasswordPolicyTest.php
blob0839cfbbf1d00136818eb7e42899092b3397d141
1 <?php
2 /**
3 * Testing for password-policy enforcement, based on a user's groups.
4 *
5 * This program is free software; you can redistribute it and/or modify
6 * it under the terms of the GNU General Public License as published by
7 * the Free Software Foundation; either version 2 of the License, or
8 * (at your option) any later version.
9 *
10 * This program is distributed in the hope that it will be useful,
11 * but WITHOUT ANY WARRANTY; without even the implied warranty of
12 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
13 * GNU General Public License for more details.
14 *
15 * You should have received a copy of the GNU General Public License along
16 * with this program; if not, write to the Free Software Foundation, Inc.,
17 * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
18 * http://www.gnu.org/copyleft/gpl.html
19 *
20 * @file
21 */
22
23 /**
24 * @group Database
25 * @covers UserPasswordPolicy
26 */
27 class UserPasswordPolicyTest extends MediaWikiTestCase {
28
29 protected $policies = [
30 'checkuser' => [
31 'MinimalPasswordLength' => 10,
32 'MinimumPasswordLengthToLogin' => 6,
33 'PasswordCannotMatchUsername' => true,
34 ],
35 'sysop' => [
36 'MinimalPasswordLength' => 8,
37 'MinimumPasswordLengthToLogin' => 1,
38 'PasswordCannotMatchUsername' => true,
39 ],
40 'default' => [
41 'MinimalPasswordLength' => 4,
42 'MinimumPasswordLengthToLogin' => 1,
43 'PasswordCannotMatchBlacklist' => true,
44 'MaximalPasswordLength' => 4096,
45 ],
46 ];
47
48 protected $checks = [
49 'MinimalPasswordLength' => 'PasswordPolicyChecks::checkMinimalPasswordLength',
50 'MinimumPasswordLengthToLogin' => 'PasswordPolicyChecks::checkMinimumPasswordLengthToLogin',
51 'PasswordCannotMatchUsername' => 'PasswordPolicyChecks::checkPasswordCannotMatchUsername',
52 'PasswordCannotMatchBlacklist' => 'PasswordPolicyChecks::checkPasswordCannotMatchBlacklist',
53 'MaximalPasswordLength' => 'PasswordPolicyChecks::checkMaximalPasswordLength',
54 ];
55
56 private function getUserPasswordPolicy() {
57 return new UserPasswordPolicy( $this->policies, $this->checks );
58 }
59
60 public function testGetPoliciesForUser() {
61 $upp = $this->getUserPasswordPolicy();
62
63 $user = User::newFromName( 'TestUserPolicy' );
64 $user->addToDatabase();
65 $user->addGroup( 'sysop' );
66
67 $this->assertArrayEquals(
68 [
69 'MinimalPasswordLength' => 8,
70 'MinimumPasswordLengthToLogin' => 1,
71 'PasswordCannotMatchUsername' => 1,
72 'PasswordCannotMatchBlacklist' => true,
73 'MaximalPasswordLength' => 4096,
74 ],
75 $upp->getPoliciesForUser( $user )
76 );
77 }
78
79 public function testGetPoliciesForGroups() {
80 $effective = UserPasswordPolicy::getPoliciesForGroups(
81 $this->policies,
82 [ 'user', 'checkuser' ],
83 $this->policies['default']
84 );
85
86 $this->assertArrayEquals(
87 [
88 'MinimalPasswordLength' => 10,
89 'MinimumPasswordLengthToLogin' => 6,
90 'PasswordCannotMatchUsername' => true,
91 'PasswordCannotMatchBlacklist' => true,
92 'MaximalPasswordLength' => 4096,
93 ],
94 $effective
95 );
96 }
97
98 /**
99 * @dataProvider provideCheckUserPassword
100 */
101 public function testCheckUserPassword( $username, $groups, $password, $valid, $ok, $msg ) {
102 $upp = $this->getUserPasswordPolicy();
103
104 $user = User::newFromName( $username );
105 $user->addToDatabase();
106 foreach ( $groups as $group ) {
107 $user->addGroup( $group );
108 }
109
110 $status = $upp->checkUserPassword( $user, $password );
111 $this->assertSame( $valid, $status->isGood(), $msg . ' - password valid' );
112 $this->assertSame( $ok, $status->isOK(), $msg . ' - can login' );
113 }
114
115 public function provideCheckUserPassword() {
116 return [
117 [
118 'PassPolicyUser',
119 [],
120 '',
121 false,
122 false,
123 'No groups, default policy, password too short to login'
124 ],
125 [
126 'PassPolicyUser',
127 [ 'user' ],
128 'aaa',
129 false,
130 true,
131 'Default policy, short password'
132 ],
133 [
134 'PassPolicyUser',
135 [ 'sysop' ],
136 'abcdabcdabcd',
137 true,
138 true,
139 'Sysop with good password'
140 ],
141 [
142 'PassPolicyUser',
143 [ 'sysop' ],
144 'abcd',
145 false,
146 true,
147 'Sysop with short password'
148 ],
149 [
150 'PassPolicyUser',
151 [ 'sysop', 'checkuser' ],
152 'abcdabcd',
153 false,
154 true,
155 'Checkuser with short password'
156 ],
157 [
158 'PassPolicyUser',
159 [ 'sysop', 'checkuser' ],
160 'abcd',
161 false,
162 false,
163 'Checkuser with too short password to login'
164 ],
165 [
166 'Useruser',
167 [ 'user' ],
168 'Passpass',
169 false,
170 true,
171 'Username & password on blacklist'
172 ],
173 ];
174 }
175
176 /**
177 * @dataProvider provideMaxOfPolicies
178 */
179 public function testMaxOfPolicies( $p1, $p2, $max, $msg ) {
180 $this->assertArrayEquals(
181 $max,
182 UserPasswordPolicy::maxOfPolicies( $p1, $p2 ),
183 $msg
184 );
185 }
186
187 public function provideMaxOfPolicies() {
188 return [
189 [
190 [ 'MinimalPasswordLength' => 8 ], // p1
191 [ 'MinimalPasswordLength' => 2 ], // p2
192 [ 'MinimalPasswordLength' => 8 ], // max
193 'Basic max in p1'
194 ],
195 [
196 [ 'MinimalPasswordLength' => 2 ], // p1
197 [ 'MinimalPasswordLength' => 8 ], // p2
198 [ 'MinimalPasswordLength' => 8 ], // max
199 'Basic max in p2'
200 ],
201 [
202 [ 'MinimalPasswordLength' => 8 ], // p1
203 [
204 'MinimalPasswordLength' => 2,
205 'PasswordCannotMatchUsername' => 1,
206 ], // p2
207 [
208 'MinimalPasswordLength' => 8,
209 'PasswordCannotMatchUsername' => 1,
210 ], // max
211 'Missing items in p1'
212 ],
213 [
214 [
215 'MinimalPasswordLength' => 8,
216 'PasswordCannotMatchUsername' => 1,
217 ], // p1
218 [
219 'MinimalPasswordLength' => 2,
220 ], // p2
221 [
222 'MinimalPasswordLength' => 8,
223 'PasswordCannotMatchUsername' => 1,
224 ], // max
225 'Missing items in p2'
226 ],
227 ];
228 }
229
230 }
MediaWiki Core