3 namespace MediaWiki\Session
;
7 use Wikimedia\TestingAccessWrapper
;
12 * @covers MediaWiki\Session\BotPasswordSessionProvider
14 class BotPasswordSessionProviderTest
extends MediaWikiTestCase
{
18 private function getProvider( $name = null, $prefix = null ) {
19 global $wgSessionProviders;
23 'sessionCookieName' => $name,
24 'sessionCookieOptions' => [],
26 if ( $prefix !== null ) {
27 $params['sessionCookieOptions']['prefix'] = $prefix;
30 if ( !$this->config
) {
31 $this->config
= new \
HashConfig( [
32 'CookiePrefix' => 'wgCookiePrefix',
33 'EnableBotPasswords' => true,
34 'BotPasswordsDatabase' => false,
35 'SessionProviders' => $wgSessionProviders +
[
36 BotPasswordSessionProvider
::class => [
37 'class' => BotPasswordSessionProvider
::class,
38 'args' => [ $params ],
43 $manager = new SessionManager( [
44 'config' => new \
MultiConfig( [ $this->config
, \RequestContext
::getMain()->getConfig() ] ),
45 'logger' => new \Psr\Log\NullLogger
,
46 'store' => new TestBagOStuff
,
49 return $manager->getProvider( BotPasswordSessionProvider
::class );
52 protected function setUp() {
55 $this->setMwGlobals( [
56 'wgEnableBotPasswords' => true,
57 'wgBotPasswordsDatabase' => false,
58 'wgCentralIdLookupProvider' => 'local',
59 'wgGrantPermissions' => [
60 'test' => [ 'read' => true ],
65 public function addDBDataOnce() {
66 $passwordFactory = new \
PasswordFactory();
67 $passwordFactory->init( \RequestContext
::getMain()->getConfig() );
68 $passwordHash = $passwordFactory->newFromPlaintext( 'foobaz' );
70 $sysop = static::getTestSysop()->getUser();
71 $userId = \CentralIdLookup
::factory( 'local' )->centralIdFromName( $sysop->getName() );
73 $dbw = wfGetDB( DB_MASTER
);
76 [ 'bp_user' => $userId, 'bp_app_id' => 'BotPasswordSessionProvider' ],
83 'bp_app_id' => 'BotPasswordSessionProvider',
84 'bp_password' => $passwordHash->toString(),
85 'bp_token' => 'token!',
86 'bp_restrictions' => '{"IPAddresses":["127.0.0.0/8"]}',
87 'bp_grants' => '["test"]',
93 public function testConstructor() {
95 $provider = new BotPasswordSessionProvider();
96 $this->fail( 'Expected exception not thrown' );
97 } catch ( \InvalidArgumentException
$ex ) {
99 'MediaWiki\\Session\\BotPasswordSessionProvider::__construct: priority must be specified',
105 $provider = new BotPasswordSessionProvider( [
106 'priority' => SessionInfo
::MIN_PRIORITY
- 1
108 $this->fail( 'Expected exception not thrown' );
109 } catch ( \InvalidArgumentException
$ex ) {
111 'MediaWiki\\Session\\BotPasswordSessionProvider::__construct: Invalid priority',
117 $provider = new BotPasswordSessionProvider( [
118 'priority' => SessionInfo
::MAX_PRIORITY +
1
120 $this->fail( 'Expected exception not thrown' );
121 } catch ( \InvalidArgumentException
$ex ) {
123 'MediaWiki\\Session\\BotPasswordSessionProvider::__construct: Invalid priority',
128 $provider = new BotPasswordSessionProvider( [
131 $priv = TestingAccessWrapper
::newFromObject( $provider );
132 $this->assertSame( 40, $priv->priority
);
133 $this->assertSame( '_BPsession', $priv->sessionCookieName
);
134 $this->assertSame( [], $priv->sessionCookieOptions
);
136 $provider = new BotPasswordSessionProvider( [
138 'sessionCookieName' => null,
140 $priv = TestingAccessWrapper
::newFromObject( $provider );
141 $this->assertSame( '_BPsession', $priv->sessionCookieName
);
143 $provider = new BotPasswordSessionProvider( [
145 'sessionCookieName' => 'Foo',
146 'sessionCookieOptions' => [ 'Bar' ],
148 $priv = TestingAccessWrapper
::newFromObject( $provider );
149 $this->assertSame( 'Foo', $priv->sessionCookieName
);
150 $this->assertSame( [ 'Bar' ], $priv->sessionCookieOptions
);
153 public function testBasics() {
154 $provider = $this->getProvider();
156 $this->assertTrue( $provider->persistsSessionId() );
157 $this->assertFalse( $provider->canChangeUser() );
159 $this->assertNull( $provider->newSessionInfo() );
160 $this->assertNull( $provider->newSessionInfo( 'aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa' ) );
163 public function testProvideSessionInfo() {
164 $provider = $this->getProvider();
165 $request = new \FauxRequest
;
166 $request->setCookie( '_BPsession', 'aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa', 'wgCookiePrefix' );
168 if ( !defined( 'MW_API' ) ) {
169 $this->assertNull( $provider->provideSessionInfo( $request ) );
170 define( 'MW_API', 1 );
173 $info = $provider->provideSessionInfo( $request );
174 $this->assertInstanceOf( SessionInfo
::class, $info );
175 $this->assertSame( 'aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa', $info->getId() );
177 $this->config
->set( 'EnableBotPasswords', false );
178 $this->assertNull( $provider->provideSessionInfo( $request ) );
179 $this->config
->set( 'EnableBotPasswords', true );
181 $this->assertNull( $provider->provideSessionInfo( new \FauxRequest
) );
184 public function testNewSessionInfoForRequest() {
185 $provider = $this->getProvider();
186 $user = static::getTestSysop()->getUser();
187 $request = $this->getMockBuilder( 'FauxRequest' )
188 ->setMethods( [ 'getIP' ] )->getMock();
189 $request->expects( $this->any() )->method( 'getIP' )
190 ->will( $this->returnValue( '127.0.0.1' ) );
191 $bp = \BotPassword
::newFromUser( $user, 'BotPasswordSessionProvider' );
193 $session = $provider->newSessionForRequest( $user, $bp, $request );
194 $this->assertInstanceOf( Session
::class, $session );
196 $this->assertEquals( $session->getId(), $request->getSession()->getId() );
197 $this->assertEquals( $user->getName(), $session->getUser()->getName() );
199 $this->assertEquals( [
200 'centralId' => $bp->getUserCentralId(),
201 'appId' => $bp->getAppId(),
202 'token' => $bp->getToken(),
203 'rights' => [ 'read' ],
204 ], $session->getProviderMetadata() );
206 $this->assertEquals( [ 'read' ], $session->getAllowedUserRights() );
209 public function testCheckSessionInfo() {
210 $logger = new \
TestLogger( true );
211 $provider = $this->getProvider();
212 $provider->setLogger( $logger );
214 $user = static::getTestSysop()->getUser();
215 $request = $this->getMockBuilder( 'FauxRequest' )
216 ->setMethods( [ 'getIP' ] )->getMock();
217 $request->expects( $this->any() )->method( 'getIP' )
218 ->will( $this->returnValue( '127.0.0.1' ) );
219 $bp = \BotPassword
::newFromUser( $user, 'BotPasswordSessionProvider' );
222 'provider' => $provider,
223 'id' => 'aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa',
224 'userInfo' => UserInfo
::newFromUser( $user, true ),
225 'persisted' => false,
227 'centralId' => $bp->getUserCentralId(),
228 'appId' => $bp->getAppId(),
229 'token' => $bp->getToken(),
232 $dataMD = $data['metadata'];
234 foreach ( array_keys( $data['metadata'] ) as $key ) {
235 $data['metadata'] = $dataMD;
236 unset( $data['metadata'][$key] );
237 $info = new SessionInfo( SessionInfo
::MIN_PRIORITY
, $data );
238 $metadata = $info->getProviderMetadata();
240 $this->assertFalse( $provider->refreshSessionInfo( $info, $request, $metadata ) );
242 [ LogLevel
::INFO
, 'Session "{session}": Missing metadata: {missing}' ]
243 ], $logger->getBuffer() );
244 $logger->clearBuffer();
247 $data['metadata'] = $dataMD;
248 $data['metadata']['appId'] = 'Foobar';
249 $info = new SessionInfo( SessionInfo
::MIN_PRIORITY
, $data );
250 $metadata = $info->getProviderMetadata();
251 $this->assertFalse( $provider->refreshSessionInfo( $info, $request, $metadata ) );
253 [ LogLevel
::INFO
, 'Session "{session}": No BotPassword for {centralId} {appId}' ],
254 ], $logger->getBuffer() );
255 $logger->clearBuffer();
257 $data['metadata'] = $dataMD;
258 $data['metadata']['token'] = 'Foobar';
259 $info = new SessionInfo( SessionInfo
::MIN_PRIORITY
, $data );
260 $metadata = $info->getProviderMetadata();
261 $this->assertFalse( $provider->refreshSessionInfo( $info, $request, $metadata ) );
263 [ LogLevel
::INFO
, 'Session "{session}": BotPassword token check failed' ],
264 ], $logger->getBuffer() );
265 $logger->clearBuffer();
267 $request2 = $this->getMockBuilder( 'FauxRequest' )
268 ->setMethods( [ 'getIP' ] )->getMock();
269 $request2->expects( $this->any() )->method( 'getIP' )
270 ->will( $this->returnValue( '10.0.0.1' ) );
271 $data['metadata'] = $dataMD;
272 $info = new SessionInfo( SessionInfo
::MIN_PRIORITY
, $data );
273 $metadata = $info->getProviderMetadata();
274 $this->assertFalse( $provider->refreshSessionInfo( $info, $request2, $metadata ) );
276 [ LogLevel
::INFO
, 'Session "{session}": Restrictions check failed' ],
277 ], $logger->getBuffer() );
278 $logger->clearBuffer();
280 $info = new SessionInfo( SessionInfo
::MIN_PRIORITY
, $data );
281 $metadata = $info->getProviderMetadata();
282 $this->assertTrue( $provider->refreshSessionInfo( $info, $request, $metadata ) );
283 $this->assertSame( [], $logger->getBuffer() );
284 $this->assertEquals( $dataMD +
[ 'rights' => [ 'read' ] ], $metadata );
287 public function testGetAllowedUserRights() {
288 $logger = new \
TestLogger( true );
289 $provider = $this->getProvider();
290 $provider->setLogger( $logger );
292 $backend = TestUtils
::getDummySessionBackend();
293 $backendPriv = TestingAccessWrapper
::newFromObject( $backend );
296 $provider->getAllowedUserRights( $backend );
297 $this->fail( 'Expected exception not thrown' );
298 } catch ( \InvalidArgumentException
$ex ) {
299 $this->assertSame( 'Backend\'s provider isn\'t $this', $ex->getMessage() );
302 $backendPriv->provider
= $provider;
303 $backendPriv->providerMetadata
= [ 'rights' => [ 'foo', 'bar', 'baz' ] ];
304 $this->assertSame( [ 'foo', 'bar', 'baz' ], $provider->getAllowedUserRights( $backend ) );
305 $this->assertSame( [], $logger->getBuffer() );
307 $backendPriv->providerMetadata
= [ 'foo' => 'bar' ];
308 $this->assertSame( [], $provider->getAllowedUserRights( $backend ) );
312 'MediaWiki\\Session\\BotPasswordSessionProvider::getAllowedUserRights: ' .
313 'No provider metadata, returning no rights allowed'
315 ], $logger->getBuffer() );
316 $logger->clearBuffer();
318 $backendPriv->providerMetadata
= [ 'rights' => 'bar' ];
319 $this->assertSame( [], $provider->getAllowedUserRights( $backend ) );
323 'MediaWiki\\Session\\BotPasswordSessionProvider::getAllowedUserRights: ' .
324 'No provider metadata, returning no rights allowed'
326 ], $logger->getBuffer() );
327 $logger->clearBuffer();
329 $backendPriv->providerMetadata
= null;
330 $this->assertSame( [], $provider->getAllowedUserRights( $backend ) );
334 'MediaWiki\\Session\\BotPasswordSessionProvider::getAllowedUserRights: ' .
335 'No provider metadata, returning no rights allowed'
337 ], $logger->getBuffer() );
338 $logger->clearBuffer();