Merge "Update docs/hooks.txt for ShowSearchHitTitle"
[mediawiki.git] / tests / phpunit / includes / password / UserPasswordPolicyTest.php
blobd16200beb69784f02eef0d87eeb59b8a2c087ff5
1 <?php
2 /**
3 * Testing for password-policy enforcement, based on a user's groups.
5 * This program is free software; you can redistribute it and/or modify
6 * it under the terms of the GNU General Public License as published by
7 * the Free Software Foundation; either version 2 of the License, or
8 * (at your option) any later version.
10 * This program is distributed in the hope that it will be useful,
11 * but WITHOUT ANY WARRANTY; without even the implied warranty of
12 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
13 * GNU General Public License for more details.
15 * You should have received a copy of the GNU General Public License along
16 * with this program; if not, write to the Free Software Foundation, Inc.,
17 * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
18 * http://www.gnu.org/copyleft/gpl.html
20 * @file
23 class UserPasswordPolicyTest extends MediaWikiTestCase {
25 protected $policies = [
26 'checkuser' => [
27 'MinimalPasswordLength' => 10,
28 'MinimumPasswordLengthToLogin' => 6,
29 'PasswordCannotMatchUsername' => true,
31 'sysop' => [
32 'MinimalPasswordLength' => 8,
33 'MinimumPasswordLengthToLogin' => 1,
34 'PasswordCannotMatchUsername' => true,
36 'default' => [
37 'MinimalPasswordLength' => 4,
38 'MinimumPasswordLengthToLogin' => 1,
39 'PasswordCannotMatchBlacklist' => true,
40 'MaximalPasswordLength' => 4096,
44 protected $checks = [
45 'MinimalPasswordLength' => 'PasswordPolicyChecks::checkMinimalPasswordLength',
46 'MinimumPasswordLengthToLogin' => 'PasswordPolicyChecks::checkMinimumPasswordLengthToLogin',
47 'PasswordCannotMatchUsername' => 'PasswordPolicyChecks::checkPasswordCannotMatchUsername',
48 'PasswordCannotMatchBlacklist' => 'PasswordPolicyChecks::checkPasswordCannotMatchBlacklist',
49 'MaximalPasswordLength' => 'PasswordPolicyChecks::checkMaximalPasswordLength',
52 private function getUserPasswordPolicy() {
53 return new UserPasswordPolicy( $this->policies, $this->checks );
56 /**
57 * @covers UserPasswordPolicy::getPoliciesForUser
59 public function testGetPoliciesForUser() {
61 $upp = $this->getUserPasswordPolicy();
63 $user = User::newFromName( 'TestUserPolicy' );
64 $user->addGroup( 'sysop' );
66 $this->assertArrayEquals(
68 'MinimalPasswordLength' => 8,
69 'MinimumPasswordLengthToLogin' => 1,
70 'PasswordCannotMatchUsername' => 1,
71 'PasswordCannotMatchBlacklist' => true,
72 'MaximalPasswordLength' => 4096,
74 $upp->getPoliciesForUser( $user )
78 /**
79 * @covers UserPasswordPolicy::getPoliciesForGroups
81 public function testGetPoliciesForGroups() {
82 $effective = UserPasswordPolicy::getPoliciesForGroups(
83 $this->policies,
84 [ 'user', 'checkuser' ],
85 $this->policies['default']
88 $this->assertArrayEquals(
90 'MinimalPasswordLength' => 10,
91 'MinimumPasswordLengthToLogin' => 6,
92 'PasswordCannotMatchUsername' => true,
93 'PasswordCannotMatchBlacklist' => true,
94 'MaximalPasswordLength' => 4096,
96 $effective
101 * @dataProvider provideCheckUserPassword
102 * @covers UserPasswordPolicy::checkUserPassword
104 public function testCheckUserPassword( $username, $groups, $password, $valid, $ok, $msg ) {
106 $upp = $this->getUserPasswordPolicy();
108 $user = User::newFromName( $username );
109 foreach ( $groups as $group ) {
110 $user->addGroup( $group );
113 $status = $upp->checkUserPassword( $user, $password );
114 $this->assertSame( $valid, $status->isGood(), $msg . ' - password valid' );
115 $this->assertSame( $ok, $status->isOK(), $msg . ' - can login' );
118 public function provideCheckUserPassword() {
119 return [
121 'PassPolicyUser',
124 false,
125 false,
126 'No groups, default policy, password too short to login'
129 'PassPolicyUser',
130 [ 'user' ],
131 'aaa',
132 false,
133 true,
134 'Default policy, short password'
137 'PassPolicyUser',
138 [ 'sysop' ],
139 'abcdabcdabcd',
140 true,
141 true,
142 'Sysop with good password'
145 'PassPolicyUser',
146 [ 'sysop' ],
147 'abcd',
148 false,
149 true,
150 'Sysop with short password'
153 'PassPolicyUser',
154 [ 'sysop', 'checkuser' ],
155 'abcdabcd',
156 false,
157 true,
158 'Checkuser with short password'
161 'PassPolicyUser',
162 [ 'sysop', 'checkuser' ],
163 'abcd',
164 false,
165 false,
166 'Checkuser with too short password to login'
169 'Useruser',
170 [ 'user' ],
171 'Passpass',
172 false,
173 true,
174 'Username & password on blacklist'
180 * @dataProvider provideMaxOfPolicies
181 * @covers UserPasswordPolicy::maxOfPolicies
183 public function testMaxOfPolicies( $p1, $p2, $max, $msg ) {
184 $this->assertArrayEquals(
185 $max,
186 UserPasswordPolicy::maxOfPolicies( $p1, $p2 ),
187 $msg
191 public function provideMaxOfPolicies() {
192 return [
194 [ 'MinimalPasswordLength' => 8 ], // p1
195 [ 'MinimalPasswordLength' => 2 ], // p2
196 [ 'MinimalPasswordLength' => 8 ], // max
197 'Basic max in p1'
200 [ 'MinimalPasswordLength' => 2 ], // p1
201 [ 'MinimalPasswordLength' => 8 ], // p2
202 [ 'MinimalPasswordLength' => 8 ], // max
203 'Basic max in p2'
206 [ 'MinimalPasswordLength' => 8 ], // p1
208 'MinimalPasswordLength' => 2,
209 'PasswordCannotMatchUsername' => 1,
210 ], // p2
212 'MinimalPasswordLength' => 8,
213 'PasswordCannotMatchUsername' => 1,
214 ], // max
215 'Missing items in p1'
219 'MinimalPasswordLength' => 8,
220 'PasswordCannotMatchUsername' => 1,
221 ], // p1
223 'MinimalPasswordLength' => 2,
224 ], // p2
226 'MinimalPasswordLength' => 8,
227 'PasswordCannotMatchUsername' => 1,
228 ], // max
229 'Missing items in p2'