search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
Import: Handle uploads with sha1 starting with 0 properly
[mediawiki.git] / tests / phpunit / includes / password / UserPasswordPolicyTest.php
blobb419203f3497dfa7d45f9b6db07ebe4102b9c9a0
1 <?php
2 /**
3 * Testing for password-policy enforcement, based on a user's groups.
4 *
5 * This program is free software; you can redistribute it and/or modify
6 * it under the terms of the GNU General Public License as published by
7 * the Free Software Foundation; either version 2 of the License, or
8 * (at your option) any later version.
9 *
10 * This program is distributed in the hope that it will be useful,
11 * but WITHOUT ANY WARRANTY; without even the implied warranty of
12 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
13 * GNU General Public License for more details.
14 *
15 * You should have received a copy of the GNU General Public License along
16 * with this program; if not, write to the Free Software Foundation, Inc.,
17 * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
18 * http://www.gnu.org/copyleft/gpl.html
19 *
20 * @file
21 */
22
23 class UserPasswordPolicyTest extends MediaWikiTestCase {
24
25 protected $policies = array(
26 'checkuser' => array(
27 'MinimalPasswordLength' => 10,
28 'MinimumPasswordLengthToLogin' => 6,
29 'PasswordCannotMatchUsername' => true,
30 ),
31 'sysop' => array(
32 'MinimalPasswordLength' => 8,
33 'MinimumPasswordLengthToLogin' => 1,
34 'PasswordCannotMatchUsername' => true,
35 ),
36 'default' => array(
37 'MinimalPasswordLength' => 4,
38 'MinimumPasswordLengthToLogin' => 1,
39 'PasswordCannotMatchBlacklist' => true,
40 'MaximalPasswordLength' => 4096,
41 ),
42 );
43
44 protected $checks = array(
45 'MinimalPasswordLength' => 'PasswordPolicyChecks::checkMinimalPasswordLength',
46 'MinimumPasswordLengthToLogin' => 'PasswordPolicyChecks::checkMinimumPasswordLengthToLogin',
47 'PasswordCannotMatchUsername' => 'PasswordPolicyChecks::checkPasswordCannotMatchUsername',
48 'PasswordCannotMatchBlacklist' => 'PasswordPolicyChecks::checkPasswordCannotMatchBlacklist',
49 'MaximalPasswordLength' => 'PasswordPolicyChecks::checkMaximalPasswordLength',
50 );
51
52 private function getUserPasswordPolicy() {
53 return new UserPasswordPolicy( $this->policies, $this->checks );
54 }
55
56 /**
57 * @covers UserPasswordPolicy::getPoliciesForUser
58 */
59 public function testGetPoliciesForUser() {
60
61 $upp = $this->getUserPasswordPolicy();
62
63 $user = User::newFromName( 'TestUserPolicy' );
64 $user->addGroup( 'sysop' );
65
66 $this->assertArrayEquals(
67 array(
68 'MinimalPasswordLength' => 8,
69 'MinimumPasswordLengthToLogin' => 1,
70 'PasswordCannotMatchUsername' => 1,
71 'PasswordCannotMatchBlacklist' => true,
72 'MaximalPasswordLength' => 4096,
73 ),
74 $upp->getPoliciesForUser( $user )
75 );
76 }
77
78 /**
79 * @covers UserPasswordPolicy::getPoliciesForGroups
80 */
81 public function testGetPoliciesForGroups() {
82 $effective = UserPasswordPolicy::getPoliciesForGroups(
83 $this->policies,
84 array( 'user', 'checkuser' ),
85 $this->policies['default']
86 );
87
88 $this->assertArrayEquals(
89 array(
90 'MinimalPasswordLength' => 10,
91 'MinimumPasswordLengthToLogin' => 6,
92 'PasswordCannotMatchUsername' => true,
93 'PasswordCannotMatchBlacklist' => true,
94 'MaximalPasswordLength' => 4096,
95 ),
96 $effective
97 );
98 }
99
100 /**
101 * @dataProvider provideCheckUserPassword
102 * @covers UserPasswordPolicy::checkUserPassword
103 */
104 public function testCheckUserPassword( $username, $groups, $password, $valid, $ok, $msg ) {
105
106 $upp = $this->getUserPasswordPolicy();
107
108 $user = User::newFromName( $username );
109 foreach ( $groups as $group ) {
110 $user->addGroup( $group );
111 }
112
113 $status = $upp->checkUserPassword( $user, $password );
114 $this->assertSame( $valid, $status->isGood(), $msg . ' - password valid' );
115 $this->assertSame( $ok, $status->isOk(), $msg . ' - can login' );
116 }
117
118 public function provideCheckUserPassword() {
119 return array(
120 array(
121 'PassPolicyUser',
122 array(),
123 '',
124 false,
125 false,
126 'No groups, default policy, password too short to login'
127 ),
128 array(
129 'PassPolicyUser',
130 array( 'user' ),
131 'aaa',
132 false,
133 true,
134 'Default policy, short password'
135 ),
136 array(
137 'PassPolicyUser',
138 array( 'sysop' ),
139 'abcdabcdabcd',
140 true,
141 true,
142 'Sysop with good password'
143 ),
144 array(
145 'PassPolicyUser',
146 array( 'sysop' ),
147 'abcd',
148 false,
149 true,
150 'Sysop with short password'
151 ),
152 array(
153 'PassPolicyUser',
154 array( 'sysop', 'checkuser' ),
155 'abcdabcd',
156 false,
157 true,
158 'Checkuser with short password'
159 ),
160 array(
161 'PassPolicyUser',
162 array( 'sysop', 'checkuser' ),
163 'abcd',
164 false,
165 false,
166 'Checkuser with too short password to login'
167 ),
168 array(
169 'Useruser',
170 array( 'user' ),
171 'Passpass',
172 false,
173 true,
174 'Username & password on blacklist'
175 ),
176 );
177 }
178
179 /**
180 * @dataProvider provideMaxOfPolicies
181 * @covers UserPasswordPolicy::maxOfPolicies
182 */
183 public function testMaxOfPolicies( $p1, $p2, $max, $msg ) {
184 $this->assertArrayEquals(
185 $max,
186 UserPasswordPolicy::maxOfPolicies( $p1, $p2 ),
187 $msg
188 );
189 }
190
191 public function provideMaxOfPolicies() {
192 return array(
193 array(
194 array( 'MinimalPasswordLength' => 8 ), // p1
195 array( 'MinimalPasswordLength' => 2 ), // p2
196 array( 'MinimalPasswordLength' => 8 ), // max
197 'Basic max in p1'
198 ),
199 array(
200 array( 'MinimalPasswordLength' => 2 ), // p1
201 array( 'MinimalPasswordLength' => 8 ), // p2
202 array( 'MinimalPasswordLength' => 8 ), // max
203 'Basic max in p2'
204 ),
205 array(
206 array( 'MinimalPasswordLength' => 8 ), // p1
207 array(
208 'MinimalPasswordLength' => 2,
209 'PasswordCannotMatchUsername' => 1,
210 ), // p2
211 array(
212 'MinimalPasswordLength' => 8,
213 'PasswordCannotMatchUsername' => 1,
214 ), // max
215 'Missing items in p1'
216 ),
217 array(
218 array(
219 'MinimalPasswordLength' => 8,
220 'PasswordCannotMatchUsername' => 1,
221 ), // p1
222 array(
223 'MinimalPasswordLength' => 2,
224 ), // p2
225 array(
226 'MinimalPasswordLength' => 8,
227 'PasswordCannotMatchUsername' => 1,
228 ), // max
229 'Missing items in p2'
230 ),
231 );
232 }
233
234 }
MediaWiki Core