3 use MediaWiki\Session\SessionManager
;
9 class BotPasswordTest
extends MediaWikiTestCase
{
10 protected function setUp() {
13 $this->setMwGlobals( array(
14 'wgEnableBotPasswords' => true,
15 'wgBotPasswordsDatabase' => false,
16 'wgCentralIdLookupProvider' => 'BotPasswordTest OkMock',
17 'wgGrantPermissions' => array(
18 'test' => array( 'read' => true ),
20 'wgUserrightsInterwikiDelimiter' => '@',
23 $mock1 = $this->getMockForAbstractClass( 'CentralIdLookup' );
24 $mock1->expects( $this->any() )->method( 'isAttached' )
25 ->will( $this->returnValue( true ) );
26 $mock1->expects( $this->any() )->method( 'lookupUserNames' )
27 ->will( $this->returnValue( array( 'UTSysop' => 42, 'UTDummy' => 43, 'UTInvalid' => 0 ) ) );
28 $mock1->expects( $this->never() )->method( 'lookupCentralIds' );
30 $mock2 = $this->getMockForAbstractClass( 'CentralIdLookup' );
31 $mock2->expects( $this->any() )->method( 'isAttached' )
32 ->will( $this->returnValue( false ) );
33 $mock2->expects( $this->any() )->method( 'lookupUserNames' )
34 ->will( $this->returnArgument( 0 ) );
35 $mock2->expects( $this->never() )->method( 'lookupCentralIds' );
37 $this->mergeMwGlobalArrayValue( 'wgCentralIdLookupProviders', array(
38 'BotPasswordTest OkMock' => array( 'factory' => function () use ( $mock1 ) {
41 'BotPasswordTest FailMock' => array( 'factory' => function () use ( $mock2 ) {
46 CentralIdLookup
::resetCache();
49 public function addDBData() {
50 $passwordFactory = new \
PasswordFactory();
51 $passwordFactory->init( \RequestContext
::getMain()->getConfig() );
52 // A is unsalted MD5 (thus fast) ... we don't care about security here, this is test only
53 $passwordFactory->setDefaultType( 'A' );
54 $pwhash = $passwordFactory->newFromPlaintext( 'foobaz' );
56 $dbw = wfGetDB( DB_MASTER
);
59 array( 'bp_user' => array( 42, 43 ), 'bp_app_id' => 'BotPassword' ),
67 'bp_app_id' => 'BotPassword',
68 'bp_password' => $pwhash->toString(),
69 'bp_token' => 'token!',
70 'bp_restrictions' => '{"IPAddresses":["127.0.0.0/8"]}',
71 'bp_grants' => '["test"]',
75 'bp_app_id' => 'BotPassword',
76 'bp_password' => $pwhash->toString(),
77 'bp_token' => 'token!',
78 'bp_restrictions' => '{"IPAddresses":["127.0.0.0/8"]}',
79 'bp_grants' => '["test"]',
86 public function testBasics() {
87 $user = User
::newFromName( 'UTSysop' );
88 $bp = BotPassword
::newFromUser( $user, 'BotPassword' );
89 $this->assertInstanceOf( 'BotPassword', $bp );
90 $this->assertTrue( $bp->isSaved() );
91 $this->assertSame( 42, $bp->getUserCentralId() );
92 $this->assertSame( 'BotPassword', $bp->getAppId() );
93 $this->assertSame( 'token!', trim( $bp->getToken(), " \0" ) );
94 $this->assertEquals( '{"IPAddresses":["127.0.0.0/8"]}', $bp->getRestrictions()->toJson() );
95 $this->assertSame( array( 'test' ), $bp->getGrants() );
97 $this->assertNull( BotPassword
::newFromUser( $user, 'DoesNotExist' ) );
99 $this->setMwGlobals( array(
100 'wgCentralIdLookupProvider' => 'BotPasswordTest FailMock'
102 $this->assertNull( BotPassword
::newFromUser( $user, 'BotPassword' ) );
104 $this->assertSame( '@', BotPassword
::getSeparator() );
105 $this->setMwGlobals( array(
106 'wgUserrightsInterwikiDelimiter' => '#',
108 $this->assertSame( '#', BotPassword
::getSeparator() );
111 public function testUnsaved() {
112 $user = User
::newFromName( 'UTSysop' );
113 $bp = BotPassword
::newUnsaved( array(
115 'appId' => 'DoesNotExist'
117 $this->assertInstanceOf( 'BotPassword', $bp );
118 $this->assertFalse( $bp->isSaved() );
119 $this->assertSame( 42, $bp->getUserCentralId() );
120 $this->assertSame( 'DoesNotExist', $bp->getAppId() );
121 $this->assertEquals( MWRestrictions
::newDefault(), $bp->getRestrictions() );
122 $this->assertSame( array(), $bp->getGrants() );
124 $bp = BotPassword
::newUnsaved( array(
125 'username' => 'UTDummy',
126 'appId' => 'DoesNotExist2',
127 'restrictions' => MWRestrictions
::newFromJson( '{"IPAddresses":["127.0.0.0/8"]}' ),
128 'grants' => array( 'test' ),
130 $this->assertInstanceOf( 'BotPassword', $bp );
131 $this->assertFalse( $bp->isSaved() );
132 $this->assertSame( 43, $bp->getUserCentralId() );
133 $this->assertSame( 'DoesNotExist2', $bp->getAppId() );
134 $this->assertEquals( '{"IPAddresses":["127.0.0.0/8"]}', $bp->getRestrictions()->toJson() );
135 $this->assertSame( array( 'test' ), $bp->getGrants() );
137 $user = User
::newFromName( 'UTSysop' );
138 $bp = BotPassword
::newUnsaved( array(
140 'appId' => 'DoesNotExist'
142 $this->assertInstanceOf( 'BotPassword', $bp );
143 $this->assertFalse( $bp->isSaved() );
144 $this->assertSame( 45, $bp->getUserCentralId() );
145 $this->assertSame( 'DoesNotExist', $bp->getAppId() );
147 $user = User
::newFromName( 'UTSysop' );
148 $bp = BotPassword
::newUnsaved( array(
150 'appId' => 'BotPassword'
152 $this->assertInstanceOf( 'BotPassword', $bp );
153 $this->assertFalse( $bp->isSaved() );
155 $this->assertNull( BotPassword
::newUnsaved( array(
159 $this->assertNull( BotPassword
::newUnsaved( array(
161 'appId' => str_repeat( 'X', BotPassword
::APPID_MAXLENGTH +
1 ),
163 $this->assertNull( BotPassword
::newUnsaved( array(
167 $this->assertNull( BotPassword
::newUnsaved( array(
168 'username' => 'UTInvalid',
171 $this->assertNull( BotPassword
::newUnsaved( array(
176 public function testGetPassword() {
177 $bp = TestingAccessWrapper
::newFromObject( BotPassword
::newFromCentralId( 42, 'BotPassword' ) );
179 $password = $bp->getPassword();
180 $this->assertInstanceOf( 'Password', $password );
181 $this->assertTrue( $password->equals( 'foobaz' ) );
184 $password = $bp->getPassword();
185 $this->assertInstanceOf( 'InvalidPassword', $password );
187 $bp = TestingAccessWrapper
::newFromObject( BotPassword
::newFromCentralId( 42, 'BotPassword' ) );
188 $dbw = wfGetDB( DB_MASTER
);
191 array( 'bp_password' => 'garbage' ),
192 array( 'bp_user' => 42, 'bp_app_id' => 'BotPassword' ),
195 $password = $bp->getPassword();
196 $this->assertInstanceOf( 'InvalidPassword', $password );
199 public function testInvalidateAllPasswordsForUser() {
200 $bp1 = TestingAccessWrapper
::newFromObject( BotPassword
::newFromCentralId( 42, 'BotPassword' ) );
201 $bp2 = TestingAccessWrapper
::newFromObject( BotPassword
::newFromCentralId( 43, 'BotPassword' ) );
203 $this->assertNotInstanceOf( 'InvalidPassword', $bp1->getPassword(), 'sanity check' );
204 $this->assertNotInstanceOf( 'InvalidPassword', $bp2->getPassword(), 'sanity check' );
205 BotPassword
::invalidateAllPasswordsForUser( 'UTSysop' );
206 $this->assertInstanceOf( 'InvalidPassword', $bp1->getPassword() );
207 $this->assertNotInstanceOf( 'InvalidPassword', $bp2->getPassword() );
209 $bp = TestingAccessWrapper
::newFromObject( BotPassword
::newFromCentralId( 42, 'BotPassword' ) );
210 $this->assertInstanceOf( 'InvalidPassword', $bp->getPassword() );
213 public function testRemoveAllPasswordsForUser() {
214 $this->assertNotNull( BotPassword
::newFromCentralId( 42, 'BotPassword' ), 'sanity check' );
215 $this->assertNotNull( BotPassword
::newFromCentralId( 43, 'BotPassword' ), 'sanity check' );
217 BotPassword
::removeAllPasswordsForUser( 'UTSysop' );
219 $this->assertNull( BotPassword
::newFromCentralId( 42, 'BotPassword' ) );
220 $this->assertNotNull( BotPassword
::newFromCentralId( 43, 'BotPassword' ) );
223 public function testLogin() {
224 // Test failure when bot passwords aren't enabled
225 $this->setMwGlobals( 'wgEnableBotPasswords', false );
226 $status = BotPassword
::login( 'UTSysop@BotPassword', 'foobaz', new FauxRequest
);
227 $this->assertEquals( Status
::newFatal( 'botpasswords-disabled' ), $status );
228 $this->setMwGlobals( 'wgEnableBotPasswords', true );
230 // Test failure when BotPasswordSessionProvider isn't configured
231 $manager = new SessionManager( array(
232 'logger' => new Psr\Log\NullLogger
,
233 'store' => new EmptyBagOStuff
,
235 $reset = MediaWiki\Session\TestUtils
::setSessionManagerSingleton( $manager );
237 $manager->getProvider( 'MediaWiki\\Session\\BotPasswordSessionProvider' ),
240 $status = BotPassword
::login( 'UTSysop@BotPassword', 'foobaz', new FauxRequest
);
241 $this->assertEquals( Status
::newFatal( 'botpasswords-no-provider' ), $status );
242 ScopedCallback
::consume( $reset );
244 // Now configure BotPasswordSessionProvider for further tests...
245 $mainConfig = RequestContext
::getMain()->getConfig();
246 $config = new HashConfig( array(
247 'SessionProviders' => $mainConfig->get( 'SessionProviders' ) +
array(
248 'MediaWiki\\Session\\BotPasswordSessionProvider' => array(
249 'class' => 'MediaWiki\\Session\\BotPasswordSessionProvider',
250 'args' => array( array( 'priority' => 40 ) ),
254 $manager = new SessionManager( array(
255 'config' => new MultiConfig( array( $config, RequestContext
::getMain()->getConfig() ) ),
256 'logger' => new Psr\Log\NullLogger
,
257 'store' => new EmptyBagOStuff
,
259 $reset = MediaWiki\Session\TestUtils
::setSessionManagerSingleton( $manager );
261 // No "@"-thing in the username
262 $status = BotPassword
::login( 'UTSysop', 'foobaz', new FauxRequest
);
263 $this->assertEquals( Status
::newFatal( 'botpasswords-invalid-name', '@' ), $status );
266 $status = BotPassword
::login( 'UTDummy@BotPassword', 'foobaz', new FauxRequest
);
267 $this->assertEquals( Status
::newFatal( 'nosuchuser', 'UTDummy' ), $status );
270 $status = BotPassword
::login( 'UTSysop@DoesNotExist', 'foobaz', new FauxRequest
);
272 Status
::newFatal( 'botpasswords-not-exist', 'UTSysop', 'DoesNotExist' ),
276 // Failed restriction
277 $request = $this->getMock( 'FauxRequest', array( 'getIP' ) );
278 $request->expects( $this->any() )->method( 'getIP' )
279 ->will( $this->returnValue( '10.0.0.1' ) );
280 $status = BotPassword
::login( 'UTSysop@BotPassword', 'foobaz', $request );
281 $this->assertEquals( Status
::newFatal( 'botpasswords-restriction-failed' ), $status );
284 $status = BotPassword
::login( 'UTSysop@BotPassword', 'UTSysopPassword', new FauxRequest
);
285 $this->assertEquals( Status
::newFatal( 'wrongpassword' ), $status );
288 $request = new FauxRequest
;
289 $this->assertNotInstanceOf(
290 'MediaWiki\\Session\\BotPasswordSessionProvider',
291 $request->getSession()->getProvider(),
294 $status = BotPassword
::login( 'UTSysop@BotPassword', 'foobaz', $request );
295 $this->assertInstanceOf( 'Status', $status );
296 $this->assertTrue( $status->isGood() );
297 $session = $status->getValue();
298 $this->assertInstanceOf( 'MediaWiki\\Session\\Session', $session );
299 $this->assertInstanceOf(
300 'MediaWiki\\Session\\BotPasswordSessionProvider', $session->getProvider()
302 $this->assertSame( $session->getId(), $request->getSession()->getId() );
304 ScopedCallback
::consume( $reset );
308 * @dataProvider provideSave
309 * @param string|null $password
311 public function testSave( $password ) {
312 $passwordFactory = new \
PasswordFactory();
313 $passwordFactory->init( \RequestContext
::getMain()->getConfig() );
314 // A is unsalted MD5 (thus fast) ... we don't care about security here, this is test only
315 $passwordFactory->setDefaultType( 'A' );
317 $bp = BotPassword
::newUnsaved( array(
319 'appId' => 'TestSave',
320 'restrictions' => MWRestrictions
::newFromJson( '{"IPAddresses":["127.0.0.0/8"]}' ),
321 'grants' => array( 'test' ),
323 $this->assertFalse( $bp->isSaved(), 'sanity check' );
325 BotPassword
::newFromCentralId( 42, 'TestSave', BotPassword
::READ_LATEST
), 'sanity check'
328 $pwhash = $password ?
$passwordFactory->newFromPlaintext( $password ) : null;
329 $this->assertFalse( $bp->save( 'update', $pwhash ) );
330 $this->assertTrue( $bp->save( 'insert', $pwhash ) );
331 $bp2 = BotPassword
::newFromCentralId( 42, 'TestSave', BotPassword
::READ_LATEST
);
332 $this->assertInstanceOf( 'BotPassword', $bp2 );
333 $this->assertEquals( $bp->getUserCentralId(), $bp2->getUserCentralId() );
334 $this->assertEquals( $bp->getAppId(), $bp2->getAppId() );
335 $this->assertEquals( $bp->getToken(), $bp2->getToken() );
336 $this->assertEquals( $bp->getRestrictions(), $bp2->getRestrictions() );
337 $this->assertEquals( $bp->getGrants(), $bp2->getGrants() );
338 $pw = TestingAccessWrapper
::newFromObject( $bp )->getPassword();
339 if ( $password === null ) {
340 $this->assertInstanceOf( 'InvalidPassword', $pw );
342 $this->assertTrue( $pw->equals( $password ) );
345 $token = $bp->getToken();
346 $this->assertFalse( $bp->save( 'insert' ) );
347 $this->assertTrue( $bp->save( 'update' ) );
348 $this->assertNotEquals( $token, $bp->getToken() );
349 $bp2 = BotPassword
::newFromCentralId( 42, 'TestSave', BotPassword
::READ_LATEST
);
350 $this->assertInstanceOf( 'BotPassword', $bp2 );
351 $this->assertEquals( $bp->getToken(), $bp2->getToken() );
352 $pw = TestingAccessWrapper
::newFromObject( $bp )->getPassword();
353 if ( $password === null ) {
354 $this->assertInstanceOf( 'InvalidPassword', $pw );
356 $this->assertTrue( $pw->equals( $password ) );
359 $pwhash = $passwordFactory->newFromPlaintext( 'XXX' );
360 $token = $bp->getToken();
361 $this->assertTrue( $bp->save( 'update', $pwhash ) );
362 $this->assertNotEquals( $token, $bp->getToken() );
363 $pw = TestingAccessWrapper
::newFromObject( $bp )->getPassword();
364 $this->assertTrue( $pw->equals( 'XXX' ) );
366 $this->assertTrue( $bp->delete() );
367 $this->assertFalse( $bp->isSaved() );
368 $this->assertNull( BotPassword
::newFromCentralId( 42, 'TestSave', BotPassword
::READ_LATEST
) );
370 $this->assertFalse( $bp->save( 'foobar' ) );
373 public static function provideSave() {
