search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
Move IDatabase/IMaintainableDatabase to Rdbms namespace
[mediawiki.git] / tests / phpunit / includes / password / UserPasswordPolicyTest.php
blob8a69b5ce1ebad7998c15d4a3d27a5c2b3a6396cf
1 <?php
2 /**
3 * Testing for password-policy enforcement, based on a user's groups.
4 *
5 * This program is free software; you can redistribute it and/or modify
6 * it under the terms of the GNU General Public License as published by
7 * the Free Software Foundation; either version 2 of the License, or
8 * (at your option) any later version.
9 *
10 * This program is distributed in the hope that it will be useful,
11 * but WITHOUT ANY WARRANTY; without even the implied warranty of
12 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
13 * GNU General Public License for more details.
14 *
15 * You should have received a copy of the GNU General Public License along
16 * with this program; if not, write to the Free Software Foundation, Inc.,
17 * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
18 * http://www.gnu.org/copyleft/gpl.html
19 *
20 * @file
21 */
22
23 /**
24 * @group Database
25 */
26 class UserPasswordPolicyTest extends MediaWikiTestCase {
27
28 protected $policies = [
29 'checkuser' => [
30 'MinimalPasswordLength' => 10,
31 'MinimumPasswordLengthToLogin' => 6,
32 'PasswordCannotMatchUsername' => true,
33 ],
34 'sysop' => [
35 'MinimalPasswordLength' => 8,
36 'MinimumPasswordLengthToLogin' => 1,
37 'PasswordCannotMatchUsername' => true,
38 ],
39 'default' => [
40 'MinimalPasswordLength' => 4,
41 'MinimumPasswordLengthToLogin' => 1,
42 'PasswordCannotMatchBlacklist' => true,
43 'MaximalPasswordLength' => 4096,
44 ],
45 ];
46
47 protected $checks = [
48 'MinimalPasswordLength' => 'PasswordPolicyChecks::checkMinimalPasswordLength',
49 'MinimumPasswordLengthToLogin' => 'PasswordPolicyChecks::checkMinimumPasswordLengthToLogin',
50 'PasswordCannotMatchUsername' => 'PasswordPolicyChecks::checkPasswordCannotMatchUsername',
51 'PasswordCannotMatchBlacklist' => 'PasswordPolicyChecks::checkPasswordCannotMatchBlacklist',
52 'MaximalPasswordLength' => 'PasswordPolicyChecks::checkMaximalPasswordLength',
53 ];
54
55 private function getUserPasswordPolicy() {
56 return new UserPasswordPolicy( $this->policies, $this->checks );
57 }
58
59 /**
60 * @covers UserPasswordPolicy::getPoliciesForUser
61 */
62 public function testGetPoliciesForUser() {
63
64 $upp = $this->getUserPasswordPolicy();
65
66 $user = User::newFromName( 'TestUserPolicy' );
67 $user->addToDatabase();
68 $user->addGroup( 'sysop' );
69
70 $this->assertArrayEquals(
71 [
72 'MinimalPasswordLength' => 8,
73 'MinimumPasswordLengthToLogin' => 1,
74 'PasswordCannotMatchUsername' => 1,
75 'PasswordCannotMatchBlacklist' => true,
76 'MaximalPasswordLength' => 4096,
77 ],
78 $upp->getPoliciesForUser( $user )
79 );
80 }
81
82 /**
83 * @covers UserPasswordPolicy::getPoliciesForGroups
84 */
85 public function testGetPoliciesForGroups() {
86 $effective = UserPasswordPolicy::getPoliciesForGroups(
87 $this->policies,
88 [ 'user', 'checkuser' ],
89 $this->policies['default']
90 );
91
92 $this->assertArrayEquals(
93 [
94 'MinimalPasswordLength' => 10,
95 'MinimumPasswordLengthToLogin' => 6,
96 'PasswordCannotMatchUsername' => true,
97 'PasswordCannotMatchBlacklist' => true,
98 'MaximalPasswordLength' => 4096,
99 ],
100 $effective
101 );
102 }
103
104 /**
105 * @dataProvider provideCheckUserPassword
106 * @covers UserPasswordPolicy::checkUserPassword
107 */
108 public function testCheckUserPassword( $username, $groups, $password, $valid, $ok, $msg ) {
109
110 $upp = $this->getUserPasswordPolicy();
111
112 $user = User::newFromName( $username );
113 $user->addToDatabase();
114 foreach ( $groups as $group ) {
115 $user->addGroup( $group );
116 }
117
118 $status = $upp->checkUserPassword( $user, $password );
119 $this->assertSame( $valid, $status->isGood(), $msg . ' - password valid' );
120 $this->assertSame( $ok, $status->isOK(), $msg . ' - can login' );
121 }
122
123 public function provideCheckUserPassword() {
124 return [
125 [
126 'PassPolicyUser',
127 [],
128 '',
129 false,
130 false,
131 'No groups, default policy, password too short to login'
132 ],
133 [
134 'PassPolicyUser',
135 [ 'user' ],
136 'aaa',
137 false,
138 true,
139 'Default policy, short password'
140 ],
141 [
142 'PassPolicyUser',
143 [ 'sysop' ],
144 'abcdabcdabcd',
145 true,
146 true,
147 'Sysop with good password'
148 ],
149 [
150 'PassPolicyUser',
151 [ 'sysop' ],
152 'abcd',
153 false,
154 true,
155 'Sysop with short password'
156 ],
157 [
158 'PassPolicyUser',
159 [ 'sysop', 'checkuser' ],
160 'abcdabcd',
161 false,
162 true,
163 'Checkuser with short password'
164 ],
165 [
166 'PassPolicyUser',
167 [ 'sysop', 'checkuser' ],
168 'abcd',
169 false,
170 false,
171 'Checkuser with too short password to login'
172 ],
173 [
174 'Useruser',
175 [ 'user' ],
176 'Passpass',
177 false,
178 true,
179 'Username & password on blacklist'
180 ],
181 ];
182 }
183
184 /**
185 * @dataProvider provideMaxOfPolicies
186 * @covers UserPasswordPolicy::maxOfPolicies
187 */
188 public function testMaxOfPolicies( $p1, $p2, $max, $msg ) {
189 $this->assertArrayEquals(
190 $max,
191 UserPasswordPolicy::maxOfPolicies( $p1, $p2 ),
192 $msg
193 );
194 }
195
196 public function provideMaxOfPolicies() {
197 return [
198 [
199 [ 'MinimalPasswordLength' => 8 ], // p1
200 [ 'MinimalPasswordLength' => 2 ], // p2
201 [ 'MinimalPasswordLength' => 8 ], // max
202 'Basic max in p1'
203 ],
204 [
205 [ 'MinimalPasswordLength' => 2 ], // p1
206 [ 'MinimalPasswordLength' => 8 ], // p2
207 [ 'MinimalPasswordLength' => 8 ], // max
208 'Basic max in p2'
209 ],
210 [
211 [ 'MinimalPasswordLength' => 8 ], // p1
212 [
213 'MinimalPasswordLength' => 2,
214 'PasswordCannotMatchUsername' => 1,
215 ], // p2
216 [
217 'MinimalPasswordLength' => 8,
218 'PasswordCannotMatchUsername' => 1,
219 ], // max
220 'Missing items in p1'
221 ],
222 [
223 [
224 'MinimalPasswordLength' => 8,
225 'PasswordCannotMatchUsername' => 1,
226 ], // p1
227 [
228 'MinimalPasswordLength' => 2,
229 ], // p2
230 [
231 'MinimalPasswordLength' => 8,
232 'PasswordCannotMatchUsername' => 1,
233 ], // max
234 'Missing items in p2'
235 ],
236 ];
237 }
238
239 }
MediaWiki Core