search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
Localisation updates from https://translatewiki.net.
[mediawiki.git] / tests / phpunit / includes / session / BotPasswordSessionProviderTest.php
blob7cffd5662e86ade4fad20d08749ccc2658dd65c8
1 <?php
2
3 namespace MediaWiki\Tests\Session;
4
5 use InvalidArgumentException;
6 use MediaWiki\Config\HashConfig;
7 use MediaWiki\Config\MultiConfig;
8 use MediaWiki\MainConfigNames;
9 use MediaWiki\Request\FauxRequest;
10 use MediaWiki\Session\BotPasswordSessionProvider;
11 use MediaWiki\Session\Session;
12 use MediaWiki\Session\SessionInfo;
13 use MediaWiki\Session\SessionManager;
14 use MediaWiki\Session\UserInfo;
15 use MediaWiki\User\BotPassword;
16 use MediaWikiIntegrationTestCase;
17 use Psr\Log\LogLevel;
18 use Psr\Log\NullLogger;
19 use TestLogger;
20 use Wikimedia\TestingAccessWrapper;
21
22 /**
23 * @group Session
24 * @group Database
25 * @covers \MediaWiki\Session\BotPasswordSessionProvider
26 */
27 class BotPasswordSessionProviderTest extends MediaWikiIntegrationTestCase {
28 use SessionProviderTestTrait;
29
30 /** @var HashConfig */
31 private $config;
32 /** @var string */
33 private $configHash;
34
35 private function getProvider( $name = null, $prefix = null, $isApiRequest = true ) {
36 global $wgSessionProviders;
37
38 $params = [
39 'priority' => 40,
40 'sessionCookieName' => $name,
41 'sessionCookieOptions' => [],
42 'isApiRequest' => $isApiRequest,
43 ];
44 if ( $prefix !== null ) {
45 $params['sessionCookieOptions']['prefix'] = $prefix;
46 }
47
48 $configHash = json_encode( [ $name, $prefix, $isApiRequest ] );
49 if ( !$this->config || $this->configHash !== $configHash ) {
50 $this->config = new HashConfig( [
51 MainConfigNames::CookiePrefix => 'wgCookiePrefix',
52 MainConfigNames::EnableBotPasswords => true,
53 MainConfigNames::SessionProviders => $wgSessionProviders + [
54 BotPasswordSessionProvider::class => [
55 'class' => BotPasswordSessionProvider::class,
56 'args' => [ $params ],
57 'services' => [ 'GrantsInfo' ],
58 ]
59 ],
60 ] );
61 $this->configHash = $configHash;
62 }
63 $manager = new SessionManager( [
64 'config' => new MultiConfig( [ $this->config, $this->getServiceContainer()->getMainConfig() ] ),
65 'logger' => new NullLogger,
66 'store' => new TestBagOStuff,
67 ] );
68
69 return $manager->getProvider( BotPasswordSessionProvider::class );
70 }
71
72 protected function setUp(): void {
73 parent::setUp();
74
75 $this->overrideConfigValues( [
76 MainConfigNames::EnableBotPasswords => true,
77 MainConfigNames::CentralIdLookupProvider => 'local',
78 MainConfigNames::GrantPermissions => [
79 'test' => [ 'read' => true ],
80 ],
81 ] );
82 }
83
84 public function addDBDataOnce() {
85 $passwordFactory = $this->getServiceContainer()->getPasswordFactory();
86 $passwordHash = $passwordFactory->newFromPlaintext( 'foobaz' );
87
88 $sysop = static::getTestSysop()->getUser();
89 $userId = $this->getServiceContainer()
90 ->getCentralIdLookupFactory()
91 ->getLookup( 'local' )
92 ->centralIdFromName( $sysop->getName() );
93
94 $dbw = $this->getDb();
95 $dbw->newDeleteQueryBuilder()
96 ->deleteFrom( 'bot_passwords' )
97 ->where( [ 'bp_user' => $userId, 'bp_app_id' => 'BotPasswordSessionProvider' ] )
98 ->caller( __METHOD__ )->execute();
99 $dbw->newInsertQueryBuilder()
100 ->insertInto( 'bot_passwords' )
101 ->row( [
102 'bp_user' => $userId,
103 'bp_app_id' => 'BotPasswordSessionProvider',
104 'bp_password' => $passwordHash->toString(),
105 'bp_token' => 'token!',
106 'bp_restrictions' => '{"IPAddresses":["127.0.0.0/8"]}',
107 'bp_grants' => '["test"]',
108 ] )
109 ->caller( __METHOD__ )
110 ->execute();
111 }
112
113 public function testConstructor() {
114 $grantsInfo = $this->getServiceContainer()->getGrantsInfo();
115
116 try {
117 $provider = new BotPasswordSessionProvider( $grantsInfo );
118 $this->fail( 'Expected exception not thrown' );
119 } catch ( InvalidArgumentException $ex ) {
120 $this->assertSame(
121 'MediaWiki\\Session\\BotPasswordSessionProvider::__construct: priority must be specified',
122 $ex->getMessage()
123 );
124 }
125
126 try {
127 $provider = new BotPasswordSessionProvider(
128 $grantsInfo,
129 [
130 'priority' => SessionInfo::MIN_PRIORITY - 1
131 ]
132 );
133 $this->fail( 'Expected exception not thrown' );
134 } catch ( InvalidArgumentException $ex ) {
135 $this->assertSame(
136 'MediaWiki\\Session\\BotPasswordSessionProvider::__construct: Invalid priority',
137 $ex->getMessage()
138 );
139 }
140
141 try {
142 $provider = new BotPasswordSessionProvider(
143 $grantsInfo,
144 [
145 'priority' => SessionInfo::MAX_PRIORITY + 1
146 ]
147 );
148 $this->fail( 'Expected exception not thrown' );
149 } catch ( InvalidArgumentException $ex ) {
150 $this->assertSame(
151 'MediaWiki\\Session\\BotPasswordSessionProvider::__construct: Invalid priority',
152 $ex->getMessage()
153 );
154 }
155
156 $provider = new BotPasswordSessionProvider(
157 $grantsInfo,
158 [ 'priority' => 40 ]
159 );
160 $priv = TestingAccessWrapper::newFromObject( $provider );
161 $this->assertSame( 40, $priv->priority );
162 $this->assertSame( '_BPsession', $priv->sessionCookieName );
163 $this->assertSame( [], $priv->sessionCookieOptions );
164
165 $provider = new BotPasswordSessionProvider(
166 $grantsInfo,
167 [
168 'priority' => 40,
169 'sessionCookieName' => null,
170 ]
171 );
172 $priv = TestingAccessWrapper::newFromObject( $provider );
173 $this->assertSame( '_BPsession', $priv->sessionCookieName );
174
175 $provider = new BotPasswordSessionProvider(
176 $grantsInfo,
177 [
178 'priority' => 40,
179 'sessionCookieName' => 'Foo',
180 'sessionCookieOptions' => [ 'Bar' ],
181 ]
182 );
183 $priv = TestingAccessWrapper::newFromObject( $provider );
184 $this->assertSame( 'Foo', $priv->sessionCookieName );
185 $this->assertSame( [ 'Bar' ], $priv->sessionCookieOptions );
186 }
187
188 public function testBasics() {
189 $provider = $this->getProvider();
190
191 $this->assertTrue( $provider->persistsSessionId() );
192 $this->assertFalse( $provider->canChangeUser() );
193
194 $this->assertNull( $provider->newSessionInfo() );
195 $this->assertNull( $provider->newSessionInfo( 'aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa' ) );
196 }
197
198 public function testProvideSessionInfo() {
199 $request = new FauxRequest;
200 $request->setCookie( '_BPsession', 'aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa', 'wgCookiePrefix' );
201
202 $provider = $this->getProvider( null, null, false );
203 $this->assertNull( $provider->provideSessionInfo( $request ) );
204
205 $provider = $this->getProvider();
206
207 $info = $provider->provideSessionInfo( $request );
208 $this->assertInstanceOf( SessionInfo::class, $info );
209 $this->assertSame( 'aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa', $info->getId() );
210
211 $this->config->set( MainConfigNames::EnableBotPasswords, false );
212 $this->assertNull( $provider->provideSessionInfo( $request ) );
213 $this->config->set( MainConfigNames::EnableBotPasswords, true );
214
215 $this->assertNull( $provider->provideSessionInfo( new FauxRequest ) );
216 }
217
218 public function testNewSessionInfoForRequest() {
219 $provider = $this->getProvider();
220 $user = static::getTestSysop()->getUser();
221 $request = $this->getMockBuilder( FauxRequest::class )
222 ->onlyMethods( [ 'getIP' ] )->getMock();
223 $request->method( 'getIP' )
224 ->willReturn( '127.0.0.1' );
225 $bp = BotPassword::newFromUser( $user, 'BotPasswordSessionProvider' );
226
227 $session = $provider->newSessionForRequest( $user, $bp, $request );
228 $this->assertInstanceOf( Session::class, $session );
229
230 $this->assertEquals( $session->getId(), $request->getSession()->getId() );
231 $this->assertEquals( $user->getName(), $session->getUser()->getName() );
232
233 $this->assertEquals( [
234 'centralId' => $bp->getUserCentralId(),
235 'appId' => $bp->getAppId(),
236 'token' => $bp->getToken(),
237 'rights' => [ 'read' ],
238 'restrictions' => $bp->getRestrictions()->toJson(),
239 ], $session->getProviderMetadata() );
240
241 $this->assertEquals( [ 'read' ], $session->getAllowedUserRights() );
242 }
243
244 public function testCheckSessionInfo() {
245 $logger = new TestLogger( true );
246 $provider = $this->getProvider();
247 $this->initProvider( $provider, $logger );
248
249 $user = static::getTestSysop()->getUser();
250 $request = $this->getMockBuilder( FauxRequest::class )
251 ->onlyMethods( [ 'getIP' ] )->getMock();
252 $request->method( 'getIP' )
253 ->willReturn( '127.0.0.1' );
254 $bp = BotPassword::newFromUser( $user, 'BotPasswordSessionProvider' );
255
256 $data = [
257 'provider' => $provider,
258 'id' => 'aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa',
259 'userInfo' => UserInfo::newFromUser( $user, true ),
260 'persisted' => false,
261 'metadata' => [
262 'centralId' => $bp->getUserCentralId(),
263 'appId' => $bp->getAppId(),
264 'token' => $bp->getToken(),
265 ],
266 ];
267 $dataMD = $data['metadata'];
268
269 foreach ( $data['metadata'] as $key => $_ ) {
270 $data['metadata'] = $dataMD;
271 unset( $data['metadata'][$key] );
272 $info = new SessionInfo( SessionInfo::MIN_PRIORITY, $data );
273 $metadata = $info->getProviderMetadata();
274
275 $this->assertFalse( $provider->refreshSessionInfo( $info, $request, $metadata ) );
276 $this->assertSame( [
277 [ LogLevel::INFO, 'Session "{session}": Missing metadata: {missing}' ]
278 ], $logger->getBuffer() );
279 $logger->clearBuffer();
280 }
281
282 $data['metadata'] = $dataMD;
283 $data['metadata']['appId'] = 'Foobar';
284 $info = new SessionInfo( SessionInfo::MIN_PRIORITY, $data );
285 $metadata = $info->getProviderMetadata();
286 $this->assertFalse( $provider->refreshSessionInfo( $info, $request, $metadata ) );
287 $this->assertSame( [
288 [ LogLevel::INFO, 'Session "{session}": No BotPassword for {centralId} {appId}' ],
289 ], $logger->getBuffer() );
290 $logger->clearBuffer();
291
292 $data['metadata'] = $dataMD;
293 $data['metadata']['token'] = 'Foobar';
294 $info = new SessionInfo( SessionInfo::MIN_PRIORITY, $data );
295 $metadata = $info->getProviderMetadata();
296 $this->assertFalse( $provider->refreshSessionInfo( $info, $request, $metadata ) );
297 $this->assertSame( [
298 [ LogLevel::INFO, 'Session "{session}": BotPassword token check failed' ],
299 ], $logger->getBuffer() );
300 $logger->clearBuffer();
301
302 $request2 = $this->getMockBuilder( FauxRequest::class )
303 ->onlyMethods( [ 'getIP' ] )->getMock();
304 $request2->method( 'getIP' )
305 ->willReturn( '10.0.0.1' );
306 $data['metadata'] = $dataMD;
307 $info = new SessionInfo( SessionInfo::MIN_PRIORITY, $data );
308 $metadata = $info->getProviderMetadata();
309 $this->assertFalse( $provider->refreshSessionInfo( $info, $request2, $metadata ) );
310 $this->assertSame( [
311 [ LogLevel::INFO, 'Session "{session}": Restrictions check failed' ],
312 ], $logger->getBuffer() );
313 $logger->clearBuffer();
314
315 $info = new SessionInfo( SessionInfo::MIN_PRIORITY, $data );
316 $metadata = $info->getProviderMetadata();
317 $this->assertTrue( $provider->refreshSessionInfo( $info, $request, $metadata ) );
318 $this->assertSame( [], $logger->getBuffer() );
319 $this->assertEquals( $dataMD + [ 'rights' => [ 'read' ] ], $metadata );
320 }
321
322 public function testGetAllowedUserRights() {
323 $logger = new TestLogger( true );
324 $provider = $this->getProvider();
325 $this->initProvider( $provider, $logger );
326
327 $backend = TestUtils::getDummySessionBackend();
328 $backendPriv = TestingAccessWrapper::newFromObject( $backend );
329
330 try {
331 $provider->getAllowedUserRights( $backend );
332 $this->fail( 'Expected exception not thrown' );
333 } catch ( InvalidArgumentException $ex ) {
334 $this->assertSame( 'Backend\'s provider isn\'t $this', $ex->getMessage() );
335 }
336
337 $backendPriv->provider = $provider;
338 $backendPriv->providerMetadata = [ 'rights' => [ 'foo', 'bar', 'baz' ] ];
339 $this->assertSame( [ 'foo', 'bar', 'baz' ], $provider->getAllowedUserRights( $backend ) );
340 $this->assertSame( [], $logger->getBuffer() );
341
342 $backendPriv->providerMetadata = [ 'foo' => 'bar' ];
343 $this->assertSame( [], $provider->getAllowedUserRights( $backend ) );
344 $this->assertSame( [
345 [
346 LogLevel::DEBUG,
347 'MediaWiki\\Session\\BotPasswordSessionProvider::getAllowedUserRights: ' .
348 'No provider metadata, returning no rights allowed'
349 ]
350 ], $logger->getBuffer() );
351 $logger->clearBuffer();
352
353 $backendPriv->providerMetadata = [ 'rights' => 'bar' ];
354 $this->assertSame( [], $provider->getAllowedUserRights( $backend ) );
355 $this->assertSame( [
356 [
357 LogLevel::DEBUG,
358 'MediaWiki\\Session\\BotPasswordSessionProvider::getAllowedUserRights: ' .
359 'No provider metadata, returning no rights allowed'
360 ]
361 ], $logger->getBuffer() );
362 $logger->clearBuffer();
363
364 $backendPriv->providerMetadata = null;
365 $this->assertSame( [], $provider->getAllowedUserRights( $backend ) );
366 $this->assertSame( [
367 [
368 LogLevel::DEBUG,
369 'MediaWiki\\Session\\BotPasswordSessionProvider::getAllowedUserRights: ' .
370 'No provider metadata, returning no rights allowed'
371 ]
372 ], $logger->getBuffer() );
373 $logger->clearBuffer();
374 }
375 }
MediaWiki Core