search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
Merge "Adding token validation to the edit handler"
[mediawiki.git] / tests / phpunit / includes / user / UserTest.php
blobfe8ab73aec6fed567f859557bacd3a6061d5ed33
1 <?php
2
3 use MediaWiki\Block\CompositeBlock;
4 use MediaWiki\Block\DatabaseBlock;
5 use MediaWiki\Block\SystemBlock;
6 use MediaWiki\Context\RequestContext;
7 use MediaWiki\MainConfigNames;
8 use MediaWiki\Permissions\RateLimiter;
9 use MediaWiki\Permissions\RateLimitSubject;
10 use MediaWiki\Request\FauxRequest;
11 use MediaWiki\Request\WebRequest;
12 use MediaWiki\Tests\Unit\DummyServicesTrait;
13 use MediaWiki\Tests\User\TempUser\TempUserTestTrait;
14 use MediaWiki\Title\Title;
15 use MediaWiki\User\User;
16 use MediaWiki\User\UserIdentityValue;
17 use MediaWiki\Utils\MWTimestamp;
18 use Wikimedia\Assert\PreconditionException;
19 use Wikimedia\Rdbms\IDBAccessObject;
20 use Wikimedia\TestingAccessWrapper;
21
22 /**
23 * @coversDefaultClass \MediaWiki\User\User
24 * @group Database
25 */
26 class UserTest extends MediaWikiIntegrationTestCase {
27 use DummyServicesTrait;
28 use TempUserTestTrait;
29
30 /** Constant for self::testIsBlockedFrom */
31 private const USER_TALK_PAGE = '<user talk page>';
32
33 /**
34 * @var User
35 */
36 protected $user;
37
38 protected function setUp(): void {
39 parent::setUp();
40
41 $this->overrideConfigValues( [
42 MainConfigNames::GroupPermissions => [],
43 MainConfigNames::RevokePermissions => [],
44 MainConfigNames::UseRCPatrol => true,
45 MainConfigNames::WatchlistExpiry => true,
46 MainConfigNames::AutoConfirmAge => 0,
47 MainConfigNames::AutoConfirmCount => 0,
48 ] );
49
50 $this->setUpPermissionGlobals();
51
52 $this->user = $this->getTestUser( 'unittesters' )->getUser();
53 }
54
55 private function setUpPermissionGlobals() {
56 $this->setGroupPermissions( [
57 // Data for regular $wgGroupPermissions test
58 'unittesters' => [
59 'test' => true,
60 'runtest' => true,
61 'writetest' => false,
62 'nukeworld' => false,
63 'autoconfirmed' => false,
64 ],
65 'testwriters' => [
66 'test' => true,
67 'writetest' => true,
68 'modifytest' => true,
69 'autoconfirmed' => true,
70 ],
71 // For the options and watchlist tests
72 '*' => [
73 'editmyoptions' => true,
74 'editmywatchlist' => true,
75 'viewmywatchlist' => true,
76 ],
77 // For patrol tests
78 'patroller' => [
79 'patrol' => true,
80 ],
81 // For account creation when blocked test
82 'accountcreator' => [
83 'createaccount' => true,
84 'ipblock-exempt' => true
85 ],
86 // For bot and ratelimit tests
87 'bot' => [
88 'bot' => true,
89 'noratelimit' => true,
90 ]
91 ] );
92
93 $this->overrideConfigValue(
94 MainConfigNames::RevokePermissions,
95 // Data for regular $wgRevokePermissions test
96 [ 'formertesters' => [ 'runtest' => true ] ]
97 );
98 }
99
100 private function setSessionUser( User $user, WebRequest $request ) {
101 RequestContext::getMain()->setUser( $user );
102 RequestContext::getMain()->setRequest( $request );
103 TestingAccessWrapper::newFromObject( $user )->mRequest = $request;
104 $request->getSession()->setUser( $user );
105 }
106
107 /**
108 * @covers \MediaWiki\User\User::isAllowedAny
109 * @covers \MediaWiki\User\User::isAllowedAll
110 * @covers \MediaWiki\User\User::isAllowed
111 * @covers \MediaWiki\User\User::isNewbie
112 */
113 public function testIsAllowed() {
114 $this->assertFalse(
115 $this->user->isAllowed( 'writetest' ),
116 'Basic isAllowed works with a group not granted a right'
117 );
118 $this->assertTrue(
119 $this->user->isAllowedAny( 'test', 'writetest' ),
120 'A user with only one of the rights can pass isAllowedAll'
121 );
122 $this->assertTrue(
123 $this->user->isAllowedAll( 'test', 'runtest' ),
124 'A user with multiple rights can pass isAllowedAll'
125 );
126 $this->assertFalse(
127 $this->user->isAllowedAll( 'test', 'runtest', 'writetest' ),
128 'A user needs all rights specified to pass isAllowedAll'
129 );
130 $this->assertTrue(
131 $this->user->isNewbie(),
132 'Unit testers are not autoconfirmed yet'
133 );
134
135 $user = $this->getTestUser( 'testwriters' )->getUser();
136 $this->assertTrue(
137 $user->isAllowed( 'test' ),
138 'Basic isAllowed works with a group granted a right'
139 );
140 $this->assertTrue(
141 $user->isAllowed( 'writetest' ),
142 'Testwriters pass isAllowed with `writetest`'
143 );
144 $this->assertFalse(
145 $user->isNewbie(),
146 'Test writers are autoconfirmed'
147 );
148 }
149
150 /**
151 * @covers \MediaWiki\User\User::useRCPatrol
152 * @covers \MediaWiki\User\User::useNPPatrol
153 * @covers \MediaWiki\User\User::useFilePatrol
154 */
155 public function testPatrolling() {
156 $user = $this->getTestUser( 'patroller' )->getUser();
157
158 $this->assertTrue( $user->useRCPatrol() );
159 $this->assertTrue( $user->useNPPatrol() );
160 $this->assertTrue( $user->useFilePatrol() );
161
162 $this->assertFalse( $this->user->useRCPatrol() );
163 $this->assertFalse( $this->user->useNPPatrol() );
164 $this->assertFalse( $this->user->useFilePatrol() );
165 }
166
167 /**
168 * @covers \MediaWiki\User\User::isBot
169 */
170 public function testBot() {
171 $user = $this->getTestUser( 'bot' )->getUser();
172
173 $userGroupManager = $this->getServiceContainer()->getUserGroupManager();
174 $this->assertSame( [ 'bot' ], $userGroupManager->getUserGroups( $user ) );
175 $this->assertArrayHasKey( 'bot', $userGroupManager->getUserGroupMemberships( $user ) );
176 $this->assertTrue( $user->isBot() );
177
178 $this->assertArrayNotHasKey( 'bot', $userGroupManager->getUserGroupMemberships( $this->user ) );
179 $this->assertFalse( $this->user->isBot() );
180 }
181
182 /**
183 * Test User::editCount
184 * @group medium
185 * @covers \MediaWiki\User\User::getEditCount
186 */
187 public function testGetEditCount() {
188 $user = $this->getMutableTestUser()->getUser();
189
190 // let the user have a few (3) edits
191 $title = Title::makeTitle( NS_HELP, 'UserTest_EditCount' );
192 for ( $i = 0; $i < 3; $i++ ) {
193 $this->editPage(
194 $title,
195 (string)$i,
196 'test',
197 NS_MAIN,
198 $user
199 );
200 }
201
202 $this->assertSame(
203 3,
204 $user->getEditCount(),
205 'After three edits, the user edit count should be 3'
206 );
207
208 // increase the edit count
209 $this->getServiceContainer()->getUserEditTracker()->incrementUserEditCount( $user );
210 $user->clearInstanceCache();
211
212 $this->assertSame(
213 4,
214 $user->getEditCount(),
215 'After increasing the edit count manually, the user edit count should be 4'
216 );
217 }
218
219 /**
220 * Test User::editCount
221 * @group medium
222 * @covers \MediaWiki\User\User::getEditCount
223 */
224 public function testGetEditCountForAnons() {
225 $user = User::newFromName( 'Anonymous' );
226
227 $this->assertNull(
228 $user->getEditCount(),
229 'Edit count starts null for anonymous users.'
230 );
231
232 $this->assertNull(
233 $this->getServiceContainer()->getUserEditTracker()->incrementUserEditCount( $user ),
234 'Edit count cannot be increased for anonymous users'
235 );
236
237 $this->assertNull(
238 $user->getEditCount(),
239 'Edit count remains null for anonymous users despite calls to increase it.'
240 );
241 }
242
243 /**
244 * @covers \MediaWiki\User\User::getRightDescription
245 */
246 public function testGetRightDescription() {
247 $key = 'deletechangetags';
248 $parsedDescription = User::getRightDescription( $key );
249 $this->assertMatchesRegularExpression( '/[|]/', $parsedDescription );
250 }
251
252 /**
253 * @covers \MediaWiki\User\User::getRightDescriptionHtml
254 */
255 public function testGetParsedRightDescription() {
256 $key = 'deletechangetags';
257 $parsedDescription = User::getRightDescriptionHtml( $key );
258 $this->assertMatchesRegularExpression( '/<.*>/', $parsedDescription );
259 }
260
261 /**
262 * Test password validity checks. There are 3 checks in core:
263 * - ensure the password meets the minimal length
264 * - ensure the password is not the same as the username
265 * - ensure the username/password combo isn't forbidden
266 * @covers \MediaWiki\User\User::checkPasswordValidity()
267 * @covers \MediaWiki\User\User::isValidPassword()
268 */
269 public function testCheckPasswordValidity() {
270 $this->overrideConfigValue(
271 MainConfigNames::PasswordPolicy,
272 [
273 'policies' => [
274 'sysop' => [
275 'MinimalPasswordLength' => 8,
276 'MinimumPasswordLengthToLogin' => 1,
277 'PasswordCannotBeSubstringInUsername' => 1,
278 ],
279 'default' => [
280 'MinimalPasswordLength' => 6,
281 'PasswordCannotBeSubstringInUsername' => true,
282 'PasswordCannotMatchDefaults' => true,
283 'MaximalPasswordLength' => 40,
284 ],
285 ],
286 'checks' => [
287 'MinimalPasswordLength' => 'MediaWiki\Password\PasswordPolicyChecks::checkMinimalPasswordLength',
288 'MinimumPasswordLengthToLogin' => 'MediaWiki\Password\PasswordPolicyChecks::checkMinimumPasswordLengthToLogin',
289 'PasswordCannotBeSubstringInUsername' =>
290 'MediaWiki\Password\PasswordPolicyChecks::checkPasswordCannotBeSubstringInUsername',
291 'PasswordCannotMatchDefaults' => 'MediaWiki\Password\PasswordPolicyChecks::checkPasswordCannotMatchDefaults',
292 'MaximalPasswordLength' => 'MediaWiki\Password\PasswordPolicyChecks::checkMaximalPasswordLength',
293 ],
294 ]
295 );
296
297 $this->assertTrue( $this->user->isValidPassword( 'Password1234' ) );
298
299 // Minimum length
300 $this->assertFalse( $this->user->isValidPassword( 'a' ) );
301 $status = $this->user->checkPasswordValidity( 'a' );
302 $this->assertStatusWarning( 'passwordtooshort', $status );
303
304 // Maximum length
305 $longPass = str_repeat( 'a', 41 );
306 $this->assertFalse( $this->user->isValidPassword( $longPass ) );
307 $status = $this->user->checkPasswordValidity( $longPass );
308 $this->assertStatusError( 'passwordtoolong', $status );
309
310 // Matches username
311 $status = $this->user->checkPasswordValidity( $this->user->getName() );
312 $this->assertStatusWarning( 'password-substring-username-match', $status );
313
314 $this->setTemporaryHook( 'isValidPassword', static function ( $password, &$result, $user ) {
315 $result = 'isValidPassword returned false';
316 return false;
317 } );
318 $status = $this->user->checkPasswordValidity( 'Password1234' );
319 $this->assertStatusWarning( 'isValidPassword returned false', $status );
320
321 $this->removeTemporaryHook( 'isValidPassword' );
322
323 $this->setTemporaryHook( 'isValidPassword', static function ( $password, &$result, $user ) {
324 $result = true;
325 return true;
326 } );
327 $status = $this->user->checkPasswordValidity( 'Password1234' );
328 $this->assertStatusGood( $status );
329
330 $this->removeTemporaryHook( 'isValidPassword' );
331
332 $this->setTemporaryHook( 'isValidPassword', static function ( $password, &$result, $user ) {
333 $result = 'isValidPassword returned true';
334 return true;
335 } );
336 $status = $this->user->checkPasswordValidity( 'Password1234' );
337 $this->assertStatusWarning( 'isValidPassword returned true', $status );
338
339 $this->removeTemporaryHook( 'isValidPassword' );
340
341 // On the forbidden list
342 $user = User::newFromName( 'Useruser' );
343 $status = $user->checkPasswordValidity( 'Passpass' );
344 $this->assertStatusWarning( 'password-login-forbidden', $status );
345 }
346
347 /**
348 * @covers \MediaWiki\User\User::equals
349 */
350 public function testEquals() {
351 $first = $this->getMutableTestUser()->getUser();
352 $second = User::newFromName( $first->getName() );
353
354 $this->assertTrue( $first->equals( $first ) );
355 $this->assertTrue( $first->equals( $second ) );
356 $this->assertTrue( $second->equals( $first ) );
357
358 $third = $this->getMutableTestUser()->getUser();
359 $fourth = $this->getMutableTestUser()->getUser();
360
361 $this->assertFalse( $third->equals( $fourth ) );
362 $this->assertFalse( $fourth->equals( $third ) );
363
364 // Test users loaded from db with id
365 $user = $this->getMutableTestUser()->getUser();
366 $fifth = User::newFromId( $user->getId() );
367 $sixth = User::newFromName( $user->getName() );
368 $this->assertTrue( $fifth->equals( $sixth ) );
369 }
370
371 /**
372 * @covers \MediaWiki\User\User::getId
373 * @covers \MediaWiki\User\User::setId
374 */
375 public function testUserId() {
376 $this->assertGreaterThan( 0, $this->user->getId() );
377
378 $user = User::newFromName( 'UserWithNoId' );
379 $this->assertSame( 0, $user->getId() );
380
381 $user->setId( 7 );
382 $this->assertSame(
383 7,
384 $user->getId(),
385 'Manually setting a user id via ::setId is reflected in ::getId'
386 );
387
388 $user = new User;
389 $user->setName( '1.2.3.4' );
390 $this->assertSame(
391 0,
392 $user->getId(),
393 'IPs have an id of 0'
394 );
395 }
396
397 /**
398 * @covers \MediaWiki\User\User::isRegistered
399 * @covers \MediaWiki\User\User::isAnon
400 * @covers \MediaWiki\User\User::logOut
401 */
402 public function testIsRegistered() {
403 $user = $this->getMutableTestUser()->getUser();
404 $this->assertTrue( $user->isRegistered() );
405 $this->assertFalse( $user->isAnon() );
406
407 $this->setTemporaryHook( 'UserLogout', static function ( &$user ) {
408 return false;
409 } );
410 $user->logout();
411 $this->assertTrue( $user->isRegistered() );
412
413 $this->removeTemporaryHook( 'UserLogout' );
414 $user->logout();
415 $this->assertFalse( $user->isRegistered() );
416
417 // Non-existent users are perceived as anonymous
418 $user = User::newFromName( 'UTNonexistent' );
419 $this->assertFalse( $user->isRegistered() );
420 $this->assertTrue( $user->isAnon() );
421
422 $user = new User;
423 $this->assertFalse( $user->isRegistered() );
424 $this->assertTrue( $user->isAnon() );
425 }
426
427 /**
428 * @covers \MediaWiki\User\User::setRealName
429 * @covers \MediaWiki\User\User::getRealName
430 */
431 public function testRealName() {
432 $user = $this->getMutableTestUser()->getUser();
433 $realName = 'John Doe';
434
435 $user->setRealName( $realName );
436 $this->assertSame(
437 $realName,
438 $user->getRealName(),
439 'Real name retrieved from cache'
440 );
441
442 $id = $user->getId();
443 $user->saveSettings();
444
445 $otherUser = User::newFromId( $id );
446 $this->assertSame(
447 $realName,
448 $otherUser->getRealName(),
449 'Real name retrieved from database'
450 );
451 }
452
453 /**
454 * @covers \MediaWiki\User\User::checkAndSetTouched
455 * @covers \MediaWiki\User\User::getDBTouched()
456 */
457 public function testCheckAndSetTouched() {
458 $user = $this->getMutableTestUser()->getUser();
459 $user = TestingAccessWrapper::newFromObject( $user );
460 $this->assertTrue( $user->isRegistered() );
461
462 $touched = $user->getDBTouched();
463 $this->assertTrue(
464 $user->checkAndSetTouched(), "checkAndSetTouched() succedeed" );
465 $this->assertGreaterThan(
466 $touched, $user->getDBTouched(), "user_touched increased with casOnTouched()" );
467
468 $touched = $user->getDBTouched();
469 $this->assertTrue(
470 $user->checkAndSetTouched(), "checkAndSetTouched() succedeed #2" );
471 $this->assertGreaterThan(
472 $touched, $user->getDBTouched(), "user_touched increased with casOnTouched() #2" );
473 }
474
475 /**
476 * @covers \MediaWiki\User\User::validateCache
477 * @covers \MediaWiki\User\User::getTouched
478 */
479 public function testValidateCache() {
480 $user = $this->getTestUser()->getUser();
481
482 $initialTouchMW = $user->getTouched();
483 $initialTouchUnix = ( new MWTimestamp( $initialTouchMW ) )->getTimestamp();
484
485 $earlierUnix = $initialTouchUnix - 1000;
486 $earlierMW = ( new MWTimestamp( $earlierUnix ) )->getTimestamp( TS_MW );
487 $this->assertFalse(
488 $user->validateCache( $earlierMW ),
489 'Caches from before the value of getTouched() are not valid'
490 );
491
492 $laterUnix = $initialTouchUnix + 1000;
493 $laterMW = ( new MWTimestamp( $laterUnix ) )->getTimestamp( TS_MW );
494 $this->assertTrue(
495 $user->validateCache( $laterMW ),
496 'Caches from after the value of getTouched() are valid'
497 );
498 }
499
500 /**
501 * @covers \MediaWiki\User\User::findUsersByGroup
502 */
503 public function testFindUsersByGroup() {
504 $users = User::findUsersByGroup( [] );
505 $this->assertSame( 0, iterator_count( $users ) );
506
507 $users = User::findUsersByGroup( 'foo', 1, 1 );
508 $this->assertSame( 0, iterator_count( $users ) );
509
510 $user = $this->getMutableTestUser( [ 'foo' ] )->getUser();
511 $users = User::findUsersByGroup( 'foo' );
512 $this->assertSame( 1, iterator_count( $users ) );
513 $users->rewind();
514 $this->assertTrue( $user->equals( $users->current() ) );
515
516 // arguments have OR relationship
517 $user2 = $this->getMutableTestUser( [ 'bar' ] )->getUser();
518 $users = User::findUsersByGroup( [ 'foo', 'bar' ] );
519 $this->assertSame( 2, iterator_count( $users ) );
520 $users->rewind();
521 $this->assertTrue( $user->equals( $users->current() ) );
522 $users->next();
523 $this->assertTrue( $user2->equals( $users->current() ) );
524
525 // users are not duplicated
526 $user = $this->getMutableTestUser( [ 'baz', 'boom' ] )->getUser();
527 $users = User::findUsersByGroup( [ 'baz', 'boom' ] );
528 $this->assertSame( 1, iterator_count( $users ) );
529 $users->rewind();
530 $this->assertTrue( $user->equals( $users->current() ) );
531 }
532
533 /**
534 * @covers \MediaWiki\User\User::getBlock
535 */
536 public function testSoftBlockRanges() {
537 $this->overrideConfigValue( MainConfigNames::SoftBlockRanges, [ '10.0.0.0/8' ] );
538
539 // IP isn't in $wgSoftBlockRanges
540 $user = new User();
541 $request = new FauxRequest();
542 $request->setIP( '192.168.0.1' );
543 $this->setSessionUser( $user, $request );
544 $this->assertNull( $user->getBlock() );
545
546 // IP is in $wgSoftBlockRanges
547 $user = new User();
548 $request = new FauxRequest();
549 $request->setIP( '10.20.30.40' );
550 $this->setSessionUser( $user, $request );
551 $block = $user->getBlock();
552 $this->assertInstanceOf( SystemBlock::class, $block );
553 $this->assertSame( 'wgSoftBlockRanges', $block->getSystemBlockType() );
554
555 // IP is in $wgSoftBlockRanges and user is temporary
556 $this->enableAutoCreateTempUser();
557 $user = ( new TestUser( '~1' ) )->getUser();
558 $request = new FauxRequest();
559 $request->setIP( '10.20.30.40' );
560 $this->setSessionUser( $user, $request );
561 $block = $user->getBlock();
562 $this->assertTrue( $user->isTemp() );
563 $this->assertInstanceOf( SystemBlock::class, $block );
564 $this->assertSame( 'wgSoftBlockRanges', $block->getSystemBlockType() );
565
566 // Make sure the block is really soft
567 $request = new FauxRequest();
568 $request->setIP( '10.20.30.40' );
569 $this->setSessionUser( $this->user, $request );
570 $this->assertFalse( $this->user->isAnon() );
571 $this->assertNull( $this->user->getBlock() );
572 }
573
574 public static function provideIsPingLimitable() {
575 yield 'Not ip excluded' => [ [], null, true ];
576 yield 'Ip excluded' => [ [ '1.2.3.4' ], null, false ];
577 yield 'Ip subnet excluded' => [ [ '1.2.3.0/8' ], null, false ];
578 yield 'noratelimit right' => [ [], 'noratelimit', false ];
579 }
580
581 /**
582 * @dataProvider provideIsPingLimitable
583 * @covers \MediaWiki\User\User::isPingLimitable
584 * @param array $rateLimitExcludeIps
585 * @param string|null $rightOverride
586 * @param bool $expected
587 */
588 public function testIsPingLimitable(
589 array $rateLimitExcludeIps,
590 ?string $rightOverride,
591 bool $expected
592 ) {
593 $request = new FauxRequest();
594 $request->setIP( '1.2.3.4' );
595 $user = User::newFromSession( $request );
596 // We are trying to test for current user behaviour
597 // since we are interested in request IP
598 RequestContext::getMain()->setUser( $user );
599
600 $this->overrideConfigValue( MainConfigNames::RateLimitsExcludedIPs, $rateLimitExcludeIps );
601 if ( $rightOverride ) {
602 $this->overrideUserPermissions( $user, $rightOverride );
603 }
604 $this->assertSame( $expected, $user->isPingLimitable() );
605 }
606
607 public static function provideExperienceLevel() {
608 return [
609 [ 2, 2, 'newcomer' ],
610 [ 12, 3, 'newcomer' ],
611 [ 8, 5, 'newcomer' ],
612 [ 15, 10, 'learner' ],
613 [ 450, 20, 'learner' ],
614 [ 460, 33, 'learner' ],
615 [ 525, 28, 'learner' ],
616 [ 538, 33, 'experienced' ],
617 [ 9, null, 'newcomer' ],
618 [ 10, null, 'learner' ],
619 [ 501, null, 'experienced' ],
620 ];
621 }
622
623 /**
624 * @covers \MediaWiki\User\User::getExperienceLevel
625 * @dataProvider provideExperienceLevel
626 */
627 public function testExperienceLevel( $editCount, $memberSince, $expLevel ) {
628 $this->overrideConfigValues( [
629 MainConfigNames::LearnerEdits => 10,
630 MainConfigNames::LearnerMemberSince => 4,
631 MainConfigNames::ExperiencedUserEdits => 500,
632 MainConfigNames::ExperiencedUserMemberSince => 30,
633 ] );
634
635 $db = $this->getDb();
636 $row = User::newQueryBuilder( $db )
637 ->where( [ 'user_id' => $this->user->getId() ] )
638 ->caller( __METHOD__ )
639 ->fetchRow();
640 $row->user_editcount = $editCount;
641 if ( $memberSince !== null ) {
642 $row->user_registration = $db->timestamp( time() - $memberSince * 86400 );
643 } else {
644 $row->user_registration = null;
645 }
646 $user = User::newFromRow( $row );
647
648 $this->assertSame( $expLevel, $user->getExperienceLevel() );
649 }
650
651 /**
652 * @covers \MediaWiki\User\User::getExperienceLevel
653 */
654 public function testExperienceLevelAnon() {
655 $user = User::newFromName( '10.11.12.13', false );
656
657 $this->assertFalse( $user->getExperienceLevel() );
658 }
659
660 public static function provideIsLocallyBlockedProxy() {
661 return [
662 [ '1.2.3.4', '1.2.3.4' ],
663 [ '1.2.3.4', '1.2.3.0/16' ],
664 ];
665 }
666
667 /**
668 * @covers \MediaWiki\User\User::newFromId
669 */
670 public function testNewFromId() {
671 $userId = $this->user->getId();
672 $this->assertGreaterThan(
673 0,
674 $userId,
675 'user has a working id'
676 );
677
678 $otherUser = User::newFromId( $userId );
679 $this->assertTrue(
680 $this->user->equals( $otherUser ),
681 'User created by id should match user with that id'
682 );
683 }
684
685 /**
686 * @covers \MediaWiki\User\User::newFromActorId
687 */
688 public function testActorId() {
689 $this->filterDeprecated( '/Passing a parameter to getActorId\(\) is deprecated/', '1.36' );
690
691 // Newly-created user has an actor ID
692 $user = User::createNew( 'UserTestActorId1' );
693 $id = $user->getId();
694 $this->assertGreaterThan( 0, $user->getActorId(), 'User::createNew sets an actor ID' );
695
696 $user = User::newFromName( 'UserTestActorId2' );
697 $user->addToDatabase();
698 $this->assertGreaterThan( 0, $user->getActorId(), 'User::addToDatabase sets an actor ID' );
699
700 $user = User::newFromName( 'UserTestActorId1' );
701 $this->assertGreaterThan( 0, $user->getActorId(),
702 'Actor ID can be retrieved for user loaded by name' );
703
704 $user = User::newFromId( $id );
705 $this->assertGreaterThan( 0, $user->getActorId(),
706 'Actor ID can be retrieved for user loaded by ID' );
707
708 $user2 = User::newFromActorId( $user->getActorId() );
709 $this->assertSame( $user->getId(), $user2->getId(),
710 'User::newFromActorId works for an existing user' );
711
712 $row = User::newQueryBuilder( $this->getDb() )
713 ->where( [ 'user_id' => $id ] )
714 ->caller( __METHOD__ )
715 ->fetchRow();
716 $user = User::newFromRow( $row );
717 $this->assertGreaterThan( 0, $user->getActorId(),
718 'Actor ID can be retrieved for user loaded with User::selectFields()' );
719
720 $user = User::newFromId( $id );
721 $user->setName( 'UserTestActorId4-renamed' );
722 $user->saveSettings();
723 $this->assertSame(
724 $user->getName(),
725 $this->getDb()->newSelectQueryBuilder()
726 ->select( 'actor_name' )
727 ->from( 'actor' )
728 ->where( [ 'actor_id' => $user->getActorId() ] )
729 ->caller( __METHOD__ )->fetchField(),
730 'User::saveSettings updates actor table for name change'
731 );
732
733 $ip = '192.168.12.34';
734 $this->getDb()->newDeleteQueryBuilder()
735 ->deleteFrom( 'actor' )
736 ->where( [ 'actor_name' => $ip ] )
737 ->caller( __METHOD__ )
738 ->execute();
739
740 // Next tests require disabling temp user feature.
741 $this->disableAutoCreateTempUser();
742 $user = User::newFromName( $ip, false );
743 $this->assertSame( 0, $user->getActorId(), 'Anonymous user has no actor ID by default' );
744 $this->filterDeprecated( '/Passing parameter of type IDatabase/' );
745 $this->assertGreaterThan( 0, $user->getActorId( $this->getDb() ),
746 'Actor ID can be created for an anonymous user' );
747
748 $user = User::newFromName( $ip, false );
749 $this->assertGreaterThan( 0, $user->getActorId(),
750 'Actor ID can be loaded for an anonymous user' );
751 $user2 = User::newFromActorId( $user->getActorId() );
752 $this->assertSame( $user->getName(), $user2->getName(),
753 'User::newFromActorId works for an anonymous user' );
754 }
755
756 /**
757 * @covers \MediaWiki\User\User::getActorId
758 */
759 public function testForeignGetActorId() {
760 $this->filterDeprecated( '/Passing a parameter to getActorId\(\) is deprecated/', '1.36' );
761
762 $user = User::newFromName( 'UserTestActorId1' );
763 $this->expectException( PreconditionException::class );
764 $user->getActorId( 'Foreign Wiki' );
765 }
766
767 /**
768 * @covers \MediaWiki\User\User::getWikiId
769 */
770 public function testGetWiki() {
771 $user = User::newFromName( 'UserTestActorId1' );
772 $this->assertSame( User::LOCAL, $user->getWikiId() );
773 }
774
775 /**
776 * @covers \MediaWiki\User\User::assertWiki
777 */
778 public function testAssertWiki() {
779 $user = User::newFromName( 'UserTestActorId1' );
780
781 $user->assertWiki( User::LOCAL );
782 $this->assertTrue( true, 'User is for local wiki' );
783
784 $this->expectException( PreconditionException::class );
785 $user->assertWiki( 'Foreign Wiki' );
786 }
787
788 /**
789 * @covers \MediaWiki\User\User::newFromAnyId
790 */
791 public function testNewFromAnyId() {
792 $this->disableAutoCreateTempUser();
793 // Registered user
794 $user = $this->user;
795 for ( $i = 1; $i <= 7; $i++ ) {
796 $test = User::newFromAnyId(
797 ( $i & 1 ) ? $user->getId() : null,
798 ( $i & 2 ) ? $user->getName() : null,
799 ( $i & 4 ) ? $user->getActorId() : null
800 );
801 $this->assertSame( $user->getId(), $test->getId() );
802 $this->assertSame( $user->getName(), $test->getName() );
803 $this->assertSame( $user->getActorId(), $test->getActorId() );
804 }
805
806 // Anon user. Can't load by only user ID when that's 0.
807 $user = User::newFromName( '192.168.12.34', false );
808 // Make sure an actor ID exists
809 $this->getServiceContainer()->getActorNormalization()->acquireActorId( $user, $this->getDb() );
810
811 $test = User::newFromAnyId( null, '192.168.12.34', null );
812 $this->assertSame( $user->getId(), $test->getId() );
813 $this->assertSame( $user->getName(), $test->getName() );
814 $this->assertSame( $user->getActorId(), $test->getActorId() );
815 $test = User::newFromAnyId( null, null, $user->getActorId() );
816 $this->assertSame( $user->getId(), $test->getId() );
817 $this->assertSame( $user->getName(), $test->getName() );
818 $this->assertSame( $user->getActorId(), $test->getActorId() );
819
820 // Bogus data should still "work" as long as nothing triggers a ->load(),
821 // and accessing the specified data shouldn't do that.
822 $test = User::newFromAnyId( 123456, 'Bogus', 654321 );
823 $this->assertSame( 123456, $test->getId() );
824 $this->assertSame( 'Bogus', $test->getName() );
825 $this->assertSame( 654321, $test->getActorId() );
826
827 // Loading remote user by name from remote wiki should succeed
828 $test = User::newFromAnyId( null, 'Bogus', null, 'foo' );
829 $this->assertSame( 0, $test->getId() );
830 $this->assertSame( 'Bogus', $test->getName() );
831 $this->assertSame( 0, $test->getActorId() );
832 $test = User::newFromAnyId( 123456, 'Bogus', 654321, 'foo' );
833 $this->assertSame( 0, $test->getId() );
834 $this->assertSame( 0, $test->getActorId() );
835
836 // Exceptional cases
837 try {
838 User::newFromAnyId( null, null, null );
839 $this->fail( 'Expected exception not thrown' );
840 } catch ( InvalidArgumentException $ex ) {
841 }
842 try {
843 User::newFromAnyId( 0, null, 0 );
844 $this->fail( 'Expected exception not thrown' );
845 } catch ( InvalidArgumentException $ex ) {
846 }
847
848 // Loading remote user by id from remote wiki should fail
849 try {
850 User::newFromAnyId( 123456, null, 654321, 'foo' );
851 $this->fail( 'Expected exception not thrown' );
852 } catch ( InvalidArgumentException $ex ) {
853 }
854 }
855
856 /**
857 * @covers \MediaWiki\User\User::newFromIdentity
858 */
859 public function testNewFromIdentity() {
860 // Registered user
861 $user = $this->user;
862
863 $this->assertSame( $user, User::newFromIdentity( $user ) );
864
865 // ID only
866 $identity = new UserIdentityValue( $user->getId(), '' );
867 $result = User::newFromIdentity( $identity );
868 $this->assertInstanceOf( User::class, $result );
869 $this->assertSame( $user->getId(), $result->getId(), 'ID' );
870 $this->assertSame( $user->getName(), $result->getName(), 'Name' );
871 $this->assertSame( $user->getActorId(), $result->getActorId(), 'Actor' );
872
873 // Name only
874 $identity = new UserIdentityValue( 0, $user->getName() );
875 $result = User::newFromIdentity( $identity );
876 $this->assertInstanceOf( User::class, $result );
877 $this->assertSame( $user->getId(), $result->getId(), 'ID' );
878 $this->assertSame( $user->getName(), $result->getName(), 'Name' );
879 $this->assertSame( $user->getActorId(), $result->getActorId(), 'Actor' );
880 }
881
882 /**
883 * @covers \MediaWiki\User\User::newFromConfirmationCode
884 */
885 public function testNewFromConfirmationCode() {
886 $user = User::newFromConfirmationCode( 'NotARealConfirmationCode' );
887 $this->assertNull(
888 $user,
889 'Invalid confirmation codes result in null users when reading from replicas'
890 );
891
892 $user = User::newFromConfirmationCode( 'OtherFakeCode', IDBAccessObject::READ_LATEST );
893 $this->assertNull(
894 $user,
895 'Invalid confirmation codes result in null users when reading from master'
896 );
897 }
898
899 /**
900 * @covers \MediaWiki\User\User::newFromName
901 * @covers \MediaWiki\User\User::getName
902 * @covers \MediaWiki\User\User::getUserPage
903 * @covers \MediaWiki\User\User::getTalkPage
904 * @covers \MediaWiki\User\User::getTitleKey
905 * @covers \MediaWiki\User\User::whoIs
906 * @dataProvider provideNewFromName
907 */
908 public function testNewFromName( $name, $titleKey ) {
909 $user = User::newFromName( $name );
910 $this->assertSame( $user->getName(), $name );
911 $this->assertEquals( $user->getUserPage(), Title::makeTitle( NS_USER, $name ) );
912 $this->assertEquals( $user->getTalkPage(), Title::makeTitle( NS_USER_TALK, $name ) );
913 $this->assertSame( $user->getTitleKey(), $titleKey );
914
915 $status = $user->addToDatabase();
916 $this->assertStatusOK( $status, 'User can be added to the database' );
917 $this->assertSame( $name, User::whoIs( $user->getId() ) );
918 }
919
920 public static function provideNewFromName() {
921 return [
922 [ 'Example1', 'Example1' ],
923 [ 'MediaWiki easter egg', 'MediaWiki_easter_egg' ],
924 [ 'See T22281 for more', 'See_T22281_for_more' ],
925 [ 'DannyS712', 'DannyS712' ],
926 ];
927 }
928
929 /**
930 * @covers \MediaWiki\User\User::newFromName
931 */
932 public function testNewFromName_extra() {
933 $user = User::newFromName( '1.2.3.4' );
934 $this->assertFalse( $user, 'IP addresses are not valid user names' );
935
936 $user = User::newFromName( 'DannyS712', true );
937 $otherUser = User::newFromName( 'DannyS712', 'valid' );
938 $this->assertTrue(
939 $user->equals( $otherUser ),
940 'true maps to valid for backwards compatibility'
941 );
942 }
943
944 /**
945 * @covers \MediaWiki\User\User::newFromSession
946 * @covers \MediaWiki\User\User::getRequest
947 */
948 public function testSessionAndRequest() {
949 $req1 = new WebRequest;
950 $this->setRequest( $req1 );
951 $user = User::newFromSession();
952 $request = $user->getRequest();
953
954 $this->assertSame(
955 $req1,
956 $request,
957 'Creating a user without a request defaults to $wgRequest'
958 );
959 $req2 = new WebRequest;
960 $this->assertNotSame(
961 $req1,
962 $req2,
963 'passing a request that does not match $wgRequest'
964 );
965 $user = User::newFromSession( $req2 );
966 $request = $user->getRequest();
967 $this->assertSame(
968 $req2,
969 $request,
970 'Creating a user by passing a WebRequest successfully sets the request, ' .
971 'instead of using $wgRequest'
972 );
973 }
974
975 /**
976 * @covers \MediaWiki\User\User::newFromRow
977 * @covers \MediaWiki\User\User::loadFromRow
978 */
979 public function testNewFromRow() {
980 // TODO: Create real tests here for loadFromRow
981 $row = (object)[];
982 $user = User::newFromRow( $row );
983 $this->assertInstanceOf( User::class, $user, 'newFromRow returns a user object' );
984 }
985
986 /**
987 * @covers \MediaWiki\User\User::newFromRow
988 * @covers \MediaWiki\User\User::loadFromRow
989 */
990 public function testNewFromRow_bad() {
991 $this->expectException( InvalidArgumentException::class );
992 $this->expectExceptionMessage( '$row must be an object' );
993 User::newFromRow( [] );
994 }
995
996 /**
997 * @covers \MediaWiki\User\User::getBlock
998 * @covers \MediaWiki\User\User::isHidden
999 */
1000 public function testBlockInstanceCache() {
1001 $this->hideDeprecated( User::class . '::isBlockedFrom' );
1002 // First, check the user isn't blocked
1003 $user = $this->getMutableTestUser()->getUser();
1004 $ut = Title::makeTitle( NS_USER_TALK, $user->getName() );
1005 $this->assertNull( $user->getBlock( false ) );
1006 $this->assertFalse( $user->isHidden() );
1007
1008 // Block the user
1009 $blocker = $this->getTestSysop()->getUser();
1010 $block = new DatabaseBlock( [
1011 'hideName' => true,
1012 'allowUsertalk' => false,
1013 'reason' => 'Because',
1014 ] );
1015 $block->setTarget( $user );
1016 $block->setBlocker( $blocker );
1017 $blockStore = $this->getServiceContainer()->getDatabaseBlockStore();
1018 $res = $blockStore->insertBlock( $block );
1019 $this->assertTrue( (bool)$res['id'], 'Failed to insert block' );
1020
1021 // Clear cache and confirm it loaded the block properly
1022 $user->clearInstanceCache();
1023 $this->assertInstanceOf( DatabaseBlock::class, $user->getBlock( false ) );
1024 $this->assertTrue( $user->isHidden() );
1025
1026 // Unblock
1027 $blockStore->deleteBlock( $block );
1028
1029 // Clear cache and confirm it loaded the not-blocked properly
1030 $user->clearInstanceCache();
1031 $this->assertNull( $user->getBlock( false ) );
1032 $this->assertFalse( $user->isHidden() );
1033 }
1034
1035 /**
1036 * @covers \MediaWiki\User\User::getBlock
1037 */
1038 public function testCompositeBlocks() {
1039 $user = $this->getMutableTestUser()->getUser();
1040 $request = $user->getRequest();
1041 $this->setSessionUser( $user, $request );
1042
1043 $blockStore = $this->getServiceContainer()->getDatabaseBlockStore();
1044 $ipBlock = new DatabaseBlock( [
1045 'address' => $user->getRequest()->getIP(),
1046 'by' => $this->getTestSysop()->getUser(),
1047 'createAccount' => true,
1048 ] );
1049 $blockStore->insertBlock( $ipBlock );
1050
1051 $userBlock = new DatabaseBlock( [
1052 'address' => $user,
1053 'by' => $this->getTestSysop()->getUser(),
1054 'createAccount' => false,
1055 ] );
1056 $blockStore->insertBlock( $userBlock );
1057
1058 $block = $user->getBlock();
1059 $this->assertInstanceOf( CompositeBlock::class, $block );
1060 $this->assertTrue( $block->isCreateAccountBlocked() );
1061 $this->assertTrue( $block->appliesToPasswordReset() );
1062 $this->assertTrue( $block->appliesToNamespace( NS_MAIN ) );
1063 }
1064
1065 /**
1066 * @covers \MediaWiki\User\User::getBlock
1067 */
1068 public function testUserBlock() {
1069 $user = $this->getMutableTestUser()->getUser();
1070 $request = $user->getRequest();
1071 $this->setSessionUser( $user, $request );
1072
1073 $blockStore = $this->getServiceContainer()->getDatabaseBlockStore();
1074 $ipBlock = new DatabaseBlock( [
1075 'address' => $user,
1076 'by' => $this->getTestSysop()->getUser(),
1077 'createAccount' => true,
1078 ] );
1079 $blockStore->insertBlock( $ipBlock );
1080
1081 $block = $user->getBlock();
1082 $this->assertNotNull( $block, 'getuserBlock' );
1083 $this->assertNotNull( $block->getTargetUserIdentity(), 'getTargetUserIdentity()' );
1084 $this->assertSame( $user->getName(), $block->getTargetUserIdentity()->getName() );
1085 }
1086
1087 public static function provideIsBlockedFrom() {
1088 return [
1089 'Sitewide block, basic operation' => [ 'Test page', true ],
1090 'Sitewide block, not allowing user talk' => [
1091 self::USER_TALK_PAGE, true, [
1092 'allowUsertalk' => false,
1093 ]
1094 ],
1095 'Sitewide block, allowing user talk' => [
1096 self::USER_TALK_PAGE, false, [
1097 'allowUsertalk' => true,
1098 ]
1099 ],
1100 'Sitewide block, allowing user talk but $wgBlockAllowsUTEdit is false' => [
1101 self::USER_TALK_PAGE, true, [
1102 'allowUsertalk' => true,
1103 'blockAllowsUTEdit' => false,
1104 ]
1105 ],
1106 'Partial block, blocking the page' => [
1107 'Test page', true, [
1108 'pageRestrictions' => [ 'Test page' ],
1109 ]
1110 ],
1111 'Partial block, not blocking the page' => [
1112 'Test page 2', false, [
1113 'pageRestrictions' => [ 'Test page' ],
1114 ]
1115 ],
1116 'Partial block, not allowing user talk but user talk page is not blocked' => [
1117 self::USER_TALK_PAGE, false, [
1118 'allowUsertalk' => false,
1119 'pageRestrictions' => [ 'Test page' ],
1120 ]
1121 ],
1122 'Partial block, allowing user talk but user talk page is blocked' => [
1123 self::USER_TALK_PAGE, true, [
1124 'allowUsertalk' => true,
1125 'pageRestrictions' => [ self::USER_TALK_PAGE ],
1126 ]
1127 ],
1128 'Partial block, user talk page is not blocked but $wgBlockAllowsUTEdit is false' => [
1129 self::USER_TALK_PAGE, false, [
1130 'allowUsertalk' => false,
1131 'pageRestrictions' => [ 'Test page' ],
1132 'blockAllowsUTEdit' => false,
1133 ]
1134 ],
1135 'Partial block, user talk page is blocked and $wgBlockAllowsUTEdit is false' => [
1136 self::USER_TALK_PAGE, true, [
1137 'allowUsertalk' => true,
1138 'pageRestrictions' => [ self::USER_TALK_PAGE ],
1139 'blockAllowsUTEdit' => false,
1140 ]
1141 ],
1142 'Partial user talk namespace block, not allowing user talk' => [
1143 self::USER_TALK_PAGE, true, [
1144 'allowUsertalk' => false,
1145 'namespaceRestrictions' => [ NS_USER_TALK ],
1146 ]
1147 ],
1148 'Partial user talk namespace block, allowing user talk' => [
1149 self::USER_TALK_PAGE, false, [
1150 'allowUsertalk' => true,
1151 'namespaceRestrictions' => [ NS_USER_TALK ],
1152 ]
1153 ],
1154 'Partial user talk namespace block, where $wgBlockAllowsUTEdit is false' => [
1155 self::USER_TALK_PAGE, true, [
1156 'allowUsertalk' => true,
1157 'namespaceRestrictions' => [ NS_USER_TALK ],
1158 'blockAllowsUTEdit' => false,
1159 ]
1160 ],
1161 ];
1162 }
1163
1164 /**
1165 * @covers \MediaWiki\User\User::isBlockedFromEmailuser
1166 * @covers \MediaWiki\User\User::isAllowedToCreateAccount
1167 * @dataProvider provideIsBlockedFromAction
1168 * @param bool $blockFromEmail Whether to block email access.
1169 * @param bool $blockFromAccountCreation Whether to block account creation.
1170 */
1171 public function testIsBlockedFromAction( $blockFromEmail, $blockFromAccountCreation ) {
1172 $this->hideDeprecated( User::class . '::isBlockedFromEmailuser' );
1173 $user = $this->getMutableTestUser( 'accountcreator' )->getUser();
1174
1175 $block = new DatabaseBlock( [
1176 'expiry' => wfTimestamp( TS_MW, wfTimestamp() + ( 40 * 60 * 60 ) ),
1177 'sitewide' => true,
1178 'blockEmail' => $blockFromEmail,
1179 'createAccount' => $blockFromAccountCreation
1180 ] );
1181 $block->setTarget( $user );
1182 $block->setBlocker( $this->getTestSysop()->getUser() );
1183 $blockStore = $this->getServiceContainer()->getDatabaseBlockStore();
1184 $blockStore->insertBlock( $block );
1185
1186 $this->assertSame( $blockFromEmail, $user->isBlockedFromEmailuser() );
1187 $this->assertSame( !$blockFromAccountCreation, $user->isAllowedToCreateAccount() );
1188 }
1189
1190 public static function provideIsBlockedFromAction() {
1191 return [
1192 'Block email access and account creation' => [ true, true ],
1193 'Block only email access' => [ true, false ],
1194 'Block only account creation' => [ false, true ],
1195 'Allow email access and account creation' => [ false, false ],
1196 ];
1197 }
1198
1199 /**
1200 * @covers \MediaWiki\User\User::isBlockedFromUpload
1201 * @dataProvider provideIsBlockedFromUpload
1202 * @param bool $sitewide Whether to block sitewide.
1203 * @param bool $expected Whether the user is expected to be blocked from uploads.
1204 */
1205 public function testIsBlockedFromUpload( $sitewide, $expected ) {
1206 $user = $this->getMutableTestUser()->getUser();
1207
1208 $block = new DatabaseBlock( [
1209 'expiry' => wfTimestamp( TS_MW, wfTimestamp() + ( 40 * 60 * 60 ) ),
1210 'sitewide' => $sitewide,
1211 ] );
1212 $block->setTarget( $user );
1213 $block->setBlocker( $this->getTestSysop()->getUser() );
1214 $blockStore = $this->getServiceContainer()->getDatabaseBlockStore();
1215 $blockStore->insertBlock( $block );
1216
1217 $this->assertSame( $expected, $user->isBlockedFromUpload() );
1218 }
1219
1220 public static function provideIsBlockedFromUpload() {
1221 return [
1222 'sitewide blocks block uploads' => [ true, true ],
1223 'partial blocks allow uploads' => [ false, false ],
1224 ];
1225 }
1226
1227 /**
1228 * @covers \MediaWiki\User\User::isSystemUser
1229 */
1230 public function testIsSystemUser() {
1231 $this->assertFalse( $this->user->isSystemUser(), 'Normal users are not system users' );
1232
1233 $user = User::newSystemUser( __METHOD__ );
1234 $this->assertTrue( $user->isSystemUser(), 'Users created with newSystemUser() are system users' );
1235 }
1236
1237 /**
1238 * @covers \MediaWiki\User\User::newSystemUser
1239 * @dataProvider provideNewSystemUser
1240 * @param string $exists How/whether to create the user before calling User::newSystemUser
1241 * - 'missing': Do not create the user
1242 * - 'actor': Create an anonymous actor
1243 * - 'user': Create a non-system user
1244 * - 'system': Create a system user
1245 * @param string $options Options to User::newSystemUser
1246 * @param array $testOpts Test options
1247 * @param string $expect 'user', 'exception', or 'null'
1248 */
1249 public function testNewSystemUser( $exists, $options, $testOpts, $expect ) {
1250 $this->filterDeprecated( '/User::newSystemUser options/' );
1251 $origUser = null;
1252 $actorId = null;
1253
1254 switch ( $exists ) {
1255 case 'missing':
1256 $name = 'TestNewSystemUser ' . TestUserRegistry::getNextId();
1257 break;
1258
1259 case 'actor':
1260 $name = 'TestNewSystemUser ' . TestUserRegistry::getNextId();
1261 $this->getDb()->newInsertQueryBuilder()
1262 ->insertInto( 'actor' )
1263 ->row( [ 'actor_name' => $name ] )
1264 ->caller( __METHOD__ )
1265 ->execute();
1266 $actorId = (int)$this->getDb()->insertId();
1267 break;
1268
1269 case 'user':
1270 $origUser = $this->getMutableTestUser()->getUser();
1271 $name = $origUser->getName();
1272 $actorId = $origUser->getActorId();
1273 break;
1274
1275 case 'system':
1276 $name = 'TestNewSystemUser ' . TestUserRegistry::getNextId();
1277 $user = User::newSystemUser( $name ); // Heh.
1278 $actorId = $user->getActorId();
1279 // Use this hook as a proxy for detecting when a "steal" happens.
1280 $this->setTemporaryHook( 'InvalidateEmailComplete', function () {
1281 $this->fail( 'InvalidateEmailComplete hook should not have been called' );
1282 } );
1283 break;
1284 }
1285
1286 $globals = $testOpts['globals'] ?? [];
1287 if ( !empty( $testOpts['reserved'] ) ) {
1288 $globals[MainConfigNames::ReservedUsernames] = [ $name ];
1289 }
1290 $this->overrideConfigValues( $globals );
1291 $userNameUtils = $this->getServiceContainer()->getUserNameUtils();
1292 $this->assertSame( empty( $testOpts['reserved'] ), $userNameUtils->isUsable( $name ) );
1293 $this->assertTrue( $userNameUtils->isValid( $name ) );
1294
1295 if ( $expect === 'exception' ) {
1296 // T248195: Duplicate entry errors will log the exception, don't fail because of that.
1297 $this->setNullLogger( 'rdbms' );
1298 $this->expectException( Exception::class );
1299 }
1300 $user = User::newSystemUser( $name, $options );
1301 if ( $expect === 'null' ) {
1302 $this->assertNull( $user );
1303 if ( $origUser ) {
1304 $this->assertNotSame(
1305 User::INVALID_TOKEN, TestingAccessWrapper::newFromObject( $origUser )->mToken
1306 );
1307 $this->assertNotSame( '', $origUser->getEmail() );
1308 $this->assertFalse( $origUser->isSystemUser(), 'Normal users should not be system users' );
1309 }
1310 } else {
1311 $this->assertInstanceOf( User::class, $user );
1312 $this->assertSame( $name, $user->getName() );
1313 if ( $actorId !== null ) {
1314 $this->assertSame( $actorId, $user->getActorId() );
1315 }
1316 $this->assertSame( User::INVALID_TOKEN, TestingAccessWrapper::newFromObject( $user )->mToken );
1317 $this->assertSame( '', $user->getEmail() );
1318 $this->assertTrue( $user->isSystemUser(), 'Newly created system users should be system users' );
1319 }
1320 }
1321
1322 public static function provideNewSystemUser() {
1323 return [
1324 'Basic creation' => [ 'missing', [], [], 'user' ],
1325 'No creation' => [ 'missing', [ 'create' => false ], [], 'null' ],
1326 'Validation fail' => [
1327 'missing',
1328 [ 'validate' => 'usable' ],
1329 [ 'reserved' => true ],
1330 'null'
1331 ],
1332 'No stealing' => [ 'user', [], [], 'null' ],
1333 'Stealing allowed' => [ 'user', [ 'steal' => true ], [], 'user' ],
1334 'Stealing an already-system user' => [ 'system', [ 'steal' => true ], [], 'user' ],
1335 'Anonymous actor (T236444)' => [ 'actor', [], [ 'reserved' => true ], 'user' ],
1336 'System user (T236444), reserved' => [ 'system', [], [ 'reserved' => true ], 'user' ],
1337 'Reserved but no anonymous actor' => [ 'missing', [], [ 'reserved' => true ], 'user' ],
1338 'Anonymous actor but no creation' => [ 'actor', [ 'create' => false ], [], 'null' ],
1339 'Anonymous actor but not reserved' => [ 'actor', [], [], 'exception' ],
1340 ];
1341 }
1342
1343 /**
1344 * @covers \MediaWiki\User\User::getName
1345 * @covers \MediaWiki\User\User::setName
1346 */
1347 public function testUserName() {
1348 $user = User::newFromName( 'DannyS712' );
1349 $this->assertSame(
1350 'DannyS712',
1351 $user->getName(),
1352 'Santiy check: Users created using ::newFromName should return the name used'
1353 );
1354
1355 $user->setName( 'FooBarBaz' );
1356 $this->assertSame(
1357 'FooBarBaz',
1358 $user->getName(),
1359 'Changing a username via ::setName should be reflected in ::getName'
1360 );
1361 }
1362
1363 /**
1364 * @covers \MediaWiki\User\User::getEmail
1365 * @covers \MediaWiki\User\User::setEmail
1366 * @covers \MediaWiki\User\User::invalidateEmail
1367 */
1368 public function testUserEmail() {
1369 $user = $this->user;
1370
1371 $user->setEmail( 'TestEmail@mediawiki.org' );
1372 $this->assertSame(
1373 'TestEmail@mediawiki.org',
1374 $user->getEmail(),
1375 'Setting an email via ::setEmail should be reflected in ::getEmail'
1376 );
1377
1378 $this->setTemporaryHook( 'UserSetEmail', function ( $user, &$email ) {
1379 $this->fail(
1380 'UserSetEmail hook should not be called when the new email ' .
1381 'is the same as the old email.'
1382 );
1383 } );
1384 $user->setEmail( 'TestEmail@mediawiki.org' );
1385
1386 $this->removeTemporaryHook( 'UserSetEmail' );
1387
1388 $this->setTemporaryHook( 'UserSetEmail', static function ( $user, &$email ) {
1389 $email = 'SettingIntercepted@mediawiki.org';
1390 } );
1391 $user->setEmail( 'NewEmail@mediawiki.org' );
1392 $this->assertSame(
1393 'SettingIntercepted@mediawiki.org',
1394 $user->getEmail(),
1395 'Hooks can override setting email addresses'
1396 );
1397
1398 $this->setTemporaryHook( 'UserGetEmail', static function ( $user, &$email ) {
1399 $email = 'GettingIntercepted@mediawiki.org';
1400 } );
1401 $this->assertSame(
1402 'GettingIntercepted@mediawiki.org',
1403 $user->getEmail(),
1404 'Hooks can override getting email address'
1405 );
1406
1407 $this->removeTemporaryHook( 'UserGetEmail' );
1408 $this->removeTemporaryHook( 'UserSetEmail' );
1409
1410 $user->invalidateEmail();
1411 $this->assertSame(
1412 '',
1413 $user->getEmail(),
1414 'After invalidation, a user email should be an empty string'
1415 );
1416 }
1417
1418 /**
1419 * @covers \MediaWiki\User\User::setEmailWithConfirmation
1420 */
1421 public function testSetEmailWithConfirmation_basic() {
1422 $user = $this->getTestUser()->getUser();
1423 $startingEmail = 'startingemail@mediawiki.org';
1424 $user->setEmail( $startingEmail );
1425
1426 $this->overrideConfigValues( [
1427 MainConfigNames::EnableEmail => false,
1428 MainConfigNames::EmailAuthentication => false
1429 ] );
1430 $status = $user->setEmailWithConfirmation( 'test1@mediawiki.org' );
1431 $this->assertStatusError( 'emaildisabled', $status,
1432 'Cannot set email when email is disabled'
1433 );
1434 $this->assertSame(
1435 $user->getEmail(),
1436 $startingEmail,
1437 'Email has not changed'
1438 );
1439
1440 $this->overrideConfigValue( MainConfigNames::EnableEmail, true );
1441 $status = $user->setEmailWithConfirmation( $startingEmail );
1442 $this->assertTrue(
1443 $status->getValue(),
1444 'Returns true if the email specified is the current email'
1445 );
1446 $this->assertSame(
1447 $user->getEmail(),
1448 $startingEmail,
1449 'Email has not changed'
1450 );
1451 }
1452
1453 /**
1454 * @covers \MediaWiki\User\User::isItemLoaded
1455 * @covers \MediaWiki\User\User::setItemLoaded
1456 */
1457 public function testItemLoaded() {
1458 $user = User::newFromName( 'DannyS712' );
1459 $this->assertTrue(
1460 $user->isItemLoaded( 'name', 'only' ),
1461 'Users created by name have user names loaded'
1462 );
1463 $this->assertFalse(
1464 $user->isItemLoaded( 'all', 'all' ),
1465 'Not everything is loaded yet'
1466 );
1467 $user->load();
1468 $this->assertTrue(
1469 $user->isItemLoaded( 'FooBar', 'all' ),
1470 'All items now loaded'
1471 );
1472 }
1473
1474 /**
1475 * @covers \MediaWiki\User\User::requiresHTTPS
1476 * @dataProvider provideRequiresHTTPS
1477 */
1478 public function testRequiresHTTPS( $preference, bool $expected ) {
1479 $this->overrideConfigValues( [
1480 MainConfigNames::SecureLogin => true,
1481 MainConfigNames::ForceHTTPS => false,
1482 ] );
1483
1484 $user = User::newFromName( 'UserWhoMayRequireHTTPS' );
1485 $user->addToDatabase();
1486 $this->getServiceContainer()->getUserOptionsManager()->setOption(
1487 $user,
1488 'prefershttps',
1489 $preference
1490 );
1491 $user->saveSettings();
1492
1493 $this->assertTrue( $user->isRegistered() );
1494 $this->assertSame( $expected, $user->requiresHTTPS() );
1495 }
1496
1497 public static function provideRequiresHTTPS() {
1498 return [
1499 'Wants, requires' => [ true, true ],
1500 'Does not want, not required' => [ false, false ],
1501 ];
1502 }
1503
1504 /**
1505 * @covers \MediaWiki\User\User::requiresHTTPS
1506 */
1507 public function testRequiresHTTPS_disabled() {
1508 $this->overrideConfigValues( [
1509 MainConfigNames::SecureLogin => false,
1510 MainConfigNames::ForceHTTPS => false,
1511 ] );
1512
1513 $user = User::newFromName( 'UserWhoMayRequireHTTP' );
1514 $user->addToDatabase();
1515 $this->getServiceContainer()->getUserOptionsManager()->setOption(
1516 $user,
1517 'prefershttps',
1518 true
1519 );
1520 $user->saveSettings();
1521
1522 $this->assertTrue( $user->isRegistered() );
1523 $this->assertFalse(
1524 $user->requiresHTTPS(),
1525 'User preference ignored if wgSecureLogin is false'
1526 );
1527 }
1528
1529 /**
1530 * @covers \MediaWiki\User\User::requiresHTTPS
1531 */
1532 public function testRequiresHTTPS_forced() {
1533 $this->overrideConfigValues( [
1534 MainConfigNames::SecureLogin => true,
1535 MainConfigNames::ForceHTTPS => true,
1536 ] );
1537
1538 $user = User::newFromName( 'UserWhoMayRequireHTTP' );
1539 $user->addToDatabase();
1540 $this->getServiceContainer()->getUserOptionsManager()->setOption(
1541 $user,
1542 'prefershttps',
1543 false
1544 );
1545 $user->saveSettings();
1546
1547 $this->assertTrue( $user->isRegistered() );
1548 $this->assertTrue(
1549 $user->requiresHTTPS(),
1550 'User preference ignored if wgForceHTTPS is true'
1551 );
1552 }
1553
1554 /**
1555 * @covers \MediaWiki\User\User::addToDatabase
1556 */
1557 public function testAddToDatabase_bad() {
1558 $user = new User();
1559 $this->expectException( RuntimeException::class );
1560 $this->expectExceptionMessage(
1561 'User name field is not set.'
1562 );
1563 $user->addToDatabase();
1564 }
1565
1566 /**
1567 * @covers \MediaWiki\User\User::pingLimiter
1568 */
1569 public function testPingLimiter() {
1570 $user = $this->getTestUser()->getUser();
1571
1572 $limiter = $this->createNoOpMock( RateLimiter::class, [ 'limit', 'isLimitable' ] );
1573 $limiter->method( 'isLimitable' )->willReturn( true );
1574 $limiter->method( 'limit' )->willReturnCallback(
1575 function ( RateLimitSubject $subject, $action ) use ( $user ) {
1576 $this->assertSame( $user, $subject->getUser() );
1577 return $action === 'limited';
1578 }
1579 );
1580
1581 $this->setService( 'RateLimiter', $limiter );
1582
1583 $this->assertTrue( $user->pingLimiter( 'limited' ) );
1584 $this->assertFalse( $user->pingLimiter( 'unlimited' ) );
1585 }
1586
1587 /**
1588 * @covers \MediaWiki\User\User::loadFromDatabase
1589 * @covers \MediaWiki\User\User::loadDefaults
1590 */
1591 public function testBadUserID() {
1592 $user = User::newFromId( 999999999 );
1593 $this->assertSame( 'Unknown user', $user->getName() );
1594 }
1595
1596 /**
1597 * @covers \MediaWiki\User\User::probablyCan
1598 * @covers \MediaWiki\User\User::definitelyCan
1599 * @covers \MediaWiki\User\User::authorizeRead
1600 * @covers \MediaWiki\User\User::authorizeWrite
1601 */
1602 public function testAuthorityMethods() {
1603 $user = $this->getTestUser()->getUser();
1604 $page = Title::makeTitle( NS_MAIN, 'Test' );
1605 $this->assertFalse( $user->probablyCan( 'create', $page ) );
1606 $this->assertFalse( $user->definitelyCan( 'create', $page ) );
1607 $this->assertFalse( $user->authorizeRead( 'create', $page ) );
1608 $this->assertFalse( $user->authorizeWrite( 'create', $page ) );
1609
1610 $this->overrideUserPermissions( $user, 'createpage' );
1611 $this->assertTrue( $user->probablyCan( 'create', $page ) );
1612 $this->assertTrue( $user->definitelyCan( 'create', $page ) );
1613 $this->assertTrue( $user->authorizeRead( 'create', $page ) );
1614 $this->assertTrue( $user->authorizeWrite( 'create', $page ) );
1615 }
1616
1617 /**
1618 * @covers \MediaWiki\User\User::isAllowed
1619 * @covers \MediaWiki\User\User::__sleep
1620 */
1621 public function testSerializationRoudTripWithAuthority() {
1622 $user = $this->getTestUser()->getUser();
1623 $isAllowed = $user->isAllowed( 'read' ); // Memoize the Authority
1624 $unserializedUser = unserialize( serialize( $user ) );
1625 $this->assertSame( $user->getId(), $unserializedUser->getId() );
1626 $this->assertSame( $isAllowed, $unserializedUser->isAllowed( 'read' ) );
1627 }
1628
1629 public static function provideIsTemp() {
1630 return [
1631 [ '~2024-1', true ],
1632 [ '~1', true ],
1633 [ 'Some user', false ],
1634 ];
1635 }
1636
1637 /**
1638 * @covers \MediaWiki\User\User::isTemp
1639 * @dataProvider provideIsTemp
1640 */
1641 public function testIsTemp( $name, $expected ) {
1642 $this->enableAutoCreateTempUser();
1643 $user = new User;
1644 $user->setName( $name );
1645 $this->assertSame( $expected, $user->isTemp() );
1646 }
1647
1648 /**
1649 * @covers \MediaWiki\User\User::isTemp
1650 */
1651 public function testSetIsTempInLoadDefaults() {
1652 $this->enableAutoCreateTempUser();
1653 $user = new User();
1654 $user->loadDefaults();
1655 $this->assertSame( false, $user->isTemp() );
1656 $user->loadDefaults( '~2024-1' );
1657 $this->assertSame( true, $user->isTemp() );
1658 }
1659
1660 /**
1661 * @covers \MediaWiki\User\User::isNamed
1662 */
1663 public function testIsNamed() {
1664 $this->enableAutoCreateTempUser();
1665
1666 // Temp user is not named
1667 $user = new User;
1668 $user->setName( '~1' );
1669 $this->assertFalse( $user->isNamed() );
1670
1671 // Registered user is named
1672 $user = $this->getMutableTestUser()->getUser();
1673 $this->assertTrue( $user->isNamed() );
1674
1675 // Anon is not named
1676 $user = new User;
1677 $this->assertFalse( $user->isNamed() );
1678 }
1679
1680 public static function provideAddToDatabase_temp() {
1681 return [
1682 [ '~1', '1' ],
1683 [ 'Some user', '0' ]
1684 ];
1685 }
1686
1687 /**
1688 * @covers \MediaWiki\User\User::addToDatabase
1689 * @dataProvider provideAddToDatabase_temp
1690 */
1691 public function testAddToDatabase_temp( $name, $expected ) {
1692 $this->enableAutoCreateTempUser();
1693
1694 $user = User::newFromName( $name );
1695 $user->addToDatabase();
1696 $field = $this->getDb()->newSelectQueryBuilder()
1697 ->select( 'user_is_temp' )
1698 ->from( 'user' )
1699 ->where( [ 'user_name' => $name ] )
1700 ->caller( __METHOD__ )
1701 ->fetchField();
1702
1703 $this->assertSame( $expected, $field );
1704 }
1705
1706 /**
1707 * @covers \MediaWiki\User\User::spreadAnyEditBlock
1708 * @covers \MediaWiki\User\User::spreadBlock
1709 */
1710 public function testSpreadAnyEditBlockForAnonUser() {
1711 $hookCalled = false;
1712 $this->setTemporaryHook( 'SpreadAnyEditBlock', static function () use ( &$hookCalled ){
1713 $hookCalled = true;
1714 } );
1715 $user = new User;
1716 $user->setName( '1.2.3.4' );
1717 $user->spreadAnyEditBlock();
1718 $this->assertFalse( $hookCalled );
1719 }
1720
1721 /**
1722 * @covers \MediaWiki\User\User::spreadAnyEditBlock
1723 * @covers \MediaWiki\User\User::spreadBlock
1724 * @dataProvider provideBlockWasSpreadValues
1725 */
1726 public function testSpreadAnyEditBlockForUnblockedUser( $mockBlockWasSpreadHookValue ) {
1727 // Assert that the SpreadAnyEditBlock hook gets called with the right arguments when
1728 // ::spreadAnyEditBlock is called for a registered user.
1729 $hookCalled = false;
1730 $this->setTemporaryHook(
1731 'SpreadAnyEditBlock',
1732 function ( $user, &$blockWasSpread ) use ( &$hookCalled, $mockBlockWasSpreadHookValue ) {
1733 $hookCalled = true;
1734 $blockWasSpread = $mockBlockWasSpreadHookValue;
1735 $this->assertSame( $this->user, $user );
1736 }
1737 );
1738 $this->assertSame( $mockBlockWasSpreadHookValue, $this->user->spreadAnyEditBlock() );
1739 $this->assertTrue( $hookCalled );
1740 }
1741
1742 public static function provideBlockWasSpreadValues() {
1743 return [
1744 'SpreadAnyEditBlock hook handler sets $blockWasSpread to true' => [ true ],
1745 'No SpreadAnyEditBlock hook handler spread a block' => [ false ],
1746 ];
1747 }
1748
1749 /**
1750 * @covers \MediaWiki\User\User::spreadAnyEditBlock
1751 * @covers \MediaWiki\User\User::spreadBlock
1752 */
1753 public function testSpreadAnyEditBlockForBlockedUser() {
1754 $this->getServiceContainer()->getBlockUserFactory()->newBlockUser(
1755 $this->user, $this->getTestSysop()->getAuthority(), 'indefinite', '', [ 'isAutoblocking' => true ]
1756 )->placeBlockUnsafe();
1757 RequestContext::getMain()->getRequest()->setIP( '1.2.3.4' );
1758 $this->assertTrue( $this->user->spreadAnyEditBlock() );
1759 $this->assertNotNull( $this->getServiceContainer()->getBlockManager()->getIpBlock( '1.2.3.4', true ) );
1760 }
1761 }
MediaWiki Core