search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
Move ResultWrapper subclasses to Rdbms
[mediawiki.git] / tests / phpunit / includes / password / UserPasswordPolicyTest.php
blob5ea7b1d2a9550eb0c492382e2e58eda07ad3c775
1 <?php
2 /**
3 * Testing for password-policy enforcement, based on a user's groups.
4 *
5 * This program is free software; you can redistribute it and/or modify
6 * it under the terms of the GNU General Public License as published by
7 * the Free Software Foundation; either version 2 of the License, or
8 * (at your option) any later version.
9 *
10 * This program is distributed in the hope that it will be useful,
11 * but WITHOUT ANY WARRANTY; without even the implied warranty of
12 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
13 * GNU General Public License for more details.
14 *
15 * You should have received a copy of the GNU General Public License along
16 * with this program; if not, write to the Free Software Foundation, Inc.,
17 * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
18 * http://www.gnu.org/copyleft/gpl.html
19 *
20 * @file
21 */
22
23 class UserPasswordPolicyTest extends MediaWikiTestCase {
24
25 protected $policies = [
26 'checkuser' => [
27 'MinimalPasswordLength' => 10,
28 'MinimumPasswordLengthToLogin' => 6,
29 'PasswordCannotMatchUsername' => true,
30 ],
31 'sysop' => [
32 'MinimalPasswordLength' => 8,
33 'MinimumPasswordLengthToLogin' => 1,
34 'PasswordCannotMatchUsername' => true,
35 ],
36 'default' => [
37 'MinimalPasswordLength' => 4,
38 'MinimumPasswordLengthToLogin' => 1,
39 'PasswordCannotMatchBlacklist' => true,
40 'MaximalPasswordLength' => 4096,
41 ],
42 ];
43
44 protected $checks = [
45 'MinimalPasswordLength' => 'PasswordPolicyChecks::checkMinimalPasswordLength',
46 'MinimumPasswordLengthToLogin' => 'PasswordPolicyChecks::checkMinimumPasswordLengthToLogin',
47 'PasswordCannotMatchUsername' => 'PasswordPolicyChecks::checkPasswordCannotMatchUsername',
48 'PasswordCannotMatchBlacklist' => 'PasswordPolicyChecks::checkPasswordCannotMatchBlacklist',
49 'MaximalPasswordLength' => 'PasswordPolicyChecks::checkMaximalPasswordLength',
50 ];
51
52 private function getUserPasswordPolicy() {
53 return new UserPasswordPolicy( $this->policies, $this->checks );
54 }
55
56 /**
57 * @covers UserPasswordPolicy::getPoliciesForUser
58 */
59 public function testGetPoliciesForUser() {
60
61 $upp = $this->getUserPasswordPolicy();
62
63 $user = User::newFromName( 'TestUserPolicy' );
64 $user->addToDatabase();
65 $user->addGroup( 'sysop' );
66
67 $this->assertArrayEquals(
68 [
69 'MinimalPasswordLength' => 8,
70 'MinimumPasswordLengthToLogin' => 1,
71 'PasswordCannotMatchUsername' => 1,
72 'PasswordCannotMatchBlacklist' => true,
73 'MaximalPasswordLength' => 4096,
74 ],
75 $upp->getPoliciesForUser( $user )
76 );
77 }
78
79 /**
80 * @covers UserPasswordPolicy::getPoliciesForGroups
81 */
82 public function testGetPoliciesForGroups() {
83 $effective = UserPasswordPolicy::getPoliciesForGroups(
84 $this->policies,
85 [ 'user', 'checkuser' ],
86 $this->policies['default']
87 );
88
89 $this->assertArrayEquals(
90 [
91 'MinimalPasswordLength' => 10,
92 'MinimumPasswordLengthToLogin' => 6,
93 'PasswordCannotMatchUsername' => true,
94 'PasswordCannotMatchBlacklist' => true,
95 'MaximalPasswordLength' => 4096,
96 ],
97 $effective
98 );
99 }
100
101 /**
102 * @dataProvider provideCheckUserPassword
103 * @covers UserPasswordPolicy::checkUserPassword
104 */
105 public function testCheckUserPassword( $username, $groups, $password, $valid, $ok, $msg ) {
106
107 $upp = $this->getUserPasswordPolicy();
108
109 $user = User::newFromName( $username );
110 $user->addToDatabase();
111 foreach ( $groups as $group ) {
112 $user->addGroup( $group );
113 }
114
115 $status = $upp->checkUserPassword( $user, $password );
116 $this->assertSame( $valid, $status->isGood(), $msg . ' - password valid' );
117 $this->assertSame( $ok, $status->isOK(), $msg . ' - can login' );
118 }
119
120 public function provideCheckUserPassword() {
121 return [
122 [
123 'PassPolicyUser',
124 [],
125 '',
126 false,
127 false,
128 'No groups, default policy, password too short to login'
129 ],
130 [
131 'PassPolicyUser',
132 [ 'user' ],
133 'aaa',
134 false,
135 true,
136 'Default policy, short password'
137 ],
138 [
139 'PassPolicyUser',
140 [ 'sysop' ],
141 'abcdabcdabcd',
142 true,
143 true,
144 'Sysop with good password'
145 ],
146 [
147 'PassPolicyUser',
148 [ 'sysop' ],
149 'abcd',
150 false,
151 true,
152 'Sysop with short password'
153 ],
154 [
155 'PassPolicyUser',
156 [ 'sysop', 'checkuser' ],
157 'abcdabcd',
158 false,
159 true,
160 'Checkuser with short password'
161 ],
162 [
163 'PassPolicyUser',
164 [ 'sysop', 'checkuser' ],
165 'abcd',
166 false,
167 false,
168 'Checkuser with too short password to login'
169 ],
170 [
171 'Useruser',
172 [ 'user' ],
173 'Passpass',
174 false,
175 true,
176 'Username & password on blacklist'
177 ],
178 ];
179 }
180
181 /**
182 * @dataProvider provideMaxOfPolicies
183 * @covers UserPasswordPolicy::maxOfPolicies
184 */
185 public function testMaxOfPolicies( $p1, $p2, $max, $msg ) {
186 $this->assertArrayEquals(
187 $max,
188 UserPasswordPolicy::maxOfPolicies( $p1, $p2 ),
189 $msg
190 );
191 }
192
193 public function provideMaxOfPolicies() {
194 return [
195 [
196 [ 'MinimalPasswordLength' => 8 ], // p1
197 [ 'MinimalPasswordLength' => 2 ], // p2
198 [ 'MinimalPasswordLength' => 8 ], // max
199 'Basic max in p1'
200 ],
201 [
202 [ 'MinimalPasswordLength' => 2 ], // p1
203 [ 'MinimalPasswordLength' => 8 ], // p2
204 [ 'MinimalPasswordLength' => 8 ], // max
205 'Basic max in p2'
206 ],
207 [
208 [ 'MinimalPasswordLength' => 8 ], // p1
209 [
210 'MinimalPasswordLength' => 2,
211 'PasswordCannotMatchUsername' => 1,
212 ], // p2
213 [
214 'MinimalPasswordLength' => 8,
215 'PasswordCannotMatchUsername' => 1,
216 ], // max
217 'Missing items in p1'
218 ],
219 [
220 [
221 'MinimalPasswordLength' => 8,
222 'PasswordCannotMatchUsername' => 1,
223 ], // p1
224 [
225 'MinimalPasswordLength' => 2,
226 ], // p2
227 [
228 'MinimalPasswordLength' => 8,
229 'PasswordCannotMatchUsername' => 1,
230 ], // max
231 'Missing items in p2'
232 ],
233 ];
234 }
235
236 }
MediaWiki Core