search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
Move ResultWrapper subclasses to Rdbms
[mediawiki.git] / tests / phpunit / includes / session / BotPasswordSessionProviderTest.php
blobc1eef2e809ae1fb6d552dbe88f9411f3d2663de1
1 <?php
2
3 namespace MediaWiki\Session;
4
5 use Psr\Log\LogLevel;
6 use MediaWikiTestCase;
7
8 /**
9 * @group Session
10 * @group Database
11 * @covers MediaWiki\Session\BotPasswordSessionProvider
12 */
13 class BotPasswordSessionProviderTest extends MediaWikiTestCase {
14
15 private $config;
16
17 private function getProvider( $name = null, $prefix = null ) {
18 global $wgSessionProviders;
19
20 $params = [
21 'priority' => 40,
22 'sessionCookieName' => $name,
23 'sessionCookieOptions' => [],
24 ];
25 if ( $prefix !== null ) {
26 $params['sessionCookieOptions']['prefix'] = $prefix;
27 }
28
29 if ( !$this->config ) {
30 $this->config = new \HashConfig( [
31 'CookiePrefix' => 'wgCookiePrefix',
32 'EnableBotPasswords' => true,
33 'BotPasswordsDatabase' => false,
34 'SessionProviders' => $wgSessionProviders + [
35 BotPasswordSessionProvider::class => [
36 'class' => BotPasswordSessionProvider::class,
37 'args' => [ $params ],
38 ]
39 ],
40 ] );
41 }
42 $manager = new SessionManager( [
43 'config' => new \MultiConfig( [ $this->config, \RequestContext::getMain()->getConfig() ] ),
44 'logger' => new \Psr\Log\NullLogger,
45 'store' => new TestBagOStuff,
46 ] );
47
48 return $manager->getProvider( BotPasswordSessionProvider::class );
49 }
50
51 protected function setUp() {
52 parent::setUp();
53
54 $this->setMwGlobals( [
55 'wgEnableBotPasswords' => true,
56 'wgBotPasswordsDatabase' => false,
57 'wgCentralIdLookupProvider' => 'local',
58 'wgGrantPermissions' => [
59 'test' => [ 'read' => true ],
60 ],
61 ] );
62 }
63
64 public function addDBDataOnce() {
65 $passwordFactory = new \PasswordFactory();
66 $passwordFactory->init( \RequestContext::getMain()->getConfig() );
67 $passwordHash = $passwordFactory->newFromPlaintext( 'foobaz' );
68
69 $sysop = static::getTestSysop()->getUser();
70 $userId = \CentralIdLookup::factory( 'local' )->centralIdFromName( $sysop->getName() );
71
72 $dbw = wfGetDB( DB_MASTER );
73 $dbw->delete(
74 'bot_passwords',
75 [ 'bp_user' => $userId, 'bp_app_id' => 'BotPasswordSessionProvider' ],
76 __METHOD__
77 );
78 $dbw->insert(
79 'bot_passwords',
80 [
81 'bp_user' => $userId,
82 'bp_app_id' => 'BotPasswordSessionProvider',
83 'bp_password' => $passwordHash->toString(),
84 'bp_token' => 'token!',
85 'bp_restrictions' => '{"IPAddresses":["127.0.0.0/8"]}',
86 'bp_grants' => '["test"]',
87 ],
88 __METHOD__
89 );
90 }
91
92 public function testConstructor() {
93 try {
94 $provider = new BotPasswordSessionProvider();
95 $this->fail( 'Expected exception not thrown' );
96 } catch ( \InvalidArgumentException $ex ) {
97 $this->assertSame(
98 'MediaWiki\\Session\\BotPasswordSessionProvider::__construct: priority must be specified',
99 $ex->getMessage()
100 );
101 }
102
103 try {
104 $provider = new BotPasswordSessionProvider( [
105 'priority' => SessionInfo::MIN_PRIORITY - 1
106 ] );
107 $this->fail( 'Expected exception not thrown' );
108 } catch ( \InvalidArgumentException $ex ) {
109 $this->assertSame(
110 'MediaWiki\\Session\\BotPasswordSessionProvider::__construct: Invalid priority',
111 $ex->getMessage()
112 );
113 }
114
115 try {
116 $provider = new BotPasswordSessionProvider( [
117 'priority' => SessionInfo::MAX_PRIORITY + 1
118 ] );
119 $this->fail( 'Expected exception not thrown' );
120 } catch ( \InvalidArgumentException $ex ) {
121 $this->assertSame(
122 'MediaWiki\\Session\\BotPasswordSessionProvider::__construct: Invalid priority',
123 $ex->getMessage()
124 );
125 }
126
127 $provider = new BotPasswordSessionProvider( [
128 'priority' => 40
129 ] );
130 $priv = \TestingAccessWrapper::newFromObject( $provider );
131 $this->assertSame( 40, $priv->priority );
132 $this->assertSame( '_BPsession', $priv->sessionCookieName );
133 $this->assertSame( [], $priv->sessionCookieOptions );
134
135 $provider = new BotPasswordSessionProvider( [
136 'priority' => 40,
137 'sessionCookieName' => null,
138 ] );
139 $priv = \TestingAccessWrapper::newFromObject( $provider );
140 $this->assertSame( '_BPsession', $priv->sessionCookieName );
141
142 $provider = new BotPasswordSessionProvider( [
143 'priority' => 40,
144 'sessionCookieName' => 'Foo',
145 'sessionCookieOptions' => [ 'Bar' ],
146 ] );
147 $priv = \TestingAccessWrapper::newFromObject( $provider );
148 $this->assertSame( 'Foo', $priv->sessionCookieName );
149 $this->assertSame( [ 'Bar' ], $priv->sessionCookieOptions );
150 }
151
152 public function testBasics() {
153 $provider = $this->getProvider();
154
155 $this->assertTrue( $provider->persistsSessionId() );
156 $this->assertFalse( $provider->canChangeUser() );
157
158 $this->assertNull( $provider->newSessionInfo() );
159 $this->assertNull( $provider->newSessionInfo( 'aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa' ) );
160 }
161
162 public function testProvideSessionInfo() {
163 $provider = $this->getProvider();
164 $request = new \FauxRequest;
165 $request->setCookie( '_BPsession', 'aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa', 'wgCookiePrefix' );
166
167 if ( !defined( 'MW_API' ) ) {
168 $this->assertNull( $provider->provideSessionInfo( $request ) );
169 define( 'MW_API', 1 );
170 }
171
172 $info = $provider->provideSessionInfo( $request );
173 $this->assertInstanceOf( SessionInfo::class, $info );
174 $this->assertSame( 'aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa', $info->getId() );
175
176 $this->config->set( 'EnableBotPasswords', false );
177 $this->assertNull( $provider->provideSessionInfo( $request ) );
178 $this->config->set( 'EnableBotPasswords', true );
179
180 $this->assertNull( $provider->provideSessionInfo( new \FauxRequest ) );
181 }
182
183 public function testNewSessionInfoForRequest() {
184 $provider = $this->getProvider();
185 $user = static::getTestSysop()->getUser();
186 $request = $this->getMock( 'FauxRequest', [ 'getIP' ] );
187 $request->expects( $this->any() )->method( 'getIP' )
188 ->will( $this->returnValue( '127.0.0.1' ) );
189 $bp = \BotPassword::newFromUser( $user, 'BotPasswordSessionProvider' );
190
191 $session = $provider->newSessionForRequest( $user, $bp, $request );
192 $this->assertInstanceOf( Session::class, $session );
193
194 $this->assertEquals( $session->getId(), $request->getSession()->getId() );
195 $this->assertEquals( $user->getName(), $session->getUser()->getName() );
196
197 $this->assertEquals( [
198 'centralId' => $bp->getUserCentralId(),
199 'appId' => $bp->getAppId(),
200 'token' => $bp->getToken(),
201 'rights' => [ 'read' ],
202 ], $session->getProviderMetadata() );
203
204 $this->assertEquals( [ 'read' ], $session->getAllowedUserRights() );
205 }
206
207 public function testCheckSessionInfo() {
208 $logger = new \TestLogger( true );
209 $provider = $this->getProvider();
210 $provider->setLogger( $logger );
211
212 $user = static::getTestSysop()->getUser();
213 $request = $this->getMock( 'FauxRequest', [ 'getIP' ] );
214 $request->expects( $this->any() )->method( 'getIP' )
215 ->will( $this->returnValue( '127.0.0.1' ) );
216 $bp = \BotPassword::newFromUser( $user, 'BotPasswordSessionProvider' );
217
218 $data = [
219 'provider' => $provider,
220 'id' => 'aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa',
221 'userInfo' => UserInfo::newFromUser( $user, true ),
222 'persisted' => false,
223 'metadata' => [
224 'centralId' => $bp->getUserCentralId(),
225 'appId' => $bp->getAppId(),
226 'token' => $bp->getToken(),
227 ],
228 ];
229 $dataMD = $data['metadata'];
230
231 foreach ( array_keys( $data['metadata'] ) as $key ) {
232 $data['metadata'] = $dataMD;
233 unset( $data['metadata'][$key] );
234 $info = new SessionInfo( SessionInfo::MIN_PRIORITY, $data );
235 $metadata = $info->getProviderMetadata();
236
237 $this->assertFalse( $provider->refreshSessionInfo( $info, $request, $metadata ) );
238 $this->assertSame( [
239 [ LogLevel::INFO, 'Session "{session}": Missing metadata: {missing}' ]
240 ], $logger->getBuffer() );
241 $logger->clearBuffer();
242 }
243
244 $data['metadata'] = $dataMD;
245 $data['metadata']['appId'] = 'Foobar';
246 $info = new SessionInfo( SessionInfo::MIN_PRIORITY, $data );
247 $metadata = $info->getProviderMetadata();
248 $this->assertFalse( $provider->refreshSessionInfo( $info, $request, $metadata ) );
249 $this->assertSame( [
250 [ LogLevel::INFO, 'Session "{session}": No BotPassword for {centralId} {appId}' ],
251 ], $logger->getBuffer() );
252 $logger->clearBuffer();
253
254 $data['metadata'] = $dataMD;
255 $data['metadata']['token'] = 'Foobar';
256 $info = new SessionInfo( SessionInfo::MIN_PRIORITY, $data );
257 $metadata = $info->getProviderMetadata();
258 $this->assertFalse( $provider->refreshSessionInfo( $info, $request, $metadata ) );
259 $this->assertSame( [
260 [ LogLevel::INFO, 'Session "{session}": BotPassword token check failed' ],
261 ], $logger->getBuffer() );
262 $logger->clearBuffer();
263
264 $request2 = $this->getMock( 'FauxRequest', [ 'getIP' ] );
265 $request2->expects( $this->any() )->method( 'getIP' )
266 ->will( $this->returnValue( '10.0.0.1' ) );
267 $data['metadata'] = $dataMD;
268 $info = new SessionInfo( SessionInfo::MIN_PRIORITY, $data );
269 $metadata = $info->getProviderMetadata();
270 $this->assertFalse( $provider->refreshSessionInfo( $info, $request2, $metadata ) );
271 $this->assertSame( [
272 [ LogLevel::INFO, 'Session "{session}": Restrictions check failed' ],
273 ], $logger->getBuffer() );
274 $logger->clearBuffer();
275
276 $info = new SessionInfo( SessionInfo::MIN_PRIORITY, $data );
277 $metadata = $info->getProviderMetadata();
278 $this->assertTrue( $provider->refreshSessionInfo( $info, $request, $metadata ) );
279 $this->assertSame( [], $logger->getBuffer() );
280 $this->assertEquals( $dataMD + [ 'rights' => [ 'read' ] ], $metadata );
281 }
282
283 public function testGetAllowedUserRights() {
284 $logger = new \TestLogger( true );
285 $provider = $this->getProvider();
286 $provider->setLogger( $logger );
287
288 $backend = TestUtils::getDummySessionBackend();
289 $backendPriv = \TestingAccessWrapper::newFromObject( $backend );
290
291 try {
292 $provider->getAllowedUserRights( $backend );
293 $this->fail( 'Expected exception not thrown' );
294 } catch ( \InvalidArgumentException $ex ) {
295 $this->assertSame( 'Backend\'s provider isn\'t $this', $ex->getMessage() );
296 }
297
298 $backendPriv->provider = $provider;
299 $backendPriv->providerMetadata = [ 'rights' => [ 'foo', 'bar', 'baz' ] ];
300 $this->assertSame( [ 'foo', 'bar', 'baz' ], $provider->getAllowedUserRights( $backend ) );
301 $this->assertSame( [], $logger->getBuffer() );
302
303 $backendPriv->providerMetadata = [ 'foo' => 'bar' ];
304 $this->assertSame( [], $provider->getAllowedUserRights( $backend ) );
305 $this->assertSame( [
306 [
307 LogLevel::DEBUG,
308 'MediaWiki\\Session\\BotPasswordSessionProvider::getAllowedUserRights: ' .
309 'No provider metadata, returning no rights allowed'
310 ]
311 ], $logger->getBuffer() );
312 $logger->clearBuffer();
313
314 $backendPriv->providerMetadata = [ 'rights' => 'bar' ];
315 $this->assertSame( [], $provider->getAllowedUserRights( $backend ) );
316 $this->assertSame( [
317 [
318 LogLevel::DEBUG,
319 'MediaWiki\\Session\\BotPasswordSessionProvider::getAllowedUserRights: ' .
320 'No provider metadata, returning no rights allowed'
321 ]
322 ], $logger->getBuffer() );
323 $logger->clearBuffer();
324
325 $backendPriv->providerMetadata = null;
326 $this->assertSame( [], $provider->getAllowedUserRights( $backend ) );
327 $this->assertSame( [
328 [
329 LogLevel::DEBUG,
330 'MediaWiki\\Session\\BotPasswordSessionProvider::getAllowedUserRights: ' .
331 'No provider metadata, returning no rights allowed'
332 ]
333 ], $logger->getBuffer() );
334 $logger->clearBuffer();
335 }
336 }
MediaWiki Core