tests/phpunit/includes/auth/AbstractPasswordPrimaryAuthenticationProviderTest.php

   1 <?php
   2
   3 namespace MediaWiki\Auth;
   4
   5 /**
   6  * @group AuthManager
   7  * @covers MediaWiki\Auth\AbstractPasswordPrimaryAuthenticationProvider
   8  */
   9 class AbstractPasswordPrimaryAuthenticationProviderTest extends \MediaWikiTestCase {
  10         protected function setUp() {
  11                 global $wgDisableAuthManager;
  12
  13                 parent::setUp();
  14                 if ( $wgDisableAuthManager ) {
  15                         $this->markTestSkipped( '$wgDisableAuthManager is set' );
  16                 }
  17         }
  18
  19         public function testConstructor() {
  20                 $provider = $this->getMockForAbstractClass(
  21                         AbstractPasswordPrimaryAuthenticationProvider::class
  22                 );
  23                 $providerPriv = \TestingAccessWrapper::newFromObject( $provider );
  24                 $this->assertTrue( $providerPriv->authoritative );
  25
  26                 $provider = $this->getMockForAbstractClass(
  27                         AbstractPasswordPrimaryAuthenticationProvider::class,
  28                         [ [ 'authoritative' => false ] ]
  29                 );
  30                 $providerPriv = \TestingAccessWrapper::newFromObject( $provider );
  31                 $this->assertFalse( $providerPriv->authoritative );
  32         }
  33
  34         public function testGetPasswordFactory() {
  35                 $provider = $this->getMockForAbstractClass(
  36                         AbstractPasswordPrimaryAuthenticationProvider::class
  37                 );
  38                 $provider->setConfig( \ConfigFactory::getDefaultInstance()->makeConfig( 'main' ) );
  39                 $providerPriv = \TestingAccessWrapper::newFromObject( $provider );
  40
  41                 $obj = $providerPriv->getPasswordFactory();
  42                 $this->assertInstanceOf( 'PasswordFactory', $obj );
  43                 $this->assertSame( $obj, $providerPriv->getPasswordFactory() );
  44         }
  45
  46         public function testGetPassword() {
  47                 $provider = $this->getMockForAbstractClass(
  48                         AbstractPasswordPrimaryAuthenticationProvider::class
  49                 );
  50                 $provider->setConfig( \ConfigFactory::getDefaultInstance()->makeConfig( 'main' ) );
  51                 $provider->setLogger( new \Psr\Log\NullLogger() );
  52                 $providerPriv = \TestingAccessWrapper::newFromObject( $provider );
  53
  54                 $obj = $providerPriv->getPassword( null );
  55                 $this->assertInstanceOf( 'Password', $obj );
  56
  57                 $obj = $providerPriv->getPassword( 'invalid' );
  58                 $this->assertInstanceOf( 'Password', $obj );
  59         }
  60
  61         public function testGetNewPasswordExpiry() {
  62                 $config = new \HashConfig;
  63                 $provider = $this->getMockForAbstractClass(
  64                         AbstractPasswordPrimaryAuthenticationProvider::class
  65                 );
  66                 $provider->setConfig( new \MultiConfig( [
  67                         $config,
  68                         \ConfigFactory::getDefaultInstance()->makeConfig( 'main' )
  69                 ] ) );
  70                 $provider->setLogger( new \Psr\Log\NullLogger() );
  71                 $providerPriv = \TestingAccessWrapper::newFromObject( $provider );
  72
  73                 $this->mergeMwGlobalArrayValue( 'wgHooks', [ 'ResetPasswordExpiration' => [] ] );
  74
  75                 $config->set( 'PasswordExpirationDays', 0 );
  76                 $this->assertNull( $providerPriv->getNewPasswordExpiry( 'UTSysop' ) );
  77
  78                 $config->set( 'PasswordExpirationDays', 5 );
  79                 $this->assertEquals(
  80                         time() + 5 * 86400,
  81                         wfTimestamp( TS_UNIX, $providerPriv->getNewPasswordExpiry( 'UTSysop' ) ),
  82                         '',
  83                         2 /* Fuzz */
  84                 );
  85
  86                 $this->mergeMwGlobalArrayValue( 'wgHooks', [
  87                         'ResetPasswordExpiration' => [ function ( $user, &$expires ) {
  88                                 $this->assertSame( 'UTSysop', $user->getName() );
  89                                 $expires = '30001231235959';
  90                         } ]
  91                 ] );
  92                 $this->assertEquals( '30001231235959', $providerPriv->getNewPasswordExpiry( 'UTSysop' ) );
  93         }
  94
  95         public function testCheckPasswordValidity() {
  96                 $uppCalled = 0;
  97                 $uppStatus = \Status::newGood();
  98                 $this->setMwGlobals( [
  99                         'wgPasswordPolicy' => [
 100                                 'policies' => [
 101                                         'default' => [
 102                                                 'Check' => true,
 103                                         ],
 104                                 ],
 105                                 'checks' => [
 106                                         'Check' => function () use ( &$uppCalled, &$uppStatus ) {
 107                                                 $uppCalled++;
 108                                                 return $uppStatus;
 109                                         },
 110                                 ],
 111                         ]
 112                 ] );
 113
 114                 $provider = $this->getMockForAbstractClass(
 115                         AbstractPasswordPrimaryAuthenticationProvider::class
 116                 );
 117                 $provider->setConfig( \ConfigFactory::getDefaultInstance()->makeConfig( 'main' ) );
 118                 $provider->setLogger( new \Psr\Log\NullLogger() );
 119                 $providerPriv = \TestingAccessWrapper::newFromObject( $provider );
 120
 121                 $this->assertEquals( $uppStatus, $providerPriv->checkPasswordValidity( 'foo', 'bar' ) );
 122
 123                 $uppStatus->fatal( 'arbitrary-warning' );
 124                 $this->assertEquals( $uppStatus, $providerPriv->checkPasswordValidity( 'foo', 'bar' ) );
 125         }
 126
 127         public function testSetPasswordResetFlag() {
 128                 $config = new \HashConfig( [
 129                         'InvalidPasswordReset' => true,
 130                 ] );
 131
 132                 $manager = new AuthManager(
 133                         new \FauxRequest(), \ConfigFactory::getDefaultInstance()->makeConfig( 'main' )
 134                 );
 135
 136                 $provider = $this->getMockForAbstractClass(
 137                         AbstractPasswordPrimaryAuthenticationProvider::class
 138                 );
 139                 $provider->setConfig( $config );
 140                 $provider->setLogger( new \Psr\Log\NullLogger() );
 141                 $provider->setManager( $manager );
 142                 $providerPriv = \TestingAccessWrapper::newFromObject( $provider );
 143
 144                 $manager->removeAuthenticationSessionData( null );
 145                 $status = \Status::newGood();
 146                 $providerPriv->setPasswordResetFlag( 'Foo', $status );
 147                 $this->assertNull( $manager->getAuthenticationSessionData( 'reset-pass' ) );
 148
 149                 $manager->removeAuthenticationSessionData( null );
 150                 $status = \Status::newGood();
 151                 $status->error( 'testing' );
 152                 $providerPriv->setPasswordResetFlag( 'Foo', $status );
 153                 $ret = $manager->getAuthenticationSessionData( 'reset-pass' );
 154                 $this->assertNotNull( $ret );
 155                 $this->assertSame( 'resetpass-validity-soft', $ret->msg->getKey() );
 156                 $this->assertFalse( $ret->hard );
 157
 158                 $config->set( 'InvalidPasswordReset', false );
 159                 $manager->removeAuthenticationSessionData( null );
 160                 $providerPriv->setPasswordResetFlag( 'Foo', $status );
 161                 $ret = $manager->getAuthenticationSessionData( 'reset-pass' );
 162                 $this->assertNull( $ret );
 163         }
 164
 165         public function testFailResponse() {
 166                 $provider = $this->getMockForAbstractClass(
 167                         AbstractPasswordPrimaryAuthenticationProvider::class,
 168                         [ [ 'authoritative' => false ] ]
 169                 );
 170                 $providerPriv = \TestingAccessWrapper::newFromObject( $provider );
 171
 172                 $req = new PasswordAuthenticationRequest;
 173
 174                 $ret = $providerPriv->failResponse( $req );
 175                 $this->assertSame( AuthenticationResponse::ABSTAIN, $ret->status );
 176
 177                 $provider = $this->getMockForAbstractClass(
 178                         AbstractPasswordPrimaryAuthenticationProvider::class,
 179                         [ [ 'authoritative' => true ] ]
 180                 );
 181                 $providerPriv = \TestingAccessWrapper::newFromObject( $provider );
 182
 183                 $req->password = '';
 184                 $ret = $providerPriv->failResponse( $req );
 185                 $this->assertSame( AuthenticationResponse::FAIL, $ret->status );
 186                 $this->assertSame( 'wrongpasswordempty', $ret->message->getKey() );
 187
 188                 $req->password = 'X';
 189                 $ret = $providerPriv->failResponse( $req );
 190                 $this->assertSame( AuthenticationResponse::FAIL, $ret->status );
 191                 $this->assertSame( 'wrongpassword', $ret->message->getKey() );
 192         }
 193
 194         /**
 195          * @dataProvider provideGetAuthenticationRequests
 196          * @param string $action
 197          * @param array $response
 198          */
 199         public function testGetAuthenticationRequests( $action, $response ) {
 200                 $provider = $this->getMockForAbstractClass(
 201                         AbstractPasswordPrimaryAuthenticationProvider::class
 202                 );
 203
 204                 $this->assertEquals( $response, $provider->getAuthenticationRequests( $action, [] ) );
 205         }
 206
 207         public static function provideGetAuthenticationRequests() {
 208                 return [
 209                         [ AuthManager::ACTION_LOGIN, [ new PasswordAuthenticationRequest() ] ],
 210                         [ AuthManager::ACTION_CREATE, [ new PasswordAuthenticationRequest() ] ],
 211                         [ AuthManager::ACTION_LINK, [] ],
 212                         [ AuthManager::ACTION_CHANGE, [ new PasswordAuthenticationRequest() ] ],
 213                         [ AuthManager::ACTION_REMOVE, [ new PasswordAuthenticationRequest() ] ],
 214                 ];
 215         }
 216
 217         public function testProviderRevokeAccessForUser() {
 218                 $req = new PasswordAuthenticationRequest;
 219                 $req->action = AuthManager::ACTION_REMOVE;
 220                 $req->username = 'foo';
 221                 $req->password = null;
 222
 223                 $provider = $this->getMockForAbstractClass(
 224                         AbstractPasswordPrimaryAuthenticationProvider::class
 225                 );
 226                 $provider->expects( $this->once() )
 227                         ->method( 'providerChangeAuthenticationData' )
 228                         ->with( $this->equalTo( $req ) );
 229
 230                 $provider->providerRevokeAccessForUser( 'foo' );
 231         }
 232
 233 }