public function __construct($username, $realname = 'Real Name', $email = '*****@*****.**', $groups = array())
{
$this->assertNotReal();
$this->username = $username;
$this->password = '******';
$this->user = User::newFromName($this->username);
$this->user->load();
// In an ideal world we'd have a new wiki (or mock data store) for every single test.
// But for now, we just need to create or update the user with the desired properties.
// we particularly need the new password, since we just generated it randomly.
// In core MediaWiki, there is no functionality to delete users, so this is the best we can do.
if (!$this->user->isLoggedIn()) {
// create the user
$this->user = User::createNew($this->username, array("email" => $email, "real_name" => $realname));
if (!$this->user) {
throw new MWException("Error creating TestUser " . $username);
}
}
// Update the user to use the password and other details
$change = $this->setPassword($this->password) || $this->setEmail($email) || $this->setRealName($realname);
// Adjust groups by adding any missing ones and removing any extras
$currentGroups = $this->user->getGroups();
foreach (array_diff($groups, $currentGroups) as $group) {
$this->user->addGroup($group);
}
foreach (array_diff($currentGroups, $groups) as $group) {
$this->user->removeGroup($group);
}
if ($change) {
$this->user->saveSettings();
}
}
public function testGroup()
{
$groupTest = new Group("TEST_GROUP");
$groupTest2 = new Group("TEST_GROUP_2");
$this->assertEmpty($this->user->getGroup());
$this->user->addGroup($groupTest);
$this->assertEquals($groupTest, $this->user->getGroup()->first());
$this->user->addGroup($groupTest2);
$this->assertEquals(2, $this->user->getGroup()->count());
$this->user->removeGroup($groupTest);
$this->assertEquals(1, $this->user->getGroup()->count());
$this->assertEquals($groupTest2, $this->user->getGroup()->first());
}
public function __construct($username, $realname = 'Real Name', $email = '*****@*****.**', $groups = [])
{
$this->assertNotReal();
$this->username = $username;
$this->password = '******';
$this->user = User::newFromName($this->username);
$this->user->load();
// In an ideal world we'd have a new wiki (or mock data store) for every single test.
// But for now, we just need to create or update the user with the desired properties.
// we particularly need the new password, since we just generated it randomly.
// In core MediaWiki, there is no functionality to delete users, so this is the best we can do.
if (!$this->user->isLoggedIn()) {
// create the user
$this->user = User::createNew($this->username, ["email" => $email, "real_name" => $realname]);
if (!$this->user) {
throw new MWException("Error creating TestUser " . $username);
}
}
// Update the user to use the password and other details
$this->setPassword($this->password);
$change = $this->setEmail($email) || $this->setRealName($realname);
// Adjust groups by adding any missing ones and removing any extras
$currentGroups = $this->user->getGroups();
foreach (array_diff($groups, $currentGroups) as $group) {
$this->user->addGroup($group);
}
foreach (array_diff($currentGroups, $groups) as $group) {
$this->user->removeGroup($group);
}
if ($change) {
// Disable CAS check before saving. The User object may have been initialized from cached
// information that may be out of whack with the database during testing. If tests were
// perfectly isolated, this would not happen. But if it does happen, let's just ignore the
// inconsistency, and just write the data we want - during testing, we are not worried
// about data loss.
$this->user->mTouched = '';
$this->user->saveSettings();
}
}
/**
* Add groups based on the existence of attributes in the SAML assertion.
*
* @param User $user add MediaWiki permissions to this user from the current SAML assertion
*
* @return void $user is modified on return
*/
protected static function setGroups(User $user)
{
global $wgSamlGroupMap;
$attr = self::$as->getAttributes();
foreach ($wgSamlGroupMap as $group => $rules) {
foreach ($rules as $attrName => $needles) {
if (!isset($attr[$attrName])) {
continue;
}
foreach ($needles as $needle) {
if (in_array($needle, $attr[$attrName])) {
$user->addGroup($group);
} else {
$user->removeGroup($group);
}
}
}
}
}
/**
* Helper function for updateUser() and initUser(). Adds users into MediaWiki security groups
* based upon groups retreived from LDAP.
*
* @param User $user
* @access private
*/
function setGroups(&$user)
{
global $wgGroupPermissions;
// TODO: this is *really* ugly code. clean it up!
$this->printDebug("Entering setGroups.", NONSENSITIVE);
# Add ldap groups as local groups
if ($this->getConf('GroupsPrevail')) {
$this->printDebug("Adding all groups to wgGroupPermissions: ", SENSITIVE, $this->allLDAPGroups);
foreach ($this->allLDAPGroups["short"] as $ldapgroup) {
if (!array_key_exists($ldapgroup, $wgGroupPermissions)) {
$wgGroupPermissions[$ldapgroup] = array();
}
}
}
# add groups permissions
$localAvailGrps = $user->getAllGroups();
$localUserGrps = $user->getEffectiveGroups();
$defaultLocallyManagedGrps = array('bot', 'sysop', 'bureaucrat');
$locallyManagedGrps = $this->getConf('LocallyManagedGroups');
if ($locallyManagedGrps) {
$locallyManagedGrps = array_unique(array_merge($defaultLocallyManagedGrps, $locallyManagedGrps));
$this->printDebug("Locally managed groups: ", SENSITIVE, $locallyManagedGrps);
} else {
$locallyManagedGrps = $defaultLocallyManagedGrps;
$this->printDebug("Locally managed groups is unset, using defaults: ", SENSITIVE, $locallyManagedGrps);
}
$this->printDebug("Available groups are: ", NONSENSITIVE, $localAvailGrps);
$this->printDebug("Effective groups are: ", NONSENSITIVE, $localUserGrps);
# note: $localUserGrps does not need to be updated with $cGroup added,
# as $localAvailGrps contains $cGroup only once.
foreach ($localAvailGrps as $cGroup) {
# did we once add the user to the group?
if (in_array($cGroup, $localUserGrps)) {
$this->printDebug("Checking to see if we need to remove user from: {$cGroup}", NONSENSITIVE);
if (!$this->hasLDAPGroup($cGroup) && !in_array($cGroup, $locallyManagedGrps)) {
$this->printDebug("Removing user from: {$cGroup}", NONSENSITIVE);
# the ldap group overrides the local group
# so as the user is currently not a member of the ldap group, he shall be removed from the local group
$user->removeGroup($cGroup);
}
} else {
# no, but maybe the user has recently been added to the ldap group?
$this->printDebug("Checking to see if user is in: {$cGroup}", NONSENSITIVE);
if ($this->hasLDAPGroup($cGroup)) {
$this->printDebug("Adding user to: {$cGroup}", NONSENSITIVE);
$user->addGroup($cGroup);
}
}
}
}
/**
* Save user groups changes in the database.
*
* @param User|UserRightsProxy $user
* @param array $add Array of groups to add
* @param array $remove Array of groups to remove
* @param string $reason Reason for group change
* @return array Tuple of added, then removed groups
*/
function doSaveUserGroups($user, $add, $remove, $reason = '')
{
global $wgAuth;
// Validate input set...
$isself = $user->getName() == $this->getUser()->getName();
$groups = $user->getGroups();
$changeable = $this->changeableGroups();
$addable = array_merge($changeable['add'], $isself ? $changeable['add-self'] : array());
$removable = array_merge($changeable['remove'], $isself ? $changeable['remove-self'] : array());
$remove = array_unique(array_intersect((array) $remove, $removable, $groups));
$add = array_unique(array_diff(array_intersect((array) $add, $addable), $groups));
$oldGroups = $user->getGroups();
$newGroups = $oldGroups;
// Remove then add groups
if ($remove) {
foreach ($remove as $index => $group) {
if (!$user->removeGroup($group)) {
unset($remove[$index]);
}
}
$newGroups = array_diff($newGroups, $remove);
}
if ($add) {
foreach ($add as $index => $group) {
if (!$user->addGroup($group)) {
unset($add[$index]);
}
}
$newGroups = array_merge($newGroups, $add);
}
$newGroups = array_unique($newGroups);
// Ensure that caches are cleared
$user->invalidateCache();
// update groups in external authentication database
Hooks::run('UserGroupsChanged', array($user, $add, $remove, $this->getUser()));
$wgAuth->updateExternalDBGroups($user, $add, $remove);
wfDebug('oldGroups: ' . print_r($oldGroups, true) . "\n");
wfDebug('newGroups: ' . print_r($newGroups, true) . "\n");
// Deprecated in favor of UserGroupsChanged hook
Hooks::run('UserRights', array(&$user, $add, $remove), '1.26');
if ($newGroups != $oldGroups) {
$this->addLogEntry($user, $oldGroups, $newGroups, $reason);
}
return array($add, $remove);
}
/**
* On every page load, the user's permissions are recalculated. They are based
* upon the groups to which the user belongs.
*/
function manageMediawikiGroupsForUser(User $mediawiki_user, PFUser $tuleap_user, Group $group)
{
$groups_mapper = new MediawikiUserGroupsMapper(new MediawikiDao(), new User_ForgeUserGroupPermissionsDao());
$mediawiki_groups = $groups_mapper->defineUserMediawikiGroups($tuleap_user, $group);
foreach ($mediawiki_groups['removed'] as $group_to_remove) {
$mediawiki_user->removeGroup($group_to_remove);
}
foreach ($mediawiki_groups['added'] as $group_to_add) {
$mediawiki_user->addGroup($group_to_add);
}
return $mediawiki_user;
}
/**
* Helper function for updateUser() and initUser(). Adds users into MediaWiki security groups
* based upon groups retreived from LDAP.
*
* @param User $user
* @access private
*/
function setGroups(&$user)
{
$this->printDebug("Pulling groups from LDAP.", 1);
# add groups permissions
$localAvailGrps = $user->getAllGroups();
$localUserGrps = $user->getEffectiveGroups();
$this->printDebug("Available groups are: " . implode(",", $localAvailGrps) . "", 1);
$this->printDebug("Effective groups are: " . implode(",", $localUserGrps) . "", 1);
# note: $localUserGrps does not need to be updated with $cGroup added,
# as $localAvailGrps contains $cGroup only once.
foreach ($localAvailGrps as $cGroup) {
# did we once add the user to the group?
if (in_array($cGroup, $localUserGrps)) {
$this->printDebug("Checking to see if we need to remove user from: {$cGroup}", 1);
if (!$this->hasLDAPGroup($cGroup) && $this->isLDAPGroup($cGroup)) {
$this->printDebug("Removing user from: {$cGroup}", 1);
# the ldap group overrides the local group
# so as the user is currently not a member of the ldap group, he shall be removed from the local group
$user->removeGroup($cGroup);
}
} else {
# no, but maybe the user has recently been added to the ldap group?
$this->printDebug("Checking to see if user is in: {$cGroup}", 1);
if ($this->hasLDAPGroup($cGroup)) {
$this->printDebug("Adding user to: {$cGroup}", 1);
# so use the addGroup function
$user->addGroup($cGroup);
# completedfor $cGroup.
}
}
}
}
/**
* When a user logs in, optionally fill in preferences and such.
* For instance, you might pull the email address or real name from the
* external user database.
*
* The User object is passed by reference so it can be modified; don't
* forget the & on your function declaration.
*
* @param User $user
* @access public
*/
function updateUser(&$user)
{
if (!is_resource($this->db)) {
$this->openDB();
}
$query = mysql_query("SELECT username,email,usergroup,additionalgroups FROM {$this->table_prefix}users WHERE username='******'", $this->db);
$res = mysql_fetch_array($query);
if ($res) {
if (in_array($res['usergroup'], $this->admin_usergroups)) {
$is_admin = true;
}
$memberships = explode(",", $res['additionalgroups']);
for ($i = 0; $i < count($memberships); $i++) {
if (in_array($memberships[$x], $this->admin_usergroups)) {
$is_admin = true;
}
}
if ($is_admin == true) {
// If a user is not a sysop, make them a sysop
if (!in_array("sysop", $user->getEffectiveGroups())) {
$user->addGroup('sysop');
}
} else {
if (in_array("sysop", $user->getEffectiveGroups())) {
$user->removeGroup('sysop');
return TRUE;
}
}
$user->setEmail($res['email']);
$user->setRealName($res['username']);
return TRUE;
}
return false;
}
/**
* @covers AppBundle\Entity\User::removeGroup
* Implement testRemoveGroup().
*/
public function testRemoveGroup()
{
$this->assertEmpty($this->user->getGroup());
$this->user->removeGroup($this->group);
$this->assertEmpty($this->user->getGroup());
}
