public function addDBData()
{
$passwordFactory = new \PasswordFactory();
$passwordFactory->init(\RequestContext::getMain()->getConfig());
// A is unsalted MD5 (thus fast) ... we don't care about security here, this is test only
$passwordFactory->setDefaultType('A');
$pwhash = $passwordFactory->newFromPlaintext('foobaz');
$userId = \CentralIdLookup::factory('local')->centralIdFromName('UTSysop');
$dbw = wfGetDB(DB_MASTER);
$dbw->delete('bot_passwords', array('bp_user' => $userId, 'bp_app_id' => 'BotPasswordSessionProvider'), __METHOD__);
$dbw->insert('bot_passwords', array('bp_user' => $userId, 'bp_app_id' => 'BotPasswordSessionProvider', 'bp_password' => $pwhash->toString(), 'bp_token' => 'token!', 'bp_restrictions' => '{"IPAddresses":["127.0.0.0/8"]}', 'bp_grants' => '["test"]'), __METHOD__);
}
/**
* Set the password on a testing user
*
* This assumes we're still using the generic AuthManager config from
* PHPUnitMaintClass::finalSetup(), and just sets the password in the
* database directly.
* @param User $user
* @param string $password
*/
public static function setPasswordForUser(User $user, $password)
{
if (!$user->getId()) {
throw new MWException("Passed User has not been added to the database yet!");
}
$passwordFactory = new PasswordFactory();
$passwordFactory->init(RequestContext::getMain()->getConfig());
// A is unsalted MD5 (thus fast) ... we don't care about security here, this is test only
$passwordFactory->setDefaultType('A');
$pwhash = $passwordFactory->newFromPlaintext($password);
wfGetDB(DB_MASTER)->update('user', array('user_password' => $pwhash->toString()), array('user_id' => $user->getId()), __METHOD__);
}
public function testBotPassword()
{
global $wgServer, $wgSessionProviders;
if (!isset($wgServer)) {
$this->markTestIncomplete('This test needs $wgServer to be set in LocalSettings.php');
}
$this->setMwGlobals(array('wgSessionProviders' => array_merge($wgSessionProviders, array(array('class' => 'MediaWiki\\Session\\BotPasswordSessionProvider', 'args' => array(array('priority' => 40))))), 'wgEnableBotPasswords' => true, 'wgBotPasswordsDatabase' => false, 'wgCentralIdLookupProvider' => 'local', 'wgGrantPermissions' => array('test' => array('read' => true))));
// Make sure our session provider is present
$manager = TestingAccessWrapper::newFromObject(MediaWiki\Session\SessionManager::singleton());
if (!isset($manager->sessionProviders['MediaWiki\\Session\\BotPasswordSessionProvider'])) {
$tmp = $manager->sessionProviders;
$manager->sessionProviders = null;
$manager->sessionProviders = $tmp + $manager->getProviders();
}
$this->assertNotNull(MediaWiki\Session\SessionManager::singleton()->getProvider('MediaWiki\\Session\\BotPasswordSessionProvider'), 'sanity check');
$user = self::$users['sysop'];
$centralId = CentralIdLookup::factory()->centralIdFromLocalUser($user->getUser());
$this->assertNotEquals(0, $centralId, 'sanity check');
$passwordFactory = new PasswordFactory();
$passwordFactory->init(RequestContext::getMain()->getConfig());
// A is unsalted MD5 (thus fast) ... we don't care about security here, this is test only
$passwordFactory->setDefaultType('A');
$pwhash = $passwordFactory->newFromPlaintext('foobaz');
$dbw = wfGetDB(DB_MASTER);
$dbw->insert('bot_passwords', array('bp_user' => $centralId, 'bp_app_id' => 'foo', 'bp_password' => $pwhash->toString(), 'bp_token' => '', 'bp_restrictions' => MWRestrictions::newDefault()->toJson(), 'bp_grants' => '["test"]'), __METHOD__);
$lgName = $user->username . BotPassword::getSeparator() . 'foo';
$ret = $this->doApiRequest(array('action' => 'login', 'lgname' => $lgName, 'lgpassword' => 'foobaz'));
$result = $ret[0];
$this->assertNotInternalType('bool', $result);
$this->assertNotInternalType('null', $result['login']);
$a = $result['login']['result'];
$this->assertEquals('NeedToken', $a);
$token = $result['login']['token'];
$ret = $this->doApiRequest(array('action' => 'login', 'lgtoken' => $token, 'lgname' => $lgName, 'lgpassword' => 'foobaz'), $ret[2]);
$result = $ret[0];
$this->assertNotInternalType('bool', $result);
$a = $result['login']['result'];
$this->assertEquals('Success', $a);
}
public function testTestUserCanAuthenticate()
{
$dbw = wfGetDB(DB_MASTER);
$passwordFactory = new \PasswordFactory();
$passwordFactory->init(\RequestContext::getMain()->getConfig());
// A is unsalted MD5 (thus fast) ... we don't care about security here, this is test only
$passwordFactory->setDefaultType('A');
$pwhash = $passwordFactory->newFromPlaintext('password')->toString();
$provider = $this->getProvider();
$providerPriv = \TestingAccessWrapper::newFromObject($provider);
$this->assertFalse($provider->testUserCanAuthenticate('<invalid>'));
$this->assertFalse($provider->testUserCanAuthenticate('DoesNotExist'));
$dbw->update('user', ['user_newpassword' => \PasswordFactory::newInvalidPassword()->toString(), 'user_newpass_time' => null], ['user_name' => 'UTSysop']);
$this->assertFalse($provider->testUserCanAuthenticate('UTSysop'));
$dbw->update('user', ['user_newpassword' => $pwhash, 'user_newpass_time' => null], ['user_name' => 'UTSysop']);
$this->assertTrue($provider->testUserCanAuthenticate('UTSysop'));
$this->assertTrue($provider->testUserCanAuthenticate('uTSysop'));
$dbw->update('user', ['user_newpassword' => $pwhash, 'user_newpass_time' => $dbw->timestamp(time() - 10)], ['user_name' => 'UTSysop']);
$providerPriv->newPasswordExpiry = 100;
$this->assertTrue($provider->testUserCanAuthenticate('UTSysop'));
$providerPriv->newPasswordExpiry = 1;
$this->assertFalse($provider->testUserCanAuthenticate('UTSysop'));
$dbw->update('user', ['user_newpassword' => \PasswordFactory::newInvalidPassword()->toString(), 'user_newpass_time' => null], ['user_name' => 'UTSysop']);
}
/**
* @dataProvider provideSave
* @param string|null $password
*/
public function testSave($password)
{
$passwordFactory = new \PasswordFactory();
$passwordFactory->init(\RequestContext::getMain()->getConfig());
// A is unsalted MD5 (thus fast) ... we don't care about security here, this is test only
$passwordFactory->setDefaultType('A');
$bp = BotPassword::newUnsaved(array('centralId' => 42, 'appId' => 'TestSave', 'restrictions' => MWRestrictions::newFromJson('{"IPAddresses":["127.0.0.0/8"]}'), 'grants' => array('test')));
$this->assertFalse($bp->isSaved(), 'sanity check');
$this->assertNull(BotPassword::newFromCentralId(42, 'TestSave', BotPassword::READ_LATEST), 'sanity check');
$pwhash = $password ? $passwordFactory->newFromPlaintext($password) : null;
$this->assertFalse($bp->save('update', $pwhash));
$this->assertTrue($bp->save('insert', $pwhash));
$bp2 = BotPassword::newFromCentralId(42, 'TestSave', BotPassword::READ_LATEST);
$this->assertInstanceOf('BotPassword', $bp2);
$this->assertEquals($bp->getUserCentralId(), $bp2->getUserCentralId());
$this->assertEquals($bp->getAppId(), $bp2->getAppId());
$this->assertEquals($bp->getToken(), $bp2->getToken());
$this->assertEquals($bp->getRestrictions(), $bp2->getRestrictions());
$this->assertEquals($bp->getGrants(), $bp2->getGrants());
$pw = TestingAccessWrapper::newFromObject($bp)->getPassword();
if ($password === null) {
$this->assertInstanceOf('InvalidPassword', $pw);
} else {
$this->assertTrue($pw->equals($password));
}
$token = $bp->getToken();
$this->assertFalse($bp->save('insert'));
$this->assertTrue($bp->save('update'));
$this->assertNotEquals($token, $bp->getToken());
$bp2 = BotPassword::newFromCentralId(42, 'TestSave', BotPassword::READ_LATEST);
$this->assertInstanceOf('BotPassword', $bp2);
$this->assertEquals($bp->getToken(), $bp2->getToken());
$pw = TestingAccessWrapper::newFromObject($bp)->getPassword();
if ($password === null) {
$this->assertInstanceOf('InvalidPassword', $pw);
} else {
$this->assertTrue($pw->equals($password));
}
$pwhash = $passwordFactory->newFromPlaintext('XXX');
$token = $bp->getToken();
$this->assertTrue($bp->save('update', $pwhash));
$this->assertNotEquals($token, $bp->getToken());
$pw = TestingAccessWrapper::newFromObject($bp)->getPassword();
$this->assertTrue($pw->equals('XXX'));
$this->assertTrue($bp->delete());
$this->assertFalse($bp->isSaved());
$this->assertNull(BotPassword::newFromCentralId(42, 'TestSave', BotPassword::READ_LATEST));
$this->assertFalse($bp->save('foobar'));
}
