protected function checkExecutePermissions(User $user) { parent::checkExecutePermissions($user); if (!$this->getConfig()->get('EnableBotPasswords')) { throw new ErrorPageError('botpasswords', 'botpasswords-disabled'); } $this->userId = CentralIdLookup::factory()->centralIdFromLocalUser($this->getUser()); if (!$this->userId) { throw new ErrorPageError('botpasswords', 'botpasswords-no-central-id'); } }
public function addDBDataOnce() { $passwordFactory = new \PasswordFactory(); $passwordFactory->init(\RequestContext::getMain()->getConfig()); $passwordHash = $passwordFactory->newFromPlaintext('foobaz'); $sysop = static::getTestSysop()->getUser(); $userId = \CentralIdLookup::factory('local')->centralIdFromName($sysop->getName()); $dbw = wfGetDB(DB_MASTER); $dbw->delete('bot_passwords', ['bp_user' => $userId, 'bp_app_id' => 'BotPasswordSessionProvider'], __METHOD__); $dbw->insert('bot_passwords', ['bp_user' => $userId, 'bp_app_id' => 'BotPasswordSessionProvider', 'bp_password' => $passwordHash->toString(), 'bp_token' => 'token!', 'bp_restrictions' => '{"IPAddresses":["127.0.0.0/8"]}', 'bp_grants' => '["test"]'], __METHOD__); }
public function addDBData() { $passwordFactory = new \PasswordFactory(); $passwordFactory->init(\RequestContext::getMain()->getConfig()); // A is unsalted MD5 (thus fast) ... we don't care about security here, this is test only $passwordFactory->setDefaultType('A'); $pwhash = $passwordFactory->newFromPlaintext('foobaz'); $userId = \CentralIdLookup::factory('local')->centralIdFromName('UTSysop'); $dbw = wfGetDB(DB_MASTER); $dbw->delete('bot_passwords', array('bp_user' => $userId, 'bp_app_id' => 'BotPasswordSessionProvider'), __METHOD__); $dbw->insert('bot_passwords', array('bp_user' => $userId, 'bp_app_id' => 'BotPasswordSessionProvider', 'bp_password' => $pwhash->toString(), 'bp_token' => 'token!', 'bp_restrictions' => '{"IPAddresses":["127.0.0.0/8"]}', 'bp_grants' => '["test"]'), __METHOD__); }
public function testFactory() { $mock = $this->getMockForAbstractClass('CentralIdLookup'); $this->setMwGlobals(['wgCentralIdLookupProviders' => ['local' => ['class' => 'LocalIdLookup'], 'local2' => ['class' => 'LocalIdLookup'], 'mock' => ['factory' => function () use($mock) { return $mock; }], 'bad' => ['class' => 'stdClass']], 'wgCentralIdLookupProvider' => 'mock']); $this->assertSame($mock, CentralIdLookup::factory()); $this->assertSame($mock, CentralIdLookup::factory('mock')); $this->assertSame('mock', $mock->getProviderId()); $local = CentralIdLookup::factory('local'); $this->assertNotSame($mock, $local); $this->assertInstanceOf('LocalIdLookup', $local); $this->assertSame($local, CentralIdLookup::factory('local')); $this->assertSame('local', $local->getProviderId()); $local2 = CentralIdLookup::factory('local2'); $this->assertNotSame($local, $local2); $this->assertInstanceOf('LocalIdLookup', $local2); $this->assertSame('local2', $local2->getProviderId()); $this->assertNull(CentralIdLookup::factory('unconfigured')); $this->assertNull(CentralIdLookup::factory('bad')); }
public function testBotPassword() { global $wgServer, $wgSessionProviders; if (!isset($wgServer)) { $this->markTestIncomplete('This test needs $wgServer to be set in LocalSettings.php'); } $this->setMwGlobals(array('wgSessionProviders' => array_merge($wgSessionProviders, array(array('class' => 'MediaWiki\\Session\\BotPasswordSessionProvider', 'args' => array(array('priority' => 40))))), 'wgEnableBotPasswords' => true, 'wgBotPasswordsDatabase' => false, 'wgCentralIdLookupProvider' => 'local', 'wgGrantPermissions' => array('test' => array('read' => true)))); // Make sure our session provider is present $manager = TestingAccessWrapper::newFromObject(MediaWiki\Session\SessionManager::singleton()); if (!isset($manager->sessionProviders['MediaWiki\\Session\\BotPasswordSessionProvider'])) { $tmp = $manager->sessionProviders; $manager->sessionProviders = null; $manager->sessionProviders = $tmp + $manager->getProviders(); } $this->assertNotNull(MediaWiki\Session\SessionManager::singleton()->getProvider('MediaWiki\\Session\\BotPasswordSessionProvider'), 'sanity check'); $user = self::$users['sysop']; $centralId = CentralIdLookup::factory()->centralIdFromLocalUser($user->getUser()); $this->assertNotEquals(0, $centralId, 'sanity check'); $passwordFactory = new PasswordFactory(); $passwordFactory->init(RequestContext::getMain()->getConfig()); // A is unsalted MD5 (thus fast) ... we don't care about security here, this is test only $passwordFactory->setDefaultType('A'); $pwhash = $passwordFactory->newFromPlaintext('foobaz'); $dbw = wfGetDB(DB_MASTER); $dbw->insert('bot_passwords', array('bp_user' => $centralId, 'bp_app_id' => 'foo', 'bp_password' => $pwhash->toString(), 'bp_token' => '', 'bp_restrictions' => MWRestrictions::newDefault()->toJson(), 'bp_grants' => '["test"]'), __METHOD__); $lgName = $user->username . BotPassword::getSeparator() . 'foo'; $ret = $this->doApiRequest(array('action' => 'login', 'lgname' => $lgName, 'lgpassword' => 'foobaz')); $result = $ret[0]; $this->assertNotInternalType('bool', $result); $this->assertNotInternalType('null', $result['login']); $a = $result['login']['result']; $this->assertEquals('NeedToken', $a); $token = $result['login']['token']; $ret = $this->doApiRequest(array('action' => 'login', 'lgtoken' => $token, 'lgname' => $lgName, 'lgpassword' => 'foobaz'), $ret[2]); $result = $ret[0]; $this->assertNotInternalType('bool', $result); $a = $result['login']['result']; $this->assertEquals('Success', $a); }
/** * Remove all passwords for a user, by name * @param string $username User name * @return bool Whether any passwords were removed */ public static function removeAllPasswordsForUser($username) { $centralId = CentralIdLookup::factory()->centralIdFromName($username, CentralIdLookup::AUDIENCE_RAW, CentralIdLookup::READ_LATEST); return $centralId && self::removeAllPasswordsForCentralId($centralId); }
/** * Get central user info * @param Config $config * @param User $user * @param string|null $attachedWiki * @return array Central user info * - centralids: Array mapping non-local Central ID provider names to IDs * - attachedlocal: Array mapping Central ID provider names to booleans * indicating whether the local user is attached. * - attachedwiki: Array mapping Central ID provider names to booleans * indicating whether the user is attached to $attachedWiki. */ public static function getCentralUserInfo(Config $config, User $user, $attachedWiki = null) { $providerIds = array_keys($config->get('CentralIdLookupProviders')); $ret = ['centralids' => [], 'attachedlocal' => []]; ApiResult::setArrayType($ret['centralids'], 'assoc'); ApiResult::setArrayType($ret['attachedlocal'], 'assoc'); if ($attachedWiki) { $ret['attachedwiki'] = []; ApiResult::setArrayType($ret['attachedwiki'], 'assoc'); } $name = $user->getName(); foreach ($providerIds as $providerId) { $provider = CentralIdLookup::factory($providerId); $ret['centralids'][$providerId] = $provider->centralIdFromName($name); $ret['attachedlocal'][$providerId] = $provider->isAttached($user); if ($attachedWiki) { $ret['attachedwiki'][$providerId] = $provider->isAttached($user, $attachedWiki); } } return $ret; }