public function addDBDataOnce()
 {
     $passwordFactory = new \PasswordFactory();
     $passwordFactory->init(\RequestContext::getMain()->getConfig());
     $passwordHash = $passwordFactory->newFromPlaintext('foobaz');
     $sysop = static::getTestSysop()->getUser();
     $userId = \CentralIdLookup::factory('local')->centralIdFromName($sysop->getName());
     $dbw = wfGetDB(DB_MASTER);
     $dbw->delete('bot_passwords', ['bp_user' => $userId, 'bp_app_id' => 'BotPasswordSessionProvider'], __METHOD__);
     $dbw->insert('bot_passwords', ['bp_user' => $userId, 'bp_app_id' => 'BotPasswordSessionProvider', 'bp_password' => $passwordHash->toString(), 'bp_token' => 'token!', 'bp_restrictions' => '{"IPAddresses":["127.0.0.0/8"]}', 'bp_grants' => '["test"]'], __METHOD__);
 }
 public function addDBData()
 {
     $passwordFactory = new \PasswordFactory();
     $passwordFactory->init(\RequestContext::getMain()->getConfig());
     // A is unsalted MD5 (thus fast) ... we don't care about security here, this is test only
     $passwordFactory->setDefaultType('A');
     $pwhash = $passwordFactory->newFromPlaintext('foobaz');
     $userId = \CentralIdLookup::factory('local')->centralIdFromName('UTSysop');
     $dbw = wfGetDB(DB_MASTER);
     $dbw->delete('bot_passwords', array('bp_user' => $userId, 'bp_app_id' => 'BotPasswordSessionProvider'), __METHOD__);
     $dbw->insert('bot_passwords', array('bp_user' => $userId, 'bp_app_id' => 'BotPasswordSessionProvider', 'bp_password' => $pwhash->toString(), 'bp_token' => 'token!', 'bp_restrictions' => '{"IPAddresses":["127.0.0.0/8"]}', 'bp_grants' => '["test"]'), __METHOD__);
 }
Example #3
0
 /**
  * Make a new-style password hash
  *
  * @param string $password Plain-text password
  * @param bool|string $salt Optional salt, may be random or the user ID.
  *  If unspecified or false, will generate one automatically
  * @return string Password hash
  * @deprecated since 1.24, use Password class
  */
 public static function crypt($password, $salt = false)
 {
     wfDeprecated(__METHOD__, '1.24');
     $passwordFactory = new PasswordFactory();
     $passwordFactory->init(RequestContext::getMain()->getConfig());
     $hash = $passwordFactory->newFromPlaintext($password);
     return $hash->toString();
 }
Example #4
0
 /**
  * Set the password on a testing user
  *
  * This assumes we're still using the generic AuthManager config from
  * PHPUnitMaintClass::finalSetup(), and just sets the password in the
  * database directly.
  * @param User $user
  * @param string $password
  */
 public static function setPasswordForUser(User $user, $password)
 {
     if (!$user->getId()) {
         throw new MWException("Passed User has not been added to the database yet!");
     }
     $passwordFactory = new PasswordFactory();
     $passwordFactory->init(RequestContext::getMain()->getConfig());
     // A is unsalted MD5 (thus fast) ... we don't care about security here, this is test only
     $passwordFactory->setDefaultType('A');
     $pwhash = $passwordFactory->newFromPlaintext($password);
     wfGetDB(DB_MASTER)->update('user', array('user_password' => $pwhash->toString()), array('user_id' => $user->getId()), __METHOD__);
 }
Example #5
0
 /**
  * @dataProvider provideSave
  * @param string|null $password
  */
 public function testSave($password)
 {
     $passwordFactory = new \PasswordFactory();
     $passwordFactory->init(\RequestContext::getMain()->getConfig());
     $bp = BotPassword::newUnsaved(['centralId' => 42, 'appId' => 'TestSave', 'restrictions' => MWRestrictions::newFromJson('{"IPAddresses":["127.0.0.0/8"]}'), 'grants' => ['test']]);
     $this->assertFalse($bp->isSaved(), 'sanity check');
     $this->assertNull(BotPassword::newFromCentralId(42, 'TestSave', BotPassword::READ_LATEST), 'sanity check');
     $passwordHash = $password ? $passwordFactory->newFromPlaintext($password) : null;
     $this->assertFalse($bp->save('update', $passwordHash));
     $this->assertTrue($bp->save('insert', $passwordHash));
     $bp2 = BotPassword::newFromCentralId(42, 'TestSave', BotPassword::READ_LATEST);
     $this->assertInstanceOf('BotPassword', $bp2);
     $this->assertEquals($bp->getUserCentralId(), $bp2->getUserCentralId());
     $this->assertEquals($bp->getAppId(), $bp2->getAppId());
     $this->assertEquals($bp->getToken(), $bp2->getToken());
     $this->assertEquals($bp->getRestrictions(), $bp2->getRestrictions());
     $this->assertEquals($bp->getGrants(), $bp2->getGrants());
     $pw = TestingAccessWrapper::newFromObject($bp)->getPassword();
     if ($password === null) {
         $this->assertInstanceOf('InvalidPassword', $pw);
     } else {
         $this->assertTrue($pw->equals($password));
     }
     $token = $bp->getToken();
     $this->assertFalse($bp->save('insert'));
     $this->assertTrue($bp->save('update'));
     $this->assertNotEquals($token, $bp->getToken());
     $bp2 = BotPassword::newFromCentralId(42, 'TestSave', BotPassword::READ_LATEST);
     $this->assertInstanceOf('BotPassword', $bp2);
     $this->assertEquals($bp->getToken(), $bp2->getToken());
     $pw = TestingAccessWrapper::newFromObject($bp)->getPassword();
     if ($password === null) {
         $this->assertInstanceOf('InvalidPassword', $pw);
     } else {
         $this->assertTrue($pw->equals($password));
     }
     $passwordHash = $passwordFactory->newFromPlaintext('XXX');
     $token = $bp->getToken();
     $this->assertTrue($bp->save('update', $passwordHash));
     $this->assertNotEquals($token, $bp->getToken());
     $pw = TestingAccessWrapper::newFromObject($bp)->getPassword();
     $this->assertTrue($pw->equals('XXX'));
     $this->assertTrue($bp->delete());
     $this->assertFalse($bp->isSaved());
     $this->assertNull(BotPassword::newFromCentralId(42, 'TestSave', BotPassword::READ_LATEST));
     $this->assertFalse($bp->save('foobar'));
 }
Example #6
0
 public function testBotPassword()
 {
     global $wgServer, $wgSessionProviders;
     if (!isset($wgServer)) {
         $this->markTestIncomplete('This test needs $wgServer to be set in LocalSettings.php');
     }
     $this->setMwGlobals(array('wgSessionProviders' => array_merge($wgSessionProviders, array(array('class' => 'MediaWiki\\Session\\BotPasswordSessionProvider', 'args' => array(array('priority' => 40))))), 'wgEnableBotPasswords' => true, 'wgBotPasswordsDatabase' => false, 'wgCentralIdLookupProvider' => 'local', 'wgGrantPermissions' => array('test' => array('read' => true))));
     // Make sure our session provider is present
     $manager = TestingAccessWrapper::newFromObject(MediaWiki\Session\SessionManager::singleton());
     if (!isset($manager->sessionProviders['MediaWiki\\Session\\BotPasswordSessionProvider'])) {
         $tmp = $manager->sessionProviders;
         $manager->sessionProviders = null;
         $manager->sessionProviders = $tmp + $manager->getProviders();
     }
     $this->assertNotNull(MediaWiki\Session\SessionManager::singleton()->getProvider('MediaWiki\\Session\\BotPasswordSessionProvider'), 'sanity check');
     $user = self::$users['sysop'];
     $centralId = CentralIdLookup::factory()->centralIdFromLocalUser($user->getUser());
     $this->assertNotEquals(0, $centralId, 'sanity check');
     $passwordFactory = new PasswordFactory();
     $passwordFactory->init(RequestContext::getMain()->getConfig());
     // A is unsalted MD5 (thus fast) ... we don't care about security here, this is test only
     $passwordFactory->setDefaultType('A');
     $pwhash = $passwordFactory->newFromPlaintext('foobaz');
     $dbw = wfGetDB(DB_MASTER);
     $dbw->insert('bot_passwords', array('bp_user' => $centralId, 'bp_app_id' => 'foo', 'bp_password' => $pwhash->toString(), 'bp_token' => '', 'bp_restrictions' => MWRestrictions::newDefault()->toJson(), 'bp_grants' => '["test"]'), __METHOD__);
     $lgName = $user->username . BotPassword::getSeparator() . 'foo';
     $ret = $this->doApiRequest(array('action' => 'login', 'lgname' => $lgName, 'lgpassword' => 'foobaz'));
     $result = $ret[0];
     $this->assertNotInternalType('bool', $result);
     $this->assertNotInternalType('null', $result['login']);
     $a = $result['login']['result'];
     $this->assertEquals('NeedToken', $a);
     $token = $result['login']['token'];
     $ret = $this->doApiRequest(array('action' => 'login', 'lgtoken' => $token, 'lgname' => $lgName, 'lgpassword' => 'foobaz'), $ret[2]);
     $result = $ret[0];
     $this->assertNotInternalType('bool', $result);
     $a = $result['login']['result'];
     $this->assertEquals('Success', $a);
 }
 private function save(array $data)
 {
     $bp = BotPassword::newUnsaved(['centralId' => $this->userId, 'appId' => $this->par, 'restrictions' => MWRestrictions::newFromJson($data['restrictions']), 'grants' => array_merge(MWGrants::getHiddenGrants(), preg_replace('/^grant-/', '', $data['grants']))]);
     if ($this->operation === 'insert' || !empty($data['resetPassword'])) {
         $this->password = PasswordFactory::generateRandomPasswordString(max(32, $this->getConfig()->get('MinimalPasswordLength')));
         $passwordFactory = new PasswordFactory();
         $passwordFactory->init(RequestContext::getMain()->getConfig());
         $password = $passwordFactory->newFromPlaintext($this->password);
     } else {
         $password = null;
     }
     if ($bp->save($this->operation, $password)) {
         return Status::newGood();
     } else {
         // Messages: botpasswords-insert-failed, botpasswords-update-failed
         return Status::newFatal("botpasswords-{$this->operation}-failed", $this->par);
     }
 }
 /**
  * @dataProvider providePasswordTests
  */
 public function testHashing($shouldMatch, $hash, $password)
 {
     $hash = $this->passwordFactory->newFromCiphertext($hash);
     $password = $this->passwordFactory->newFromPlaintext($password, $hash);
     $this->assertSame($shouldMatch, $hash->equals($password));
 }
Example #9
0
 /**
  * Set the password on a testing user
  *
  * This assumes we're still using the generic AuthManager config from
  * PHPUnitMaintClass::finalSetup(), and just sets the password in the
  * database directly.
  * @param User $user
  * @param string $password
  */
 public static function setPasswordForUser(User $user, $password)
 {
     if (!$user->getId()) {
         throw new MWException("Passed User has not been added to the database yet!");
     }
     $dbw = wfGetDB(DB_MASTER);
     $row = $dbw->selectRow('user', ['user_password'], ['user_id' => $user->getId()], __METHOD__);
     if (!$row) {
         throw new MWException("Passed User has an ID but is not in the database?");
     }
     $passwordFactory = new PasswordFactory();
     $passwordFactory->init(RequestContext::getMain()->getConfig());
     if (!$passwordFactory->newFromCiphertext($row->user_password)->equals($password)) {
         $passwordHash = $passwordFactory->newFromPlaintext($password);
         $dbw->update('user', ['user_password' => $passwordHash->toString()], ['user_id' => $user->getId()], __METHOD__);
     }
 }
 public function testTestUserCanAuthenticate()
 {
     $dbw = wfGetDB(DB_MASTER);
     $passwordFactory = new \PasswordFactory();
     $passwordFactory->init(\RequestContext::getMain()->getConfig());
     // A is unsalted MD5 (thus fast) ... we don't care about security here, this is test only
     $passwordFactory->setDefaultType('A');
     $pwhash = $passwordFactory->newFromPlaintext('password')->toString();
     $provider = $this->getProvider();
     $providerPriv = \TestingAccessWrapper::newFromObject($provider);
     $this->assertFalse($provider->testUserCanAuthenticate('<invalid>'));
     $this->assertFalse($provider->testUserCanAuthenticate('DoesNotExist'));
     $dbw->update('user', ['user_newpassword' => \PasswordFactory::newInvalidPassword()->toString(), 'user_newpass_time' => null], ['user_name' => 'UTSysop']);
     $this->assertFalse($provider->testUserCanAuthenticate('UTSysop'));
     $dbw->update('user', ['user_newpassword' => $pwhash, 'user_newpass_time' => null], ['user_name' => 'UTSysop']);
     $this->assertTrue($provider->testUserCanAuthenticate('UTSysop'));
     $this->assertTrue($provider->testUserCanAuthenticate('uTSysop'));
     $dbw->update('user', ['user_newpassword' => $pwhash, 'user_newpass_time' => $dbw->timestamp(time() - 10)], ['user_name' => 'UTSysop']);
     $providerPriv->newPasswordExpiry = 100;
     $this->assertTrue($provider->testUserCanAuthenticate('UTSysop'));
     $providerPriv->newPasswordExpiry = 1;
     $this->assertFalse($provider->testUserCanAuthenticate('UTSysop'));
     $dbw->update('user', ['user_newpassword' => \PasswordFactory::newInvalidPassword()->toString(), 'user_newpass_time' => null], ['user_name' => 'UTSysop']);
 }
Example #11
0
 public function testInvalidPlaintext()
 {
     $passwordFactory = new PasswordFactory();
     $invalid = $passwordFactory->newFromPlaintext(null);
     $this->assertInstanceOf('InvalidPassword', $invalid);
 }