public function addDBDataOnce()
{
$passwordFactory = new \PasswordFactory();
$passwordFactory->init(\RequestContext::getMain()->getConfig());
$passwordHash = $passwordFactory->newFromPlaintext('foobaz');
$sysop = static::getTestSysop()->getUser();
$userId = \CentralIdLookup::factory('local')->centralIdFromName($sysop->getName());
$dbw = wfGetDB(DB_MASTER);
$dbw->delete('bot_passwords', ['bp_user' => $userId, 'bp_app_id' => 'BotPasswordSessionProvider'], __METHOD__);
$dbw->insert('bot_passwords', ['bp_user' => $userId, 'bp_app_id' => 'BotPasswordSessionProvider', 'bp_password' => $passwordHash->toString(), 'bp_token' => 'token!', 'bp_restrictions' => '{"IPAddresses":["127.0.0.0/8"]}', 'bp_grants' => '["test"]'], __METHOD__);
}
public function addDBData()
{
$passwordFactory = new \PasswordFactory();
$passwordFactory->init(\RequestContext::getMain()->getConfig());
// A is unsalted MD5 (thus fast) ... we don't care about security here, this is test only
$passwordFactory->setDefaultType('A');
$pwhash = $passwordFactory->newFromPlaintext('foobaz');
$userId = \CentralIdLookup::factory('local')->centralIdFromName('UTSysop');
$dbw = wfGetDB(DB_MASTER);
$dbw->delete('bot_passwords', array('bp_user' => $userId, 'bp_app_id' => 'BotPasswordSessionProvider'), __METHOD__);
$dbw->insert('bot_passwords', array('bp_user' => $userId, 'bp_app_id' => 'BotPasswordSessionProvider', 'bp_password' => $pwhash->toString(), 'bp_token' => 'token!', 'bp_restrictions' => '{"IPAddresses":["127.0.0.0/8"]}', 'bp_grants' => '["test"]'), __METHOD__);
}
/**
* Make a new-style password hash
*
* @param string $password Plain-text password
* @param bool|string $salt Optional salt, may be random or the user ID.
* If unspecified or false, will generate one automatically
* @return string Password hash
* @deprecated since 1.24, use Password class
*/
public static function crypt($password, $salt = false)
{
wfDeprecated(__METHOD__, '1.24');
$passwordFactory = new PasswordFactory();
$passwordFactory->init(RequestContext::getMain()->getConfig());
$hash = $passwordFactory->newFromPlaintext($password);
return $hash->toString();
}
/**
* Set the password on a testing user
*
* This assumes we're still using the generic AuthManager config from
* PHPUnitMaintClass::finalSetup(), and just sets the password in the
* database directly.
* @param User $user
* @param string $password
*/
public static function setPasswordForUser(User $user, $password)
{
if (!$user->getId()) {
throw new MWException("Passed User has not been added to the database yet!");
}
$passwordFactory = new PasswordFactory();
$passwordFactory->init(RequestContext::getMain()->getConfig());
// A is unsalted MD5 (thus fast) ... we don't care about security here, this is test only
$passwordFactory->setDefaultType('A');
$pwhash = $passwordFactory->newFromPlaintext($password);
wfGetDB(DB_MASTER)->update('user', array('user_password' => $pwhash->toString()), array('user_id' => $user->getId()), __METHOD__);
}
/**
* @dataProvider provideSave
* @param string|null $password
*/
public function testSave($password)
{
$passwordFactory = new \PasswordFactory();
$passwordFactory->init(\RequestContext::getMain()->getConfig());
$bp = BotPassword::newUnsaved(['centralId' => 42, 'appId' => 'TestSave', 'restrictions' => MWRestrictions::newFromJson('{"IPAddresses":["127.0.0.0/8"]}'), 'grants' => ['test']]);
$this->assertFalse($bp->isSaved(), 'sanity check');
$this->assertNull(BotPassword::newFromCentralId(42, 'TestSave', BotPassword::READ_LATEST), 'sanity check');
$passwordHash = $password ? $passwordFactory->newFromPlaintext($password) : null;
$this->assertFalse($bp->save('update', $passwordHash));
$this->assertTrue($bp->save('insert', $passwordHash));
$bp2 = BotPassword::newFromCentralId(42, 'TestSave', BotPassword::READ_LATEST);
$this->assertInstanceOf('BotPassword', $bp2);
$this->assertEquals($bp->getUserCentralId(), $bp2->getUserCentralId());
$this->assertEquals($bp->getAppId(), $bp2->getAppId());
$this->assertEquals($bp->getToken(), $bp2->getToken());
$this->assertEquals($bp->getRestrictions(), $bp2->getRestrictions());
$this->assertEquals($bp->getGrants(), $bp2->getGrants());
$pw = TestingAccessWrapper::newFromObject($bp)->getPassword();
if ($password === null) {
$this->assertInstanceOf('InvalidPassword', $pw);
} else {
$this->assertTrue($pw->equals($password));
}
$token = $bp->getToken();
$this->assertFalse($bp->save('insert'));
$this->assertTrue($bp->save('update'));
$this->assertNotEquals($token, $bp->getToken());
$bp2 = BotPassword::newFromCentralId(42, 'TestSave', BotPassword::READ_LATEST);
$this->assertInstanceOf('BotPassword', $bp2);
$this->assertEquals($bp->getToken(), $bp2->getToken());
$pw = TestingAccessWrapper::newFromObject($bp)->getPassword();
if ($password === null) {
$this->assertInstanceOf('InvalidPassword', $pw);
} else {
$this->assertTrue($pw->equals($password));
}
$passwordHash = $passwordFactory->newFromPlaintext('XXX');
$token = $bp->getToken();
$this->assertTrue($bp->save('update', $passwordHash));
$this->assertNotEquals($token, $bp->getToken());
$pw = TestingAccessWrapper::newFromObject($bp)->getPassword();
$this->assertTrue($pw->equals('XXX'));
$this->assertTrue($bp->delete());
$this->assertFalse($bp->isSaved());
$this->assertNull(BotPassword::newFromCentralId(42, 'TestSave', BotPassword::READ_LATEST));
$this->assertFalse($bp->save('foobar'));
}
public function testBotPassword()
{
global $wgServer, $wgSessionProviders;
if (!isset($wgServer)) {
$this->markTestIncomplete('This test needs $wgServer to be set in LocalSettings.php');
}
$this->setMwGlobals(array('wgSessionProviders' => array_merge($wgSessionProviders, array(array('class' => 'MediaWiki\\Session\\BotPasswordSessionProvider', 'args' => array(array('priority' => 40))))), 'wgEnableBotPasswords' => true, 'wgBotPasswordsDatabase' => false, 'wgCentralIdLookupProvider' => 'local', 'wgGrantPermissions' => array('test' => array('read' => true))));
// Make sure our session provider is present
$manager = TestingAccessWrapper::newFromObject(MediaWiki\Session\SessionManager::singleton());
if (!isset($manager->sessionProviders['MediaWiki\\Session\\BotPasswordSessionProvider'])) {
$tmp = $manager->sessionProviders;
$manager->sessionProviders = null;
$manager->sessionProviders = $tmp + $manager->getProviders();
}
$this->assertNotNull(MediaWiki\Session\SessionManager::singleton()->getProvider('MediaWiki\\Session\\BotPasswordSessionProvider'), 'sanity check');
$user = self::$users['sysop'];
$centralId = CentralIdLookup::factory()->centralIdFromLocalUser($user->getUser());
$this->assertNotEquals(0, $centralId, 'sanity check');
$passwordFactory = new PasswordFactory();
$passwordFactory->init(RequestContext::getMain()->getConfig());
// A is unsalted MD5 (thus fast) ... we don't care about security here, this is test only
$passwordFactory->setDefaultType('A');
$pwhash = $passwordFactory->newFromPlaintext('foobaz');
$dbw = wfGetDB(DB_MASTER);
$dbw->insert('bot_passwords', array('bp_user' => $centralId, 'bp_app_id' => 'foo', 'bp_password' => $pwhash->toString(), 'bp_token' => '', 'bp_restrictions' => MWRestrictions::newDefault()->toJson(), 'bp_grants' => '["test"]'), __METHOD__);
$lgName = $user->username . BotPassword::getSeparator() . 'foo';
$ret = $this->doApiRequest(array('action' => 'login', 'lgname' => $lgName, 'lgpassword' => 'foobaz'));
$result = $ret[0];
$this->assertNotInternalType('bool', $result);
$this->assertNotInternalType('null', $result['login']);
$a = $result['login']['result'];
$this->assertEquals('NeedToken', $a);
$token = $result['login']['token'];
$ret = $this->doApiRequest(array('action' => 'login', 'lgtoken' => $token, 'lgname' => $lgName, 'lgpassword' => 'foobaz'), $ret[2]);
$result = $ret[0];
$this->assertNotInternalType('bool', $result);
$a = $result['login']['result'];
$this->assertEquals('Success', $a);
}
private function save(array $data)
{
$bp = BotPassword::newUnsaved(['centralId' => $this->userId, 'appId' => $this->par, 'restrictions' => MWRestrictions::newFromJson($data['restrictions']), 'grants' => array_merge(MWGrants::getHiddenGrants(), preg_replace('/^grant-/', '', $data['grants']))]);
if ($this->operation === 'insert' || !empty($data['resetPassword'])) {
$this->password = PasswordFactory::generateRandomPasswordString(max(32, $this->getConfig()->get('MinimalPasswordLength')));
$passwordFactory = new PasswordFactory();
$passwordFactory->init(RequestContext::getMain()->getConfig());
$password = $passwordFactory->newFromPlaintext($this->password);
} else {
$password = null;
}
if ($bp->save($this->operation, $password)) {
return Status::newGood();
} else {
// Messages: botpasswords-insert-failed, botpasswords-update-failed
return Status::newFatal("botpasswords-{$this->operation}-failed", $this->par);
}
}
/**
* @dataProvider providePasswordTests
*/
public function testHashing($shouldMatch, $hash, $password)
{
$hash = $this->passwordFactory->newFromCiphertext($hash);
$password = $this->passwordFactory->newFromPlaintext($password, $hash);
$this->assertSame($shouldMatch, $hash->equals($password));
}
/**
* Set the password on a testing user
*
* This assumes we're still using the generic AuthManager config from
* PHPUnitMaintClass::finalSetup(), and just sets the password in the
* database directly.
* @param User $user
* @param string $password
*/
public static function setPasswordForUser(User $user, $password)
{
if (!$user->getId()) {
throw new MWException("Passed User has not been added to the database yet!");
}
$dbw = wfGetDB(DB_MASTER);
$row = $dbw->selectRow('user', ['user_password'], ['user_id' => $user->getId()], __METHOD__);
if (!$row) {
throw new MWException("Passed User has an ID but is not in the database?");
}
$passwordFactory = new PasswordFactory();
$passwordFactory->init(RequestContext::getMain()->getConfig());
if (!$passwordFactory->newFromCiphertext($row->user_password)->equals($password)) {
$passwordHash = $passwordFactory->newFromPlaintext($password);
$dbw->update('user', ['user_password' => $passwordHash->toString()], ['user_id' => $user->getId()], __METHOD__);
}
}
public function testTestUserCanAuthenticate()
{
$dbw = wfGetDB(DB_MASTER);
$passwordFactory = new \PasswordFactory();
$passwordFactory->init(\RequestContext::getMain()->getConfig());
// A is unsalted MD5 (thus fast) ... we don't care about security here, this is test only
$passwordFactory->setDefaultType('A');
$pwhash = $passwordFactory->newFromPlaintext('password')->toString();
$provider = $this->getProvider();
$providerPriv = \TestingAccessWrapper::newFromObject($provider);
$this->assertFalse($provider->testUserCanAuthenticate('<invalid>'));
$this->assertFalse($provider->testUserCanAuthenticate('DoesNotExist'));
$dbw->update('user', ['user_newpassword' => \PasswordFactory::newInvalidPassword()->toString(), 'user_newpass_time' => null], ['user_name' => 'UTSysop']);
$this->assertFalse($provider->testUserCanAuthenticate('UTSysop'));
$dbw->update('user', ['user_newpassword' => $pwhash, 'user_newpass_time' => null], ['user_name' => 'UTSysop']);
$this->assertTrue($provider->testUserCanAuthenticate('UTSysop'));
$this->assertTrue($provider->testUserCanAuthenticate('uTSysop'));
$dbw->update('user', ['user_newpassword' => $pwhash, 'user_newpass_time' => $dbw->timestamp(time() - 10)], ['user_name' => 'UTSysop']);
$providerPriv->newPasswordExpiry = 100;
$this->assertTrue($provider->testUserCanAuthenticate('UTSysop'));
$providerPriv->newPasswordExpiry = 1;
$this->assertFalse($provider->testUserCanAuthenticate('UTSysop'));
$dbw->update('user', ['user_newpassword' => \PasswordFactory::newInvalidPassword()->toString(), 'user_newpass_time' => null], ['user_name' => 'UTSysop']);
}
public function testInvalidPlaintext()
{
$passwordFactory = new PasswordFactory();
$invalid = $passwordFactory->newFromPlaintext(null);
$this->assertInstanceOf('InvalidPassword', $invalid);
}
