Пример #1
0
 public function testLogin()
 {
     // Test failure when bot passwords aren't enabled
     $this->setMwGlobals('wgEnableBotPasswords', false);
     $status = BotPassword::login("{$this->testUserName}@BotPassword", 'foobaz', new FauxRequest());
     $this->assertEquals(Status::newFatal('botpasswords-disabled'), $status);
     $this->setMwGlobals('wgEnableBotPasswords', true);
     // Test failure when BotPasswordSessionProvider isn't configured
     $manager = new SessionManager(['logger' => new Psr\Log\NullLogger(), 'store' => new EmptyBagOStuff()]);
     $reset = MediaWiki\Session\TestUtils::setSessionManagerSingleton($manager);
     $this->assertNull($manager->getProvider(MediaWiki\Session\BotPasswordSessionProvider::class), 'sanity check');
     $status = BotPassword::login("{$this->testUserName}@BotPassword", 'foobaz', new FauxRequest());
     $this->assertEquals(Status::newFatal('botpasswords-no-provider'), $status);
     ScopedCallback::consume($reset);
     // Now configure BotPasswordSessionProvider for further tests...
     $mainConfig = RequestContext::getMain()->getConfig();
     $config = new HashConfig(['SessionProviders' => $mainConfig->get('SessionProviders') + [MediaWiki\Session\BotPasswordSessionProvider::class => ['class' => MediaWiki\Session\BotPasswordSessionProvider::class, 'args' => [['priority' => 40]]]]]);
     $manager = new SessionManager(['config' => new MultiConfig([$config, RequestContext::getMain()->getConfig()]), 'logger' => new Psr\Log\NullLogger(), 'store' => new EmptyBagOStuff()]);
     $reset = MediaWiki\Session\TestUtils::setSessionManagerSingleton($manager);
     // No "@"-thing in the username
     $status = BotPassword::login($this->testUserName, 'foobaz', new FauxRequest());
     $this->assertEquals(Status::newFatal('botpasswords-invalid-name', '@'), $status);
     // No base user
     $status = BotPassword::login('UTDummy@BotPassword', 'foobaz', new FauxRequest());
     $this->assertEquals(Status::newFatal('nosuchuser', 'UTDummy'), $status);
     // No bot password
     $status = BotPassword::login("{$this->testUserName}@DoesNotExist", 'foobaz', new FauxRequest());
     $this->assertEquals(Status::newFatal('botpasswords-not-exist', $this->testUserName, 'DoesNotExist'), $status);
     // Failed restriction
     $request = $this->getMock('FauxRequest', ['getIP']);
     $request->expects($this->any())->method('getIP')->will($this->returnValue('10.0.0.1'));
     $status = BotPassword::login("{$this->testUserName}@BotPassword", 'foobaz', $request);
     $this->assertEquals(Status::newFatal('botpasswords-restriction-failed'), $status);
     // Wrong password
     $status = BotPassword::login("{$this->testUserName}@BotPassword", $this->testUser->password, new FauxRequest());
     $this->assertEquals(Status::newFatal('wrongpassword'), $status);
     // Success!
     $request = new FauxRequest();
     $this->assertNotInstanceOf(MediaWiki\Session\BotPasswordSessionProvider::class, $request->getSession()->getProvider(), 'sanity check');
     $status = BotPassword::login("{$this->testUserName}@BotPassword", 'foobaz', $request);
     $this->assertInstanceOf('Status', $status);
     $this->assertTrue($status->isGood());
     $session = $status->getValue();
     $this->assertInstanceOf(MediaWiki\Session\Session::class, $session);
     $this->assertInstanceOf(MediaWiki\Session\BotPasswordSessionProvider::class, $session->getProvider());
     $this->assertSame($session->getId(), $request->getSession()->getId());
     ScopedCallback::consume($reset);
 }
Пример #2
0
 /**
  * @covers User::getRights
  */
 public function testUserGetRightsHooks()
 {
     $user = new User();
     $user->addGroup('unittesters');
     $user->addGroup('testwriters');
     $userWrapper = TestingAccessWrapper::newFromObject($user);
     $rights = $user->getRights();
     $this->assertContains('test', $rights, 'sanity check');
     $this->assertContains('runtest', $rights, 'sanity check');
     $this->assertContains('writetest', $rights, 'sanity check');
     $this->assertNotContains('nukeworld', $rights, 'sanity check');
     // Add a hook manipluating the rights
     $this->mergeMwGlobalArrayValue('wgHooks', ['UserGetRights' => [function ($user, &$rights) {
         $rights[] = 'nukeworld';
         $rights = array_diff($rights, ['writetest']);
     }]]);
     $userWrapper->mRights = null;
     $rights = $user->getRights();
     $this->assertContains('test', $rights);
     $this->assertContains('runtest', $rights);
     $this->assertNotContains('writetest', $rights);
     $this->assertContains('nukeworld', $rights);
     // Add a Session that limits rights
     $mock = $this->getMockBuilder(stdclass::class)->setMethods(['getAllowedUserRights', 'deregisterSession', 'getSessionId'])->getMock();
     $mock->method('getAllowedUserRights')->willReturn(['test', 'writetest']);
     $mock->method('getSessionId')->willReturn(new MediaWiki\Session\SessionId(str_repeat('X', 32)));
     $session = MediaWiki\Session\TestUtils::getDummySession($mock);
     $mockRequest = $this->getMockBuilder(FauxRequest::class)->setMethods(['getSession'])->getMock();
     $mockRequest->method('getSession')->willReturn($session);
     $userWrapper->mRequest = $mockRequest;
     $userWrapper->mRights = null;
     $rights = $user->getRights();
     $this->assertContains('test', $rights);
     $this->assertNotContains('runtest', $rights);
     $this->assertNotContains('writetest', $rights);
     $this->assertNotContains('nukeworld', $rights);
 }