public function testLogin() { // Test failure when bot passwords aren't enabled $this->setMwGlobals('wgEnableBotPasswords', false); $status = BotPassword::login("{$this->testUserName}@BotPassword", 'foobaz', new FauxRequest()); $this->assertEquals(Status::newFatal('botpasswords-disabled'), $status); $this->setMwGlobals('wgEnableBotPasswords', true); // Test failure when BotPasswordSessionProvider isn't configured $manager = new SessionManager(['logger' => new Psr\Log\NullLogger(), 'store' => new EmptyBagOStuff()]); $reset = MediaWiki\Session\TestUtils::setSessionManagerSingleton($manager); $this->assertNull($manager->getProvider(MediaWiki\Session\BotPasswordSessionProvider::class), 'sanity check'); $status = BotPassword::login("{$this->testUserName}@BotPassword", 'foobaz', new FauxRequest()); $this->assertEquals(Status::newFatal('botpasswords-no-provider'), $status); ScopedCallback::consume($reset); // Now configure BotPasswordSessionProvider for further tests... $mainConfig = RequestContext::getMain()->getConfig(); $config = new HashConfig(['SessionProviders' => $mainConfig->get('SessionProviders') + [MediaWiki\Session\BotPasswordSessionProvider::class => ['class' => MediaWiki\Session\BotPasswordSessionProvider::class, 'args' => [['priority' => 40]]]]]); $manager = new SessionManager(['config' => new MultiConfig([$config, RequestContext::getMain()->getConfig()]), 'logger' => new Psr\Log\NullLogger(), 'store' => new EmptyBagOStuff()]); $reset = MediaWiki\Session\TestUtils::setSessionManagerSingleton($manager); // No "@"-thing in the username $status = BotPassword::login($this->testUserName, 'foobaz', new FauxRequest()); $this->assertEquals(Status::newFatal('botpasswords-invalid-name', '@'), $status); // No base user $status = BotPassword::login('UTDummy@BotPassword', 'foobaz', new FauxRequest()); $this->assertEquals(Status::newFatal('nosuchuser', 'UTDummy'), $status); // No bot password $status = BotPassword::login("{$this->testUserName}@DoesNotExist", 'foobaz', new FauxRequest()); $this->assertEquals(Status::newFatal('botpasswords-not-exist', $this->testUserName, 'DoesNotExist'), $status); // Failed restriction $request = $this->getMock('FauxRequest', ['getIP']); $request->expects($this->any())->method('getIP')->will($this->returnValue('10.0.0.1')); $status = BotPassword::login("{$this->testUserName}@BotPassword", 'foobaz', $request); $this->assertEquals(Status::newFatal('botpasswords-restriction-failed'), $status); // Wrong password $status = BotPassword::login("{$this->testUserName}@BotPassword", $this->testUser->password, new FauxRequest()); $this->assertEquals(Status::newFatal('wrongpassword'), $status); // Success! $request = new FauxRequest(); $this->assertNotInstanceOf(MediaWiki\Session\BotPasswordSessionProvider::class, $request->getSession()->getProvider(), 'sanity check'); $status = BotPassword::login("{$this->testUserName}@BotPassword", 'foobaz', $request); $this->assertInstanceOf('Status', $status); $this->assertTrue($status->isGood()); $session = $status->getValue(); $this->assertInstanceOf(MediaWiki\Session\Session::class, $session); $this->assertInstanceOf(MediaWiki\Session\BotPasswordSessionProvider::class, $session->getProvider()); $this->assertSame($session->getId(), $request->getSession()->getId()); ScopedCallback::consume($reset); }
/** * @covers User::getRights */ public function testUserGetRightsHooks() { $user = new User(); $user->addGroup('unittesters'); $user->addGroup('testwriters'); $userWrapper = TestingAccessWrapper::newFromObject($user); $rights = $user->getRights(); $this->assertContains('test', $rights, 'sanity check'); $this->assertContains('runtest', $rights, 'sanity check'); $this->assertContains('writetest', $rights, 'sanity check'); $this->assertNotContains('nukeworld', $rights, 'sanity check'); // Add a hook manipluating the rights $this->mergeMwGlobalArrayValue('wgHooks', ['UserGetRights' => [function ($user, &$rights) { $rights[] = 'nukeworld'; $rights = array_diff($rights, ['writetest']); }]]); $userWrapper->mRights = null; $rights = $user->getRights(); $this->assertContains('test', $rights); $this->assertContains('runtest', $rights); $this->assertNotContains('writetest', $rights); $this->assertContains('nukeworld', $rights); // Add a Session that limits rights $mock = $this->getMockBuilder(stdclass::class)->setMethods(['getAllowedUserRights', 'deregisterSession', 'getSessionId'])->getMock(); $mock->method('getAllowedUserRights')->willReturn(['test', 'writetest']); $mock->method('getSessionId')->willReturn(new MediaWiki\Session\SessionId(str_repeat('X', 32))); $session = MediaWiki\Session\TestUtils::getDummySession($mock); $mockRequest = $this->getMockBuilder(FauxRequest::class)->setMethods(['getSession'])->getMock(); $mockRequest->method('getSession')->willReturn($session); $userWrapper->mRequest = $mockRequest; $userWrapper->mRights = null; $rights = $user->getRights(); $this->assertContains('test', $rights); $this->assertNotContains('runtest', $rights); $this->assertNotContains('writetest', $rights); $this->assertNotContains('nukeworld', $rights); }