dépôts / lhc / web / wiklou.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
history | raw | HEAD
SECURITY: API: Respect $wgBlockCIDRLimit in action=block
[lhc/web/wiklou.git] / tests / phpunit / includes / api / ApiBlockTest.php
1 <?php
2
3 /**
4 * @group API
5 * @group Database
6 * @group medium
7 *
8 * @covers ApiBlock
9 */
10 class ApiBlockTest extends ApiTestCase {
11 protected $mUser = null;
12
13 protected function setUp() {
14 parent::setUp();
15
16 $this->mUser = $this->getMutableTestUser()->getUser();
17 $this->setMwGlobals( 'wgBlockCIDRLimit', [
18 'IPv4' => 16,
19 'IPv6' => 19,
20 ] );
21 }
22
23 protected function tearDown() {
24 $block = Block::newFromTarget( $this->mUser->getName() );
25 if ( !is_null( $block ) ) {
26 $block->delete();
27 }
28 parent::tearDown();
29 }
30
31 protected function getTokens() {
32 return $this->getTokenList( self::$users['sysop'] );
33 }
34
35 /**
36 * @param array $extraParams Extra API parameters to pass to doApiRequest
37 * @param User $blocker User to do the blocking, null to pick
38 * arbitrarily
39 */
40 private function doBlock( array $extraParams = [], User $blocker = null ) {
41 if ( $blocker === null ) {
42 $blocker = self::$users['sysop']->getUser();
43 }
44
45 $tokens = $this->getTokens();
46
47 $this->assertNotNull( $this->mUser, 'Sanity check' );
48
49 $this->assertArrayHasKey( 'blocktoken', $tokens, 'Sanity check' );
50
51 $params = [
52 'action' => 'block',
53 'user' => $this->mUser->getName(),
54 'reason' => 'Some reason',
55 'token' => $tokens['blocktoken'],
56 ];
57 if ( array_key_exists( 'userid', $extraParams ) ) {
58 // Make sure we don't have both user and userid
59 unset( $params['user'] );
60 }
61 $ret = $this->doApiRequest( array_merge( $params, $extraParams ), null,
62 false, $blocker );
63
64 $block = Block::newFromTarget( $this->mUser->getName() );
65
66 $this->assertTrue( !is_null( $block ), 'Block is valid' );
67
68 $this->assertSame( $this->mUser->getName(), (string)$block->getTarget() );
69 $this->assertSame( 'Some reason', $block->mReason );
70
71 return $ret;
72 }
73
74 /**
75 * Block by username
76 */
77 public function testNormalBlock() {
78 $this->doBlock();
79 }
80
81 /**
82 * Block by user ID
83 */
84 public function testBlockById() {
85 $this->doBlock( [ 'userid' => $this->mUser->getId() ] );
86 }
87
88 /**
89 * A blocked user can't block
90 */
91 public function testBlockByBlockedUser() {
92 $this->setExpectedException( ApiUsageException::class,
93 'You cannot block or unblock other users because you are yourself blocked.' );
94
95 $blocked = $this->getMutableTestUser( [ 'sysop' ] )->getUser();
96 $block = new Block( [
97 'address' => $blocked->getName(),
98 'by' => self::$users['sysop']->getUser()->getId(),
99 'reason' => 'Capriciousness',
100 'timestamp' => '19370101000000',
101 'expiry' => 'infinity',
102 ] );
103 $block->insert();
104
105 $this->doBlock( [], $blocked );
106 }
107
108 public function testBlockOfNonexistentUser() {
109 $this->setExpectedException( ApiUsageException::class,
110 'There is no user by the name "Nonexistent". Check your spelling.' );
111
112 $this->doBlock( [ 'user' => 'Nonexistent' ] );
113 }
114
115 public function testBlockOfNonexistentUserId() {
116 $id = 948206325;
117 $this->setExpectedException( ApiUsageException::class,
118 "There is no user with ID $id." );
119
120 $this->assertFalse( User::whoIs( $id ), 'Sanity check' );
121
122 $this->doBlock( [ 'userid' => $id ] );
123 }
124
125 public function testBlockWithTag() {
126 ChangeTags::defineTag( 'custom tag' );
127
128 $this->doBlock( [ 'tags' => 'custom tag' ] );
129
130 $dbw = wfGetDB( DB_MASTER );
131 $this->assertSame( 'custom tag', $dbw->selectField(
132 [ 'change_tag', 'logging' ],
133 'ct_tag',
134 [ 'log_type' => 'block' ],
135 __METHOD__,
136 [],
137 [ 'change_tag' => [ 'INNER JOIN', 'ct_log_id = log_id' ] ]
138 ) );
139 }
140
141 public function testBlockWithProhibitedTag() {
142 $this->setExpectedException( ApiUsageException::class,
143 'You do not have permission to apply change tags along with your changes.' );
144
145 ChangeTags::defineTag( 'custom tag' );
146
147 $this->setMwGlobals( 'wgRevokePermissions',
148 [ 'user' => [ 'applychangetags' => true ] ] );
149
150 $this->doBlock( [ 'tags' => 'custom tag' ] );
151 }
152
153 public function testBlockWithHide() {
154 global $wgGroupPermissions;
155 $newPermissions = $wgGroupPermissions['sysop'];
156 $newPermissions['hideuser'] = true;
157 $this->mergeMwGlobalArrayValue( 'wgGroupPermissions',
158 [ 'sysop' => $newPermissions ] );
159
160 $res = $this->doBlock( [ 'hidename' => '' ] );
161
162 $dbw = wfGetDB( DB_MASTER );
163 $this->assertSame( '1', $dbw->selectField(
164 'ipblocks',
165 'ipb_deleted',
166 [ 'ipb_id' => $res[0]['block']['id'] ],
167 __METHOD__
168 ) );
169 }
170
171 public function testBlockWithProhibitedHide() {
172 $this->setExpectedException( ApiUsageException::class,
173 "You don't have permission to hide user names from the block log." );
174
175 $this->doBlock( [ 'hidename' => '' ] );
176 }
177
178 public function testBlockWithEmailBlock() {
179 $res = $this->doBlock( [ 'noemail' => '' ] );
180
181 $dbw = wfGetDB( DB_MASTER );
182 $this->assertSame( '1', $dbw->selectField(
183 'ipblocks',
184 'ipb_block_email',
185 [ 'ipb_id' => $res[0]['block']['id'] ],
186 __METHOD__
187 ) );
188 }
189
190 public function testBlockWithProhibitedEmailBlock() {
191 $this->setExpectedException( ApiUsageException::class,
192 "You don't have permission to block users from sending email through the wiki." );
193
194 $this->setMwGlobals( 'wgRevokePermissions',
195 [ 'sysop' => [ 'blockemail' => true ] ] );
196
197 $this->doBlock( [ 'noemail' => '' ] );
198 }
199
200 public function testBlockWithExpiry() {
201 $res = $this->doBlock( [ 'expiry' => '1 day' ] );
202
203 $dbw = wfGetDB( DB_MASTER );
204 $expiry = $dbw->selectField(
205 'ipblocks',
206 'ipb_expiry',
207 [ 'ipb_id' => $res[0]['block']['id'] ],
208 __METHOD__
209 );
210
211 // Allow flakiness up to one second
212 $this->assertLessThanOrEqual( 1,
213 abs( wfTimestamp( TS_UNIX, $expiry ) - ( time() + 86400 ) ) );
214 }
215
216 public function testBlockWithInvalidExpiry() {
217 $this->setExpectedException( ApiUsageException::class, "Expiry time invalid." );
218
219 $this->doBlock( [ 'expiry' => '' ] );
220 }
221
222 /**
223 * @expectedException ApiUsageException
224 * @expectedExceptionMessage The "token" parameter must be set
225 */
226 public function testBlockingActionWithNoToken() {
227 $this->doApiRequest(
228 [
229 'action' => 'block',
230 'user' => $this->mUser->getName(),
231 'reason' => 'Some reason',
232 ],
233 null,
234 false,
235 self::$users['sysop']->getUser()
236 );
237 }
238
239 public function testRangeBlock() {
240 $this->mUser = User::newFromName( '128.0.0.0/16', false );
241 $this->doBlock();
242 }
243
244 /**
245 * @expectedException ApiUsageException
246 * @expectedExceptionMessage Range blocks larger than /16 are not allowed.
247 */
248 public function testVeryLargeRangeBlock() {
249 $this->mUser = User::newFromName( '128.0.0.0/1', false );
250 $this->doBlock();
251 }
252 }
Wiklou, le Wiki du Wiklou