tests/phpunit/includes/auth/AbstractPasswordPrimaryAuthenticationProviderTest.php

   1 <?php
   2
   3 namespace MediaWiki\Auth;
   4
   5 /**
   6  * @group AuthManager
   7  * @covers MediaWiki\Auth\AbstractPasswordPrimaryAuthenticationProvider
   8  */
   9 class AbstractPasswordPrimaryAuthenticationProviderTest extends \MediaWikiTestCase {
  10         public function testConstructor() {
  11                 $provider = $this->getMockForAbstractClass(
  12                         AbstractPasswordPrimaryAuthenticationProvider::class
  13                 );
  14                 $providerPriv = \TestingAccessWrapper::newFromObject( $provider );
  15                 $this->assertTrue( $providerPriv->authoritative );
  16
  17                 $provider = $this->getMockForAbstractClass(
  18                         AbstractPasswordPrimaryAuthenticationProvider::class,
  19                         [ [ 'authoritative' => false ] ]
  20                 );
  21                 $providerPriv = \TestingAccessWrapper::newFromObject( $provider );
  22                 $this->assertFalse( $providerPriv->authoritative );
  23         }
  24
  25         public function testGetPasswordFactory() {
  26                 $provider = $this->getMockForAbstractClass(
  27                         AbstractPasswordPrimaryAuthenticationProvider::class
  28                 );
  29                 $provider->setConfig( \ConfigFactory::getDefaultInstance()->makeConfig( 'main' ) );
  30                 $providerPriv = \TestingAccessWrapper::newFromObject( $provider );
  31
  32                 $obj = $providerPriv->getPasswordFactory();
  33                 $this->assertInstanceOf( 'PasswordFactory', $obj );
  34                 $this->assertSame( $obj, $providerPriv->getPasswordFactory() );
  35         }
  36
  37         public function testGetPassword() {
  38                 $provider = $this->getMockForAbstractClass(
  39                         AbstractPasswordPrimaryAuthenticationProvider::class
  40                 );
  41                 $provider->setConfig( \ConfigFactory::getDefaultInstance()->makeConfig( 'main' ) );
  42                 $provider->setLogger( new \Psr\Log\NullLogger() );
  43                 $providerPriv = \TestingAccessWrapper::newFromObject( $provider );
  44
  45                 $obj = $providerPriv->getPassword( null );
  46                 $this->assertInstanceOf( 'Password', $obj );
  47
  48                 $obj = $providerPriv->getPassword( 'invalid' );
  49                 $this->assertInstanceOf( 'Password', $obj );
  50         }
  51
  52         public function testGetNewPasswordExpiry() {
  53                 $config = new \HashConfig;
  54                 $provider = $this->getMockForAbstractClass(
  55                         AbstractPasswordPrimaryAuthenticationProvider::class
  56                 );
  57                 $provider->setConfig( new \MultiConfig( [
  58                         $config,
  59                         \ConfigFactory::getDefaultInstance()->makeConfig( 'main' )
  60                 ] ) );
  61                 $provider->setLogger( new \Psr\Log\NullLogger() );
  62                 $providerPriv = \TestingAccessWrapper::newFromObject( $provider );
  63
  64                 $this->mergeMwGlobalArrayValue( 'wgHooks', [ 'ResetPasswordExpiration' => [] ] );
  65
  66                 $config->set( 'PasswordExpirationDays', 0 );
  67                 $this->assertNull( $providerPriv->getNewPasswordExpiry( 'UTSysop' ) );
  68
  69                 $config->set( 'PasswordExpirationDays', 5 );
  70                 $this->assertEquals(
  71                         time() + 5 * 86400,
  72                         wfTimestamp( TS_UNIX, $providerPriv->getNewPasswordExpiry( 'UTSysop' ) ),
  73                         '',
  74                         2 /* Fuzz */
  75                 );
  76
  77                 $this->mergeMwGlobalArrayValue( 'wgHooks', [
  78                         'ResetPasswordExpiration' => [ function ( $user, &$expires ) {
  79                                 $this->assertSame( 'UTSysop', $user->getName() );
  80                                 $expires = '30001231235959';
  81                         } ]
  82                 ] );
  83                 $this->assertEquals( '30001231235959', $providerPriv->getNewPasswordExpiry( 'UTSysop' ) );
  84         }
  85
  86         public function testCheckPasswordValidity() {
  87                 $uppCalled = 0;
  88                 $uppStatus = \Status::newGood();
  89                 $this->setMwGlobals( [
  90                         'wgPasswordPolicy' => [
  91                                 'policies' => [
  92                                         'default' => [
  93                                                 'Check' => true,
  94                                         ],
  95                                 ],
  96                                 'checks' => [
  97                                         'Check' => function () use ( &$uppCalled, &$uppStatus ) {
  98                                                 $uppCalled++;
  99                                                 return $uppStatus;
 100                                         },
 101                                 ],
 102                         ]
 103                 ] );
 104
 105                 $provider = $this->getMockForAbstractClass(
 106                         AbstractPasswordPrimaryAuthenticationProvider::class
 107                 );
 108                 $provider->setConfig( \ConfigFactory::getDefaultInstance()->makeConfig( 'main' ) );
 109                 $provider->setLogger( new \Psr\Log\NullLogger() );
 110                 $providerPriv = \TestingAccessWrapper::newFromObject( $provider );
 111
 112                 $this->assertEquals( $uppStatus, $providerPriv->checkPasswordValidity( 'foo', 'bar' ) );
 113
 114                 $uppStatus->fatal( 'arbitrary-warning' );
 115                 $this->assertEquals( $uppStatus, $providerPriv->checkPasswordValidity( 'foo', 'bar' ) );
 116         }
 117
 118         public function testSetPasswordResetFlag() {
 119                 $config = new \HashConfig( [
 120                         'InvalidPasswordReset' => true,
 121                 ] );
 122
 123                 $manager = new AuthManager(
 124                         new \FauxRequest(), \ConfigFactory::getDefaultInstance()->makeConfig( 'main' )
 125                 );
 126
 127                 $provider = $this->getMockForAbstractClass(
 128                         AbstractPasswordPrimaryAuthenticationProvider::class
 129                 );
 130                 $provider->setConfig( $config );
 131                 $provider->setLogger( new \Psr\Log\NullLogger() );
 132                 $provider->setManager( $manager );
 133                 $providerPriv = \TestingAccessWrapper::newFromObject( $provider );
 134
 135                 $manager->removeAuthenticationSessionData( null );
 136                 $status = \Status::newGood();
 137                 $providerPriv->setPasswordResetFlag( 'Foo', $status );
 138                 $this->assertNull( $manager->getAuthenticationSessionData( 'reset-pass' ) );
 139
 140                 $manager->removeAuthenticationSessionData( null );
 141                 $status = \Status::newGood();
 142                 $status->error( 'testing' );
 143                 $providerPriv->setPasswordResetFlag( 'Foo', $status );
 144                 $ret = $manager->getAuthenticationSessionData( 'reset-pass' );
 145                 $this->assertNotNull( $ret );
 146                 $this->assertSame( 'resetpass-validity-soft', $ret->msg->getKey() );
 147                 $this->assertFalse( $ret->hard );
 148
 149                 $config->set( 'InvalidPasswordReset', false );
 150                 $manager->removeAuthenticationSessionData( null );
 151                 $providerPriv->setPasswordResetFlag( 'Foo', $status );
 152                 $ret = $manager->getAuthenticationSessionData( 'reset-pass' );
 153                 $this->assertNull( $ret );
 154         }
 155
 156         public function testFailResponse() {
 157                 $provider = $this->getMockForAbstractClass(
 158                         AbstractPasswordPrimaryAuthenticationProvider::class,
 159                         [ [ 'authoritative' => false ] ]
 160                 );
 161                 $providerPriv = \TestingAccessWrapper::newFromObject( $provider );
 162
 163                 $req = new PasswordAuthenticationRequest;
 164
 165                 $ret = $providerPriv->failResponse( $req );
 166                 $this->assertSame( AuthenticationResponse::ABSTAIN, $ret->status );
 167
 168                 $provider = $this->getMockForAbstractClass(
 169                         AbstractPasswordPrimaryAuthenticationProvider::class,
 170                         [ [ 'authoritative' => true ] ]
 171                 );
 172                 $providerPriv = \TestingAccessWrapper::newFromObject( $provider );
 173
 174                 $req->password = '';
 175                 $ret = $providerPriv->failResponse( $req );
 176                 $this->assertSame( AuthenticationResponse::FAIL, $ret->status );
 177                 $this->assertSame( 'wrongpasswordempty', $ret->message->getKey() );
 178
 179                 $req->password = 'X';
 180                 $ret = $providerPriv->failResponse( $req );
 181                 $this->assertSame( AuthenticationResponse::FAIL, $ret->status );
 182                 $this->assertSame( 'wrongpassword', $ret->message->getKey() );
 183         }
 184
 185         /**
 186          * @dataProvider provideGetAuthenticationRequests
 187          * @param string $action
 188          * @param array $response
 189          */
 190         public function testGetAuthenticationRequests( $action, $response ) {
 191                 $provider = $this->getMockForAbstractClass(
 192                         AbstractPasswordPrimaryAuthenticationProvider::class
 193                 );
 194
 195                 $this->assertEquals( $response, $provider->getAuthenticationRequests( $action, [] ) );
 196         }
 197
 198         public static function provideGetAuthenticationRequests() {
 199                 return [
 200                         [ AuthManager::ACTION_LOGIN, [ new PasswordAuthenticationRequest() ] ],
 201                         [ AuthManager::ACTION_CREATE, [ new PasswordAuthenticationRequest() ] ],
 202                         [ AuthManager::ACTION_LINK, [] ],
 203                         [ AuthManager::ACTION_CHANGE, [ new PasswordAuthenticationRequest() ] ],
 204                         [ AuthManager::ACTION_REMOVE, [ new PasswordAuthenticationRequest() ] ],
 205                 ];
 206         }
 207
 208         public function testProviderRevokeAccessForUser() {
 209                 $req = new PasswordAuthenticationRequest;
 210                 $req->action = AuthManager::ACTION_REMOVE;
 211                 $req->username = 'foo';
 212                 $req->password = null;
 213
 214                 $provider = $this->getMockForAbstractClass(
 215                         AbstractPasswordPrimaryAuthenticationProvider::class
 216                 );
 217                 $provider->expects( $this->once() )
 218                         ->method( 'providerChangeAuthenticationData' )
 219                         ->with( $this->equalTo( $req ) );
 220
 221                 $provider->providerRevokeAccessForUser( 'foo' );
 222         }
 223
 224 }