tests/phpunit/includes/auth/CheckBlocksSecondaryAuthenticationProviderTest.php

   1 <?php
   2
   3 namespace MediaWiki\Auth;
   4
   5 use Wikimedia\TestingAccessWrapper;
   6
   7 /**
   8  * @group AuthManager
   9  * @group Database
  10  * @covers \MediaWiki\Auth\CheckBlocksSecondaryAuthenticationProvider
  11  */
  12 class CheckBlocksSecondaryAuthenticationProviderTest extends \MediaWikiTestCase {
  13         public function testConstructor() {
  14                 $provider = new CheckBlocksSecondaryAuthenticationProvider();
  15                 $providerPriv = TestingAccessWrapper::newFromObject( $provider );
  16                 $config = new \HashConfig( [
  17                         'BlockDisablesLogin' => false
  18                 ] );
  19                 $provider->setConfig( $config );
  20                 $this->assertSame( false, $providerPriv->blockDisablesLogin );
  21
  22                 $provider = new CheckBlocksSecondaryAuthenticationProvider(
  23                         [ 'blockDisablesLogin' => true ]
  24                 );
  25                 $providerPriv = TestingAccessWrapper::newFromObject( $provider );
  26                 $config = new \HashConfig( [
  27                         'BlockDisablesLogin' => false
  28                 ] );
  29                 $provider->setConfig( $config );
  30                 $this->assertSame( true, $providerPriv->blockDisablesLogin );
  31         }
  32
  33         public function testBasics() {
  34                 $provider = new CheckBlocksSecondaryAuthenticationProvider();
  35                 $user = \User::newFromName( 'UTSysop' );
  36
  37                 $this->assertEquals(
  38                         AuthenticationResponse::newAbstain(),
  39                         $provider->beginSecondaryAccountCreation( $user, $user, [] )
  40                 );
  41         }
  42
  43         /**
  44          * @dataProvider provideGetAuthenticationRequests
  45          * @param string $action
  46          * @param array $response
  47          */
  48         public function testGetAuthenticationRequests( $action, $response ) {
  49                 $provider = new CheckBlocksSecondaryAuthenticationProvider();
  50
  51                 $this->assertEquals( $response, $provider->getAuthenticationRequests( $action, [] ) );
  52         }
  53
  54         public static function provideGetAuthenticationRequests() {
  55                 return [
  56                         [ AuthManager::ACTION_LOGIN, [] ],
  57                         [ AuthManager::ACTION_CREATE, [] ],
  58                         [ AuthManager::ACTION_LINK, [] ],
  59                         [ AuthManager::ACTION_CHANGE, [] ],
  60                         [ AuthManager::ACTION_REMOVE, [] ],
  61                 ];
  62         }
  63
  64         private function getBlockedUser() {
  65                 $user = \User::newFromName( 'UTBlockee' );
  66                 if ( $user->getID() == 0 ) {
  67                         $user->addToDatabase();
  68                         \TestUser::setPasswordForUser( $user, 'UTBlockeePassword' );
  69                         $user->saveSettings();
  70                 }
  71                 $oldBlock = \Block::newFromTarget( 'UTBlockee' );
  72                 if ( $oldBlock ) {
  73                         // An old block will prevent our new one from saving.
  74                         $oldBlock->delete();
  75                 }
  76                 $blockOptions = [
  77                         'address' => 'UTBlockee',
  78                         'user' => $user->getID(),
  79                         'by' => $this->getTestSysop()->getUser()->getId(),
  80                         'reason' => __METHOD__,
  81                         'expiry' => time() + 100500,
  82                         'createAccount' => true,
  83                 ];
  84                 $block = new \Block( $blockOptions );
  85                 $block->insert();
  86                 return $user;
  87         }
  88
  89         public function testBeginSecondaryAuthentication() {
  90                 $unblockedUser = \User::newFromName( 'UTSysop' );
  91                 $blockedUser = $this->getBlockedUser();
  92
  93                 $provider = new CheckBlocksSecondaryAuthenticationProvider(
  94                         [ 'blockDisablesLogin' => false ]
  95                 );
  96                 $this->assertEquals(
  97                         AuthenticationResponse::newAbstain(),
  98                         $provider->beginSecondaryAuthentication( $unblockedUser, [] )
  99                 );
 100                 $this->assertEquals(
 101                         AuthenticationResponse::newAbstain(),
 102                         $provider->beginSecondaryAuthentication( $blockedUser, [] )
 103                 );
 104
 105                 $provider = new CheckBlocksSecondaryAuthenticationProvider(
 106                         [ 'blockDisablesLogin' => true ]
 107                 );
 108                 $this->assertEquals(
 109                         AuthenticationResponse::newPass(),
 110                         $provider->beginSecondaryAuthentication( $unblockedUser, [] )
 111                 );
 112                 $ret = $provider->beginSecondaryAuthentication( $blockedUser, [] );
 113                 $this->assertEquals( AuthenticationResponse::FAIL, $ret->status );
 114         }
 115
 116         public function testTestUserForCreation() {
 117                 $provider = new CheckBlocksSecondaryAuthenticationProvider(
 118                         [ 'blockDisablesLogin' => false ]
 119                 );
 120                 $provider->setLogger( new \Psr\Log\NullLogger() );
 121                 $provider->setConfig( new \HashConfig() );
 122                 $provider->setManager( AuthManager::singleton() );
 123
 124                 $unblockedUser = \User::newFromName( 'UTSysop' );
 125                 $blockedUser = $this->getBlockedUser();
 126
 127                 $user = \User::newFromName( 'RandomUser' );
 128
 129                 $this->assertEquals(
 130                         \StatusValue::newGood(),
 131                         $provider->testUserForCreation( $unblockedUser, AuthManager::AUTOCREATE_SOURCE_SESSION )
 132                 );
 133                 $this->assertEquals(
 134                         \StatusValue::newGood(),
 135                         $provider->testUserForCreation( $unblockedUser, false )
 136                 );
 137
 138                 $status = $provider->testUserForCreation( $blockedUser, AuthManager::AUTOCREATE_SOURCE_SESSION );
 139                 $this->assertInstanceOf( \StatusValue::class, $status );
 140                 $this->assertFalse( $status->isOK() );
 141                 $this->assertTrue( $status->hasMessage( 'cantcreateaccount-text' ) );
 142
 143                 $status = $provider->testUserForCreation( $blockedUser, false );
 144                 $this->assertInstanceOf( \StatusValue::class, $status );
 145                 $this->assertFalse( $status->isOK() );
 146                 $this->assertTrue( $status->hasMessage( 'cantcreateaccount-text' ) );
 147         }
 148
 149         public function testRangeBlock() {
 150                 $blockOptions = [
 151                         'address' => '127.0.0.0/24',
 152                         'reason' => __METHOD__,
 153                         'by' => $this->getTestSysop()->getUser()->getId(),
 154                         'expiry' => time() + 100500,
 155                         'createAccount' => true,
 156                 ];
 157                 $block = new \Block( $blockOptions );
 158                 $block->insert();
 159                 $scopeVariable = new \Wikimedia\ScopedCallback( [ $block, 'delete' ] );
 160
 161                 $user = \User::newFromName( 'UTNormalUser' );
 162                 if ( $user->getID() == 0 ) {
 163                         $user->addToDatabase();
 164                         \TestUser::setPasswordForUser( $user, 'UTNormalUserPassword' );
 165                         $user->saveSettings();
 166                 }
 167                 $this->setMwGlobals( [ 'wgUser' => $user ] );
 168                 $newuser = \User::newFromName( 'RandomUser' );
 169
 170                 $provider = new CheckBlocksSecondaryAuthenticationProvider(
 171                         [ 'blockDisablesLogin' => true ]
 172                 );
 173                 $provider->setLogger( new \Psr\Log\NullLogger() );
 174                 $provider->setConfig( new \HashConfig() );
 175                 $provider->setManager( AuthManager::singleton() );
 176
 177                 $ret = $provider->beginSecondaryAuthentication( $user, [] );
 178                 $this->assertEquals( AuthenticationResponse::FAIL, $ret->status );
 179
 180                 $status = $provider->testUserForCreation( $newuser, AuthManager::AUTOCREATE_SOURCE_SESSION );
 181                 $this->assertInstanceOf( \StatusValue::class, $status );
 182                 $this->assertFalse( $status->isOK() );
 183                 $this->assertTrue( $status->hasMessage( 'cantcreateaccount-range-text' ) );
 184
 185                 $status = $provider->testUserForCreation( $newuser, false );
 186                 $this->assertInstanceOf( \StatusValue::class, $status );
 187                 $this->assertFalse( $status->isOK() );
 188                 $this->assertTrue( $status->hasMessage( 'cantcreateaccount-range-text' ) );
 189         }
 190 }