dépôts / lhc / web / wiklou.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
history | raw | HEAD
Add `actor` table and code to start using it
[lhc/web/wiklou.git] / tests / phpunit / includes / password / UserPasswordPolicyTest.php
1 <?php
2 /**
3 * Testing for password-policy enforcement, based on a user's groups.
4 *
5 * This program is free software; you can redistribute it and/or modify
6 * it under the terms of the GNU General Public License as published by
7 * the Free Software Foundation; either version 2 of the License, or
8 * (at your option) any later version.
9 *
10 * This program is distributed in the hope that it will be useful,
11 * but WITHOUT ANY WARRANTY; without even the implied warranty of
12 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
13 * GNU General Public License for more details.
14 *
15 * You should have received a copy of the GNU General Public License along
16 * with this program; if not, write to the Free Software Foundation, Inc.,
17 * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
18 * http://www.gnu.org/copyleft/gpl.html
19 *
20 * @file
21 */
22
23 /**
24 * @group Database
25 * @covers UserPasswordPolicy
26 */
27 class UserPasswordPolicyTest extends MediaWikiTestCase {
28
29 protected $tablesUsed = [ 'user', 'user_groups' ];
30
31 protected $policies = [
32 'checkuser' => [
33 'MinimalPasswordLength' => 10,
34 'MinimumPasswordLengthToLogin' => 6,
35 'PasswordCannotMatchUsername' => true,
36 ],
37 'sysop' => [
38 'MinimalPasswordLength' => 8,
39 'MinimumPasswordLengthToLogin' => 1,
40 'PasswordCannotMatchUsername' => true,
41 ],
42 'default' => [
43 'MinimalPasswordLength' => 4,
44 'MinimumPasswordLengthToLogin' => 1,
45 'PasswordCannotMatchBlacklist' => true,
46 'MaximalPasswordLength' => 4096,
47 ],
48 ];
49
50 protected $checks = [
51 'MinimalPasswordLength' => 'PasswordPolicyChecks::checkMinimalPasswordLength',
52 'MinimumPasswordLengthToLogin' => 'PasswordPolicyChecks::checkMinimumPasswordLengthToLogin',
53 'PasswordCannotMatchUsername' => 'PasswordPolicyChecks::checkPasswordCannotMatchUsername',
54 'PasswordCannotMatchBlacklist' => 'PasswordPolicyChecks::checkPasswordCannotMatchBlacklist',
55 'MaximalPasswordLength' => 'PasswordPolicyChecks::checkMaximalPasswordLength',
56 ];
57
58 private function getUserPasswordPolicy() {
59 return new UserPasswordPolicy( $this->policies, $this->checks );
60 }
61
62 public function testGetPoliciesForUser() {
63 $upp = $this->getUserPasswordPolicy();
64
65 $user = User::newFromName( 'TestUserPolicy' );
66 $user->addToDatabase();
67 $user->addGroup( 'sysop' );
68
69 $this->assertArrayEquals(
70 [
71 'MinimalPasswordLength' => 8,
72 'MinimumPasswordLengthToLogin' => 1,
73 'PasswordCannotMatchUsername' => 1,
74 'PasswordCannotMatchBlacklist' => true,
75 'MaximalPasswordLength' => 4096,
76 ],
77 $upp->getPoliciesForUser( $user )
78 );
79 }
80
81 public function testGetPoliciesForGroups() {
82 $effective = UserPasswordPolicy::getPoliciesForGroups(
83 $this->policies,
84 [ 'user', 'checkuser' ],
85 $this->policies['default']
86 );
87
88 $this->assertArrayEquals(
89 [
90 'MinimalPasswordLength' => 10,
91 'MinimumPasswordLengthToLogin' => 6,
92 'PasswordCannotMatchUsername' => true,
93 'PasswordCannotMatchBlacklist' => true,
94 'MaximalPasswordLength' => 4096,
95 ],
96 $effective
97 );
98 }
99
100 /**
101 * @dataProvider provideCheckUserPassword
102 */
103 public function testCheckUserPassword( $username, $groups, $password, $valid, $ok, $msg ) {
104 $upp = $this->getUserPasswordPolicy();
105
106 $user = User::newFromName( $username );
107 $user->addToDatabase();
108 foreach ( $groups as $group ) {
109 $user->addGroup( $group );
110 }
111
112 $status = $upp->checkUserPassword( $user, $password );
113 $this->assertSame( $valid, $status->isGood(), $msg . ' - password valid' );
114 $this->assertSame( $ok, $status->isOK(), $msg . ' - can login' );
115 }
116
117 public function provideCheckUserPassword() {
118 return [
119 [
120 'PassPolicyUser',
121 [],
122 '',
123 false,
124 false,
125 'No groups, default policy, password too short to login'
126 ],
127 [
128 'PassPolicyUser',
129 [ 'user' ],
130 'aaa',
131 false,
132 true,
133 'Default policy, short password'
134 ],
135 [
136 'PassPolicyUser',
137 [ 'sysop' ],
138 'abcdabcdabcd',
139 true,
140 true,
141 'Sysop with good password'
142 ],
143 [
144 'PassPolicyUser',
145 [ 'sysop' ],
146 'abcd',
147 false,
148 true,
149 'Sysop with short password'
150 ],
151 [
152 'PassPolicyUser',
153 [ 'sysop', 'checkuser' ],
154 'abcdabcd',
155 false,
156 true,
157 'Checkuser with short password'
158 ],
159 [
160 'PassPolicyUser',
161 [ 'sysop', 'checkuser' ],
162 'abcd',
163 false,
164 false,
165 'Checkuser with too short password to login'
166 ],
167 [
168 'Useruser',
169 [ 'user' ],
170 'Passpass',
171 false,
172 true,
173 'Username & password on blacklist'
174 ],
175 ];
176 }
177
178 /**
179 * @dataProvider provideMaxOfPolicies
180 */
181 public function testMaxOfPolicies( $p1, $p2, $max, $msg ) {
182 $this->assertArrayEquals(
183 $max,
184 UserPasswordPolicy::maxOfPolicies( $p1, $p2 ),
185 $msg
186 );
187 }
188
189 public function provideMaxOfPolicies() {
190 return [
191 [
192 [ 'MinimalPasswordLength' => 8 ], // p1
193 [ 'MinimalPasswordLength' => 2 ], // p2
194 [ 'MinimalPasswordLength' => 8 ], // max
195 'Basic max in p1'
196 ],
197 [
198 [ 'MinimalPasswordLength' => 2 ], // p1
199 [ 'MinimalPasswordLength' => 8 ], // p2
200 [ 'MinimalPasswordLength' => 8 ], // max
201 'Basic max in p2'
202 ],
203 [
204 [ 'MinimalPasswordLength' => 8 ], // p1
205 [
206 'MinimalPasswordLength' => 2,
207 'PasswordCannotMatchUsername' => 1,
208 ], // p2
209 [
210 'MinimalPasswordLength' => 8,
211 'PasswordCannotMatchUsername' => 1,
212 ], // max
213 'Missing items in p1'
214 ],
215 [
216 [
217 'MinimalPasswordLength' => 8,
218 'PasswordCannotMatchUsername' => 1,
219 ], // p1
220 [
221 'MinimalPasswordLength' => 2,
222 ], // p2
223 [
224 'MinimalPasswordLength' => 8,
225 'PasswordCannotMatchUsername' => 1,
226 ], // max
227 'Missing items in p2'
228 ],
229 ];
230 }
231
232 }
Wiklou, le Wiki du Wiklou