dépôts / lhc / web / wiklou.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
history | raw | HEAD
Merge "DumpUploads: output local path instead of mwstore path"
[lhc/web/wiklou.git] / tests / phpunit / includes / session / BotPasswordSessionProviderTest.php
1 <?php
2
3 namespace MediaWiki\Session;
4
5 use Psr\Log\LogLevel;
6 use MediaWikiTestCase;
7 use User;
8
9 /**
10 * @group Session
11 * @group Database
12 * @covers MediaWiki\Session\BotPasswordSessionProvider
13 */
14 class BotPasswordSessionProviderTest extends MediaWikiTestCase {
15
16 private $config;
17
18 private function getProvider( $name = null, $prefix = null ) {
19 global $wgSessionProviders;
20
21 $params = [
22 'priority' => 40,
23 'sessionCookieName' => $name,
24 'sessionCookieOptions' => [],
25 ];
26 if ( $prefix !== null ) {
27 $params['sessionCookieOptions']['prefix'] = $prefix;
28 }
29
30 if ( !$this->config ) {
31 $this->config = new \HashConfig( [
32 'CookiePrefix' => 'wgCookiePrefix',
33 'EnableBotPasswords' => true,
34 'BotPasswordsDatabase' => false,
35 'SessionProviders' => $wgSessionProviders + [
36 BotPasswordSessionProvider::class => [
37 'class' => BotPasswordSessionProvider::class,
38 'args' => [ $params ],
39 ]
40 ],
41 ] );
42 }
43 $manager = new SessionManager( [
44 'config' => new \MultiConfig( [ $this->config, \RequestContext::getMain()->getConfig() ] ),
45 'logger' => new \Psr\Log\NullLogger,
46 'store' => new TestBagOStuff,
47 ] );
48
49 return $manager->getProvider( BotPasswordSessionProvider::class );
50 }
51
52 protected function setUp() {
53 parent::setUp();
54
55 $this->setMwGlobals( [
56 'wgEnableBotPasswords' => true,
57 'wgBotPasswordsDatabase' => false,
58 'wgCentralIdLookupProvider' => 'local',
59 'wgGrantPermissions' => [
60 'test' => [ 'read' => true ],
61 ],
62 ] );
63 }
64
65 public function addDBDataOnce() {
66 $passwordFactory = new \PasswordFactory();
67 $passwordFactory->init( \RequestContext::getMain()->getConfig() );
68 $passwordHash = $passwordFactory->newFromPlaintext( 'foobaz' );
69
70 $sysop = static::getTestSysop()->getUser();
71 $userId = \CentralIdLookup::factory( 'local' )->centralIdFromName( $sysop->getName() );
72
73 $dbw = wfGetDB( DB_MASTER );
74 $dbw->delete(
75 'bot_passwords',
76 [ 'bp_user' => $userId, 'bp_app_id' => 'BotPasswordSessionProvider' ],
77 __METHOD__
78 );
79 $dbw->insert(
80 'bot_passwords',
81 [
82 'bp_user' => $userId,
83 'bp_app_id' => 'BotPasswordSessionProvider',
84 'bp_password' => $passwordHash->toString(),
85 'bp_token' => 'token!',
86 'bp_restrictions' => '{"IPAddresses":["127.0.0.0/8"]}',
87 'bp_grants' => '["test"]',
88 ],
89 __METHOD__
90 );
91 }
92
93 public function testConstructor() {
94 try {
95 $provider = new BotPasswordSessionProvider();
96 $this->fail( 'Expected exception not thrown' );
97 } catch ( \InvalidArgumentException $ex ) {
98 $this->assertSame(
99 'MediaWiki\\Session\\BotPasswordSessionProvider::__construct: priority must be specified',
100 $ex->getMessage()
101 );
102 }
103
104 try {
105 $provider = new BotPasswordSessionProvider( [
106 'priority' => SessionInfo::MIN_PRIORITY - 1
107 ] );
108 $this->fail( 'Expected exception not thrown' );
109 } catch ( \InvalidArgumentException $ex ) {
110 $this->assertSame(
111 'MediaWiki\\Session\\BotPasswordSessionProvider::__construct: Invalid priority',
112 $ex->getMessage()
113 );
114 }
115
116 try {
117 $provider = new BotPasswordSessionProvider( [
118 'priority' => SessionInfo::MAX_PRIORITY + 1
119 ] );
120 $this->fail( 'Expected exception not thrown' );
121 } catch ( \InvalidArgumentException $ex ) {
122 $this->assertSame(
123 'MediaWiki\\Session\\BotPasswordSessionProvider::__construct: Invalid priority',
124 $ex->getMessage()
125 );
126 }
127
128 $provider = new BotPasswordSessionProvider( [
129 'priority' => 40
130 ] );
131 $priv = \TestingAccessWrapper::newFromObject( $provider );
132 $this->assertSame( 40, $priv->priority );
133 $this->assertSame( '_BPsession', $priv->sessionCookieName );
134 $this->assertSame( [], $priv->sessionCookieOptions );
135
136 $provider = new BotPasswordSessionProvider( [
137 'priority' => 40,
138 'sessionCookieName' => null,
139 ] );
140 $priv = \TestingAccessWrapper::newFromObject( $provider );
141 $this->assertSame( '_BPsession', $priv->sessionCookieName );
142
143 $provider = new BotPasswordSessionProvider( [
144 'priority' => 40,
145 'sessionCookieName' => 'Foo',
146 'sessionCookieOptions' => [ 'Bar' ],
147 ] );
148 $priv = \TestingAccessWrapper::newFromObject( $provider );
149 $this->assertSame( 'Foo', $priv->sessionCookieName );
150 $this->assertSame( [ 'Bar' ], $priv->sessionCookieOptions );
151 }
152
153 public function testBasics() {
154 $provider = $this->getProvider();
155
156 $this->assertTrue( $provider->persistsSessionId() );
157 $this->assertFalse( $provider->canChangeUser() );
158
159 $this->assertNull( $provider->newSessionInfo() );
160 $this->assertNull( $provider->newSessionInfo( 'aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa' ) );
161 }
162
163 public function testProvideSessionInfo() {
164 $provider = $this->getProvider();
165 $request = new \FauxRequest;
166 $request->setCookie( '_BPsession', 'aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa', 'wgCookiePrefix' );
167
168 if ( !defined( 'MW_API' ) ) {
169 $this->assertNull( $provider->provideSessionInfo( $request ) );
170 define( 'MW_API', 1 );
171 }
172
173 $info = $provider->provideSessionInfo( $request );
174 $this->assertInstanceOf( SessionInfo::class, $info );
175 $this->assertSame( 'aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa', $info->getId() );
176
177 $this->config->set( 'EnableBotPasswords', false );
178 $this->assertNull( $provider->provideSessionInfo( $request ) );
179 $this->config->set( 'EnableBotPasswords', true );
180
181 $this->assertNull( $provider->provideSessionInfo( new \FauxRequest ) );
182 }
183
184 public function testNewSessionInfoForRequest() {
185 $provider = $this->getProvider();
186 $user = static::getTestSysop()->getUser();
187 $request = $this->getMock( 'FauxRequest', [ 'getIP' ] );
188 $request->expects( $this->any() )->method( 'getIP' )
189 ->will( $this->returnValue( '127.0.0.1' ) );
190 $bp = \BotPassword::newFromUser( $user, 'BotPasswordSessionProvider' );
191
192 $session = $provider->newSessionForRequest( $user, $bp, $request );
193 $this->assertInstanceOf( Session::class, $session );
194
195 $this->assertEquals( $session->getId(), $request->getSession()->getId() );
196 $this->assertEquals( $user->getName(), $session->getUser()->getName() );
197
198 $this->assertEquals( [
199 'centralId' => $bp->getUserCentralId(),
200 'appId' => $bp->getAppId(),
201 'token' => $bp->getToken(),
202 'rights' => [ 'read' ],
203 ], $session->getProviderMetadata() );
204
205 $this->assertEquals( [ 'read' ], $session->getAllowedUserRights() );
206 }
207
208 public function testCheckSessionInfo() {
209 $logger = new \TestLogger( true );
210 $provider = $this->getProvider();
211 $provider->setLogger( $logger );
212
213 $user = static::getTestSysop()->getUser();
214 $request = $this->getMock( 'FauxRequest', [ 'getIP' ] );
215 $request->expects( $this->any() )->method( 'getIP' )
216 ->will( $this->returnValue( '127.0.0.1' ) );
217 $bp = \BotPassword::newFromUser( $user, 'BotPasswordSessionProvider' );
218
219 $data = [
220 'provider' => $provider,
221 'id' => 'aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa',
222 'userInfo' => UserInfo::newFromUser( $user, true ),
223 'persisted' => false,
224 'metadata' => [
225 'centralId' => $bp->getUserCentralId(),
226 'appId' => $bp->getAppId(),
227 'token' => $bp->getToken(),
228 ],
229 ];
230 $dataMD = $data['metadata'];
231
232 foreach ( array_keys( $data['metadata'] ) as $key ) {
233 $data['metadata'] = $dataMD;
234 unset( $data['metadata'][$key] );
235 $info = new SessionInfo( SessionInfo::MIN_PRIORITY, $data );
236 $metadata = $info->getProviderMetadata();
237
238 $this->assertFalse( $provider->refreshSessionInfo( $info, $request, $metadata ) );
239 $this->assertSame( [
240 [ LogLevel::INFO, 'Session "{session}": Missing metadata: {missing}' ]
241 ], $logger->getBuffer() );
242 $logger->clearBuffer();
243 }
244
245 $data['metadata'] = $dataMD;
246 $data['metadata']['appId'] = 'Foobar';
247 $info = new SessionInfo( SessionInfo::MIN_PRIORITY, $data );
248 $metadata = $info->getProviderMetadata();
249 $this->assertFalse( $provider->refreshSessionInfo( $info, $request, $metadata ) );
250 $this->assertSame( [
251 [ LogLevel::INFO, 'Session "{session}": No BotPassword for {centralId} {appId}' ],
252 ], $logger->getBuffer() );
253 $logger->clearBuffer();
254
255 $data['metadata'] = $dataMD;
256 $data['metadata']['token'] = 'Foobar';
257 $info = new SessionInfo( SessionInfo::MIN_PRIORITY, $data );
258 $metadata = $info->getProviderMetadata();
259 $this->assertFalse( $provider->refreshSessionInfo( $info, $request, $metadata ) );
260 $this->assertSame( [
261 [ LogLevel::INFO, 'Session "{session}": BotPassword token check failed' ],
262 ], $logger->getBuffer() );
263 $logger->clearBuffer();
264
265 $request2 = $this->getMock( 'FauxRequest', [ 'getIP' ] );
266 $request2->expects( $this->any() )->method( 'getIP' )
267 ->will( $this->returnValue( '10.0.0.1' ) );
268 $data['metadata'] = $dataMD;
269 $info = new SessionInfo( SessionInfo::MIN_PRIORITY, $data );
270 $metadata = $info->getProviderMetadata();
271 $this->assertFalse( $provider->refreshSessionInfo( $info, $request2, $metadata ) );
272 $this->assertSame( [
273 [ LogLevel::INFO, 'Session "{session}": Restrictions check failed' ],
274 ], $logger->getBuffer() );
275 $logger->clearBuffer();
276
277 $info = new SessionInfo( SessionInfo::MIN_PRIORITY, $data );
278 $metadata = $info->getProviderMetadata();
279 $this->assertTrue( $provider->refreshSessionInfo( $info, $request, $metadata ) );
280 $this->assertSame( [], $logger->getBuffer() );
281 $this->assertEquals( $dataMD + [ 'rights' => [ 'read' ] ], $metadata );
282 }
283
284 public function testGetAllowedUserRights() {
285 $logger = new \TestLogger( true );
286 $provider = $this->getProvider();
287 $provider->setLogger( $logger );
288
289 $backend = TestUtils::getDummySessionBackend();
290 $backendPriv = \TestingAccessWrapper::newFromObject( $backend );
291
292 try {
293 $provider->getAllowedUserRights( $backend );
294 $this->fail( 'Expected exception not thrown' );
295 } catch ( \InvalidArgumentException $ex ) {
296 $this->assertSame( 'Backend\'s provider isn\'t $this', $ex->getMessage() );
297 }
298
299 $backendPriv->provider = $provider;
300 $backendPriv->providerMetadata = [ 'rights' => [ 'foo', 'bar', 'baz' ] ];
301 $this->assertSame( [ 'foo', 'bar', 'baz' ], $provider->getAllowedUserRights( $backend ) );
302 $this->assertSame( [], $logger->getBuffer() );
303
304 $backendPriv->providerMetadata = [ 'foo' => 'bar' ];
305 $this->assertSame( [], $provider->getAllowedUserRights( $backend ) );
306 $this->assertSame( [
307 [
308 LogLevel::DEBUG,
309 'MediaWiki\\Session\\BotPasswordSessionProvider::getAllowedUserRights: ' .
310 'No provider metadata, returning no rights allowed'
311 ]
312 ], $logger->getBuffer() );
313 $logger->clearBuffer();
314
315 $backendPriv->providerMetadata = [ 'rights' => 'bar' ];
316 $this->assertSame( [], $provider->getAllowedUserRights( $backend ) );
317 $this->assertSame( [
318 [
319 LogLevel::DEBUG,
320 'MediaWiki\\Session\\BotPasswordSessionProvider::getAllowedUserRights: ' .
321 'No provider metadata, returning no rights allowed'
322 ]
323 ], $logger->getBuffer() );
324 $logger->clearBuffer();
325
326 $backendPriv->providerMetadata = null;
327 $this->assertSame( [], $provider->getAllowedUserRights( $backend ) );
328 $this->assertSame( [
329 [
330 LogLevel::DEBUG,
331 'MediaWiki\\Session\\BotPasswordSessionProvider::getAllowedUserRights: ' .
332 'No provider metadata, returning no rights allowed'
333 ]
334 ], $logger->getBuffer() );
335 $logger->clearBuffer();
336 }
337 }
Wiklou, le Wiki du Wiklou