[ 'MinimalPasswordLength' => 10, 'MinimumPasswordLengthToLogin' => 6, 'PasswordCannotMatchUsername' => true, ], 'sysop' => [ 'MinimalPasswordLength' => 8, 'MinimumPasswordLengthToLogin' => 1, 'PasswordCannotMatchUsername' => true, ], 'default' => [ 'MinimalPasswordLength' => 4, 'MinimumPasswordLengthToLogin' => 1, 'PasswordCannotMatchBlacklist' => true, 'MaximalPasswordLength' => 4096, ], ]; protected $checks = [ 'MinimalPasswordLength' => 'PasswordPolicyChecks::checkMinimalPasswordLength', 'MinimumPasswordLengthToLogin' => 'PasswordPolicyChecks::checkMinimumPasswordLengthToLogin', 'PasswordCannotMatchUsername' => 'PasswordPolicyChecks::checkPasswordCannotMatchUsername', 'PasswordCannotMatchBlacklist' => 'PasswordPolicyChecks::checkPasswordCannotMatchBlacklist', 'MaximalPasswordLength' => 'PasswordPolicyChecks::checkMaximalPasswordLength', ]; private function getUserPasswordPolicy() { return new UserPasswordPolicy( $this->policies, $this->checks ); } public function testGetPoliciesForUser() { $upp = $this->getUserPasswordPolicy(); $user = User::newFromName( 'TestUserPolicy' ); $user->addToDatabase(); $user->addGroup( 'sysop' ); $this->assertArrayEquals( [ 'MinimalPasswordLength' => 8, 'MinimumPasswordLengthToLogin' => 1, 'PasswordCannotMatchUsername' => 1, 'PasswordCannotMatchBlacklist' => true, 'MaximalPasswordLength' => 4096, ], $upp->getPoliciesForUser( $user ) ); } public function testGetPoliciesForGroups() { $effective = UserPasswordPolicy::getPoliciesForGroups( $this->policies, [ 'user', 'checkuser' ], $this->policies['default'] ); $this->assertArrayEquals( [ 'MinimalPasswordLength' => 10, 'MinimumPasswordLengthToLogin' => 6, 'PasswordCannotMatchUsername' => true, 'PasswordCannotMatchBlacklist' => true, 'MaximalPasswordLength' => 4096, ], $effective ); } /** * @dataProvider provideCheckUserPassword */ public function testCheckUserPassword( $username, $groups, $password, $valid, $ok, $msg ) { $upp = $this->getUserPasswordPolicy(); $user = User::newFromName( $username ); $user->addToDatabase(); foreach ( $groups as $group ) { $user->addGroup( $group ); } $status = $upp->checkUserPassword( $user, $password ); $this->assertSame( $valid, $status->isGood(), $msg . ' - password valid' ); $this->assertSame( $ok, $status->isOK(), $msg . ' - can login' ); } public function provideCheckUserPassword() { return [ [ 'PassPolicyUser', [], '', false, false, 'No groups, default policy, password too short to login' ], [ 'PassPolicyUser', [ 'user' ], 'aaa', false, true, 'Default policy, short password' ], [ 'PassPolicyUser', [ 'sysop' ], 'abcdabcdabcd', true, true, 'Sysop with good password' ], [ 'PassPolicyUser', [ 'sysop' ], 'abcd', false, true, 'Sysop with short password' ], [ 'PassPolicyUser', [ 'sysop', 'checkuser' ], 'abcdabcd', false, true, 'Checkuser with short password' ], [ 'PassPolicyUser', [ 'sysop', 'checkuser' ], 'abcd', false, false, 'Checkuser with too short password to login' ], [ 'Useruser', [ 'user' ], 'Passpass', false, true, 'Username & password on blacklist' ], ]; } /** * @dataProvider provideMaxOfPolicies */ public function testMaxOfPolicies( $p1, $p2, $max, $msg ) { $this->assertArrayEquals( $max, UserPasswordPolicy::maxOfPolicies( $p1, $p2 ), $msg ); } public function provideMaxOfPolicies() { return [ [ [ 'MinimalPasswordLength' => 8 ], // p1 [ 'MinimalPasswordLength' => 2 ], // p2 [ 'MinimalPasswordLength' => 8 ], // max 'Basic max in p1' ], [ [ 'MinimalPasswordLength' => 2 ], // p1 [ 'MinimalPasswordLength' => 8 ], // p2 [ 'MinimalPasswordLength' => 8 ], // max 'Basic max in p2' ], [ [ 'MinimalPasswordLength' => 8 ], // p1 [ 'MinimalPasswordLength' => 2, 'PasswordCannotMatchUsername' => 1, ], // p2 [ 'MinimalPasswordLength' => 8, 'PasswordCannotMatchUsername' => 1, ], // max 'Missing items in p1' ], [ [ 'MinimalPasswordLength' => 8, 'PasswordCannotMatchUsername' => 1, ], // p1 [ 'MinimalPasswordLength' => 2, ], // p2 [ 'MinimalPasswordLength' => 8, 'PasswordCannotMatchUsername' => 1, ], // max 'Missing items in p2' ], ]; } }