<?php
use MediaWiki\MediaWikiServices;
+use MediaWiki\Session\BotPasswordSessionProvider;
+use MediaWiki\Session\SessionManager;
use Wikimedia\TestingAccessWrapper;
/**
/**
* Test result of attempted login with an empty username
*/
- public function testApiLoginNoName() {
+ public function testNoName() {
$session = [
'wsTokenSecrets' => [ 'login' => 'foobar' ],
];
- $data = $this->doApiRequest( [ 'action' => 'login',
- 'lgname' => '', 'lgpassword' => self::$users['sysop']->getPassword(),
- 'lgtoken' => (string)( new MediaWiki\Session\Token( 'foobar', '' ) )
+ $ret = $this->doApiRequest( [
+ 'action' => 'login',
+ 'lgname' => '',
+ 'lgpassword' => self::$users['sysop']->getPassword(),
+ 'lgtoken' => (string)( new MediaWiki\Session\Token( 'foobar', '' ) ),
], $session );
- $this->assertEquals( 'Failed', $data[0]['login']['result'] );
+ $this->assertSame( 'Failed', $ret[0]['login']['result'] );
}
- public function testApiLoginBadPass() {
- global $wgServer;
-
- $user = self::$users['sysop'];
- $userName = $user->getUser()->getName();
- $user->getUser()->logout();
-
- if ( !isset( $wgServer ) ) {
- $this->markTestIncomplete( 'This test needs $wgServer to be set in LocalSettings.php' );
- }
+ private function doUserLogin( $name, $password ) {
$ret = $this->doApiRequest( [
- "action" => "login",
- "lgname" => $userName,
- "lgpassword" => "bad",
+ 'action' => 'login',
+ 'lgname' => $name,
] );
- $result = $ret[0];
+ $this->assertSame( 'NeedToken', $ret[0]['login']['result'] );
- $this->assertNotInternalType( "bool", $result );
- $a = $result["login"]["result"];
- $this->assertEquals( "NeedToken", $a );
-
- $token = $result["login"]["token"];
-
- $ret = $this->doApiRequest(
- [
- "action" => "login",
- "lgtoken" => $token,
- "lgname" => $userName,
- "lgpassword" => "badnowayinhell",
- ],
- $ret[2]
- );
+ return $this->doApiRequest( [
+ 'action' => 'login',
+ 'lgtoken' => $ret[0]['login']['token'],
+ 'lgname' => $name,
+ 'lgpassword' => $password,
+ ], $ret[2] );
+ }
- $result = $ret[0];
+ public function testBadPass() {
+ $user = self::$users['sysop'];
+ $userName = $user->getUser()->getName();
+ $user->getUser()->logout();
- $this->assertNotInternalType( "bool", $result );
- $a = $result["login"]["result"];
+ $ret = $this->doUserLogin( $userName, 'bad' );
- $this->assertEquals( 'Failed', $a );
+ $this->assertSame( 'Failed', $ret[0]['login']['result'] );
}
- public function testApiLoginGoodPass() {
- global $wgServer;
-
- if ( !isset( $wgServer ) ) {
- $this->markTestIncomplete( 'This test needs $wgServer to be set in LocalSettings.php' );
- }
-
+ public function testGoodPass() {
$user = self::$users['sysop'];
$userName = $user->getUser()->getName();
$password = $user->getPassword();
$user->getUser()->logout();
- $ret = $this->doApiRequest( [
- "action" => "login",
- "lgname" => $userName,
- "lgpassword" => $password,
- ]
- );
-
- $result = $ret[0];
- $this->assertNotInternalType( "bool", $result );
- $this->assertNotInternalType( "null", $result["login"] );
-
- $a = $result["login"]["result"];
- $this->assertEquals( "NeedToken", $a );
- $token = $result["login"]["token"];
-
- $ret = $this->doApiRequest(
- [
- "action" => "login",
- "lgtoken" => $token,
- "lgname" => $userName,
- "lgpassword" => $password,
- ],
- $ret[2]
- );
-
- $result = $ret[0];
+ $ret = $this->doUserLogin( $userName, $password );
- $this->assertNotInternalType( "bool", $result );
- $a = $result["login"]["result"];
-
- $this->assertEquals( "Success", $a );
+ $this->assertSame( 'Success', $ret[0]['login']['result'] );
}
/**
* @group Broken
*/
- public function testApiLoginGotCookie() {
+ public function testGotCookie() {
$this->markTestIncomplete( "The server can't do external HTTP requests, "
. "and the internal one won't give cookies" );
global $wgServer, $wgScriptPath;
- if ( !isset( $wgServer ) ) {
- $this->markTestIncomplete( 'This test needs $wgServer to be set in LocalSettings.php' );
- }
$user = self::$users['sysop'];
$userName = $user->getUser()->getName();
$password = $user->getPassword();
- $req = MWHttpRequest::factory( self::$apiUrl . "?action=login&format=xml",
- [ "method" => "POST",
- "postData" => [
- "lgname" => $userName,
- "lgpassword" => $password
- ]
+ $req = MWHttpRequest::factory(
+ self::$apiUrl . '?action=login&format=json',
+ [
+ 'method' => 'POST',
+ 'postData' => [
+ 'lgname' => $userName,
+ 'lgpassword' => $password,
+ ],
],
__METHOD__
);
$req->execute();
- libxml_use_internal_errors( true );
- $sxe = simplexml_load_string( $req->getContent() );
- $this->assertNotInternalType( "bool", $sxe );
- $this->assertThat( $sxe, $this->isInstanceOf( SimpleXMLElement::class ) );
- $this->assertNotInternalType( "null", $sxe->login[0] );
+ $content = json_decode( $req->getContent() );
- $a = $sxe->login[0]->attributes()->result[0];
- $this->assertEquals( ' result="NeedToken"', $a->asXML() );
- $token = (string)$sxe->login[0]->attributes()->token;
+ $this->assertSame( 'NeedToken', $content->login->result );
$req->setData( [
- "lgtoken" => $token,
- "lgname" => $userName,
- "lgpassword" => $password ] );
+ 'lgtoken' => $content->login->token,
+ 'lgname' => $userName,
+ 'lgpassword' => $password,
+ ] );
$req->execute();
$cj = $req->getCookieJar();
$serverName = parse_url( $wgServer, PHP_URL_HOST );
$this->assertNotEquals( false, $serverName );
$serializedCookie = $cj->serializeToHttpRequest( $wgScriptPath, $serverName );
- $this->assertNotEquals( '', $serializedCookie );
$this->assertRegExp(
- '/_session=[^;]*; .*UserID=[0-9]*; .*UserName=' . $user->userName . '; .*Token=/',
+ '/_session=[^;]*; .*UserID=[0-9]*; .*UserName=' . $userName . '; .*Token=/',
$serializedCookie
);
}
- public function testRunLogin() {
- $user = self::$users['sysop'];
- $userName = $user->getUser()->getName();
- $password = $user->getPassword();
-
- $data = $this->doApiRequest( [
- 'action' => 'login',
- 'lgname' => $userName,
- 'lgpassword' => $password ] );
-
- $this->assertArrayHasKey( "login", $data[0] );
- $this->assertArrayHasKey( "result", $data[0]['login'] );
- $this->assertEquals( "NeedToken", $data[0]['login']['result'] );
- $token = $data[0]['login']['token'];
-
- $data = $this->doApiRequest( [
- 'action' => 'login',
- "lgtoken" => $token,
- "lgname" => $userName,
- "lgpassword" => $password ], $data[2] );
-
- $this->assertArrayHasKey( "login", $data[0] );
- $this->assertArrayHasKey( "result", $data[0]['login'] );
- $this->assertEquals( "Success", $data[0]['login']['result'] );
- }
-
public function testBotPassword() {
- global $wgServer, $wgSessionProviders;
-
- if ( !isset( $wgServer ) ) {
- $this->markTestIncomplete( 'This test needs $wgServer to be set in LocalSettings.php' );
- }
+ global $wgSessionProviders;
$this->setMwGlobals( [
+ // We can't use mergeMwGlobalArrayValue because it will overwrite the existing entry
+ // with index 0
'wgSessionProviders' => array_merge( $wgSessionProviders, [
[
- 'class' => MediaWiki\Session\BotPasswordSessionProvider::class,
+ 'class' => BotPasswordSessionProvider::class,
'args' => [ [ 'priority' => 40 ] ],
- ]
+ ],
] ),
'wgEnableBotPasswords' => true,
'wgBotPasswordsDatabase' => false,
] );
// Make sure our session provider is present
- $manager = TestingAccessWrapper::newFromObject( MediaWiki\Session\SessionManager::singleton() );
- if ( !isset( $manager->sessionProviders[MediaWiki\Session\BotPasswordSessionProvider::class] ) ) {
+ $manager = TestingAccessWrapper::newFromObject( SessionManager::singleton() );
+ if ( !isset( $manager->sessionProviders[BotPasswordSessionProvider::class] ) ) {
$tmp = $manager->sessionProviders;
$manager->sessionProviders = null;
$manager->sessionProviders = $tmp + $manager->getProviders();
}
$this->assertNotNull(
- MediaWiki\Session\SessionManager::singleton()->getProvider(
- MediaWiki\Session\BotPasswordSessionProvider::class
- ),
+ SessionManager::singleton()->getProvider( BotPasswordSessionProvider::class ),
'sanity check'
);
$user = self::$users['sysop'];
$centralId = CentralIdLookup::factory()->centralIdFromLocalUser( $user->getUser() );
- $this->assertNotEquals( 0, $centralId, 'sanity check' );
+ $this->assertNotSame( 0, $centralId, 'sanity check' );
$password = 'ngfhmjm64hv0854493hsj5nncjud2clk';
$passwordFactory = MediaWikiServices::getInstance()->getPasswordFactory();
$lgName = $user->getUser()->getName() . BotPassword::getSeparator() . 'foo';
- $ret = $this->doApiRequest( [
- 'action' => 'login',
- 'lgname' => $lgName,
- 'lgpassword' => $password,
- ] );
-
- $result = $ret[0];
- $this->assertNotInternalType( 'bool', $result );
- $this->assertNotInternalType( 'null', $result['login'] );
+ $ret = $this->doUserLogin( $lgName, $password );
- $a = $result['login']['result'];
- $this->assertEquals( 'NeedToken', $a );
- $token = $result['login']['token'];
-
- $ret = $this->doApiRequest( [
- 'action' => 'login',
- 'lgtoken' => $token,
- 'lgname' => $lgName,
- 'lgpassword' => $password,
- ], $ret[2] );
-
- $result = $ret[0];
- $this->assertNotInternalType( 'bool', $result );
- $a = $result['login']['result'];
-
- $this->assertEquals( 'Success', $a );
+ $this->assertSame( 'Success', $ret[0]['login']['result'] );
}
public function testLoginWithNoSameOriginSecurity() {
}
);
- $result = $this->doApiRequest( [
+ $ret = $this->doApiRequest( [
'action' => 'login',
] )[0]['login'];
$this->assertSame( [
'result' => 'Aborted',
'reason' => 'Cannot log in when the same-origin policy is not applied.',
- ], $result );
+ ], $ret );
}
}