dépôts / lhc / web / wiklou.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
history | raw | HEAD
Merge "Fix tag for partial blocks config"
[lhc/web/wiklou.git] / tests / phpunit / includes / password / UserPasswordPolicyTest.php
1 <?php
2 /**
3 * Testing for password-policy enforcement, based on a user's groups.
4 *
5 * This program is free software; you can redistribute it and/or modify
6 * it under the terms of the GNU General Public License as published by
7 * the Free Software Foundation; either version 2 of the License, or
8 * (at your option) any later version.
9 *
10 * This program is distributed in the hope that it will be useful,
11 * but WITHOUT ANY WARRANTY; without even the implied warranty of
12 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
13 * GNU General Public License for more details.
14 *
15 * You should have received a copy of the GNU General Public License along
16 * with this program; if not, write to the Free Software Foundation, Inc.,
17 * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
18 * http://www.gnu.org/copyleft/gpl.html
19 *
20 * @file
21 */
22
23 /**
24 * @group Database
25 * @covers UserPasswordPolicy
26 */
27 class UserPasswordPolicyTest extends MediaWikiTestCase {
28
29 protected $tablesUsed = [ 'user', 'user_groups' ];
30
31 protected $policies = [
32 'checkuser' => [
33 'MinimalPasswordLength' => [ 'value' => 10, 'forceChange' => true ],
34 'MinimumPasswordLengthToLogin' => 6,
35 'PasswordCannotMatchUsername' => true,
36 ],
37 'sysop' => [
38 'MinimalPasswordLength' => 8,
39 'MinimumPasswordLengthToLogin' => 1,
40 'PasswordCannotMatchUsername' => true,
41 ],
42 'default' => [
43 'MinimalPasswordLength' => 4,
44 'MinimumPasswordLengthToLogin' => 1,
45 'PasswordCannotMatchBlacklist' => true,
46 'MaximalPasswordLength' => 4096,
47 // test null handling
48 'PasswordCannotMatchUsername' => null,
49 ],
50 ];
51
52 protected $checks = [
53 'MinimalPasswordLength' => 'PasswordPolicyChecks::checkMinimalPasswordLength',
54 'MinimumPasswordLengthToLogin' => 'PasswordPolicyChecks::checkMinimumPasswordLengthToLogin',
55 'PasswordCannotMatchUsername' => 'PasswordPolicyChecks::checkPasswordCannotMatchUsername',
56 'PasswordCannotMatchBlacklist' => 'PasswordPolicyChecks::checkPasswordCannotMatchBlacklist',
57 'MaximalPasswordLength' => 'PasswordPolicyChecks::checkMaximalPasswordLength',
58 ];
59
60 private function getUserPasswordPolicy() {
61 return new UserPasswordPolicy( $this->policies, $this->checks );
62 }
63
64 public function testGetPoliciesForUser() {
65 $upp = $this->getUserPasswordPolicy();
66
67 $user = $this->getTestUser( [ 'sysop' ] )->getUser();
68 $this->assertArrayEquals(
69 [
70 'MinimalPasswordLength' => 8,
71 'MinimumPasswordLengthToLogin' => 1,
72 'PasswordCannotMatchUsername' => true,
73 'PasswordCannotMatchBlacklist' => true,
74 'MaximalPasswordLength' => 4096,
75 ],
76 $upp->getPoliciesForUser( $user )
77 );
78
79 $user = $this->getTestUser( [ 'sysop', 'checkuser' ] )->getUser();
80 $this->assertArrayEquals(
81 [
82 'MinimalPasswordLength' => [ 'value' => 10, 'forceChange' => true ],
83 'MinimumPasswordLengthToLogin' => 6,
84 'PasswordCannotMatchUsername' => true,
85 'PasswordCannotMatchBlacklist' => true,
86 'MaximalPasswordLength' => 4096,
87 ],
88 $upp->getPoliciesForUser( $user )
89 );
90 }
91
92 public function testGetPoliciesForGroups() {
93 $effective = UserPasswordPolicy::getPoliciesForGroups(
94 $this->policies,
95 [ 'user', 'checkuser' ],
96 $this->policies['default']
97 );
98
99 $this->assertArrayEquals(
100 [
101 'MinimalPasswordLength' => [ 'value' => 10, 'forceChange' => true ],
102 'MinimumPasswordLengthToLogin' => 6,
103 'PasswordCannotMatchUsername' => true,
104 'PasswordCannotMatchBlacklist' => true,
105 'MaximalPasswordLength' => 4096,
106 ],
107 $effective
108 );
109 }
110
111 /**
112 * @dataProvider provideCheckUserPassword
113 */
114 public function testCheckUserPassword( $groups, $password, StatusValue $expectedStatus ) {
115 $upp = $this->getUserPasswordPolicy();
116 $user = $this->getTestUser( $groups )->getUser();
117
118 $status = $upp->checkUserPassword( $user, $password );
119 $this->assertSame( $expectedStatus->isGood(), $status->isGood(), 'password valid' );
120 $this->assertSame( $expectedStatus->isOK(), $status->isOK(), 'can login' );
121 $this->assertSame( $expectedStatus->getValue(), $status->getValue(), 'flags' );
122 }
123
124 public function provideCheckUserPassword() {
125 $success = Status::newGood( [] );
126 $warning = Status::newGood( [] );
127 $forceChange = Status::newGood( [ 'forceChange' => true ] );
128 $fatal = Status::newGood( [] );
129 // the message does not matter, we only test for state and value
130 $warning->warning( 'invalid-password' );
131 $forceChange->warning( 'invalid-password' );
132 $warning->warning( 'invalid-password' );
133 $fatal->fatal( 'invalid-password' );
134 return [
135 'No groups, default policy, password too short to login' => [
136 [],
137 '',
138 $fatal,
139 ],
140 'Default policy, short password' => [
141 [ 'user' ],
142 'aaa',
143 $warning,
144 ],
145 'Sysop with good password' => [
146 [ 'sysop' ],
147 'abcdabcdabcd',
148 $success,
149 ],
150 'Sysop with short password' => [
151 [ 'sysop' ],
152 'abcd',
153 $warning,
154 ],
155 'Checkuser with short password' => [
156 [ 'sysop', 'checkuser' ],
157 'abcdabcd',
158 $forceChange,
159 ],
160 'Checkuser with too short password to login' => [
161 [ 'sysop', 'checkuser' ],
162 'abcd',
163 $fatal,
164 ],
165 ];
166 }
167
168 public function testCheckUserPassword_blacklist() {
169 $upp = $this->getUserPasswordPolicy();
170 $user = User::newFromName( 'Useruser' );
171 $user->addToDatabase();
172
173 $status = $upp->checkUserPassword( $user, 'Passpass' );
174 $this->assertFalse( $status->isGood(), 'password invalid' );
175 $this->assertTrue( $status->isOK(), 'can login' );
176 }
177
178 /**
179 * @dataProvider provideMaxOfPolicies
180 */
181 public function testMaxOfPolicies( $p1, $p2, $max ) {
182 $this->assertArrayEquals(
183 $max,
184 UserPasswordPolicy::maxOfPolicies( $p1, $p2 )
185 );
186 }
187
188 public function provideMaxOfPolicies() {
189 return [
190 'Basic max in p1' => [
191 [ 'MinimalPasswordLength' => 8 ], // p1
192 [ 'MinimalPasswordLength' => 2 ], // p2
193 [ 'MinimalPasswordLength' => 8 ], // max
194 ],
195 'Basic max in p2' => [
196 [ 'MinimalPasswordLength' => 2 ], // p1
197 [ 'MinimalPasswordLength' => 8 ], // p2
198 [ 'MinimalPasswordLength' => 8 ], // max
199 ],
200 'Missing items in p1' => [
201 [
202 'MinimalPasswordLength' => 8,
203 ], // p1
204 [
205 'MinimalPasswordLength' => 2,
206 'PasswordCannotMatchUsername' => 1,
207 ], // p2
208 [
209 'MinimalPasswordLength' => 8,
210 'PasswordCannotMatchUsername' => 1,
211 ], // max
212 ],
213 'Missing items in p2' => [
214 [
215 'MinimalPasswordLength' => 8,
216 'PasswordCannotMatchUsername' => 1,
217 ], // p1
218 [
219 'MinimalPasswordLength' => 2,
220 ], // p2
221 [
222 'MinimalPasswordLength' => 8,
223 'PasswordCannotMatchUsername' => 1,
224 ], // max
225 ],
226 'complex value in p1' => [
227 [
228 'MinimalPasswordLength' => [
229 'value' => 8,
230 'foo' => 1,
231 ],
232 ], // p1
233 [
234 'MinimalPasswordLength' => 2,
235 ], // p2
236 [
237 'MinimalPasswordLength' => [
238 'value' => 8,
239 'foo' => 1,
240 ],
241 ], // max
242 ],
243 'complex value in p2' => [
244 [
245 'MinimalPasswordLength' => 8,
246 ], // p1
247 [
248 'MinimalPasswordLength' => [
249 'value' => 2,
250 'foo' => 1,
251 ],
252 ], // p2
253 [
254 'MinimalPasswordLength' => [
255 'value' => 8,
256 'foo' => 1,
257 ],
258 ], // max
259 ],
260 'complex value in both p1 and p2' => [
261 [
262 'MinimalPasswordLength' => [
263 'value' => 8,
264 'foo' => 1,
265 'baz' => false,
266 ],
267 ], // p1
268 [
269 'MinimalPasswordLength' => [
270 'value' => 2,
271 'bar' => 2,
272 'baz' => true,
273 ],
274 ], // p2
275 [
276 'MinimalPasswordLength' => [
277 'value' => 8,
278 'foo' => 1,
279 'bar' => 2,
280 'baz' => true,
281 ],
282 ], // max
283 ],
284 ];
285 }
286
287 }
Wiklou, le Wiki du Wiklou