From dca998080dca205b1178a62abec8ccb207615ae5 Mon Sep 17 00:00:00 2001 From: Marius Hoch Date: Sat, 18 Oct 2014 15:29:29 +0200 Subject: [PATCH] Sanitize TestUser This also, as a side effect, makes sure we no longer use hash_ functions here, which will reduce the impact of https://github.com/facebook/hhvm/issues/3740 on us. Change-Id: I6e0c776ef9aafe490b24b6869037bb5cb05cd151 --- tests/phpunit/includes/TestUser.php | 70 +++++++++++++++++++++-------- 1 file changed, 51 insertions(+), 19 deletions(-) diff --git a/tests/phpunit/includes/TestUser.php b/tests/phpunit/includes/TestUser.php index 610a6acdc8..7a61cfd1aa 100644 --- a/tests/phpunit/includes/TestUser.php +++ b/tests/phpunit/includes/TestUser.php @@ -5,24 +5,41 @@ * like password if we log in via the API. */ class TestUser { + /** + * @deprecated Since 1.25. Use TestUser::getUser()->getName() + * @private + * @var string + */ public $username; + + /** + * @deprecated Since 1.25. Use TestUser::getPassword() + * @private + * @var string + */ public $password; - public $email; - public $groups; + + /** + * @deprecated Since 1.25. Use TestUser::getUser() + * @private + * @var User + */ public $user; + private function assertNotReal() { + global $wgDBprefix; + if( $wgDBprefix !== MediaWikiTestCase::DB_PREFIX && $wgDBprefix !== MediaWikiTestCase::ORA_DB_PREFIX ) { + throw new MWException( "Can't create user on real database" ); + } + } + public function __construct( $username, $realname = 'Real Name', $email = 'sample@example.com', $groups = array() ) { - $this->username = $username; - $this->realname = $realname; - $this->email = $email; - $this->groups = $groups; + $this->assertNotReal(); - // don't allow user to hardcode or select passwords -- people sometimes run tests - // on live wikis. Sometimes we create sysop users in these tests. A sysop user with - // a known password would be a Bad Thing. - $this->password = User::randomPassword(); + $this->username = $username; + $this->password = 'TestUser'; $this->user = User::newFromName( $this->username ); $this->user->load(); @@ -31,32 +48,47 @@ class TestUser { // But for now, we just need to create or update the user with the desired properties. // we particularly need the new password, since we just generated it randomly. // In core MediaWiki, there is no functionality to delete users, so this is the best we can do. - if ( !$this->user->getID() ) { + if ( !$this->user->isLoggedIn() ) { // create the user $this->user = User::createNew( $this->username, array( - "email" => $this->email, - "real_name" => $this->realname + "email" => $email, + "real_name" => $realname ) ); + if ( !$this->user ) { - throw new Exception( "error creating user" ); + throw new MWException( "Error creating TestUser " . $username ); } } - // update the user to use the new random password and other details + // Update the user to use the password and other details $this->user->setPassword( $this->password ); - $this->user->setEmail( $this->email ); - $this->user->setRealName( $this->realname ); + $this->user->setEmail( $email ); + $this->user->setRealName( $realname ); // Adjust groups by adding any missing ones and removing any extras $currentGroups = $this->user->getGroups(); - foreach ( array_diff( $this->groups, $currentGroups ) as $group ) { + foreach ( array_diff( $groups, $currentGroups ) as $group ) { $this->user->addGroup( $group ); } - foreach ( array_diff( $currentGroups, $this->groups ) as $group ) { + foreach ( array_diff( $currentGroups, $groups ) as $group ) { $this->user->removeGroup( $group ); } $this->user->saveSettings(); } + + /** + * @return User + */ + public function getUser() { + return $this->user; + } + + /** + * @return string + */ + public function getPassword() { + return $this->password; + } } -- 2.20.1