3 use MediaWiki\Block\BlockManager
;
4 use MediaWiki\Block\DatabaseBlock
;
5 use MediaWiki\Block\CompositeBlock
;
6 use MediaWiki\Block\SystemBlock
;
7 use MediaWiki\MediaWikiServices
;
8 use Wikimedia\TestingAccessWrapper
;
13 * @coversDefaultClass \MediaWiki\Block\BlockManager
15 class BlockManagerTest
extends MediaWikiTestCase
{
16 use TestAllServiceOptionsUsed
;
24 protected function setUp() {
27 $this->user
= $this->getTestUser()->getUser();
28 $this->sysopId
= $this->getTestSysop()->getUser()->getId();
29 $this->blockManagerConfig
= [
30 'wgApplyIpBlocksToXff' => true,
31 'wgCookieSetOnAutoblock' => true,
32 'wgCookieSetOnIpBlock' => true,
33 'wgDnsBlacklistUrls' => [],
34 'wgEnableDnsBlacklist' => true,
36 'wgProxyWhitelist' => [],
37 'wgSecretKey' => false,
38 'wgSoftBlockRanges' => [],
42 private function getBlockManager( $overrideConfig ) {
43 return new BlockManager(
44 ...$this->getBlockManagerConstructorArgs( $overrideConfig )
48 private function getBlockManagerConstructorArgs( $overrideConfig ) {
49 $blockManagerConfig = array_merge( $this->blockManagerConfig
, $overrideConfig );
50 $this->setMwGlobals( $blockManagerConfig );
52 new LoggedServiceOptions(
53 self
::$serviceOptionsAccessLog,
54 BlockManager
::$constructorOptions,
55 MediaWikiServices
::getInstance()->getMainConfig()
58 $this->user
->getRequest(),
59 MediaWikiServices
::getInstance()->getPermissionManager()
64 * @dataProvider provideGetBlockFromCookieValue
65 * @covers ::getBlockFromCookieValue
66 * @covers ::shouldApplyCookieBlock
68 public function testGetBlockFromCookieValue( $options, $expected ) {
69 $blockManager = TestingAccessWrapper
::newFromObject(
70 $this->getBlockManager( [
71 'wgCookieSetOnAutoblock' => true,
72 'wgCookieSetOnIpBlock' => true,
76 $block = new DatabaseBlock( array_merge( [
77 'address' => $options['target'] ?
: $this->user
,
78 'by' => $this->sysopId
,
79 ], $options['blockOptions'] ) );
82 $user = $options['loggedIn'] ?
$this->user
: new User();
83 $user->getRequest()->setCookie( 'BlockID', $block->getCookieValue() );
85 $this->assertSame( $expected, (bool)$blockManager->getBlockFromCookieValue(
93 public static function provideGetBlockFromCookieValue() {
95 'Autoblocking user block' => [
100 'enableAutoblock' => true
105 'Non-autoblocking user block' => [
109 'blockOptions' => [],
113 'IP block for anonymous user' => [
115 'target' => '127.0.0.1',
117 'blockOptions' => [],
121 'IP block for logged in user' => [
123 'target' => '127.0.0.1',
125 'blockOptions' => [],
129 'IP range block for anonymous user' => [
131 'target' => '127.0.0.0/8',
133 'blockOptions' => [],
141 * @dataProvider provideIsLocallyBlockedProxy
142 * @covers ::isLocallyBlockedProxy
144 public function testIsLocallyBlockedProxy( $proxyList, $expected ) {
145 $blockManager = TestingAccessWrapper
::newFromObject(
146 $this->getBlockManager( [
147 'wgProxyList' => $proxyList
152 $this->assertSame( $expected, $blockManager->isLocallyBlockedProxy( $ip ) );
155 public static function provideIsLocallyBlockedProxy() {
157 'Proxy list is empty' => [ [], false ],
158 'Proxy list contains IP' => [ [ '1.2.3.4' ], true ],
159 'Proxy list contains IP as value' => [ [ 'test' => '1.2.3.4' ], true ],
160 'Proxy list contains range that covers IP' => [ [ '1.2.3.0/16' ], true ],
165 * @dataProvider provideIsDnsBlacklisted
166 * @covers ::isDnsBlacklisted
167 * @covers ::inDnsBlacklist
169 public function testIsDnsBlacklisted( $options, $expected ) {
170 $blockManagerConfig = [
171 'wgEnableDnsBlacklist' => true,
172 'wgDnsBlacklistUrls' => $options['blacklist'],
173 'wgProxyWhitelist' => $options['whitelist'],
176 $blockManager = $this->getMockBuilder( BlockManager
::class )
177 ->setConstructorArgs( $this->getBlockManagerConstructorArgs( $blockManagerConfig ) )
178 ->setMethods( [ 'checkHost' ] )
180 $blockManager->method( 'checkHost' )
181 ->will( $this->returnValueMap( [ [
182 $options['dnsblQuery'],
183 $options['dnsblResponse'],
188 $blockManager->isDnsBlacklisted( $options['ip'], $options['checkWhitelist'] )
192 public static function provideIsDnsBlacklisted() {
193 $dnsblFound = [ '127.0.0.2' ];
194 $dnsblNotFound = false;
196 'IP is blacklisted' => [
198 'blacklist' => [ 'dnsbl.test' ],
200 'dnsblQuery' => '1.0.0.127.dnsbl.test',
201 'dnsblResponse' => $dnsblFound,
203 'checkWhitelist' => false,
207 'IP is blacklisted; blacklist has key' => [
209 'blacklist' => [ [ 'dnsbl.test', 'key' ] ],
211 'dnsblQuery' => 'key.1.0.0.127.dnsbl.test',
212 'dnsblResponse' => $dnsblFound,
214 'checkWhitelist' => false,
218 'IP is blacklisted; blacklist is array' => [
220 'blacklist' => [ [ 'dnsbl.test' ] ],
222 'dnsblQuery' => '1.0.0.127.dnsbl.test',
223 'dnsblResponse' => $dnsblFound,
225 'checkWhitelist' => false,
229 'IP is not blacklisted' => [
231 'blacklist' => [ 'dnsbl.test' ],
233 'dnsblQuery' => '4.3.2.1.dnsbl.test',
234 'dnsblResponse' => $dnsblNotFound,
236 'checkWhitelist' => false,
240 'Blacklist is empty' => [
244 'dnsblQuery' => '1.0.0.127.dnsbl.test',
245 'dnsblResponse' => $dnsblFound,
247 'checkWhitelist' => false,
251 'IP is blacklisted and whitelisted; whitelist is not checked' => [
253 'blacklist' => [ 'dnsbl.test' ],
255 'dnsblQuery' => '1.0.0.127.dnsbl.test',
256 'dnsblResponse' => $dnsblFound,
257 'whitelist' => [ '127.0.0.1' ],
258 'checkWhitelist' => false,
262 'IP is blacklisted and whitelisted; whitelist is checked' => [
264 'blacklist' => [ 'dnsbl.test' ],
266 'dnsblQuery' => '1.0.0.127.dnsbl.test',
267 'dnsblResponse' => $dnsblFound,
268 'whitelist' => [ '127.0.0.1' ],
269 'checkWhitelist' => true,
277 * @covers ::getUniqueBlocks
279 public function testGetUniqueBlocks() {
282 $blockManager = TestingAccessWrapper
::newFromObject( $this->getBlockManager( [] ) );
284 $block = $this->getMockBuilder( DatabaseBlock
::class )
285 ->setMethods( [ 'getId' ] )
287 $block->method( 'getId' )
288 ->willReturn( $blockId );
290 $autoblock = $this->getMockBuilder( DatabaseBlock
::class )
291 ->setMethods( [ 'getParentBlockId', 'getType' ] )
293 $autoblock->method( 'getParentBlockId' )
294 ->willReturn( $blockId );
295 $autoblock->method( 'getType' )
296 ->willReturn( DatabaseBlock
::TYPE_AUTO
);
298 $blocks = [ $block, $block, $autoblock, new SystemBlock() ];
300 $this->assertSame( 2, count( $blockManager->getUniqueBlocks( $blocks ) ) );
304 * @dataProvider provideTrackBlockWithCookie
305 * @covers ::trackBlockWithCookie
307 public function testTrackBlockWithCookie( $options, $expectedVal ) {
308 $this->setMwGlobals( 'wgCookiePrefix', '' );
310 $request = new FauxRequest();
311 if ( $options['cookieSet'] ) {
312 $request->setCookie( 'BlockID', 'the value does not matter' );
315 $user = $this->getMockBuilder( User
::class )
316 ->setMethods( [ 'getBlock', 'getRequest' ] )
318 $user->method( 'getBlock' )
319 ->willReturn( $options['block'] );
320 $user->method( 'getRequest' )
321 ->willReturn( $request );
323 // Although the block cookie is set via DeferredUpdates, in command line mode updates are
324 // processed immediately
325 $blockManager = $this->getBlockManager( [
327 'wgCookieSetOnIpBlock' => true,
329 $blockManager->trackBlockWithCookie( $user );
331 /** @var FauxResponse $response */
332 $response = $request->response();
333 $this->assertCount( $expectedVal ?
1 : 0, $response->getCookies() );
334 $this->assertEquals( $expectedVal ?
: null, $response->getCookie( 'BlockID' ) );
337 public function provideTrackBlockWithCookie() {
340 'Block cookie is already set; there is a trackable block' => [
343 'block' => $this->getTrackableBlock( $blockId ),
347 'Block cookie is already set; there is no block' => [
354 'Block cookie is not yet set; there is no block' => [
356 'cookieSet' => false,
361 'Block cookie is not yet set; there is a trackable block' => [
363 'cookieSet' => false,
364 'block' => $this->getTrackableBlock( $blockId ),
368 'Block cookie is not yet set; there is a composite block with a trackable block' => [
370 'cookieSet' => false,
371 'block' => new CompositeBlock( [
372 'originalBlocks' => [
374 $this->getTrackableBlock( $blockId ),
380 'Block cookie is not yet set; there is a composite block but no trackable block' => [
382 'cookieSet' => false,
383 'block' => new CompositeBlock( [
384 'originalBlocks' => [
395 private function getTrackableBlock( $blockId ) {
396 $block = $this->getMockBuilder( DatabaseBlock
::class )
397 ->setMethods( [ 'getType', 'getId' ] )
399 $block->method( 'getType' )
400 ->willReturn( DatabaseBlock
::TYPE_IP
);
401 $block->method( 'getId' )
402 ->willReturn( $blockId );
407 * @dataProvider provideSetBlockCookie
408 * @covers ::setBlockCookie
410 public function testSetBlockCookie( $expiryDelta, $expectedExpiryDelta ) {
411 $this->setMwGlobals( [
412 'wgCookiePrefix' => '',
415 $request = new FauxRequest();
416 $response = $request->response();
418 $blockManager = $this->getBlockManager( [
420 'wgCookieSetOnIpBlock' => true,
423 $now = wfTimestamp();
425 $block = new DatabaseBlock( [
426 'expiry' => $expiryDelta === '' ?
'' : $now +
$expiryDelta
428 $blockManager->setBlockCookie( $block, $response );
429 $cookies = $response->getCookies();
432 $now +
$expectedExpiryDelta,
433 $cookies['BlockID']['expire'],
435 60 // Allow actual to be up to 60 seconds later than expected
439 public static function provideSetBlockCookie() {
440 // Maximum length of a block cookie, defined in BlockManager::setBlockCookie
441 $maxExpiryDelta = ( 24 * 60 * 60 );
443 $longExpiryDelta = ( 48 * 60 * 60 );
444 $shortExpiryDelta = ( 12 * 60 * 60 );
447 'Block has indefinite expiry' => [
451 'Block expiry is later than maximum cookie block expiry' => [
455 'Block expiry is sooner than maximum cookie block expiry' => [
463 * @covers ::shouldTrackBlockWithCookie
465 public function testShouldTrackBlockWithCookieSystemBlock() {
466 $blockManager = TestingAccessWrapper
::newFromObject( $this->getBlockManager( [] ) );
467 $this->assertFalse( $blockManager->shouldTrackBlockWithCookie(
474 * @dataProvider provideShouldTrackBlockWithCookie
475 * @covers ::shouldTrackBlockWithCookie
477 public function testShouldTrackBlockWithCookie( $options, $expected ) {
478 $block = $this->getMockBuilder( DatabaseBlock
::class )
479 ->setMethods( [ 'getType', 'isAutoblocking' ] )
481 $block->method( 'getType' )
482 ->willReturn( $options['type'] );
483 if ( isset( $options['autoblocking'] ) ) {
484 $block->method( 'isAutoblocking' )
485 ->willReturn( $options['autoblocking'] );
488 $blockManager = TestingAccessWrapper
::newFromObject(
489 $this->getBlockManager( $options['blockManagerConfig'] )
494 $blockManager->shouldTrackBlockWithCookie( $block, $options['isAnon'] )
498 public static function provideShouldTrackBlockWithCookie() {
500 'IP block, anonymous user, IP block cookies enabled' => [
502 'type' => DatabaseBlock
::TYPE_IP
,
504 'blockManagerConfig' => [ 'wgCookieSetOnIpBlock' => true ],
508 'IP range block, anonymous user, IP block cookies enabled' => [
510 'type' => DatabaseBlock
::TYPE_RANGE
,
512 'blockManagerConfig' => [ 'wgCookieSetOnIpBlock' => true ],
516 'IP block, anonymous user, IP block cookies disabled' => [
518 'type' => DatabaseBlock
::TYPE_IP
,
520 'blockManagerConfig' => [ 'wgCookieSetOnIpBlock' => false ],
524 'IP block, logged in user, IP block cookies enabled' => [
526 'type' => DatabaseBlock
::TYPE_IP
,
528 'blockManagerConfig' => [ 'wgCookieSetOnIpBlock' => true ],
532 'User block, anonymous, autoblock cookies enabled, block is autoblocking' => [
534 'type' => DatabaseBlock
::TYPE_USER
,
536 'blockManagerConfig' => [ 'wgCookieSetOnAutoblock' => true ],
537 'autoblocking' => true,
541 'User block, logged in, autoblock cookies enabled, block is autoblocking' => [
543 'type' => DatabaseBlock
::TYPE_USER
,
545 'blockManagerConfig' => [ 'wgCookieSetOnAutoblock' => true ],
546 'autoblocking' => true,
550 'User block, logged in, autoblock cookies disabled, block is autoblocking' => [
552 'type' => DatabaseBlock
::TYPE_USER
,
554 'blockManagerConfig' => [ 'wgCookieSetOnAutoblock' => false ],
555 'autoblocking' => true,
559 'User block, logged in, autoblock cookies enabled, block is not autoblocking' => [
561 'type' => DatabaseBlock
::TYPE_USER
,
563 'blockManagerConfig' => [ 'wgCookieSetOnAutoblock' => true ],
564 'autoblocking' => false,
568 'Block type is autoblock' => [
570 'type' => DatabaseBlock
::TYPE_AUTO
,
572 'blockManagerConfig' => [],
580 * @covers ::clearBlockCookie
582 public function testClearBlockCookie() {
583 $this->setMwGlobals( [
584 'wgCookiePrefix' => '',
587 $request = new FauxRequest();
588 $response = $request->response();
589 $response->setCookie( 'BlockID', '100' );
590 $this->assertSame( '100', $response->getCookie( 'BlockID' ) );
592 BlockManager
::clearBlockCookie( $response );
593 $this->assertSame( '', $response->getCookie( 'BlockID' ) );
597 * @dataProvider provideGetIdFromCookieValue
598 * @covers ::getIdFromCookieValue
600 public function testGetIdFromCookieValue( $options, $expected ) {
601 $blockManager = $this->getBlockManager( [
602 'wgSecretKey' => $options['secretKey']
606 $blockManager->getIdFromCookieValue( $options['cookieValue'] )
610 public static function provideGetIdFromCookieValue() {
613 $hmac = MWCryptHash
::hmac( $blockId, $secretKey, false );
615 'No secret key is set' => [
618 'cookieValue' => $blockId,
619 'calculatedHmac' => MWCryptHash
::hmac( $blockId, '', false ),
623 'Secret key is set and stored hmac is correct' => [
625 'secretKey' => $secretKey,
626 'cookieValue' => $blockId . '!' . $hmac,
627 'calculatedHmac' => $hmac,
631 'Secret key is set and stored hmac is incorrect' => [
633 'secretKey' => $secretKey,
634 'cookieValue' => $blockId . '!xyz',
635 'calculatedHmac' => $hmac,
643 * @dataProvider provideGetCookieValue
644 * @covers ::getCookieValue
646 public function testGetCookieValue( $options, $expected ) {
647 $blockManager = $this->getBlockManager( [
648 'wgSecretKey' => $options['secretKey']
651 $block = $this->getMockBuilder( DatabaseBlock
::class )
652 ->setMethods( [ 'getId' ] )
654 $block->method( 'getId' )
655 ->willReturn( $options['blockId'] );
659 $blockManager->getCookieValue( $block )
663 public static function provideGetCookieValue() {
666 'Secret key not set' => [
669 'blockId' => $blockId,
670 'hmac' => MWCryptHash
::hmac( $blockId, '', false ),
674 'Secret key set' => [
676 'secretKey' => '123',
677 'blockId' => $blockId,
678 'hmac' => MWCryptHash
::hmac( $blockId, '123', false ),
680 $blockId . '!' . MWCryptHash
::hmac( $blockId, '123', false ) ],
687 public function testAllServiceOptionsUsed() {
688 $this->assertAllServiceOptionsUsed( [ 'ApplyIpBlocksToXff', 'SoftBlockRanges' ] );