3 * Testing for password-policy enforcement, based on a user's groups.
5 * This program is free software; you can redistribute it and/or modify
6 * it under the terms of the GNU General Public License as published by
7 * the Free Software Foundation; either version 2 of the License, or
8 * (at your option) any later version.
10 * This program is distributed in the hope that it will be useful,
11 * but WITHOUT ANY WARRANTY; without even the implied warranty of
12 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
13 * GNU General Public License for more details.
15 * You should have received a copy of the GNU General Public License along
16 * with this program; if not, write to the Free Software Foundation, Inc.,
17 * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
18 * http://www.gnu.org/copyleft/gpl.html
25 * @covers UserPasswordPolicy
27 class UserPasswordPolicyTest
extends MediaWikiTestCase
{
29 protected $policies = [
31 'MinimalPasswordLength' => 10,
32 'MinimumPasswordLengthToLogin' => 6,
33 'PasswordCannotMatchUsername' => true,
36 'MinimalPasswordLength' => 8,
37 'MinimumPasswordLengthToLogin' => 1,
38 'PasswordCannotMatchUsername' => true,
41 'MinimalPasswordLength' => 4,
42 'MinimumPasswordLengthToLogin' => 1,
43 'PasswordCannotMatchBlacklist' => true,
44 'MaximalPasswordLength' => 4096,
49 'MinimalPasswordLength' => 'PasswordPolicyChecks::checkMinimalPasswordLength',
50 'MinimumPasswordLengthToLogin' => 'PasswordPolicyChecks::checkMinimumPasswordLengthToLogin',
51 'PasswordCannotMatchUsername' => 'PasswordPolicyChecks::checkPasswordCannotMatchUsername',
52 'PasswordCannotMatchBlacklist' => 'PasswordPolicyChecks::checkPasswordCannotMatchBlacklist',
53 'MaximalPasswordLength' => 'PasswordPolicyChecks::checkMaximalPasswordLength',
56 private function getUserPasswordPolicy() {
57 return new UserPasswordPolicy( $this->policies
, $this->checks
);
60 public function testGetPoliciesForUser() {
62 $upp = $this->getUserPasswordPolicy();
64 $user = User
::newFromName( 'TestUserPolicy' );
65 $user->addToDatabase();
66 $user->addGroup( 'sysop' );
68 $this->assertArrayEquals(
70 'MinimalPasswordLength' => 8,
71 'MinimumPasswordLengthToLogin' => 1,
72 'PasswordCannotMatchUsername' => 1,
73 'PasswordCannotMatchBlacklist' => true,
74 'MaximalPasswordLength' => 4096,
76 $upp->getPoliciesForUser( $user )
80 public function testGetPoliciesForGroups() {
81 $effective = UserPasswordPolicy
::getPoliciesForGroups(
83 [ 'user', 'checkuser' ],
84 $this->policies
['default']
87 $this->assertArrayEquals(
89 'MinimalPasswordLength' => 10,
90 'MinimumPasswordLengthToLogin' => 6,
91 'PasswordCannotMatchUsername' => true,
92 'PasswordCannotMatchBlacklist' => true,
93 'MaximalPasswordLength' => 4096,
100 * @dataProvider provideCheckUserPassword
102 public function testCheckUserPassword( $username, $groups, $password, $valid, $ok, $msg ) {
104 $upp = $this->getUserPasswordPolicy();
106 $user = User
::newFromName( $username );
107 $user->addToDatabase();
108 foreach ( $groups as $group ) {
109 $user->addGroup( $group );
112 $status = $upp->checkUserPassword( $user, $password );
113 $this->assertSame( $valid, $status->isGood(), $msg . ' - password valid' );
114 $this->assertSame( $ok, $status->isOK(), $msg . ' - can login' );
117 public function provideCheckUserPassword() {
125 'No groups, default policy, password too short to login'
133 'Default policy, short password'
141 'Sysop with good password'
149 'Sysop with short password'
153 [ 'sysop', 'checkuser' ],
157 'Checkuser with short password'
161 [ 'sysop', 'checkuser' ],
165 'Checkuser with too short password to login'
173 'Username & password on blacklist'
179 * @dataProvider provideMaxOfPolicies
181 public function testMaxOfPolicies( $p1, $p2, $max, $msg ) {
182 $this->assertArrayEquals(
184 UserPasswordPolicy
::maxOfPolicies( $p1, $p2 ),
189 public function provideMaxOfPolicies() {
192 [ 'MinimalPasswordLength' => 8 ], // p1
193 [ 'MinimalPasswordLength' => 2 ], // p2
194 [ 'MinimalPasswordLength' => 8 ], // max
198 [ 'MinimalPasswordLength' => 2 ], // p1
199 [ 'MinimalPasswordLength' => 8 ], // p2
200 [ 'MinimalPasswordLength' => 8 ], // max
204 [ 'MinimalPasswordLength' => 8 ], // p1
206 'MinimalPasswordLength' => 2,
207 'PasswordCannotMatchUsername' => 1,
210 'MinimalPasswordLength' => 8,
211 'PasswordCannotMatchUsername' => 1,
213 'Missing items in p1'
217 'MinimalPasswordLength' => 8,
218 'PasswordCannotMatchUsername' => 1,
221 'MinimalPasswordLength' => 2,
224 'MinimalPasswordLength' => 8,
225 'PasswordCannotMatchUsername' => 1,
227 'Missing items in p2'