* Test result of attempted login with an empty username
*/
public function testApiLoginNoName() {
+ $session = array(
+ 'wsLoginToken' => 'foobar'
+ );
$data = $this->doApiRequest( array( 'action' => 'login',
'lgname' => '', 'lgpassword' => self::$users['sysop']->password,
- ) );
+ 'lgtoken' => 'foobar',
+ ), $session );
$this->assertEquals( 'NoName', $data[0]['login']['result'] );
}
$this->assertArrayHasKey( 'lgtoken', $data[0]['login'] );
}
+ public function testBotPassword() {
+ global $wgServer, $wgSessionProviders;
+
+ if ( !isset( $wgServer ) ) {
+ $this->markTestIncomplete( 'This test needs $wgServer to be set in LocalSettings.php' );
+ }
+
+ $this->setMwGlobals( array(
+ 'wgSessionProviders' => array_merge( $wgSessionProviders, array(
+ array(
+ 'class' => 'MediaWiki\\Session\\BotPasswordSessionProvider',
+ 'args' => array( array( 'priority' => 40 ) ),
+ )
+ ) ),
+ 'wgEnableBotPasswords' => true,
+ 'wgBotPasswordsDatabase' => false,
+ 'wgCentralIdLookupProvider' => 'local',
+ 'wgGrantPermissions' => array(
+ 'test' => array( 'read' => true ),
+ ),
+ ) );
+
+ // Make sure our session provider is present
+ $manager = TestingAccessWrapper::newFromObject( MediaWiki\Session\SessionManager::singleton() );
+ if ( !isset( $manager->sessionProviders['MediaWiki\\Session\\BotPasswordSessionProvider'] ) ) {
+ $tmp = $manager->sessionProviders;
+ $manager->sessionProviders = null;
+ $manager->sessionProviders = $tmp + $manager->getProviders();
+ }
+ $this->assertNotNull(
+ MediaWiki\Session\SessionManager::singleton()->getProvider(
+ 'MediaWiki\\Session\\BotPasswordSessionProvider'
+ ),
+ 'sanity check'
+ );
+
+ $user = self::$users['sysop'];
+ $centralId = CentralIdLookup::factory()->centralIdFromLocalUser( $user->getUser() );
+ $this->assertNotEquals( 0, $centralId, 'sanity check' );
+
+ $passwordFactory = new PasswordFactory();
+ $passwordFactory->init( RequestContext::getMain()->getConfig() );
+ // A is unsalted MD5 (thus fast) ... we don't care about security here, this is test only
+ $passwordFactory->setDefaultType( 'A' );
+ $pwhash = $passwordFactory->newFromPlaintext( 'foobaz' );
+
+ $dbw = wfGetDB( DB_MASTER );
+ $dbw->insert(
+ 'bot_passwords',
+ array(
+ 'bp_user' => $centralId,
+ 'bp_app_id' => 'foo',
+ 'bp_password' => $pwhash->toString(),
+ 'bp_token' => '',
+ 'bp_restrictions' => MWRestrictions::newDefault()->toJson(),
+ 'bp_grants' => '["test"]',
+ ),
+ __METHOD__
+ );
+
+ $lgName = $user->username . BotPassword::getSeparator() . 'foo';
+
+ $ret = $this->doApiRequest( array(
+ 'action' => 'login',
+ 'lgname' => $lgName,
+ 'lgpassword' => 'foobaz',
+ ) );
+
+ $result = $ret[0];
+ $this->assertNotInternalType( 'bool', $result );
+ $this->assertNotInternalType( 'null', $result['login'] );
+
+ $a = $result['login']['result'];
+ $this->assertEquals( 'NeedToken', $a );
+ $token = $result['login']['token'];
+
+ $ret = $this->doApiRequest( array(
+ 'action' => 'login',
+ 'lgtoken' => $token,
+ 'lgname' => $lgName,
+ 'lgpassword' => 'foobaz',
+ ), $ret[2] );
+
+ $result = $ret[0];
+ $this->assertNotInternalType( 'bool', $result );
+ $a = $result['login']['result'];
+
+ $this->assertEquals( 'Success', $a );
+ }
+
}
dépôts / lhc / web / wiklou.git / blobdiff