1.29.0/php/UserPasswordPolicyTest_8php_source.html

<?php

class UserPasswordPolicyTest extends MediaWikiTestCase {


    protected $policies = [

        'checkuser' => [

            'MinimalPasswordLength' => 10,

            'MinimumPasswordLengthToLogin' => 6,

            'PasswordCannotMatchUsername' => true,

        ],

        'sysop' => [

            'MinimalPasswordLength' => 8,

            'MinimumPasswordLengthToLogin' => 1,

            'PasswordCannotMatchUsername' => true,

        ],

        'default' => [

            'MinimalPasswordLength' => 4,

            'MinimumPasswordLengthToLogin' => 1,

            'PasswordCannotMatchBlacklist' => true,

            'MaximalPasswordLength' => 4096,

        ],

    ];


    protected $checks = [

        'MinimalPasswordLength' => 'PasswordPolicyChecks::checkMinimalPasswordLength',

        'MinimumPasswordLengthToLogin' => 'PasswordPolicyChecks::checkMinimumPasswordLengthToLogin',

        'PasswordCannotMatchUsername' => 'PasswordPolicyChecks::checkPasswordCannotMatchUsername',

        'PasswordCannotMatchBlacklist' => 'PasswordPolicyChecks::checkPasswordCannotMatchBlacklist',

        'MaximalPasswordLength' => 'PasswordPolicyChecks::checkMaximalPasswordLength',

    ];


    private function getUserPasswordPolicy() {

        return new UserPasswordPolicy( $this->policies, $this->checks );

    }


    public function testGetPoliciesForUser() {


        $upp = $this->getUserPasswordPolicy();


        $user = User::newFromName( 'TestUserPolicy' );

        $user->addToDatabase();

        $user->addGroup( 'sysop' );


        $this->assertArrayEquals(

            [

                'MinimalPasswordLength' => 8,

                'MinimumPasswordLengthToLogin' => 1,

                'PasswordCannotMatchUsername' => 1,

                'PasswordCannotMatchBlacklist' => true,

                'MaximalPasswordLength' => 4096,

            ],

            $upp->getPoliciesForUser( $user )

        );

    }


    public function testGetPoliciesForGroups() {

        $effective = UserPasswordPolicy::getPoliciesForGroups(

            $this->policies,

            [ 'user', 'checkuser' ],

            $this->policies['default']

        );


        $this->assertArrayEquals(

            [

                'MinimalPasswordLength' => 10,

                'MinimumPasswordLengthToLogin' => 6,

                'PasswordCannotMatchUsername' => true,

                'PasswordCannotMatchBlacklist' => true,

                'MaximalPasswordLength' => 4096,

            ],

            $effective

        );

    }


    public function testCheckUserPassword( $username, $groups, $password, $valid, $ok, $msg ) {


        $upp = $this->getUserPasswordPolicy();


        $user = User::newFromName( $username );

        $user->addToDatabase();

        foreach ( $groups as $group ) {

            $user->addGroup( $group );

        }


        $status = $upp->checkUserPassword( $user, $password );

        $this->assertSame( $valid, $status->isGood(), $msg . ' - password valid' );

        $this->assertSame( $ok, $status->isOK(), $msg . ' - can login' );

    }


    public function provideCheckUserPassword() {

        return [

            [

                'PassPolicyUser',

                [],

                '',

                false,

                false,

                'No groups, default policy, password too short to login'

            ],

            [

                'PassPolicyUser',

                [ 'user' ],

                'aaa',

                false,

                true,

                'Default policy, short password'

            ],

            [

                'PassPolicyUser',

                [ 'sysop' ],

                'abcdabcdabcd',

                true,

                true,

                'Sysop with good password'

            ],

            [

                'PassPolicyUser',

                [ 'sysop' ],

                'abcd',

                false,

                true,

                'Sysop with short password'

            ],

            [

                'PassPolicyUser',

                [ 'sysop', 'checkuser' ],

                'abcdabcd',

                false,

                true,

                'Checkuser with short password'

            ],

            [

                'PassPolicyUser',

                [ 'sysop', 'checkuser' ],

                'abcd',

                false,

                false,

                'Checkuser with too short password to login'

            ],

            [

                'Useruser',

                [ 'user' ],

                'Passpass',

                false,

                true,

                'Username & password on blacklist'

            ],

        ];

    }


    public function testMaxOfPolicies( $p1, $p2, $max, $msg ) {

        $this->assertArrayEquals(

            $max,

            UserPasswordPolicy::maxOfPolicies( $p1, $p2 ),

            $msg

        );

    }


    public function provideMaxOfPolicies() {

        return [

            [

                [ 'MinimalPasswordLength' => 8 ], // p1

                [ 'MinimalPasswordLength' => 2 ], // p2

                [ 'MinimalPasswordLength' => 8 ], // max

                'Basic max in p1'

            ],

            [

                [ 'MinimalPasswordLength' => 2 ], // p1

                [ 'MinimalPasswordLength' => 8 ], // p2

                [ 'MinimalPasswordLength' => 8 ], // max

                'Basic max in p2'

            ],

            [

                [ 'MinimalPasswordLength' => 8 ], // p1

                [

                    'MinimalPasswordLength' => 2,

                    'PasswordCannotMatchUsername' => 1,

                ], // p2

                [

                    'MinimalPasswordLength' => 8,

                    'PasswordCannotMatchUsername' => 1,

                ], // max

                'Missing items in p1'

            ],

            [

                [

                    'MinimalPasswordLength' => 8,

                    'PasswordCannotMatchUsername' => 1,

                ], // p1

                [

                    'MinimalPasswordLength' => 2,

                ], // p2

                [

                    'MinimalPasswordLength' => 8,

                    'PasswordCannotMatchUsername' => 1,

                ], // max

                'Missing items in p2'

            ],

        ];

    }


}