1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
|
<?php
use MediaWiki\Auth\AuthManager;
use MediaWiki\MediaWikiServices;
/**
* @covers AntiSpoofPreAuthenticationProvider
* @group Database
*/
class AntiSpoofPreAuthenticationProviderTest extends MediaWikiTestCase {
/**
* @dataProvider provideGetAuthenticationRequests
*/
public function testGetAuthenticationRequests( $action, $params, $username, $expectedReqs ) {
$this->setMwGlobals( 'wgAntiSpoofAccounts', false );
$provider = new AntiSpoofPreAuthenticationProvider( $params );
$provider->setManager( MediaWikiServices::getInstance()->getAuthManager() );
$reqs = $provider->getAuthenticationRequests( $action, [ 'username' => $username ] );
$this->assertEquals( $expectedReqs, $reqs );
}
public function provideGetAuthenticationRequests() {
return [
[ AuthManager::ACTION_LOGIN, [], null, [] ],
[ AuthManager::ACTION_CREATE, [], null, [] ],
[ AuthManager::ACTION_CREATE, [ 'antiSpoofAccounts' => true ], null, [] ],
[ AuthManager::ACTION_CREATE, [], 'UTSysop', [] ],
[ AuthManager::ACTION_CREATE, [ 'antiSpoofAccounts' => true ], 'UTSysop',
[ new AntiSpoofAuthenticationRequest() ] ],
[ AuthManager::ACTION_CHANGE, [], null, [] ],
[ AuthManager::ACTION_REMOVE, [], null, [] ],
];
}
/**
* @dataProvider provideTestForAccountCreation
*/
public function testTestForAccountCreation(
$enabled, $isLegal, $conflicts, $creator, $reqs, $error
) {
$provider = $this->getMockBuilder( AntiSpoofPreAuthenticationProvider::class )
->setConstructorArgs( [ [ 'antiSpoofAccounts' => $enabled ] ] )
->setMethods( [ 'getSpoofUser' ] )->getMock();
$spoofUser = $this->getMockBuilder( SpoofUser::class )
->disableOriginalConstructor()->getMock();
$provider->expects( $this->any() )->method( 'getSpoofUser' )->willReturn( $spoofUser );
/** @var $provider \MediaWiki\Auth\PreAuthenticationProvider */
$provider->setManager( MediaWikiServices::getInstance()->getAuthManager() );
$provider->setLogger( new \Psr\Log\NullLogger() );
$spoofUser->expects( $this->any() )->method( 'isLegal' )->willReturn( $isLegal );
$spoofUser->expects( $this->any() )->method( 'getErrorStatus' )
->willReturn( Status::newFatal( 'unittest' ) );
$spoofUser->expects( $this->any() )->method( 'getConflicts' )->willReturn( $conflicts );
/** @var StatusValue $status */
$status = $provider->testForAccountCreation( new User(), $creator, $reqs );
if ( $error ) {
$this->assertFalse( $status->isGood() );
$this->assertEquals( $error, Status::wrap( $status )->getMessage()->getKey() );
} else {
$this->assertTrue( $status->isGood() );
}
}
public function provideTestForAccountCreation() {
$user = new User();
$sysop = User::newFromName( 'UTSysop' );
$noSkip = new AntiSpoofAuthenticationRequest();
$skip = new AntiSpoofAuthenticationRequest();
$skip->ignoreAntiSpoof = true;
return [
// enabled, isLegal, conflicts, creator, reqs, error
'no spoofing' => [ true, true, [], $user, [], null ],
'illegal' => [ true, false, [], $user, [], 'antispoof-name-illegal' ],
'illegal, inactve' => [ false, false, [], $user, [], null ],
'illegal, sysop w/o skipping' => [ true, false, [], $sysop, [],
'antispoof-name-illegal' ],
'illegal, sysop w/o skipping #2' => [ true, false, [], $sysop, [ $noSkip ],
'antispoof-name-illegal' ],
'illegal, sysop skipping' => [ true, false, [], $sysop, [ $skip ], null ],
// this should never happen but is good for layered defense
'fake skipping' => [ true, false, [], $user, [ $skip ], 'antispoof-name-illegal' ],
'conflicts' => [ true, true, [ 'x' ], $user, [], '$1$2$3' ],
'conflicts w/ skipping' => [ true, true, [ 'x' ], $sysop, [ $skip ], null ],
'conflicts w/ fake skipping' => [ true, true, [ 'x' ], $user, [ $skip ], '$1$2$3' ],
'illegal takes priority' => [ true, false, [ 'x' ], $user, [], 'antispoof-name-illegal' ],
];
}
}
|