[Summary view] [Print] [Text view]

   1  <?php
   2  
   3  /**
   4   * These tests are designed to test the capacity of pluginauth to handle
   5   * correct escaping of colon field delimiters and backslashes in user content.
   6   *
   7   * (Note that these tests set some Real Names, etc. that are may not be
   8   * valid in the broader dokuwiki context, but the tests ensure that
   9   * authplain won't get unexpectedly surprised.)
  10   *
  11   * @group plugin_authplain
  12   * @group auth_plugins
  13   * @group plugins
  14   * @group bundled_plugins
  15   */
  16  class helper_plugin_authplain_escaping_test extends DokuWikiTest {
  17  
  18      protected $pluginsEnabled = array('authplainharness');
  19      /** @var  auth_plugin_authplain|auth_plugin_authplainharness */
  20      protected $auth;
  21  
  22      protected function reloadUsers() {
  23          /* auth caches data loaded from file, but recreated object forces reload */
  24          $this->auth = new auth_plugin_authplainharness();
  25      }
  26  
  27      function setUp() : void {
  28          global $config_cascade;
  29          parent::setUp();
  30          $name = $config_cascade['plainauth.users']['default'];
  31          copy($name, $name.".orig");
  32          $this->reloadUsers();
  33      }
  34  
  35      function tearDown() : void {
  36          global $config_cascade;
  37          parent::tearDown();
  38          $name = $config_cascade['plainauth.users']['default'];
  39          copy($name.".orig", $name);
  40      }
  41  
  42      public function testMediawikiPasswordHash() {
  43          global $conf;
  44          $conf['passcrypt'] = 'mediawiki';
  45          $this->auth->createUser("mwuser", "12345", "Mediawiki User", "me@example.com");
  46          $this->reloadUsers();
  47          $this->assertTrue($this->auth->checkPass("mwuser", "12345"));
  48          $mwuser = $this->auth->getUserData("mwuser");
  49          $this->assertStringStartsWith(":B:",$mwuser['pass']);
  50          $this->assertEquals("Mediawiki User",$mwuser['name']);
  51      }
  52  
  53      public function testNameWithColons() {
  54          $name = ":Colon: User:";
  55          $this->auth->createUser("colonuser", "password", $name, "me@example.com");
  56          $this->reloadUsers();
  57          $user = $this->auth->getUserData("colonuser");
  58          $this->assertEquals($name,$user['name']);
  59      }
  60  
  61      public function testNameWithBackslashes() {
  62          $name = "\\Slash\\ User\\";
  63          $this->auth->createUser("slashuser", "password", $name, "me@example.com");
  64          $this->reloadUsers();
  65          $user = $this->auth->getUserData("slashuser");
  66          $this->assertEquals($name,$user['name']);
  67      }
  68  
  69      public function testModifyUser() {
  70          global $conf;
  71          $conf['passcrypt'] = 'mediawiki';
  72          $user = $this->auth->getUserData("testuser");
  73          $user['name'] = "\\New:Crazy:Name\\";
  74          $user['pass'] = "awesome new password";
  75          $this->auth->modifyUser("testuser", $user);
  76          $this->reloadUsers();
  77  
  78          $saved = $this->auth->getUserData("testuser");
  79          $this->assertEquals($saved['name'], $user['name']);
  80          $this->assertTrue($this->auth->checkPass("testuser", $user['pass']));
  81      }
  82  
  83      // really only required for developers to ensure this plugin will
  84      // work with systems running on PCRE 6.6 and lower.
  85      public function testLineSplit(){
  86          $this->auth->setPregsplit_safe(false);
  87  
  88          $names = array(
  89            'plain',
  90            'ut-fठ8',
  91            'colon:',
  92            'backslash\\',
  93            'alltogether\\ठ:'
  94          );
  95          $userpass = 'user:password_hash:';
  96          $other_user_data = ':email@address:group1,group2';
  97  
  98          foreach ($names as $testname) {
  99              $escaped = str_replace(array('\\',':'),array('\\\\','\\:'),$testname);   // escape : & \
 100              $test_line = $userpass.$escaped.$other_user_data;
 101              $result = $this->auth->splitUserData($test_line);
 102  
 103              $this->assertEquals($escaped, $result[2]);
 104          }
 105      }
 106  
 107      /**
 108       * @see testCleaning
 109       */
 110      public function provideCleaning()
 111      {
 112          return [
 113              ['user', 'user'],
 114              ['USER', 'user'],
 115              [' USER ', 'user'],
 116              [' US ER ', 'us_er'],
 117              ['http://foo;bar', 'http_foo_bar'],
 118          ];
 119      }
 120  
 121      /**
 122       * @param string $input
 123       * @param string $expected
 124       * @dataProvider provideCleaning
 125       */
 126      public function testCleaning($input, $expected)
 127      {
 128          $this->assertEquals($expected, $this->auth->cleanUser($input));
 129          $this->assertEquals($expected, $this->auth->cleanGroup($input));
 130      }
 131  }
 132  
 133  /**
 134   * Class auth_plugin_authplainharness
 135   */
 136  class auth_plugin_authplainharness extends auth_plugin_authplain {
 137  
 138      /**
 139       * @param boolean $bool
 140       */
 141      public function setPregsplit_safe($bool) {
 142          $this->pregsplit_safe = $bool;
 143      }
 144  
 145      /**
 146       * @return bool|mixed
 147       */
 148      public function getPregsplit_safe(){
 149          return $this->pregsplit_safe;
 150      }
 151  
 152      /**
 153       * @param string $line
 154       * @return array
 155       */
 156      public function splitUserData($line){
 157          return parent::splitUserData($line);
 158      }
 159  }