[Summary view] [Print] [Text view]

   1  <?php
   2  
   3  /**
   4   * These tests are designed to test the capacity of pluginauth to handle
   5   * correct escaping of colon field delimiters and backslashes in user content.
   6   *
   7   * (Note that these tests set some Real Names, etc. that are may not be
   8   * valid in the broader dokuwiki context, but the tests ensure that
   9   * authplain won't get unexpectedly surprised.)
  10   *
  11   * @group plugin_authplain
  12   * @group auth_plugins
  13   * @group plugins
  14   * @group bundled_plugins
  15   */
  16  class helper_plugin_authplain_escaping_test extends DokuWikiTest {
  17  
  18      protected $pluginsEnabled = array('authplain');
  19      /** @var  auth_plugin_authplain */
  20      protected $auth;
  21  
  22      protected function reloadUsers() {
  23          /* auth caches data loaded from file, but recreated object forces reload */
  24          $this->auth = new auth_plugin_authplain();
  25      }
  26  
  27      function setUp() : void {
  28          global $config_cascade;
  29          parent::setUp();
  30          $name = $config_cascade['plainauth.users']['default'];
  31          copy($name, $name.".orig");
  32          $this->reloadUsers();
  33      }
  34  
  35      function tearDown() : void {
  36          global $config_cascade;
  37          parent::tearDown();
  38          $name = $config_cascade['plainauth.users']['default'];
  39          copy($name.".orig", $name);
  40      }
  41  
  42      public function testMediawikiPasswordHash() {
  43          global $conf;
  44          $conf['passcrypt'] = 'mediawiki';
  45          $this->auth->createUser("mwuser", "12345", "Mediawiki User", "me@example.com");
  46          $this->reloadUsers();
  47          $this->assertTrue($this->auth->checkPass("mwuser", "12345"));
  48          $mwuser = $this->auth->getUserData("mwuser");
  49          $this->assertStringStartsWith(":B:",$mwuser['pass']);
  50          $this->assertEquals("Mediawiki User",$mwuser['name']);
  51      }
  52  
  53      public function testNameWithColons() {
  54          $name = ":Colon: User:";
  55          $this->auth->createUser("colonuser", "password", $name, "me@example.com");
  56          $this->reloadUsers();
  57          $user = $this->auth->getUserData("colonuser");
  58          $this->assertEquals($name,$user['name']);
  59      }
  60  
  61      public function testNameWithBackslashes() {
  62          $name = "\\Slash\\ User\\";
  63          $this->auth->createUser("slashuser", "password", $name, "me@example.com");
  64          $this->reloadUsers();
  65          $user = $this->auth->getUserData("slashuser");
  66          $this->assertEquals($name,$user['name']);
  67      }
  68  
  69      public function testModifyUser() {
  70          global $conf;
  71          $conf['passcrypt'] = 'mediawiki';
  72          $user = $this->auth->getUserData("testuser");
  73          $user['name'] = "\\New:Crazy:Name\\";
  74          $user['pass'] = "awesome new password";
  75          $this->auth->modifyUser("testuser", $user);
  76          $this->reloadUsers();
  77  
  78          $saved = $this->auth->getUserData("testuser");
  79          $this->assertEquals($saved['name'], $user['name']);
  80          $this->assertTrue($this->auth->checkPass("testuser", $user['pass']));
  81      }
  82  
  83      // really only required for developers to ensure this plugin will
  84      // work with systems running on PCRE 6.6 and lower.
  85      public function testLineSplit(){
  86          $names = array(
  87            'plain',
  88            'ut-fठ8',
  89            'colon:',
  90            'backslash\\',
  91            'alltogether\\ठ:'
  92          );
  93          $userpass = 'user:password_hash:';
  94          $other_user_data = ':email@address:group1,group2';
  95  
  96          foreach ($names as $testname) {
  97              $escaped = str_replace(array('\\',':'),array('\\\\','\\:'),$testname);   // escape : & \
  98              $test_line = $userpass.$escaped.$other_user_data;
  99              $result = $this->callInaccessibleMethod($this->auth, 'splitUserData', [$test_line]);
 100  
 101              $this->assertEquals($escaped, $result[2]);
 102          }
 103      }
 104  
 105      /**
 106       * @see testCleaning
 107       */
 108      public function provideCleaning()
 109      {
 110          return [
 111              ['user', 'user'],
 112              ['USER', 'user'],
 113              [' USER ', 'user'],
 114              [' US ER ', 'us_er'],
 115              ['http://foo;bar', 'http_foo_bar'],
 116          ];
 117      }
 118  
 119      /**
 120       * @param string $input
 121       * @param string $expected
 122       * @dataProvider provideCleaning
 123       */
 124      public function testCleaning($input, $expected)
 125      {
 126          $this->assertEquals($expected, $this->auth->cleanUser($input));
 127          $this->assertEquals($expected, $this->auth->cleanGroup($input));
 128      }
 129  }