[Summary view] [Print] [Text view]

   1  <?php
   2  
   3  /**
   4   * These tests are designed to test the capacity of pluginauth to handle
   5   * correct escaping of colon field delimiters and backslashes in user content.
   6   *
   7   * (Note that these tests set some Real Names, etc. that are may not be
   8   * valid in the broader dokuwiki context, but the tests ensure that
   9   * authplain won't get unexpectedly surprised.)
  10   *
  11   * @group plugin_authplain
  12   * @group auth_plugins
  13   * @group plugins
  14   * @group bundled_plugins
  15   */
  16  class helper_plugin_authplain_escaping_test extends DokuWikiTest {
  17  
  18      protected $pluginsEnabled = array('authplain');
  19      /** @var  auth_plugin_authplain */
  20      protected $auth;
  21  
  22      protected function reloadUsers() {
  23          /* auth caches data loaded from file, but recreated object forces reload */
  24          $this->auth = new auth_plugin_authplain();
  25      }
  26  
  27      function setUp() : void {
  28          global $config_cascade;
  29          parent::setUp();
  30          $name = $config_cascade['plainauth.users']['default'];
  31          copy($name, $name.".orig");
  32          $this->reloadUsers();
  33      }
  34  
  35      function tearDown() : void {
  36          global $config_cascade;
  37          parent::tearDown();
  38          $name = $config_cascade['plainauth.users']['default'];
  39          copy($name.".orig", $name);
  40      }
  41  
  42      public function testMediawikiPasswordHash() {
  43          global $conf;
  44          $conf['passcrypt'] = 'mediawiki';
  45          $this->auth->createUser("mwuser", "12345", "Mediawiki User", "me@example.com");
  46          $this->reloadUsers();
  47          $this->assertTrue($this->auth->checkPass("mwuser", "12345"));
  48          $mwuser = $this->auth->getUserData("mwuser");
  49          $this->assertStringStartsWith(":B:",$mwuser['pass']);
  50          $this->assertEquals("Mediawiki User",$mwuser['name']);
  51      }
  52  
  53      public function testNameWithColons() {
  54          $name = ":Colon: User:";
  55          $this->auth->createUser("colonuser", "password", $name, "me@example.com");
  56          $this->reloadUsers();
  57          $user = $this->auth->getUserData("colonuser");
  58          $this->assertEquals($name,$user['name']);
  59      }
  60  
  61      public function testNameWithBackslashes() {
  62          $name = "\\Slash\\ User\\";
  63          $this->auth->createUser("slashuser", "password", $name, "me@example.com");
  64          $this->reloadUsers();
  65          $user = $this->auth->getUserData("slashuser");
  66          $this->assertEquals($name,$user['name']);
  67      }
  68  
  69      public function testNameWithHash() {
  70          $name = "Hash # User";
  71          $this->auth->createUser("slashuser", "password", $name, "me@example.com");
  72          $this->reloadUsers();
  73          $user = $this->auth->getUserData("slashuser");
  74          $this->assertEquals($name,$user['name']);
  75      }
  76  
  77      public function testModifyUser() {
  78          global $conf;
  79          $conf['passcrypt'] = 'mediawiki';
  80          $user = $this->auth->getUserData("testuser");
  81          $user['name'] = "\\New:Crazy:Name\\";
  82          $user['pass'] = "awesome new password";
  83          $this->auth->modifyUser("testuser", $user);
  84          $this->reloadUsers();
  85  
  86          $saved = $this->auth->getUserData("testuser");
  87          $this->assertEquals($saved['name'], $user['name']);
  88          $this->assertTrue($this->auth->checkPass("testuser", $user['pass']));
  89      }
  90  
  91      // really only required for developers to ensure this plugin will
  92      // work with systems running on PCRE 6.6 and lower.
  93      public function testLineSplit(){
  94          $names = array(
  95            'plain',
  96            'ut-fठ8',
  97            'colon:',
  98            'backslash\\',
  99            'alltogether\\ठ:'
 100          );
 101          $userpass = 'user:password_hash:';
 102          $other_user_data = ':email@address:group1,group2';
 103  
 104          foreach ($names as $testname) {
 105              $escaped = str_replace(array('\\',':'),array('\\\\','\\:'),$testname);   // escape : & \
 106              $test_line = $userpass.$escaped.$other_user_data;
 107              $result = $this->callInaccessibleMethod($this->auth, 'splitUserData', [$test_line]);
 108  
 109              $this->assertEquals($escaped, $result[2]);
 110          }
 111      }
 112  
 113      /**
 114       * @see testCleaning
 115       */
 116      public function provideCleaning()
 117      {
 118          return [
 119              ['user', 'user'],
 120              ['USER', 'user'],
 121              [' USER ', 'user'],
 122              [' US ER ', 'us_er'],
 123              ['http://foo;bar', 'http_foo_bar'],
 124          ];
 125      }
 126  
 127      /**
 128       * @param string $input
 129       * @param string $expected
 130       * @dataProvider provideCleaning
 131       */
 132      public function testCleaning($input, $expected)
 133      {
 134          $this->assertEquals($expected, $this->auth->cleanUser($input));
 135          $this->assertEquals($expected, $this->auth->cleanGroup($input));
 136      }
 137  }