tests/phpunit/includes/password/PasswordPolicyChecksTest.php

   1 <?php
   2 /**
   3  * Testing password-policy check functions
   4  *
   5  * This program is free software; you can redistribute it and/or modify
   6  * it under the terms of the GNU General Public License as published by
   7  * the Free Software Foundation; either version 2 of the License, or
   8  * (at your option) any later version.
   9  *
  10  * This program is distributed in the hope that it will be useful,
  11  * but WITHOUT ANY WARRANTY; without even the implied warranty of
  12  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
  13  * GNU General Public License for more details.
  14  *
  15  * You should have received a copy of the GNU General Public License along
  16  * with this program; if not, write to the Free Software Foundation, Inc.,
  17  * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
  18  * http://www.gnu.org/copyleft/gpl.html
  19  *
  20  * @file
  21  */
  22
  23 class PasswordPolicyChecksTest extends MediaWikiTestCase {
  24
  25         /**
  26          * @covers PasswordPolicyChecks::checkMinimalPasswordLength
  27          */
  28         public function testCheckMinimalPasswordLength() {
  29                 $statusOK = PasswordPolicyChecks::checkMinimalPasswordLength(
  30                         3, // policy value
  31                         User::newFromName( 'user' ), // User
  32                         'password'  // password
  33                 );
  34                 $this->assertTrue( $statusOK->isGood(), 'Password is longer than minimal policy' );
  35                 $statusShort = PasswordPolicyChecks::checkMinimalPasswordLength(
  36                         10, // policy value
  37                         User::newFromName( 'user' ), // User
  38                         'password'  // password
  39                 );
  40                 $this->assertFalse(
  41                         $statusShort->isGood(),
  42                         'Password is shorter than minimal policy'
  43                 );
  44                 $this->assertTrue(
  45                         $statusShort->isOK(),
  46                         'Password is shorter than minimal policy, not fatal'
  47                 );
  48         }
  49
  50         /**
  51          * @covers PasswordPolicyChecks::checkMinimumPasswordLengthToLogin
  52          */
  53         public function testCheckMinimumPasswordLengthToLogin() {
  54                 $statusOK = PasswordPolicyChecks::checkMinimumPasswordLengthToLogin(
  55                         3, // policy value
  56                         User::newFromName( 'user' ), // User
  57                         'password'  // password
  58                 );
  59                 $this->assertTrue( $statusOK->isGood(), 'Password is longer than minimal policy' );
  60                 $statusShort = PasswordPolicyChecks::checkMinimumPasswordLengthToLogin(
  61                         10, // policy value
  62                         User::newFromName( 'user' ), // User
  63                         'password'  // password
  64                 );
  65                 $this->assertFalse(
  66                         $statusShort->isGood(),
  67                         'Password is shorter than minimum login policy'
  68                 );
  69                 $this->assertFalse(
  70                         $statusShort->isOK(),
  71                         'Password is shorter than minimum login policy, fatal'
  72                 );
  73         }
  74
  75         /**
  76          * @covers PasswordPolicyChecks::checkMaximalPasswordLength
  77          */
  78         public function testCheckMaximalPasswordLength() {
  79                 $statusOK = PasswordPolicyChecks::checkMaximalPasswordLength(
  80                         100, // policy value
  81                         User::newFromName( 'user' ), // User
  82                         'password'  // password
  83                 );
  84                 $this->assertTrue( $statusOK->isGood(), 'Password is shorter than maximal policy' );
  85                 $statusLong = PasswordPolicyChecks::checkMaximalPasswordLength(
  86                         4, // policy value
  87                         User::newFromName( 'user' ), // User
  88                         'password'  // password
  89                 );
  90                 $this->assertFalse( $statusLong->isGood(),
  91                         'Password is longer than maximal policy'
  92                 );
  93                 $this->assertFalse( $statusLong->isOK(),
  94                         'Password is longer than maximal policy, fatal'
  95                 );
  96         }
  97
  98         /**
  99          * @covers PasswordPolicyChecks::checkPasswordCannotMatchUsername
 100          */
 101         public function testCheckPasswordCannotMatchUsername() {
 102                 $statusOK = PasswordPolicyChecks::checkPasswordCannotMatchUsername(
 103                         1, // policy value
 104                         User::newFromName( 'user' ), // User
 105                         'password'  // password
 106                 );
 107                 $this->assertTrue( $statusOK->isGood(), 'Password does not match username' );
 108                 $statusLong = PasswordPolicyChecks::checkPasswordCannotMatchUsername(
 109                         1, // policy value
 110                         User::newFromName( 'user' ), // User
 111                         'user'  // password
 112                 );
 113                 $this->assertFalse( $statusLong->isGood(), 'Password matches username' );
 114                 $this->assertTrue( $statusLong->isOK(), 'Password matches username, not fatal' );
 115         }
 116
 117         /**
 118          * @covers PasswordPolicyChecks::checkPasswordCannotMatchBlacklist
 119          */
 120         public function testCheckPasswordCannotMatchBlacklist() {
 121                 $statusOK = PasswordPolicyChecks::checkPasswordCannotMatchBlacklist(
 122                         true, // policy value
 123                         User::newFromName( 'Username' ), // User
 124                         'AUniquePassword'  // password
 125                 );
 126                 $this->assertTrue( $statusOK->isGood(), 'Password is not on blacklist' );
 127                 $statusLong = PasswordPolicyChecks::checkPasswordCannotMatchBlacklist(
 128                         true, // policy value
 129                         User::newFromName( 'Useruser1' ), // User
 130                         'Passpass1'  // password
 131                 );
 132                 $this->assertFalse( $statusLong->isGood(), 'Password matches blacklist' );
 133                 $this->assertTrue( $statusLong->isOK(), 'Password matches blacklist, not fatal' );
 134         }
 135
 136         public static function providePopularBlacklist() {
 137                 return [
 138                         [ false, 'sitename' ],
 139                         [ false, 'password' ],
 140                         [ false, '12345' ],
 141                         [ true, 'hqY98gCZ6qM8s8' ],
 142                 ];
 143         }
 144
 145         /**
 146          * @covers PasswordPolicyChecks::checkPopularPasswordBlacklist
 147          * @dataProvider providePopularBlacklist
 148          */
 149         public function testCheckPopularPasswordBlacklist( $expected, $password ) {
 150                 global $IP;
 151                 $this->setMwGlobals( [
 152                         'wgSitename' => 'sitename',
 153                         'wgPopularPasswordFile' => "$IP/serialized/commonpasswords.cdb"
 154                 ] );
 155                 $user = User::newFromName( 'username' );
 156                 $status = PasswordPolicyChecks::checkPopularPasswordBlacklist( PHP_INT_MAX, $user, $password );
 157                 $this->assertSame( $expected, $status->isGood() );
 158         }
 159 }