From f95ecbbf8b1de8bc1270d3cf91dfdf055ea5c78c Mon Sep 17 00:00:00 2001
From: Angus Gratton <gus@projectgus.com>
Date: Tue, 1 Jul 2014 08:35:07 +1000
Subject: authplain: Escape ':' in any data field as '\:'
':' is the field delimiter in the authplain flat text
conf/users.auth.php file, but it's also used as an internal delimiter
for the 'mediawiki' password hash format. Currently using this hash
format corrupts the file
This change escapes ':' as '\:' in any field in the users.auth.php
file, and any '\' as '\\'.
Also adds test cases for escaping modes.
---
lib/plugins/authplain/_test/escaping.test.php | 82 +++++++++++++++++++++++++++
1 file changed, 82 insertions(+)
create mode 100644 lib/plugins/authplain/_test/escaping.test.php
(limited to 'lib/plugins/authplain/_test/escaping.test.php')
diff --git a/lib/plugins/authplain/_test/escaping.test.php b/lib/plugins/authplain/_test/escaping.test.php
new file mode 100644
index 000000000..cd5294157
--- /dev/null
+++ b/lib/plugins/authplain/_test/escaping.test.php
@@ -0,0 +1,82 @@
+<?php
+
+/**
+ * These tests are designed to test the capacity of pluginauth to handle
+ * correct escaping of colon field delimiters and backslashes in user content.
+ *
+ * (Note that these tests set some Real Names, etc. that are may not be
+ * valid in the broader dokuwiki context, but the tests ensure that
+ * authplain won't get unexpectedly surprised.)
+ *
+ * @group plugin_authplain
+ * @group plugins
+ */
+class helper_plugin_authplain_escaping_test extends DokuWikiTest {
+
+ protected $pluginsEnabled = array('authplain');
+ protected $auth;
+
+ protected function reloadUsers() {
+ /* auth caches data loaded from file, but recreated object forces reload */
+ $this->auth = new auth_plugin_authplain();
+ }
+
+ function setUp() {
+ global $config_cascade;
+ parent::setUp();
+ $name = $config_cascade['plainauth.users']['default'];
+ copy($name, $name.".orig");
+ $this->reloadUsers();
+ }
+
+ function tearDown() {
+ global $config_cascade;
+ parent::tearDown();
+ $name = $config_cascade['plainauth.users']['default'];
+ copy($name.".orig", $name);
+ }
+
+ public function testMediawikiPasswordHash() {
+ global $conf;
+ $conf['passcrypt'] = 'mediawiki';
+ $this->auth->createUser("mwuser", "12345", "Mediawiki User", "me@example.com");
+ $this->reloadUsers();
+ $this->assertTrue($this->auth->checkPass("mwuser", "12345"));
+ $mwuser = $this->auth->getUserData("mwuser");
+ $this->assertStringStartsWith(":B:",$mwuser['pass']);
+ $this->assertEquals("Mediawiki User",$mwuser['name']);
+ }
+
+ public function testNameWithColons() {
+ $name = ":Colon: User:";
+ $this->auth->createUser("colonuser", "password", $name, "me@example.com");
+ $this->reloadUsers();
+ $user = $this->auth->getUserData("colonuser");
+ $this->assertEquals($name,$user['name']);
+ }
+
+ public function testNameWithBackslashes() {
+ $name = "\\Slash\\ User\\";
+ $this->auth->createUser("slashuser", "password", $name, "me@example.com");
+ $this->reloadUsers();
+ $user = $this->auth->getUserData("slashuser");
+ $this->assertEquals($name,$user['name']);
+ }
+
+ public function testModifyUser() {
+ global $conf;
+ $conf['passcrypt'] = 'mediawiki';
+ $user = $this->auth->getUserData("testuser");
+ $user['name'] = "\\New:Crazy:Name\\";
+ $user['pass'] = "awesome new password";
+ $this->auth->modifyUser("testuser", $user);
+ $this->reloadUsers();
+
+ $saved = $this->auth->getUserData("testuser");
+ $this->assertEquals($saved['name'], $user['name']);
+ $this->assertTrue($this->auth->checkPass("testuser", $user['pass']));
+ }
+
+}
+
+?>
\ No newline at end of file
--
cgit v1.2.3