1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
|
<?php
/**
* These tests are designed to test the capacity of pluginauth to handle
* correct escaping of colon field delimiters and backslashes in user content.
*
* (Note that these tests set some Real Names, etc. that are may not be
* valid in the broader dokuwiki context, but the tests ensure that
* authplain won't get unexpectedly surprised.)
*
* @group plugin_authplain
* @group plugins
*/
class helper_plugin_authplain_escaping_test extends DokuWikiTest {
protected $pluginsEnabled = array('authplainharness');
/** @var auth_plugin_authplain|auth_plugin_authplainharness */
protected $auth;
protected function reloadUsers() {
/* auth caches data loaded from file, but recreated object forces reload */
$this->auth = new auth_plugin_authplainharness();
}
function setUp() {
global $config_cascade;
parent::setUp();
$name = $config_cascade['plainauth.users']['default'];
copy($name, $name.".orig");
$this->reloadUsers();
}
function tearDown() {
global $config_cascade;
parent::tearDown();
$name = $config_cascade['plainauth.users']['default'];
copy($name.".orig", $name);
}
public function testMediawikiPasswordHash() {
global $conf;
$conf['passcrypt'] = 'mediawiki';
$this->auth->createUser("mwuser", "12345", "Mediawiki User", "me@example.com");
$this->reloadUsers();
$this->assertTrue($this->auth->checkPass("mwuser", "12345"));
$mwuser = $this->auth->getUserData("mwuser");
$this->assertStringStartsWith(":B:",$mwuser['pass']);
$this->assertEquals("Mediawiki User",$mwuser['name']);
}
public function testNameWithColons() {
$name = ":Colon: User:";
$this->auth->createUser("colonuser", "password", $name, "me@example.com");
$this->reloadUsers();
$user = $this->auth->getUserData("colonuser");
$this->assertEquals($name,$user['name']);
}
public function testNameWithBackslashes() {
$name = "\\Slash\\ User\\";
$this->auth->createUser("slashuser", "password", $name, "me@example.com");
$this->reloadUsers();
$user = $this->auth->getUserData("slashuser");
$this->assertEquals($name,$user['name']);
}
public function testModifyUser() {
global $conf;
$conf['passcrypt'] = 'mediawiki';
$user = $this->auth->getUserData("testuser");
$user['name'] = "\\New:Crazy:Name\\";
$user['pass'] = "awesome new password";
$this->auth->modifyUser("testuser", $user);
$this->reloadUsers();
$saved = $this->auth->getUserData("testuser");
$this->assertEquals($saved['name'], $user['name']);
$this->assertTrue($this->auth->checkPass("testuser", $user['pass']));
}
// really only required for developers to ensure this plugin will
// work with systems running on PCRE 6.6 and lower.
public function testLineSplit(){
$this->auth->setPregsplit_safe(false);
$names = array(
'plain',
'ut-fठ8',
'colon:',
'backslash\\',
'alltogether\\ठ:'
);
$userpass = 'user:password_hash:';
$other_user_data = ':email@address:group1,group2';
foreach ($names as $testname) {
$escaped = str_replace(array('\\',':'),array('\\\\','\\:'),$testname); // escape : & \
$test_line = $userpass.$escaped.$other_user_data;
$result = $this->auth->splitUserData($test_line);
$this->assertEquals($escaped, $result[2]);
}
}
}
class auth_plugin_authplainharness extends auth_plugin_authplain {
public function setPregsplit_safe($bool) {
$this->_pregsplit_safe = $bool;
}
public function getPregsplit_safe(){
return $this->_pregsplit_safe;
}
public function splitUserData($line){
return $this->_splitUserData($line);
}
}
|