diff options
| author | Reedy <reedy@wikimedia.org> | 2020-10-04 01:33:43 +0100 |
|---|---|---|
| committer | Reedy <reedy@wikimedia.org> | 2020-12-05 02:10:01 +0000 |
| commit | 76249a28d2cc665a0cc79da27ca1bc81dcdbdb66 (patch) | |
| tree | 6e92b12900096a5c328e072db2f7e6f40503e38e /tests/phpunit/includes/user/BotPasswordTest.php | |
| parent | 94790a79b95b703e964b4493237e6d846adc6076 (diff) | |
| download | mediawikicore-76249a28d2cc665a0cc79da27ca1bc81dcdbdb66.tar.gz mediawikicore-76249a28d2cc665a0cc79da27ca1bc81dcdbdb66.zip | |
Validate max length of bp_restrictions and bp_grants
Bug: T260631
Bug: T260633
Change-Id: Ifc35e01c711f1394f45748f693e7a46695b2d471
Diffstat (limited to 'tests/phpunit/includes/user/BotPasswordTest.php')
| -rw-r--r-- | tests/phpunit/includes/user/BotPasswordTest.php | 60 |
1 files changed, 54 insertions, 6 deletions
diff --git a/tests/phpunit/includes/user/BotPasswordTest.php b/tests/phpunit/includes/user/BotPasswordTest.php index d6a37b7d6aaa..002e5dfe4f9d 100644 --- a/tests/phpunit/includes/user/BotPasswordTest.php +++ b/tests/phpunit/includes/user/BotPasswordTest.php @@ -365,8 +365,9 @@ class BotPasswordTest extends MediaWikiIntegrationTestCase { ); $passwordHash = $password ? $passwordFactory->newFromPlaintext( $password ) : null; - $this->assertFalse( $bp->save( 'update', $passwordHash ) ); - $this->assertTrue( $bp->save( 'insert', $passwordHash ) ); + $this->assertFalse( $bp->save( 'update', $passwordHash )->isGood() ); + $this->assertTrue( $bp->save( 'insert', $passwordHash )->isGood() ); + $bp2 = BotPassword::newFromCentralId( 42, 'TestSave', BotPassword::READ_LATEST ); $this->assertInstanceOf( BotPassword::class, $bp2 ); $this->assertEquals( $bp->getUserCentralId(), $bp2->getUserCentralId() ); @@ -374,6 +375,7 @@ class BotPasswordTest extends MediaWikiIntegrationTestCase { $this->assertEquals( $bp->getToken(), $bp2->getToken() ); $this->assertEquals( $bp->getRestrictions(), $bp2->getRestrictions() ); $this->assertEquals( $bp->getGrants(), $bp2->getGrants() ); + /** @var Password $pw */ $pw = TestingAccessWrapper::newFromObject( $bp )->getPassword(); if ( $password === null ) { @@ -385,9 +387,10 @@ class BotPasswordTest extends MediaWikiIntegrationTestCase { $token = $bp->getToken(); $this->assertEquals( 42, $bp->getUserCentralId() ); $this->assertEquals( 'TestSave', $bp->getAppId() ); - $this->assertFalse( $bp->save( 'insert' ) ); - $this->assertTrue( $bp->save( 'update' ) ); + $this->assertFalse( $bp->save( 'insert' )->isGood() ); + $this->assertTrue( $bp->save( 'update' )->isGood() ); $this->assertNotEquals( $token, $bp->getToken() ); + $bp2 = BotPassword::newFromCentralId( 42, 'TestSave', BotPassword::READ_LATEST ); $this->assertInstanceOf( BotPassword::class, $bp2 ); $this->assertEquals( $bp->getToken(), $bp2->getToken() ); @@ -401,8 +404,9 @@ class BotPasswordTest extends MediaWikiIntegrationTestCase { $passwordHash = $passwordFactory->newFromPlaintext( 'XXX' ); $token = $bp->getToken(); - $this->assertTrue( $bp->save( 'update', $passwordHash ) ); + $this->assertTrue( $bp->save( 'update', $passwordHash )->isGood() ); $this->assertNotEquals( $token, $bp->getToken() ); + /** @var Password $pw */ $pw = TestingAccessWrapper::newFromObject( $bp )->getPassword(); $this->assertTrue( $pw->verify( 'XXX' ) ); @@ -411,7 +415,8 @@ class BotPasswordTest extends MediaWikiIntegrationTestCase { $this->assertFalse( $bp->isSaved() ); $this->assertNull( BotPassword::newFromCentralId( 42, 'TestSave', BotPassword::READ_LATEST ) ); - $this->assertFalse( $bp->save( 'foobar' ) ); + $this->expectException( UnexpectedValueException::class ); + $bp->save( 'foobar' )->isGood(); } public static function provideSave() { @@ -420,4 +425,47 @@ class BotPasswordTest extends MediaWikiIntegrationTestCase { [ 'foobar' ], ]; } + + /** + * Tests for error handling when bp_restrictions and bp_grants are too long + */ + public function testSaveValidation() { + $lotsOfIPs = [ + 'IPAddresses' => array_fill( + 0, + 5000, + "127.0.0.0/8" + ) + ]; + + $bp = BotPassword::newUnsaved( [ + 'centralId' => 42, + 'appId' => 'TestSave', + // When this becomes JSON, it'll be 70,017 characters, which is + // greater than BotPassword::GRANTS_MAXLENGTH, so it will cause an error. + 'restrictions' => MWRestrictions::newFromArray( $lotsOfIPs ), + 'grants' => [ + // Maximum length of the JSON is BotPassword::RESTRICTIONS_MAXLENGTH characters. + // So one long grant name should be good. Turning it into JSON will add + // a couple of extra characters, taking it over BotPassword::RESTRICTIONS_MAXLENGTH + // characters long, so it will cause an error. + str_repeat( '*', BotPassword::RESTRICTIONS_MAXLENGTH ) + ], + ] ); + + $status = $bp->save( 'insert' ); + + $this->assertFalse( $status->isGood() ); + $this->assertNotEmpty( $status->getErrors() ); + + $this->assertSame( + 'botpasswords-toolong-restrictions', + $status->getErrors()[0]['message'] + ); + + $this->assertSame( + 'botpasswords-toolong-grants', + $status->getErrors()[1]['message'] + ); + } } |