xref: /dokuwiki/lib/plugins/authplain/_test/escaping.test.php (revision b346670ea2385f3ee7ea5e77ba74a02541a73dda) 
1f95ecbbfSAngus Gratton<?php
2f95ecbbfSAngus Gratton
3f95ecbbfSAngus Gratton/**
4f95ecbbfSAngus Gratton * These tests are designed to test the capacity of pluginauth to handle
5f95ecbbfSAngus Gratton * correct escaping of colon field delimiters and backslashes in user content.
6f95ecbbfSAngus Gratton *
7f95ecbbfSAngus Gratton * (Note that these tests set some Real Names, etc. that are may not be
8f95ecbbfSAngus Gratton * valid in the broader dokuwiki context, but the tests ensure that
9f95ecbbfSAngus Gratton * authplain won't get unexpectedly surprised.)
10f95ecbbfSAngus Gratton *
11f95ecbbfSAngus Gratton * @group plugin_authplain
12f8095446SChristopher Smith * @group auth_plugins
13f95ecbbfSAngus Gratton * @group plugins
14f8095446SChristopher Smith * @group bundled_plugins
15f95ecbbfSAngus Gratton */
16f95ecbbfSAngus Grattonclass helper_plugin_authplain_escaping_test extends DokuWikiTest {
17f95ecbbfSAngus Gratton
1893497020SAndreas Gohr    protected $pluginsEnabled = array('authplain');
1993497020SAndreas Gohr    /** @var  auth_plugin_authplain */
20f95ecbbfSAngus Gratton    protected $auth;
21f95ecbbfSAngus Gratton
22f95ecbbfSAngus Gratton    protected function reloadUsers() {
23f95ecbbfSAngus Gratton        /* auth caches data loaded from file, but recreated object forces reload */
2493497020SAndreas Gohr        $this->auth = new auth_plugin_authplain();
25f95ecbbfSAngus Gratton    }
26f95ecbbfSAngus Gratton
271c33cec3SAndreas Gohr    function setUp() : void {
28f95ecbbfSAngus Gratton        global $config_cascade;
29f95ecbbfSAngus Gratton        parent::setUp();
30f95ecbbfSAngus Gratton        $name = $config_cascade['plainauth.users']['default'];
31f95ecbbfSAngus Gratton        copy($name, $name.".orig");
32f95ecbbfSAngus Gratton        $this->reloadUsers();
33f95ecbbfSAngus Gratton    }
34f95ecbbfSAngus Gratton
351c33cec3SAndreas Gohr    function tearDown() : void {
36f95ecbbfSAngus Gratton        global $config_cascade;
37f95ecbbfSAngus Gratton        parent::tearDown();
38f95ecbbfSAngus Gratton        $name = $config_cascade['plainauth.users']['default'];
39f95ecbbfSAngus Gratton        copy($name.".orig", $name);
40f95ecbbfSAngus Gratton    }
41f95ecbbfSAngus Gratton
42f95ecbbfSAngus Gratton    public function testMediawikiPasswordHash() {
43f95ecbbfSAngus Gratton        global $conf;
44f95ecbbfSAngus Gratton        $conf['passcrypt'] = 'mediawiki';
45f95ecbbfSAngus Gratton        $this->auth->createUser("mwuser", "12345", "Mediawiki User", "me@example.com");
46f95ecbbfSAngus Gratton        $this->reloadUsers();
47f95ecbbfSAngus Gratton        $this->assertTrue($this->auth->checkPass("mwuser", "12345"));
48f95ecbbfSAngus Gratton        $mwuser = $this->auth->getUserData("mwuser");
49f95ecbbfSAngus Gratton        $this->assertStringStartsWith(":B:",$mwuser['pass']);
50f95ecbbfSAngus Gratton        $this->assertEquals("Mediawiki User",$mwuser['name']);
51f95ecbbfSAngus Gratton    }
52f95ecbbfSAngus Gratton
53f95ecbbfSAngus Gratton    public function testNameWithColons() {
54f95ecbbfSAngus Gratton        $name = ":Colon: User:";
55f95ecbbfSAngus Gratton        $this->auth->createUser("colonuser", "password", $name, "me@example.com");
56f95ecbbfSAngus Gratton        $this->reloadUsers();
57f95ecbbfSAngus Gratton        $user = $this->auth->getUserData("colonuser");
58f95ecbbfSAngus Gratton        $this->assertEquals($name,$user['name']);
59f95ecbbfSAngus Gratton    }
60f95ecbbfSAngus Gratton
61f95ecbbfSAngus Gratton    public function testNameWithBackslashes() {
62f95ecbbfSAngus Gratton        $name = "\\Slash\\ User\\";
63f95ecbbfSAngus Gratton        $this->auth->createUser("slashuser", "password", $name, "me@example.com");
64f95ecbbfSAngus Gratton        $this->reloadUsers();
65f95ecbbfSAngus Gratton        $user = $this->auth->getUserData("slashuser");
66f95ecbbfSAngus Gratton        $this->assertEquals($name,$user['name']);
67f95ecbbfSAngus Gratton    }
68f95ecbbfSAngus Gratton
69*b346670eSAndreas Gohr    public function testNameWithHash() {
70*b346670eSAndreas Gohr        $name = "Hash # User";
71*b346670eSAndreas Gohr        $this->auth->createUser("slashuser", "password", $name, "me@example.com");
72*b346670eSAndreas Gohr        $this->reloadUsers();
73*b346670eSAndreas Gohr        $user = $this->auth->getUserData("slashuser");
74*b346670eSAndreas Gohr        $this->assertEquals($name,$user['name']);
75*b346670eSAndreas Gohr    }
76*b346670eSAndreas Gohr
77f95ecbbfSAngus Gratton    public function testModifyUser() {
78f95ecbbfSAngus Gratton        global $conf;
79f95ecbbfSAngus Gratton        $conf['passcrypt'] = 'mediawiki';
80f95ecbbfSAngus Gratton        $user = $this->auth->getUserData("testuser");
81f95ecbbfSAngus Gratton        $user['name'] = "\\New:Crazy:Name\\";
82f95ecbbfSAngus Gratton        $user['pass'] = "awesome new password";
83f95ecbbfSAngus Gratton        $this->auth->modifyUser("testuser", $user);
84f95ecbbfSAngus Gratton        $this->reloadUsers();
85f95ecbbfSAngus Gratton
86f95ecbbfSAngus Gratton        $saved = $this->auth->getUserData("testuser");
87f95ecbbfSAngus Gratton        $this->assertEquals($saved['name'], $user['name']);
88f95ecbbfSAngus Gratton        $this->assertTrue($this->auth->checkPass("testuser", $user['pass']));
89f95ecbbfSAngus Gratton    }
90f95ecbbfSAngus Gratton
916c8c1f46SChristopher Smith    // really only required for developers to ensure this plugin will
926c8c1f46SChristopher Smith    // work with systems running on PCRE 6.6 and lower.
936c8c1f46SChristopher Smith    public function testLineSplit(){
946c8c1f46SChristopher Smith        $names = array(
956c8c1f46SChristopher Smith          'plain',
966c8c1f46SChristopher Smith          'ut-fठ8',
976c8c1f46SChristopher Smith          'colon:',
986c8c1f46SChristopher Smith          'backslash\\',
996c8c1f46SChristopher Smith          'alltogether\\ठ:'
1006c8c1f46SChristopher Smith        );
1016c8c1f46SChristopher Smith        $userpass = 'user:password_hash:';
1026c8c1f46SChristopher Smith        $other_user_data = ':email@address:group1,group2';
1036c8c1f46SChristopher Smith
1046c8c1f46SChristopher Smith        foreach ($names as $testname) {
1056c8c1f46SChristopher Smith            $escaped = str_replace(array('\\',':'),array('\\\\','\\:'),$testname);   // escape : & \
1066c8c1f46SChristopher Smith            $test_line = $userpass.$escaped.$other_user_data;
10793497020SAndreas Gohr            $result = $this->callInaccessibleMethod($this->auth, 'splitUserData', [$test_line]);
1086c8c1f46SChristopher Smith
1099d846ff4SChristopher Smith            $this->assertEquals($escaped, $result[2]);
1106c8c1f46SChristopher Smith        }
111f95ecbbfSAngus Gratton    }
1125f18fdf3SAndreas Gohr
1135f18fdf3SAndreas Gohr    /**
1145f18fdf3SAndreas Gohr     * @see testCleaning
1155f18fdf3SAndreas Gohr     */
1165f18fdf3SAndreas Gohr    public function provideCleaning()
1175f18fdf3SAndreas Gohr    {
1185f18fdf3SAndreas Gohr        return [
1195f18fdf3SAndreas Gohr            ['user', 'user'],
1205f18fdf3SAndreas Gohr            ['USER', 'user'],
1215f18fdf3SAndreas Gohr            [' USER ', 'user'],
1225f18fdf3SAndreas Gohr            [' US ER ', 'us_er'],
1235f18fdf3SAndreas Gohr            ['http://foo;bar', 'http_foo_bar'],
1245f18fdf3SAndreas Gohr        ];
1255f18fdf3SAndreas Gohr    }
1265f18fdf3SAndreas Gohr
1275f18fdf3SAndreas Gohr    /**
1285f18fdf3SAndreas Gohr     * @param string $input
1295f18fdf3SAndreas Gohr     * @param string $expected
1305f18fdf3SAndreas Gohr     * @dataProvider provideCleaning
1315f18fdf3SAndreas Gohr     */
1325f18fdf3SAndreas Gohr    public function testCleaning($input, $expected)
1335f18fdf3SAndreas Gohr    {
1345f18fdf3SAndreas Gohr        $this->assertEquals($expected, $this->auth->cleanUser($input));
1355f18fdf3SAndreas Gohr        $this->assertEquals($expected, $this->auth->cleanGroup($input));
1365f18fdf3SAndreas Gohr    }
1376c8c1f46SChristopher Smith}
138