r75605 MediaWiki - Code Review archive

Repository:MediaWiki
Revision:r75604‎ | r75605 | r75606 >
Date:04:40, 28 October 2010
Author:neilk
Status:deferred
Tags:
Comment:
fix so we do not create users with guessable passwords, viz r75589
Modified paths:
  • /branches/uploadwizard/phase3/maintenance/tests/phpunit/includes/api/ApiUploadTest.php (modified) (history)

Diff [purge]

Index: branches/uploadwizard/phase3/maintenance/tests/phpunit/includes/api/ApiUploadTest.php
@@ -32,23 +32,28 @@
3333 'sysop' => new ApiTestUser(
3434 'Apitestsysop',
3535 'Api Test Sysop',
36 - 'testpass',
3736 'api_test_sysop@sample.com',
3837 array( 'sysop' )
3938 ),
4039 'uploader' => new ApiTestUser(
4140 'Apitestuser',
4241 'Api Test User',
43 - 'testpass',
4442 'api_test_user@sample.com',
4543 array()
4644 )
47 - );
 45+ );
4846
4947 $wgUser = self::$users['sysop']->user;
5048
5149 }
5250
 51+ function tearDown() {
 52+ // destroy the users
 53+
 54+ global $wgMemc;
 55+ $wgMemc = null;
 56+ }
 57+
5358 protected function doApiRequest( $params, $session = null ) {
5459 $_SESSION = isset( $session ) ? $session : array();
5560
@@ -78,11 +83,6 @@
7984 }
8085 }
8186
82 - function tearDown() {
83 - global $wgMemc;
84 - $wgMemc = null;
85 - }
86 -
8787 }
8888
8989 class ApiUploadTest extends ApiTestCase {
@@ -119,6 +119,7 @@
120120 */
121121 function testLogin() {
122122 $user = self::$users['uploader'];
 123+
123124 $params = array(
124125 'action' => 'login',
125126 'lgname' => $user->username,
@@ -590,16 +591,28 @@
591592 public $groups;
592593 public $user;
593594
594 - function __construct( $username, $realname = 'Real Name', $password = 'testpass', $email = 'sample@sample.com', $groups = array() ) {
 595+ function __construct( $username, $realname = 'Real Name', $email = 'sample@sample.com', $groups = array() ) {
 596+ global $wgMinimalPasswordLength;
 597+
595598 $this->username = $username;
596599 $this->realname = $realname;
597 - $this->password = $password;
598600 $this->email = $email;
599601 $this->groups = $groups;
600602
 603+ // don't allow user to hardcode or select passwords -- people sometimes run tests
 604+ // on live wikis. Sometimes we create sysop users in these tests. A sysop user with
 605+ // a known password would be a Bad Thing.
 606+ $this->password = User::randomPassword();
 607+
601608 $this->user = User::newFromName( $this->username );
602609 $this->user->load();
 610+
 611+ // In an ideal world we'd have a new wiki (or mock data store) for every single test.
 612+ // But for now, we just need to create or update the user with the desired properties.
 613+ // we particularly need the new password, since we just generated it randomly.
 614+ // In core MediaWiki, there is no functionality to delete users, so this is the best we can do.
603615 if ( !$this->user->getID() ) {
 616+ // create the user
604617 $this->user = User::createNew(
605618 $this->username, array(
606619 "email" => $this->email,
@@ -609,14 +622,23 @@
610623 if ( !$this->user ) {
611624 throw new Exception( "error creating user" );
612625 }
613 - $this->user->setPassword( $this->password );
614 - if ( count( $this->groups ) ) {
615 - foreach ( $this->groups as $group ) {
616 - $this->user->addGroup( $group );
617 - }
 626+ }
 627+
 628+ // update the user to use the new random password and other details
 629+ $this->user->setPassword( $this->password );
 630+ $this->user->setEmail( $this->email );
 631+ $this->user->setRealName( $this->realname );
 632+ // remove all groups, replace with any groups specified
 633+ foreach ( $this->user->getGroups() as $group ) {
 634+ $this->user->removeGroup( $group );
 635+ }
 636+ if ( count( $this->groups ) ) {
 637+ foreach ( $this->groups as $group ) {
 638+ $this->user->addGroup( $group );
618639 }
619 - $this->user->saveSettings();
620640 }
 641+ $this->user->saveSettings();
 642+
621643 }
622644
623645

Past revisions this follows-up on

RevisionCommit summaryAuthorDate
r75589Do NOT use hardcoded passwords! Not even if the user agreed to run destructiv...platonides22:27, 27 October 2010

Status & tagging log