Changeset 35171 for trunk/tests/phpunit/tests/auth.php
- Timestamp:
- 10/15/2015 12:10:45 AM (9 years ago)
- File:
-
- 1 edited
Legend:
- Unmodified
- Added
- Removed
-
trunk/tests/phpunit/tests/auth.php
r33744 r35171 6 6 */ 7 7 class Tests_Auth extends WP_UnitTestCase { 8 var $user_id; 9 var $wp_hasher; 8 protected $user; 9 protected static $_user; 10 protected static $user_id; 11 protected static $wp_hasher; 10 12 11 13 /** … … 13 15 */ 14 16 protected $nonce_failure_hook = 'wp_verify_nonce_failed'; 17 18 static function setUpBeforeClass() { 19 parent::setUpBeforeClass(); 20 21 $factory = new WP_UnitTest_Factory(); 22 23 self::$_user = $factory->user->create_and_get( array( 24 'user_login' => 'password-tests' 25 ) ); 26 27 self::$user_id = self::$_user->ID; 28 29 require_once( ABSPATH . WPINC . '/class-phpass.php' ); 30 self::$wp_hasher = new PasswordHash( 8, true ); 31 } 15 32 16 33 function setUp() { 17 34 parent::setUp(); 18 $this->user_id = $this->factory->user->create(); 19 20 require_once ABSPATH . WPINC . '/class-phpass.php'; 21 $this->wp_hasher = new PasswordHash( 8, true ); 35 36 $this->user = clone self::$_user; 22 37 } 23 38 24 39 function test_auth_cookie_valid() { 25 $cookie = wp_generate_auth_cookie( $this->user_id, time() + 3600, 'auth' );26 $this->assertEquals( $this->user_id, wp_validate_auth_cookie( $cookie, 'auth' ) );40 $cookie = wp_generate_auth_cookie( self::$user_id, time() + 3600, 'auth' ); 41 $this->assertEquals( self::$user_id, wp_validate_auth_cookie( $cookie, 'auth' ) ); 27 42 } 28 43 … … 31 46 // as an ajax test may have defined DOING_AJAX, failing the test. 32 47 33 $cookie = wp_generate_auth_cookie( $this->user_id, time() - 7200, 'auth' );48 $cookie = wp_generate_auth_cookie( self::$user_id, time() - 7200, 'auth' ); 34 49 $this->assertEquals( false, wp_validate_auth_cookie( $cookie, 'auth' ), 'expired cookie' ); 35 50 36 $cookie = wp_generate_auth_cookie( $this->user_id, time() + 3600, 'auth' );51 $cookie = wp_generate_auth_cookie( self::$user_id, time() + 3600, 'auth' ); 37 52 $this->assertEquals( false, wp_validate_auth_cookie( $cookie, 'logged_in' ), 'wrong auth scheme' ); 38 53 39 $cookie = wp_generate_auth_cookie( $this->user_id, time() + 3600, 'auth' );54 $cookie = wp_generate_auth_cookie( self::$user_id, time() + 3600, 'auth' ); 40 55 list($a, $b, $c) = explode('|', $cookie); 41 56 $cookie = $a . '|' . ($b + 1) . '|' . $c; 42 $this->assertEquals( false, wp_validate_auth_cookie( $this->user_id, 'auth' ), 'altered cookie' );57 $this->assertEquals( false, wp_validate_auth_cookie( self::$user_id, 'auth' ), 'altered cookie' ); 43 58 } 44 59 45 60 function test_auth_cookie_scheme() { 46 61 // arbitrary scheme name 47 $cookie = wp_generate_auth_cookie( $this->user_id, time() + 3600, 'foo' );48 $this->assertEquals( $this->user_id, wp_validate_auth_cookie( $cookie, 'foo' ) );62 $cookie = wp_generate_auth_cookie( self::$user_id, time() + 3600, 'foo' ); 63 $this->assertEquals( self::$user_id, wp_validate_auth_cookie( $cookie, 'foo' ) ); 49 64 50 65 // wrong scheme name - should fail 51 $cookie = wp_generate_auth_cookie( $this->user_id, time() + 3600, 'foo' );66 $cookie = wp_generate_auth_cookie( self::$user_id, time() + 3600, 'foo' ); 52 67 $this->assertEquals( false, wp_validate_auth_cookie( $cookie, 'bar' ) ); 53 68 } … … 57 72 */ 58 73 function test_password_trimming() { 59 $another_user = $this->factory->user->create( array( 'user_login' => 'password-triming-tests' ) );60 61 74 $passwords_to_test = array( 62 75 'a password with no trailing or leading spaces', … … 67 80 68 81 foreach( $passwords_to_test as $password_to_test ) { 69 wp_set_password( $password_to_test, $ another_user);70 $authed_user = wp_authenticate( 'password-triming-tests', $password_to_test );82 wp_set_password( $password_to_test, $this->user->ID ); 83 $authed_user = wp_authenticate( $this->user->user_login, $password_to_test ); 71 84 72 85 $this->assertInstanceOf( 'WP_User', $authed_user ); 73 $this->assertEquals( $ another_user, $authed_user->ID );86 $this->assertEquals( $this->user->ID, $authed_user->ID ); 74 87 } 75 88 } … … 141 154 142 155 function test_password_length_limit() { 143 $passwords = array( 144 str_repeat( 'a', 4095 ), // short 145 str_repeat( 'a', 4096 ), // limit 146 str_repeat( 'a', 4097 ), // long 147 ); 148 149 $user_id = $this->factory->user->create( array( 'user_login' => 'password-length-test' ) ); 150 151 wp_set_password( $passwords[1], $user_id ); 152 $user = get_user_by( 'id', $user_id ); 156 $limit = str_repeat( 'a', 4096 ); 157 158 wp_set_password( $limit, self::$user_id ); 153 159 // phpass hashed password 154 $this->assertStringStartsWith( '$P$', $ user->data->user_pass );155 156 $user = wp_authenticate( 'password-length-test', $passwords[0]);160 $this->assertStringStartsWith( '$P$', $this->user->data->user_pass ); 161 162 $user = wp_authenticate( $this->user->user_login, 'aaaaaaaa' ); 157 163 // Wrong Password 158 164 $this->assertInstanceOf( 'WP_Error', $user ); 159 165 160 $user = wp_authenticate( 'password-length-test', $passwords[1]);166 $user = wp_authenticate( $this->user->user_login, $limit ); 161 167 $this->assertInstanceOf( 'WP_User', $user ); 162 $this->assertEquals( $user_id, $user->ID ); 163 164 $user = wp_authenticate( 'password-length-test', $passwords[2] ); 168 $this->assertEquals( self::$user_id, $user->ID ); 169 170 // one char too many 171 $user = wp_authenticate( $this->user->user_login, $limit . 'a' ); 165 172 // Wrong Password 166 173 $this->assertInstanceOf( 'WP_Error', $user ); 167 174 168 169 wp_set_password( $passwords[2], $user_id ); 170 $user = get_user_by( 'id', $user_id ); 175 wp_set_password( $limit . 'a', self::$user_id ); 176 $user = get_user_by( 'id', self::$user_id ); 171 177 // Password broken by setting it to be too long. 172 178 $this->assertEquals( '*', $user->data->user_pass ); 173 179 174 $user = wp_authenticate( 'password-length-test', '*' );175 $this->assertInstanceOf( 'WP_Error', $user ); 176 177 $user = wp_authenticate( 'password-length-test', '*0' );178 $this->assertInstanceOf( 'WP_Error', $user ); 179 180 $user = wp_authenticate( 'password-length-test', '*1' );181 $this->assertInstanceOf( 'WP_Error', $user ); 182 183 $user = wp_authenticate( 'password-length-test', $passwords[0]);180 $user = wp_authenticate( $this->user->user_login, '*' ); 181 $this->assertInstanceOf( 'WP_Error', $user ); 182 183 $user = wp_authenticate( $this->user->user_login, '*0' ); 184 $this->assertInstanceOf( 'WP_Error', $user ); 185 186 $user = wp_authenticate( $this->user->user_login, '*1' ); 187 $this->assertInstanceOf( 'WP_Error', $user ); 188 189 $user = wp_authenticate( $this->user->user_login, 'aaaaaaaa' ); 184 190 // Wrong Password 185 191 $this->assertInstanceOf( 'WP_Error', $user ); 186 192 187 $user = wp_authenticate( 'password-length-test', $passwords[1]);193 $user = wp_authenticate( $this->user->user_login, $limit ); 188 194 // Wrong Password 189 195 $this->assertInstanceOf( 'WP_Error', $user ); 190 196 191 $user = wp_authenticate( 'password-length-test', $passwords[2]);197 $user = wp_authenticate( $this->user->user_login, $limit . 'a' ); 192 198 // Password broken by setting it to be too long. 193 199 $this->assertInstanceOf( 'WP_Error', $user ); … … 201 207 202 208 $key = wp_generate_password( 20, false ); 203 $user = $this->factory->user->create_and_get();204 209 $wpdb->update( $wpdb->users, array( 205 'user_activation_key' => strtotime( '-1 hour' ) . ':' . $this->wp_hasher->HashPassword( $key ),210 'user_activation_key' => strtotime( '-1 hour' ) . ':' . self::$wp_hasher->HashPassword( $key ), 206 211 ), array( 207 'ID' => $ user->ID,212 'ID' => $this->user->ID, 208 213 ) ); 209 214 210 215 // A valid key should be accepted 211 $check = check_password_reset_key( $key, $ user->user_login );216 $check = check_password_reset_key( $key, $this->user->user_login ); 212 217 $this->assertInstanceOf( 'WP_User', $check ); 213 $this->assertSame( $ user->ID, $check->ID );218 $this->assertSame( $this->user->ID, $check->ID ); 214 219 215 220 // An invalid key should be rejected 216 $check = check_password_reset_key( 'key', $ user->user_login );221 $check = check_password_reset_key( 'key', $this->user->user_login ); 217 222 $this->assertInstanceOf( 'WP_Error', $check ); 218 223 219 224 // An empty key should be rejected 220 $check = check_password_reset_key( '', $ user->user_login );225 $check = check_password_reset_key( '', $this->user->user_login ); 221 226 $this->assertInstanceOf( 'WP_Error', $check ); 222 227 223 228 // A truncated key should be rejected 224 229 $partial = substr( $key, 0, 10 ); 225 $check = check_password_reset_key( $partial, $ user->user_login );230 $check = check_password_reset_key( $partial, $this->user->user_login ); 226 231 $this->assertInstanceOf( 'WP_Error', $check ); 227 232 } … … 234 239 235 240 $key = wp_generate_password( 20, false ); 236 $user = $this->factory->user->create_and_get();237 241 $wpdb->update( $wpdb->users, array( 238 'user_activation_key' => strtotime( '-48 hours' ) . ':' . $this->wp_hasher->HashPassword( $key ),242 'user_activation_key' => strtotime( '-48 hours' ) . ':' . self::$wp_hasher->HashPassword( $key ), 239 243 ), array( 240 'ID' => $ user->ID,244 'ID' => $this->user->ID, 241 245 ) ); 242 246 243 247 // An expired but otherwise valid key should be rejected 244 $check = check_password_reset_key( $key, $ user->user_login );248 $check = check_password_reset_key( $key, $this->user->user_login ); 245 249 $this->assertInstanceOf( 'WP_Error', $check ); 246 250 } … … 250 254 */ 251 255 function test_empty_user_activation_key_fails_key_check() { 252 global $wpdb;253 254 $user = $this->factory->user->create_and_get();255 256 256 // An empty user_activation_key should not allow any key to be accepted 257 $check = check_password_reset_key( 'key', $ user->user_login );257 $check = check_password_reset_key( 'key', $this->user->user_login ); 258 258 $this->assertInstanceOf( 'WP_Error', $check ); 259 259 260 260 // An empty user_activation_key should not allow an empty key to be accepted 261 $check = check_password_reset_key( '', $ user->user_login );261 $check = check_password_reset_key( '', $this->user->user_login ); 262 262 $this->assertInstanceOf( 'WP_Error', $check ); 263 263 } … … 272 272 273 273 $key = wp_generate_password( 20, false ); 274 $user = $this->factory->user->create_and_get();275 274 $wpdb->update( $wpdb->users, array( 276 'user_activation_key' => $this->wp_hasher->HashPassword( $key ),275 'user_activation_key' => self::$wp_hasher->HashPassword( $key ), 277 276 ), array( 278 'ID' => $ user->ID,277 'ID' => $this->user->ID, 279 278 ) ); 280 279 281 280 // A legacy user_activation_key should not be accepted 282 $check = check_password_reset_key( $key, $ user->user_login );281 $check = check_password_reset_key( $key, $this->user->user_login ); 283 282 $this->assertInstanceOf( 'WP_Error', $check ); 284 283 285 284 // An empty key with a legacy user_activation_key should be rejected 286 $check = check_password_reset_key( '', $ user->user_login );285 $check = check_password_reset_key( '', $this->user->user_login ); 287 286 $this->assertInstanceOf( 'WP_Error', $check ); 288 287 } … … 298 297 299 298 $key = wp_generate_password( 20, false ); 300 $user = $this->factory->user->create_and_get();301 299 $wpdb->update( $wpdb->users, array( 302 300 'user_activation_key' => $key, 303 301 ), array( 304 'ID' => $ user->ID,302 'ID' => $this->user->ID, 305 303 ) ); 306 304 307 305 // A plaintext user_activation_key should not allow an otherwise valid key to be accepted 308 $check = check_password_reset_key( $key, $ user->user_login );306 $check = check_password_reset_key( $key, $this->user->user_login ); 309 307 $this->assertInstanceOf( 'WP_Error', $check ); 310 308 311 309 // A plaintext user_activation_key should not allow an empty key to be accepted 312 $check = check_password_reset_key( '', $ user->user_login );310 $check = check_password_reset_key( '', $this->user->user_login ); 313 311 $this->assertInstanceOf( 'WP_Error', $check ); 314 312 }
Note: See TracChangeset
for help on using the changeset viewer.