ezuser_test.php | searchcode

/tests/tests/kernel/datatypes/ezuser/ezuser_test.php

http://github.com/ezsystems/ezpublish
PHP | 102 lines | 59 code | 17 blank | 26 comment | 4 complexity | 701aa7977b0f2dfc31d31dbfcb121c62 MD5 | raw file
Possible License(s): GPL-2.0, LGPL-2.1

<?php
/**
 * File containing the eZUserTest class.
 *
 * @copyright Copyright (C) eZ Systems AS. All rights reserved.
 * @license For full copyright and license information view LICENSE file distributed with this source code.
 * @version //autogentag//
 * @package tests
 */

class eZUserTest extends ezpDatabaseTestCase
{
    public $username = 'admin';
    public $password = 'publish';
    public $email = 'nospam@ez.no';

    public function __construct()
    {
        parent::__construct();
        $this->setName( "eZUser Unit Tests" );
    }

    public function setUp()
    {
        parent::setUp();

        // Set HashType to md5_password (to update the password_hash in the ezuser table)
        ezpINIHelper::setINISetting( 'site.ini', 'UserSettings', 'HashType', 'md5_password' );
        ezpINIHelper::setINISetting( 'site.ini', 'UserSettings', 'UpdateHash', 'true' );
        ezpINIHelper::setINISetting( 'site.ini', 'UserSettings', 'AuthenticateMatch', 'login;email' );

        // Login the user
        $userClass = eZUserLoginHandler::instance( 'standard' );
        $user = $userClass->loginUser( $this->username, $this->password );

        // Verify that the username and password were accepted
        if ( !( $user instanceof eZUser ) )
        {
            self::markTestSkipped( "User {$this->username} is not in database.");
        }
    }

    public function tearDown()
    {
        ezpINIHelper::restoreINISettings();

        parent::tearDown();
    }

    /**
     * Test for issue #16328: Wrong hash stored in database on hash update in ezUser.php
     */
    public function testPasswordHashSamePasswordToUser()
    {
        // Get the password_hash
        $db = eZDB::instance();
        $rows = $db->arrayQuery( "SELECT * FROM ezuser where login = '{$this->username}'" );
        if ( count( $rows ) !== 1 )
        {
            $this->fail( "User {$this->username} is not in database.");
        }
        // Not used in this test
        $passwordHashMD5Password = $rows[0]['password_hash'];

        // Above it was only the setup for the test, the real test begins now
        // Set HashType to md5_user (password_hash in the ezuser table is updated again)
        ezpINIHelper::setINISetting( 'site.ini', 'UserSettings', 'HashType', 'md5_user' );

        // Login the user with email instead of username
        $userClass = eZUserLoginHandler::instance( 'standard' );
        $user = $userClass->loginUser( $this->email, $this->password );

        // Verify that the email and password were accepted
        if ( !( $user instanceof eZUser ) )
        {
            $this->fail( "User {$this->email} is not in database.");
        }

        // Get the password_hash
        $db = eZDB::instance();
        $rows = $db->arrayQuery( "SELECT * FROM ezuser where login = '{$this->username}'" );
        $passwordHashMD5User = $rows[0]['password_hash'];

        // The value that is expected to be saved in the ezuser table after updating the HashType to md5_user
        // (using the username and not the email address, which caused issue #16328)
        $hashMD5Expected = md5( "{$this->username}\n{$this->password}" );

        // Verify that the 2 password hashes saved above are the same
        $this->assertEquals( $hashMD5Expected, $passwordHashMD5User );

        // Verify that the user can still login with username
        $userClass = eZUserLoginHandler::instance( 'standard' );
        $user = $userClass->loginUser( $this->username, $this->password );

        // Verify that the username and password were accepted
        if ( !( $user instanceof eZUser ) )
        {
            $this->fail( "User {$this->username} is not in database.");
        }
    }
}
?>