public function testChangePassword_PasswordChanged()
{
// create user with a random password
$environ = new MongoTestEnvironment();
$environ->clean();
$userId = $environ->createUser('test', 'test user', '*****@*****.**');
$passwordModel = new PasswordModel($userId);
$someRandomPassword = '******';
// bcrypt for 'blahblah'
$passwordModel->password = $someRandomPassword;
$passwordModel->write();
// change the password to 12345
$password = '******';
$passwordModel->changePassword($password);
$passwordModel->write();
// assert that the password was changed correctly
$passwordModel2 = new PasswordModel($userId);
$this->assertTrue($passwordModel2->verifyPassword($password));
}
/**
* @param string $userId
* @param string $newPassword
* @param string $currentUserId
* @throws \Exception
* @return string $userId
*/
public static function changePassword($userId, $newPassword, $currentUserId)
{
if ($userId != $currentUserId) {
$currentUserModel = new UserModel($currentUserId);
if (!SiteRoles::hasRight($currentUserModel->siteRole, Domain::USERS + Operation::EDIT) && !SystemRoles::hasRight($currentUserModel->role, Domain::USERS + Operation::EDIT)) {
throw new UserUnauthorizedException();
}
}
$user = new PasswordModel($userId);
$user->changePassword($newPassword);
return $user->write();
}
