public function testResetPasswordActionWithInvalidFormData() { // Preparation $user = UserService::findOneByUsername('testuser'); $this->dispatch('/user/lostpassword'); $this->getRequest()->setMethod('POST')->setPost(array('username' => $user->getUsername())); $this->redispatch('/user/lostpassword', false); $this->assertRedirectTo('/home', 'Failed to redirect'); $resetToken = UserPasswordResetTokenService::findOneByUser($user->getId()); $this->assertTrue(null !== $resetToken); // Test $this->redispatch('/user/resetpassword?token=' . $resetToken->getToken()); $this->assertNotRedirect(); $this->assertQuery('form#userPasswordResetForm'); $this->getRequest()->setMethod('POST')->setPost(array('csrf' => $this->_getFormCsrf(), 'password' => '123', 'passwordConfirm' => '123')); $this->redispatch('/user/resetpassword?token=' . $resetToken->getToken(), false); $this->assertNotRedirect(); $this->assertQuery('form#userPasswordResetForm'); $this->assertTrue(UserService::verifyPassword($user, 'testuser')); }
/** * Change Password Action * * @return void */ public function changepasswordAction() { $user = $this->_user; $form = new \Application_Form_UserPasswordChange(); $request = $this->getRequest(); if ($request->isPost()) { if ($form->isValid($request->getPost())) { $data = $form->getValues(); try { // Verify old password if (!UserService::verifyPassword($user, $data['oldPassword'])) { $message = 'Invalid old password'; $this->view->messages()->addMessage($message, 'error'); } else { $user->setPassword(UserService::encryptPassword($data['newPassword'])); // Redirect to login page $this->_helper->sessionMessenger('Password changed successfully. You may now login using your new password.', 'success'); Zend_Auth::getInstance()->clearIdentity(); return $this->getHelper('Redirector')->gotoRoute(array(), 'login'); } } catch (Exception $e) { // @codeCoverageIgnoreStart $this->getResponse()->setHttpResponseCode(500); $this->view->success = 0; $message = 'development' == APPLICATION_ENV ? $e->getMessage() : 'Application error: UCCPA001'; $this->view->messages()->addMessage($message, 'error'); Logger::err($e->getMessage()); } // @codeCoverageIgnoreEnd } else { // Submitted form data is invalid $this->getResponse()->setHttpResponseCode(500); $this->view->success = 0; } } else { // Not a POST request } $this->view->form = $form; }
/** * Atempts to authenticate * * @throws Zend_Auth_Adapter_Exception if answering the authentication query is impossible * @return Zend_Auth_Result */ public function authenticate() { if (null !== ($user = UserService::findOneByUsername($this->identity))) { if (!UserService::verifyPassword($user, $this->credential)) { $this->authResultInfo['code'] = AuthResult::FAILURE_CREDENTIAL_INVALID; $this->authResultInfo['messages'][] = 'Supplied credential is invalid.'; } elseif (!$user->getActive()) { $this->authResultInfo['code'] = AuthResult::FAILURE_REQUIRES_EMAIL_VERIFICATION; $this->authResultInfo['messages'][] = 'User account requires email address verification.'; } elseif ($user->getLocked()) { $this->authResultInfo['code'] = AuthResult::FAILURE_ACCOUNT_LOCKED; $this->authResultInfo['messages'][] = 'User account is locked.'; } else { $this->user = $user; $user->setLastConnect(new \DateTime()); UserService::update(); $this->authResultInfo['code'] = AuthResult::SUCCESS; $this->authResultInfo['messages'][] = 'Authentication successful.'; } } else { $this->authResultInfo['code'] = AuthResult::FAILURE_IDENTITY_NOT_FOUND; $this->authResultInfo['messages'][] = 'Identity not found.'; } return $this->authenticateCreateAuthResult(); }
public function testVerifyPassword() { $user = UserTest::createTestUser(); $password = '******'; Zend_Registry::set('staticSalt', sha1(mt_rand())); $encrypted = UserService::encryptPassword($password); $user->setPassword($encrypted); $this->assertTrue(UserService::verifyPassword($user, $password)); }