public function testMultiChangePassword()
{
$firstPassword = '******';
$secondPassword = '******';
$otpKey = 'I am a test key';
$data = openssl_random_pseudo_bytes(117);
// Set up a user
$user = new User();
$user->setOtpKey($otpKey, $firstPassword);
// Setup a key
$defaultKeyPassphrase = $user->dangerouslyRegenerateAccountKeyPassphrase($firstPassword);
$key = Key::generate($defaultKeyPassphrase, 1024);
$user->accountKey = $key;
// Encrypt some data
$encryptedData = $user->getAccountKey()->encrypt($data);
// Change user's password
// This must update the password on the default key and OTP key as well
$user->changePassword($firstPassword, $secondPassword);
// Decrypt data
$newKeyPassphrase = $user->getAccountKeyPassphrase($secondPassword);
$decrypted = $user->getAccountKey()->decrypt($encryptedData, $newKeyPassphrase);
// Default Key passphrase should have changed and remain valid
$this->assertNotEquals($newKeyPassphrase, $defaultKeyPassphrase);
$this->assertEquals($data, $decrypted);
// OTP key should have been encrypted with the new password
$this->assertEquals($otpKey, $user->getOtpKey($secondPassword));
}
/**
* Create a user and set up keys
*
* The steps to create a user per the spec of the system are quite specific.
* This method should be used when creating a user to avoid duplication of
* the steps needed to set up a completely new user correctly.
*
* NOTE: the key is not added to User->keys as these need to be saved separately.
*
* @param string $email
* @param string $password
* @return User
*/
public static function createWithKeys($email, $password)
{
$user = new User();
$user->email = $email;
$keyPassphrase = $user->dangerouslyRegenerateAccountKeyPassphrase($password);
$key = Key::generate($keyPassphrase);
$user->accountKey = $key;
return $user;
}
/**
* Create a new user
*
* @param $email
*/
public function createAction($email)
{
if (!$this->isValidEmail($email)) {
die("'{$email}' is not a valid email address\n");
}
if ($user = User::findFirst(['email = :email:', 'bind' => ['email' => $email]])) {
die("The account {$email} already exists. Duplicate account emails are not allowed.\n");
}
echo "Creating user '{$email}'\n";
$password = $this->promptCreatePassword();
echo "Keying...\n";
$user = new User();
$user->email = $email;
$user->setPassword($password);
// Create OTP key
$otp = Seed::generate(40);
$user->setOtpKey($otp->getValue(Seed::FORMAT_BASE32), $password);
// Create account key
$key = Key::generate($user->dangerouslyRegenerateAccountKeyPassphrase($password));
$key->setName('Account key');
// Save user and key
$this->db->begin();
$user->create();
$key->user_id = $user->id;
$key->create();
$user->accountKey_id = $key->id;
$user->update();
$this->db->commit();
echo "Created user {$email} with id {$user->id}\n";
echo "OTP: {$this->generateOtpUri($user, $otp)}\n";
}
