public function testValidatePassword() { $this->assertFalse(PasswordUtil::validatePassword(null, null)); $this->assertFalse(PasswordUtil::validatePassword('', '')); $this->assertFalse(PasswordUtil::validatePassword('password', 'hash')); foreach ($this->passwords as $pw => $hash) { $this->assertTrue(PasswordUtil::validatePassword($pw, $hash)); } $this->assertFalse(PasswordUtil::validatePassword('test', $this->passwords['passw0rd'])); }
public function authenticate($google = false) { $user = $this->getUserModel(); $isRealUser = $user instanceof User; if ($isRealUser) { $this->username = $user->username; if ((int) $user->status === User::STATUS_INACTIVE) { $this->errorCode = self::ERROR_DISABLED; return false; } } if (!$isRealUser) { // username not found $this->errorCode = self::ERROR_USERNAME_INVALID; } elseif ($google) { // Completely bypasses password-based authentication $this->errorCode = self::ERROR_NONE; $this->_id = $user->id; return true; } else { if ($user->status == 0) { // User has been disabled $this->errorCode = self::ERROR_DISABLED; return false; } $reEncrypt = false; $isValid = false; if (PasswordUtil::validatePassword($this->password, $user->password)) { $isValid = true; } else { if (PasswordUtil::slowEquals(md5($this->password), $user->password)) { //Oldest format $isValid = true; $reEncrypt = true; } else { if (PasswordUtil::slowEquals(crypt($this->password, '$5$rounds=32678$' . $user->password), '$5$rounds=32678$' . $user->password)) { //Old format $isValid = true; $reEncrypt = true; } } } if ($isValid) { $this->errorCode = self::ERROR_NONE; $this->_id = $user->id; if ($reEncrypt) { $user->password = PasswordUtil::createHash($this->password); $user->update(array('password')); } } else { $this->errorCode = self::ERROR_PASSWORD_INVALID; } } return $this->errorCode === self::ERROR_NONE; }
public function testSave() { $user = $this->user('testUser'); $form = new PasswordResetForm($user); $password = '******'; $form->password = $password; $form->confirm = $form->password; $form->save(); $user->refresh(); $this->assertTrue(PasswordUtil::validatePassword($password, $user->password)); $this->assertEquals(0, PasswordReset::model()->countByAttributes(array('userId' => $user->id))); }
public function testSave() { $user = $this->user('testUser'); $form = new PasswordResetForm($user); $password = '******'; $form->password = $password; $form->confirm = $form->password; $form->save(); $user->refresh(); $this->assertTrue(PasswordUtil::validatePassword($password, $user->password)); $this->assertEquals(0, PasswordReset::model()->countByAttributes(array('userId' => $user->id))); // Test validation as well, as a "bonus", since there needn't be any // fixture loading for it, and it thus saves a few seconds when running // the test: $form = new PasswordResetForm($user); $passwords = array(false => array('n#6', 'ninininini'), true => array('D83*@)1', 'this that and the next thing')); foreach ($passwords as $good => $passes) { foreach ($passes as $pass) { $form->password = $pass; $form->confirm = $pass; $this->assertEquals($good, $form->validate(array('password'))); } } }
/** * Changes the password for the user given by its record ID number. * @param integer $id ID of the user to be updated. */ public function actionChangePassword($id) { if ($id === Yii::app()->user->getId()) { $user = User::model()->findByPk($id); if (isset($_POST['oldPassword'], $_POST['newPassword'], $_POST['newPassword2'])) { $oldPass = $_POST['oldPassword']; $newPass = $_POST['newPassword']; $newPass2 = $_POST['newPassword2']; if (PasswordUtil::validatePassword($oldPass, $user->password)) { if ($newPass === $newPass2) { $user->password = PasswordUtil::createHash($newPass); // Ensure an alias is set so that validation succeeds if (empty($user->userAlias)) { $user->userAlias = $user->username; } $user->save(); $this->redirect($this->createUrl('/profile/view', array('id' => $id))); } } else { Yii::app()->clientScript->registerScript('alertPassWrong', "alert('Old password is incorrect.');"); } } $this->render('changePassword', array('model' => $user)); } }