public function testMultiChangePassword() { $firstPassword = '******'; $secondPassword = '******'; $otpKey = 'I am a test key'; $data = openssl_random_pseudo_bytes(117); // Set up a user $user = new User(); $user->setOtpKey($otpKey, $firstPassword); // Setup a key $defaultKeyPassphrase = $user->dangerouslyRegenerateAccountKeyPassphrase($firstPassword); $key = Key::generate($defaultKeyPassphrase, 1024); $user->accountKey = $key; // Encrypt some data $encryptedData = $user->getAccountKey()->encrypt($data); // Change user's password // This must update the password on the default key and OTP key as well $user->changePassword($firstPassword, $secondPassword); // Decrypt data $newKeyPassphrase = $user->getAccountKeyPassphrase($secondPassword); $decrypted = $user->getAccountKey()->decrypt($encryptedData, $newKeyPassphrase); // Default Key passphrase should have changed and remain valid $this->assertNotEquals($newKeyPassphrase, $defaultKeyPassphrase); $this->assertEquals($data, $decrypted); // OTP key should have been encrypted with the new password $this->assertEquals($otpKey, $user->getOtpKey($secondPassword)); }