/**
* @depends testCreateAndGetUserById
*/
public function testPasswordUserNamePolicyChangesValidationAndLogin()
{
$bill = User::getByUsername('bill');
$bill->setScenario('changePassword');
$billPasswordForm = new UserPasswordForm($bill);
$billPasswordForm->setScenario('changePassword');
$this->assertEquals(null, $bill->getEffectivePolicy('UsersModule', UsersModule::POLICY_ENFORCE_STRONG_PASSWORDS));
$this->assertEquals(5, $bill->getEffectivePolicy('UsersModule', UsersModule::POLICY_MINIMUM_PASSWORD_LENGTH));
$this->assertEquals(3, $bill->getEffectivePolicy('UsersModule', UsersModule::POLICY_MINIMUM_USERNAME_LENGTH));
$_FAKEPOST = array('UserPasswordForm' => array('username' => 'ab', 'newPassword' => 'ab', 'newPassword_repeat' => 'ab'));
$billPasswordForm->setAttributes($_FAKEPOST['UserPasswordForm']);
$this->assertFalse($billPasswordForm->save());
$errors = array('newPassword' => array('The password is too short. Minimum length is 5.'));
$this->assertEquals($errors, $billPasswordForm->getErrors());
$_FAKEPOST = array('UserPasswordForm' => array('username' => 'abcdefg', 'newPassword' => 'abcdefg', 'newPassword_repeat' => 'abcdefg'));
$billPasswordForm->setAttributes($_FAKEPOST['UserPasswordForm']);
$this->assertEquals('abcdefg', $billPasswordForm->username);
$this->assertEquals('abcdefg', $billPasswordForm->newPassword);
$validated = $billPasswordForm->validate();
$this->assertTrue($validated);
$saved = $billPasswordForm->save();
$this->assertTrue($saved);
$bill->setPolicy('UsersModule', UsersModule::POLICY_ENFORCE_STRONG_PASSWORDS, Policy::YES);
// If security is optimized the optimization will see the policy value in the database
// and so wont use it in validating, so the non-strong password wont be validated as
// invalid until the next save.
$this->assertEquals(SECURITY_OPTIMIZED, $billPasswordForm->save());
$_FAKEPOST = array('UserPasswordForm' => array('newPassword' => 'abcdefg', 'newPassword_repeat' => 'abcdefg'));
$billPasswordForm->setAttributes($_FAKEPOST['UserPasswordForm']);
$this->assertFalse($billPasswordForm->save());
$errors = array('newPassword' => array('The password must have at least one uppercase letter', 'The password must have at least one number and one letter'));
$this->assertEquals($errors, $billPasswordForm->getErrors());
$_FAKEPOST = array('UserPasswordForm' => array('newPassword' => 'abcdefgN', 'newPassword_repeat' => 'abcdefgN'));
$billPasswordForm->setAttributes($_FAKEPOST['UserPasswordForm']);
$this->assertFalse($billPasswordForm->save());
$errors = array('newPassword' => array('The password must have at least one number and one letter'));
$this->assertEquals($errors, $billPasswordForm->getErrors());
$_FAKEPOST = array('UserPasswordForm' => array('newPassword' => 'ABCDEFGH', 'newPassword_repeat' => 'ABCDEFGH'));
$billPasswordForm->setAttributes($_FAKEPOST['UserPasswordForm']);
$this->assertFalse($billPasswordForm->save());
$errors = array('newPassword' => array('The password must have at least one lowercase letter', 'The password must have at least one number and one letter'));
$this->assertEquals($errors, $billPasswordForm->getErrors());
$_FAKEPOST = array('UserPasswordForm' => array('newPassword' => 'abcdefgN4', 'newPassword_repeat' => 'abcdefgN4'));
$billPasswordForm->setAttributes($_FAKEPOST['UserPasswordForm']);
$this->assertTrue($billPasswordForm->save());
$bill->setRight('UsersModule', UsersModule::RIGHT_LOGIN_VIA_WEB);
$this->assertTrue($billPasswordForm->save());
$this->assertEquals(Right::ALLOW, $bill->getEffectiveRight('UsersModule', UsersModule::RIGHT_LOGIN_VIA_WEB));
//Now attempt to login as bill
$bill->forget();
$bill = User::getByUsername('abcdefg');
$this->assertEquals($bill, User::authenticate('abcdefg', 'abcdefgN4'));
$identity = new UserIdentity('abcdefg', 'abcdefgN4');
$authenticated = $identity->authenticate();
$this->assertEquals(0, $identity->errorCode);
$this->assertTrue($authenticated);
//Now turn off login via web for bill
Yii::app()->user->userModel = User::getByUsername('super');
$bill = User::getByUsername('abcdefg');
$bill->setRight('UsersModule', UsersModule::RIGHT_LOGIN_VIA_WEB, RIGHT::DENY);
$this->assertTrue($bill->save());
$identity = new UserIdentity('abcdefg', 'abcdefgN4');
$this->assertFalse($identity->authenticate());
$this->assertEquals(UserIdentity::ERROR_NO_RIGHT_WEB_LOGIN, $identity->errorCode);
//Test creating a new user uses the everyone policy
$everyone = Group::getByName(Group::EVERYONE_GROUP_NAME);
$newUser = new User();
$this->assertEquals(null, $everyone->getEffectivePolicy('UsersModule', UsersModule::POLICY_ENFORCE_STRONG_PASSWORDS));
$this->assertEquals(5, $everyone->getEffectivePolicy('UsersModule', UsersModule::POLICY_MINIMUM_PASSWORD_LENGTH));
$this->assertEquals(3, $everyone->getEffectivePolicy('UsersModule', UsersModule::POLICY_MINIMUM_USERNAME_LENGTH));
$this->assertEquals(null, $newUser->getEffectivePolicy('UsersModule', UsersModule::POLICY_ENFORCE_STRONG_PASSWORDS));
$this->assertEquals(5, $newUser->getEffectivePolicy('UsersModule', UsersModule::POLICY_MINIMUM_PASSWORD_LENGTH));
$this->assertEquals(3, $newUser->getEffectivePolicy('UsersModule', UsersModule::POLICY_MINIMUM_USERNAME_LENGTH));
$everyone->setPolicy('UsersModule', UsersModule::POLICY_ENFORCE_STRONG_PASSWORDS, Policy::YES);
$everyone->setPolicy('UsersModule', UsersModule::POLICY_MINIMUM_PASSWORD_LENGTH, 3);
$everyone->setPolicy('UsersModule', UsersModule::POLICY_MINIMUM_USERNAME_LENGTH, 15);
$everyone->save();
$this->assertEquals(Policy::YES, $newUser->getEffectivePolicy('UsersModule', UsersModule::POLICY_ENFORCE_STRONG_PASSWORDS));
$this->assertEquals(3, $newUser->getEffectivePolicy('UsersModule', UsersModule::POLICY_MINIMUM_PASSWORD_LENGTH));
$this->assertEquals(15, $newUser->getEffectivePolicy('UsersModule', UsersModule::POLICY_MINIMUM_USERNAME_LENGTH));
//Make the permission as the default for next tests
$everyone->setPolicy('UsersModule', UsersModule::POLICY_MINIMUM_PASSWORD_LENGTH, 5);
$everyone->setPolicy('UsersModule', UsersModule::POLICY_MINIMUM_USERNAME_LENGTH, 3);
$everyone->save();
}
