public function testChangePassword_PasswordChanged()
 {
     // create  user with a random password
     $e = new MongoTestEnvironment();
     $userId = $e->createUser('test', 'test user', '*****@*****.**');
     $passwordModel = new PasswordModel($userId);
     $someRandomPassword = '******';
     // bcrypt for 'blahblah'
     $passwordModel->password = $someRandomPassword;
     $passwordModel->write();
     // change the password to 12345
     $password = '******';
     $passwordModel->changePassword($password);
     $passwordModel->write();
     // assert that the password was changed correctly
     $passwordModel2 = new PasswordModel($userId);
     $this->assertTrue($passwordModel2->verifyPassword($password));
 }
 /**
  * Activate a user on the specified site and validate email if it was empty, otherwise login
  * @param string $username
  * @param string $password
  * @param string $email
  * @param Website $website
  * @param Application $app
  * @param DeliveryInterface $delivery
  * @return string|boolean $userId|false otherwise
  */
 public static function activate($username, $password, $email, $website, $app, DeliveryInterface $delivery = null)
 {
     CodeGuard::checkEmptyAndThrow($username, 'username');
     CodeGuard::checkEmptyAndThrow($password, 'password');
     CodeGuard::checkEmptyAndThrow($email, 'email');
     CodeGuard::checkNullAndThrow($website, 'website');
     $identityCheck = self::checkIdentity($username, $email, $website);
     if ($website->allowSignupFromOtherSites && $identityCheck->usernameExists && !$identityCheck->usernameExistsOnThisSite && ($identityCheck->emailIsEmpty || $identityCheck->emailMatchesAccount)) {
         $user = new PasswordModel();
         if ($user->readByProperty('username', $username)) {
             if ($user->verifyPassword($password)) {
                 $user = new UserModel($user->id->asString());
                 $user->siteRole[$website->domain] = $website->userDefaultSiteRole;
                 if ($identityCheck->emailIsEmpty) {
                     $user->emailPending = $email;
                 }
                 $user->write();
                 // if website has a default project then add them to that project
                 $project = ProjectModel::getDefaultProject($website);
                 $url = '/app';
                 if ($project) {
                     $project->addUser($user->id->asString(), ProjectRoles::CONTRIBUTOR);
                     $user->addProject($project->id->asString());
                     $project->write();
                     $user->write();
                     $url = '/app/' . $project->appName . '/' . $project->id->asString();
                 }
                 if ($identityCheck->emailIsEmpty) {
                     Communicate::sendSignup($user, $website, $delivery);
                 }
                 if ($identityCheck->emailMatchesAccount) {
                     Auth::login($app, $username, $password);
                     return Auth::result(Auth::LOGIN_SUCCESS, $url, 'location');
                 }
                 return Auth::result(Auth::LOGIN_FAIL_USER_UNAUTHORIZED, '', 'location');
             }
         }
     }
     return false;
 }
 public function testChangePassword_SystemAdminChangeOtherUser_Succeeds()
 {
     $this->environ->clean();
     $adminModel = new Api\Model\UserModel();
     $adminModel->username = '******';
     $adminModel->role = SystemRoles::SYSTEM_ADMIN;
     $adminId = $adminModel->write();
     $userModel = new Api\Model\UserModel();
     $userModel->username = '******';
     $userModel->role = SystemRoles::NONE;
     $userId = $userModel->write();
     $this->assertNotEqual($adminId, $userId);
     UserCommands::changePassword($userId, 'somepass', $adminId);
     $passwordModel = new PasswordModel($userId);
     $result = $passwordModel->verifyPassword('somepass');
     $this->assertTrue($result, 'Could not verify changed password');
 }