/**
* Save current admin password to prevent its usage when changed in the future.
*
* @param EventObserver $observer
* @return void
*/
public function execute(EventObserver $observer)
{
/* @var $user \Magento\User\Model\User */
$user = $observer->getEvent()->getObject();
if ($user->getId()) {
$passwordHash = $user->getPassword();
$passwordLifetime = $this->observerConfig->getAdminPasswordLifetime();
if ($passwordLifetime && $passwordHash && !$user->getForceNewPassword()) {
$this->userResource->trackPassword($user, $passwordHash, $passwordLifetime);
$this->messageManager->getMessages()->deleteMessageByIdentifier('magento_user_password_expired');
$this->authSession->unsPciAdminUserIsPasswordExpired();
}
}
}
/**
* {@inheritdoc}
*/
protected function execute(InputInterface $input, OutputInterface $output)
{
$adminUserName = $input->getArgument(self::ARGUMENT_ADMIN_USERNAME);
$userData = $this->adminUser->loadByUsername($adminUserName);
$outputMessage = sprintf('Couldn\'t find the user account "%s"', $adminUserName);
if ($userData) {
if (isset($userData[self::USER_ID]) && $this->adminUser->unlock($userData[self::USER_ID])) {
$outputMessage = sprintf('The user account "%s" has been unlocked', $adminUserName);
} else {
$outputMessage = sprintf('The user account "%s" was not locked or could not be unlocked', $adminUserName);
}
}
$output->writeln('<info>' . $outputMessage . '</info>');
}
/**
* Update locking information for the user
*
* @param \Magento\User\Model\User $user
* @return void
*/
private function _updateLockingInformation($user)
{
$now = new \DateTime();
$lockThreshold = $this->observerConfig->getAdminLockThreshold();
$maxFailures = $this->observerConfig->getMaxFailures();
if (!($lockThreshold && $maxFailures)) {
return;
}
$failuresNum = (int) $user->getFailuresNum() + 1;
/** @noinspection PhpAssignmentInConditionInspection */
if ($firstFailureDate = $user->getFirstFailure()) {
$firstFailureDate = new \DateTime($firstFailureDate);
}
$newFirstFailureDate = false;
$updateLockExpires = false;
$lockThreshInterval = new \DateInterval('PT' . $lockThreshold . 'S');
// set first failure date when this is first failure or last first failure expired
if (1 === $failuresNum || !$firstFailureDate || $now->diff($firstFailureDate) > $lockThreshInterval) {
$newFirstFailureDate = $now;
// otherwise lock user
} elseif ($failuresNum >= $maxFailures) {
$updateLockExpires = $now->add($lockThreshInterval);
}
$this->userResource->updateFailure($user, $updateLockExpires, $newFirstFailureDate);
}
/**
* @expectedException \Magento\Framework\Exception\LocalizedException
* @return void
*/
public function testAuthenticateException()
{
$username = '******';
$password = '******';
$config = 'config';
$this->configMock->expects($this->once())->method('isSetFlag')->with('admin/security/use_case_sensitive_login')->willReturn($config);
$this->eventManagerMock->expects($this->any())->method('dispatch');
$this->resourceMock->expects($this->once())->method('loadByUsername')->willThrowException(new \Magento\Framework\Exception\LocalizedException(__()));
$this->model->authenticate($username, $password);
}
public function testGetLatestPassword()
{
$uid = 123;
$returnData = ['password1', 'password2'];
$this->resourceMock->expects($this->atLeastOnce())->method('getConnection')->willReturn($this->dbAdapterMock);
$this->dbAdapterMock->expects($this->once())->method('fetchRow')->willReturn($returnData);
$this->dbAdapterMock->expects($this->once())->method('select')->willReturn($this->selectMock);
$this->selectMock->expects($this->atLeastOnce())->method('from')->willReturn($this->selectMock);
$this->selectMock->expects($this->atLeastOnce())->method('where')->willReturn($this->selectMock);
$this->selectMock->expects($this->atLeastOnce())->method('order')->willReturn($this->selectMock);
$this->selectMock->expects($this->atLeastOnce())->method('limit')->willReturn($this->selectMock);
$this->assertEquals($returnData, $this->model->getLatestPassword($uid));
}
/**
* Harden admin password change.
*
* New password must be minimum 7 chars length and include alphanumeric characters
* The password is compared to at least last 4 previous passwords to prevent setting them again
*
* @param EventObserver $observer
* @return void
* @throws \Magento\Framework\Exception\LocalizedException
*/
public function execute(EventObserver $observer)
{
/* @var $user \Magento\User\Model\User */
$user = $observer->getEvent()->getObject();
if ($user->getNewPassword()) {
$password = $user->getNewPassword();
} else {
$password = $user->getPassword();
}
if ($password && !$user->getForceNewPassword() && $user->getId()) {
if ($this->encryptor->isValidHash($password, $user->getOrigData('password'))) {
throw new \Magento\Framework\Exception\LocalizedException(__('Sorry, but this password has already been used. Please create another.'));
}
// check whether password was used before
$passwordHash = $this->encryptor->getHash($password, false);
foreach ($this->userResource->getOldPasswords($user) as $oldPasswordHash) {
if ($passwordHash === $oldPasswordHash) {
throw new \Magento\Framework\Exception\LocalizedException(__('Sorry, but this password has already been used. Please create another.'));
}
}
}
}
public function testCheckAdminPasswordChangeThrowsLocalizedExp()
{
$newPW = "mYn3wpassw0rd";
$uid = 123;
/** @var \Magento\Framework\Event\Observer|\PHPUnit_Framework_MockObject_MockObject $eventObserverMock */
$eventObserverMock = $this->getMockBuilder('Magento\\Framework\\Event\\Observer')->disableOriginalConstructor()->setMethods([])->getMock();
/** @var \Magento\Framework\Event|\PHPUnit_Framework_MockObject_MockObject */
$eventMock = $this->getMockBuilder('Magento\\Framework\\Event')->disableOriginalConstructor()->setMethods(['getObject'])->getMock();
/** @var \Magento\User\Model\User|\PHPUnit_Framework_MockObject_MockObject $userMock */
$userMock = $this->getMockBuilder('Magento\\User\\Model\\User')->disableOriginalConstructor()->setMethods(['getId', 'getNewPassword', 'getForceNewPassword'])->getMock();
$eventObserverMock->expects($this->once())->method('getEvent')->willReturn($eventMock);
$eventMock->expects($this->once())->method('getObject')->willReturn($userMock);
$userMock->expects($this->atLeastOnce())->method('getNewPassword')->willReturn($newPW);
$userMock->expects($this->once())->method('getForceNewPassword')->willReturn(false);
$userMock->expects($this->once())->method('getId')->willReturn($uid);
$this->encryptorMock->expects($this->once())->method('isValidHash')->willReturn(true);
$this->userMock->method('getOldPasswords')->willReturn([md5('pw1'), md5('pw2')]);
try {
$this->model->execute($eventObserverMock);
} catch (\Magento\Framework\Exception\LocalizedException $expected) {
return;
}
$this->fail('An expected exception has not been raised.');
}
public function testCheckPasswordChangeValid()
{
/** @var $validatorMock \Magento\Framework\Validator\DataObject|\PHPUnit_Framework_MockObject_MockObject */
$validatorMock = $this->getMockBuilder('Magento\\Framework\\Validator\\DataObject')->disableOriginalConstructor()->setMethods([])->getMock();
$this->validatorObjectFactoryMock->expects($this->once())->method('create')->willReturn($validatorMock);
$this->validationRulesMock->expects($this->once())->method('addUserInfoRules')->with($validatorMock);
$validatorMock->expects($this->once())->method('isValid')->willReturn(true);
$newPassword = "******";
$newPasswordHash = "new password hash";
$oldPassword = "******";
$this->model->setPassword($newPassword)->setId(1)->setOrigData('password', $oldPassword);
$this->encryptorMock->expects($this->once())->method('isValidHash')->with($newPassword, $oldPassword)->willReturn(false);
$this->encryptorMock->expects($this->once())->method('getHash')->with($newPassword, false)->willReturn($newPasswordHash);
$this->resourceMock->expects($this->once())->method('getOldPasswords')->willReturn(['hash1', 'hash2']);
$result = $this->model->validate();
$this->assertTrue($result);
}
/**
* Test for performIdentityCheck method
*
* @param bool $verifyIdentityResult
* @param bool $lockExpires
* @dataProvider dataProviderPerformIdentityCheck
*/
public function testPerformIdentityCheck($verifyIdentityResult, $lockExpires)
{
$password = '******';
$userName = '******';
$this->encryptorMock->expects($this->once())->method('validateHash')->with($password, $this->model->getPassword())->willReturn($verifyIdentityResult);
$this->model->setIsActive(true);
$this->resourceMock->expects($this->any())->method('hasAssigned2Role')->willReturn(true);
$this->model->setUserName($userName);
$this->model->setLockExpires($lockExpires);
$this->eventManagerMock->expects($this->any())->method('dispatch')->with('admin_user_authenticate_after', ['username' => $userName, 'password' => $password, 'user' => $this->model, 'result' => $verifyIdentityResult])->willReturnSelf();
if ($lockExpires) {
$this->setExpectedException('\\Magento\\Framework\\Exception\\State\\UserLockedException', __('Your account is temporarily disabled.'));
}
if (!$verifyIdentityResult) {
$this->setExpectedException('\\Magento\\Framework\\Exception\\AuthenticationException', __('You have entered an invalid password for current user.'));
}
$this->model->performIdentityCheck($password);
}
public function testAdminAuthenticateUpdateLockingInfo()
{
$password = "******";
$uid = 123;
$authResult = false;
$firstFailure = '1965-07-08 11:14:15.638276';
$numOfFailures = 5;
/** @var Observer|\PHPUnit_Framework_MockObject_MockObject $eventObserverMock */
$eventObserverMock = $this->getMockBuilder('Magento\\Framework\\Event\\Observer')->disableOriginalConstructor()->setMethods([])->getMock();
/** @var Event|\PHPUnit_Framework_MockObject_MockObject */
$eventMock = $this->getMockBuilder('Magento\\Framework\\Event')->disableOriginalConstructor()->setMethods(['getPassword', 'getUser', 'getResult'])->getMock();
/** @var ModelUser|\PHPUnit_Framework_MockObject_MockObject $userMock */
$userMock = $this->getMockBuilder('Magento\\User\\Model\\User')->disableOriginalConstructor()->setMethods(['getId', 'getFailuresNum', 'getFirstFailure'])->getMock();
$eventObserverMock->expects($this->atLeastOnce())->method('getEvent')->willReturn($eventMock);
$eventMock->expects($this->once())->method('getPassword')->willReturn($password);
$eventMock->expects($this->once())->method('getUser')->willReturn($userMock);
$eventMock->expects($this->once())->method('getResult')->willReturn($authResult);
$userMock->expects($this->once())->method('getId')->willReturn($uid);
$this->configInterfaceMock->expects($this->atLeastOnce())->method('getValue')->willReturn(1);
$userMock->expects($this->once())->method('getFailuresNum')->willReturn($numOfFailures);
$userMock->expects($this->once())->method('getFirstFailure')->willReturn($firstFailure);
$this->userMock->expects($this->once())->method('updateFailure');
$this->model->execute($eventObserverMock);
}
/**
* Update role users ACL.
*
* @param Role $subject
* @param Role $result
* @return Role
* @SuppressWarnings(PHPMD.UnusedFormalParameter)
*/
public function afterSave(Role $subject, Role $result)
{
$this->userResourceModel->updateRoleUsersAcl($subject);
return $result;
}
public function testAfterSave()
{
$this->userResourceModelMock->expects($this->once())->method('updateRoleUsersAcl')->with($this->roleMock);
$this->assertInstanceOf('\\Magento\\Authorization\\Model\\Role', $this->model->afterSave($this->roleMock, $this->roleMock));
}
public function testGetValidationRulesBeforeSave()
{
$rules = $this->_model->getValidationRulesBeforeSave();
$this->assertInstanceOf('Zend_Validate_Interface', $rules);
}
