public function testRun()
{
$this->resetDb();
$app = $this->getApp();
$repo = $app['storage']->getRepository('Bolt\\Storage\\Entity\\Users');
$user = new Entity\Users(['username' => 'koala', 'password' => 'GumL3@ve$', 'email' => '*****@*****.**', 'displayname' => 'Drop Bear', 'roles' => ['root']]);
$repo->save($user);
$command = new UserResetPassword($app);
$tester = new CommandTester($command);
$helper = $this->getMock('\\Symfony\\Component\\Console\\Helper\\QuestionHelper', ['ask']);
$helper->expects($this->once())->method('ask')->will($this->returnValue(true));
$set = new HelperSet(['question' => $helper]);
$command->setHelperSet($set);
$tester->execute(['username' => 'koala'], ['interactive' => false]);
$result = $tester->getDisplay();
$this->assertRegExp('#New password for koala is #', trim($result));
$this->assertSame(38, strlen(trim($result)));
// Test that the saved value matches the hash
$repo = $app['storage']->getRepository('Bolt\\Storage\\Entity\\Users');
$userEntity = $repo->getUser('koala');
$userAuth = $repo->getUserAuthData($userEntity->getId());
$crypt = new PasswordLib();
// Check the old password isn't valid
$auth = $crypt->verifyPasswordHash('GumL3@ve$', $userAuth->getPassword());
$this->assertFalse($auth);
// Check the new password is valid
$bits = explode(' ', trim($result));
$auth = $crypt->verifyPasswordHash($bits[5], $userAuth->getPassword());
$this->assertTrue($auth);
}
public function testShuffleString()
{
$crypt = new PasswordLib();
$string = 'abcdefghijklmnopqrstuvwxyz';
$newString = $crypt->shuffleString($string);
$this->assertNotEquals($string, $newString);
$cnt = count_chars($string, 1);
$cnt2 = count_chars($newString, 1);
$this->assertEquals($cnt, $cnt2);
}
/**
* Hash user passwords on save.
*
* @param Entity\Users $usersEntity
*/
protected function passwordHash(Entity\Users $usersEntity)
{
if ($usersEntity->getShadowSave()) {
return;
} elseif ($usersEntity->getPassword() && $usersEntity->getPassword() !== '**dontchange**') {
$crypt = new PasswordLib();
$usersEntity->setPassword($crypt->createPasswordHash($usersEntity->getPassword(), '$2a$', ['cost' => $this->hashStrength]));
} else {
unset($usersEntity->password);
}
}
/**
* Check a user login request for username/password combinations.
*
* @param string $userName
* @param string $password
*
* @return boolean
*/
protected function loginCheckPassword($userName, $password)
{
if (!($userEntity = $this->getUserEntity($userName))) {
return false;
}
$crypt = new PasswordLib();
if (!$crypt->verifyPasswordHash($password, $userEntity->getPassword())) {
$this->loginFailed($userEntity);
return false;
}
return $this->loginFinish($userEntity);
}
public function testRun()
{
$this->resetDb();
$app = $this->getApp();
$command = new UserAdd($app);
$tester = new CommandTester($command);
$tester->execute(['username' => 'test', 'displayname' => 'Test', 'email' => '*****@*****.**', 'password' => 'testPass', 'role' => 'admin']);
$result = $tester->getDisplay();
$this->assertEquals('Successfully created user: test', trim($result));
// Test that the saved value matches the hash
$repo = $app['storage']->getRepository('Bolt\\Storage\\Entity\\Users');
$userEntity = $repo->getUser('test');
$crypt = new PasswordLib();
$auth = $crypt->verifyPasswordHash('testPass', $userEntity->getPassword());
$this->assertTrue($auth);
}
public function testSetRandomPassword()
{
$app = $this->getApp();
$this->addDefaultUser($app);
$entityName = 'Bolt\\Storage\\Entity\\Users';
$repo = $app['storage']->getRepository($entityName);
$logger = $this->getMock('\\Monolog\\Logger', ['info'], ['testlogger']);
$logger->expects($this->atLeastOnce())->method('info')->with($this->equalTo("Password for user 'admin' was reset via Nut."));
$app['logger.system'] = $logger;
$password = new Password($app);
$newPass = $password->setRandomPassword('admin');
$userEntity = $repo->getUser('admin');
$crypt = new PasswordLib();
$compare = $crypt->verifyPasswordHash($newPass, $userEntity->getPassword());
$this->assertTrue($compare);
$this->assertEmpty($userEntity->getShadowpassword());
$this->assertEmpty($userEntity->getShadowtoken());
$this->assertNull($userEntity->getShadowvalidity());
}
/**
* Sends email with password request. Accepts email or username.
*
* @param string $username
* @param string $remoteIP
*
* @return boolean
*/
public function resetPasswordRequest($username, $remoteIP)
{
$userEntity = $this->app['storage']->getRepository('Bolt\\Storage\\Entity\\Users')->getUser($username);
if (!$userEntity) {
// For safety, this is the message we display, regardless of whether user exists.
$this->app['logger.flash']->info(Trans::__("A password reset link has been sent to '%user%'.", ['%user%' => $username]));
return false;
}
// Generate shadow password and hash
$crypt = new PasswordLib();
$cost = $this->app['access_control.hash.strength'];
$shadowPassword = $this->app['randomgenerator']->generateString(12);
$shadowPasswordHash = $crypt->createPasswordHash($shadowPassword, '$2a$', ['cost' => $cost]);
// Generate shadow token and hash
$shadowToken = $this->app['randomgenerator']->generateString(32);
$shadowTokenHash = md5($shadowToken . '-' . str_replace('.', '-', $remoteIP));
// Set the shadow password and related stuff in the database.
$userEntity->setShadowpassword($shadowPasswordHash);
$userEntity->setShadowtoken($shadowTokenHash);
$userEntity->setShadowvalidity(Carbon::create()->addHours(2));
$this->app['storage']->getRepository('Bolt\\Storage\\Entity\\Users')->save($userEntity);
$mailoptions = $this->app['config']->get('general/mailoptions');
// PHP 5.4 compatibility
if (empty($mailoptions)) {
$this->app['logger.flash']->error(Trans::__("The email configuration setting 'mailoptions' hasn't been set. Bolt may be unable to send password reset."));
}
// Sent the password reset notification
$this->resetPasswordNotification($userEntity, $shadowPassword, $shadowToken);
return true;
}
private function configureListeners()
{
$this->before(function (Request $request) {
$this['locale'] = $request->headers->get('Content-Language', $this['config']['locale']);
if (0 === strpos($request->headers->get('Content-Type'), 'application/json')) {
$data = json_decode($request->getContent(), true);
$request->request->replace(is_array($data) ? $data : []);
}
});
$this->before(function () {
if (!isset($_SERVER['PHP_AUTH_USER'])) {
throw new UnauthorizedHttpException('Teampass API', $this['translator']->trans('user.unauthorized', [], 'messages', $this['locale']));
}
$user = $this['repository.user']->findByLogin($_SERVER['PHP_AUTH_USER']);
if (null === $user) {
throw new AccessDeniedHttpException($this['translator']->trans('user.not_found', ['username' => $_SERVER['PHP_AUTH_USER']], 'messages', $this['locale']));
}
if (true == $user['disabled']) {
throw new AccessDeniedHttpException($this['translator']->trans('user.disabled', ['username' => $_SERVER['PHP_AUTH_USER']], 'messages', $this['locale']));
}
$crypt = new PasswordLib();
if (!$crypt->verifyPasswordHash($_SERVER['PHP_AUTH_PW'], $user['pw'])) {
throw new AccessDeniedHttpException($this['translator']->trans('user.wrong_password', [], 'messages', $this['locale']));
}
$this['user'] = $user;
});
$this->error(function (\Exception $e, $code) {
return new JsonResponse(['code' => $code, 'message' => $e->getMessage()], $code, ['Content-Type' => 'application/problem+json']);
});
}
