public function testResetPasswordActionWithInvalidFormData()
{
// Preparation
$user = UserService::findOneByUsername('testuser');
$this->dispatch('/user/lostpassword');
$this->getRequest()->setMethod('POST')->setPost(array('username' => $user->getUsername()));
$this->redispatch('/user/lostpassword', false);
$this->assertRedirectTo('/home', 'Failed to redirect');
$resetToken = UserPasswordResetTokenService::findOneByUser($user->getId());
$this->assertTrue(null !== $resetToken);
// Test
$this->redispatch('/user/resetpassword?token=' . $resetToken->getToken());
$this->assertNotRedirect();
$this->assertQuery('form#userPasswordResetForm');
$this->getRequest()->setMethod('POST')->setPost(array('csrf' => $this->_getFormCsrf(), 'password' => '123', 'passwordConfirm' => '123'));
$this->redispatch('/user/resetpassword?token=' . $resetToken->getToken(), false);
$this->assertNotRedirect();
$this->assertQuery('form#userPasswordResetForm');
$this->assertTrue(UserService::verifyPassword($user, 'testuser'));
}
/**
* Change Password Action
*
* @return void
*/
public function changepasswordAction()
{
$user = $this->_user;
$form = new \Application_Form_UserPasswordChange();
$request = $this->getRequest();
if ($request->isPost()) {
if ($form->isValid($request->getPost())) {
$data = $form->getValues();
try {
// Verify old password
if (!UserService::verifyPassword($user, $data['oldPassword'])) {
$message = 'Invalid old password';
$this->view->messages()->addMessage($message, 'error');
} else {
$user->setPassword(UserService::encryptPassword($data['newPassword']));
// Redirect to login page
$this->_helper->sessionMessenger('Password changed successfully. You may now login using your new password.', 'success');
Zend_Auth::getInstance()->clearIdentity();
return $this->getHelper('Redirector')->gotoRoute(array(), 'login');
}
} catch (Exception $e) {
// @codeCoverageIgnoreStart
$this->getResponse()->setHttpResponseCode(500);
$this->view->success = 0;
$message = 'development' == APPLICATION_ENV ? $e->getMessage() : 'Application error: UCCPA001';
$this->view->messages()->addMessage($message, 'error');
Logger::err($e->getMessage());
}
// @codeCoverageIgnoreEnd
} else {
// Submitted form data is invalid
$this->getResponse()->setHttpResponseCode(500);
$this->view->success = 0;
}
} else {
// Not a POST request
}
$this->view->form = $form;
}
/**
* Atempts to authenticate
*
* @throws Zend_Auth_Adapter_Exception if answering the authentication query is impossible
* @return Zend_Auth_Result
*/
public function authenticate()
{
if (null !== ($user = UserService::findOneByUsername($this->identity))) {
if (!UserService::verifyPassword($user, $this->credential)) {
$this->authResultInfo['code'] = AuthResult::FAILURE_CREDENTIAL_INVALID;
$this->authResultInfo['messages'][] = 'Supplied credential is invalid.';
} elseif (!$user->getActive()) {
$this->authResultInfo['code'] = AuthResult::FAILURE_REQUIRES_EMAIL_VERIFICATION;
$this->authResultInfo['messages'][] = 'User account requires email address verification.';
} elseif ($user->getLocked()) {
$this->authResultInfo['code'] = AuthResult::FAILURE_ACCOUNT_LOCKED;
$this->authResultInfo['messages'][] = 'User account is locked.';
} else {
$this->user = $user;
$user->setLastConnect(new \DateTime());
UserService::update();
$this->authResultInfo['code'] = AuthResult::SUCCESS;
$this->authResultInfo['messages'][] = 'Authentication successful.';
}
} else {
$this->authResultInfo['code'] = AuthResult::FAILURE_IDENTITY_NOT_FOUND;
$this->authResultInfo['messages'][] = 'Identity not found.';
}
return $this->authenticateCreateAuthResult();
}
public function testVerifyPassword()
{
$user = UserTest::createTestUser();
$password = '******';
Zend_Registry::set('staticSalt', sha1(mt_rand()));
$encrypted = UserService::encryptPassword($password);
$user->setPassword($encrypted);
$this->assertTrue(UserService::verifyPassword($user, $password));
}
