public function setUp() { parent::setUp(); Zend_Registry::set('staticSalt', sha1(mt_rand())); $this->_authUser = UserTest::createRandomTestUser(); $this->_authUser->setUsername('Admin'); $this->_authUser->setPassword(UserService::encryptPassword('password', $this->_authUser->getSalt())); AclRoleService::create($this->_authUser->getRole()); UserService::create($this->_authUser); }
/** * @depends testLostPasswordActionAsGuestWithValidEmail */ public function testResetPasswordActionWithValidTokenAndValidFormData($resetToken) { $user = UserService::findOneByUsername('testuser'); $this->dispatch('/user/resetpassword?token=' . $resetToken); $this->assertNotRedirect(); $this->assertQuery('form#userPasswordResetForm'); $this->getRequest()->setMethod('POST')->setPost(array('csrf' => $this->_getFormCsrf(), 'password' => 'testuser2', 'passwordConfirm' => 'testuser2')); $this->redispatch('/user/resetpassword?token=' . $resetToken, false); $this->assertFalse(UserService::verifyPassword($user, 'testuser')); $this->assertRedirectTo('/login', 'Failed to redirect'); $user->setPassword(UserService::encryptPassword($user->getUsername(), $user->getSalt())); UserService::update(); }
/** * Password reset action * * Allows user to reset their password. * * @return void */ public function resetpasswordAction() { if (Zend_Auth::getInstance()->hasIdentity()) { return $this->_helper->redirector('index', 'index'); } $token = $this->getRequest()->getParam('token', null); if (null === $token || '' == $token) { throw new UserControllerException('Invalid verification token'); } if (null == ($passwordResetToken = UserPasswordResetTokenService::findOneByToken($token))) { throw new UserControllerException('Invalid verification token'); } $form = new \Application_Form_UserPasswordReset(); $request = $this->getRequest(); if ($request->isPost()) { if ($form->isValid($request->getPost())) { $data = $form->getValues(); // Update user's password $user = $passwordResetToken->getUser(); $user->setPassword(UserService::encryptPassword($data['password'])); UserService::update(); // Track changes UserEditEventService::create(array('user' => $user, 'editor' => $user, 'ip' => $this->getRequest()->getServer('REMOTE_ADDR'), 'date' => new DateTime(), 'description' => 'Password reset.')); // Delete sender verification record UserPasswordResetTokenService::delete($passwordResetToken); // Redirect to login page $this->_helper->sessionMessenger('Password reset successfully. You may now login using your new password.', 'success'); return $this->getHelper('Redirector')->gotoRoute(array(), 'login'); } else { // Submitted form data is invalid $this->getResponse()->setHttpResponseCode(500); $this->view->success = 0; } } $this->view->form = $form; }
/** * Update User entity * * @param User $user * @param array $data * @return void */ private function _updateUser(User $user, array $data) { if (isset($data['newPassword']) && '' != $data['newPassword']) { // Verify old password #if(!UserService::verifyPassword($this->_user, $data['password'])) { # throw new Exception('Current password is invalid'); #} $data['password'] = UserService::encryptPassword($data['newPassword']); } else { $data['password'] = $user->getPassword(); } unset($data['newPassword']); unset($data['newPasswordConfirm']); if (isset($data['role'])) { $data['role'] = AclRoleService::findOneById($data['role']); } if (isset($data['timeZone'])) { $data['timeZone'] = TimeZoneService::findOneById($data['timeZone']); } // Track changes $changes = array(); foreach ($data as $key => $newValue) { if ($key === 'userId') { continue; } $oldValue = $user->{'get' . ucfirst($key)}(); Logger::debug(__METHOD__ . ":: {$key}"); Logger::debug(__METHOD__ . ":: OLD => " . (is_object($oldValue) ? get_class($oldValue) : var_export($oldValue, true))); Logger::debug(__METHOD__ . ":: NEW => " . (is_object($newValue) ? get_class($newValue) : var_export($newValue, true))); // Only update changed properties, and keep track of the changes as well if ($this->_valueChanged($oldValue, $newValue)) { Logger::debug(__METHOD__ . ":: {$key} has changed"); Logger::debug(__METHOD__ . ":: OLD => " . (is_object($oldValue) ? get_class($oldValue) : var_export($oldValue, true))); Logger::debug(__METHOD__ . ":: NEW => " . (is_object($newValue) ? get_class($newValue) : var_export($newValue, true))); $oldVal = $oldValue; $newVal = $newValue; if (is_object($newValue)) { if (isset($oldValue)) { $oldVal = $oldValue->getName(); } else { $oldVal = ''; } $newVal = $newValue->getName(); } elseif (is_object($oldValue)) { $oldVal = $oldValue->getName(); } $changes[] = array('item' => $key, 'oldValue' => $oldVal, 'newValue' => $newVal); // Set new value $user->{'set' . ucfirst($key)}($newValue); } } UserService::update(); // Any changes to record? if (count($changes) > 0) { $description = ''; foreach ($changes as $change) { $description .= sprintf('%s changed from "%s" to "%s".', $change['item'], $change['oldValue'] === 0 ? '0' : $change['oldValue'], $change['newValue']) . PHP_EOL; } UserEditEventService::create(array('user' => $user, 'editor' => $this->_user, 'ip' => $this->getRequest()->getServer('REMOTE_ADDR'), 'date' => new DateTime(), 'description' => rtrim($description))); return true; } return false; }
/** * Insert test data into test DB. * * @return void */ private static function insertTestData() { // Insert test data $roles = array('admin' => AclRoleService::create(array('name' => 'Administrator', 'description' => 'Site Administrator')), 'user' => AclRoleService::create(array('name' => 'User', 'description' => 'Regular user')), 'guest' => AclRoleService::create(array('name' => 'Guest', 'description' => 'Anonymous guest'))); $resources = array('default' => AclResourceService::create(array('identifier' => 'mvc:default:all', 'name' => 'Global non-admin access')), 'userLogin' => AclResourceService::create(array('identifier' => 'mvc:default:user:login', 'name' => 'User login')), 'admin' => AclResourceService::create(array('identifier' => 'mvc:admin', 'name' => 'Admin interface'))); AclPermissionService::create(array('role' => $roles['guest'], 'resource' => $resources['default'], 'name' => 'view')); AclPermissionService::create(array('role' => $roles['guest'], 'resource' => $resources['userLogin'], 'name' => 'view')); AclPermissionService::create(array('role' => $roles['admin'], 'resource' => $resources['admin'], 'name' => 'view')); #AclPermissionService::create(array('role' => $roles['admin'], 'resource' => $resources['adminIndex'], 'name' => 'view')); $userData = array(array('username' => 'admin', 'firstName' => 'admin', 'lastName' => 'istrator', 'role' => $roles['admin']), array('username' => 'testuser', 'firstName' => 'test', 'lastName' => 'er', 'role' => $roles['user'])); $timeZone = TimeZoneService::create(array('name' => 'America/Los_Angeles')); $users = array(); foreach ($userData as $u) { $user = UserService::create(array('role' => $u['role'], 'username' => $u['username'], 'password' => $u['username'], 'email' => $u['username'] . '@example.com', 'dateCreated' => new \DateTime(), 'lastConnect' => new \DateTime(), 'active' => 1, 'locked' => 0)); $user->setPassword(UserService::encryptPassword($user->getPassword())); $profile = UserProfileService::create(array('user' => $user, 'firstName' => $u['firstName'], 'lastName' => $u['lastName'], 'phone' => '408-555-5555', 'website' => '', 'timeZone' => $timeZone)); $user->setProfile($profile); #UserService::update(); #UserProfileService::update(); $users[$u['username']] = $user; } }
public function testVerifyPassword() { $user = UserTest::createTestUser(); $password = '******'; Zend_Registry::set('staticSalt', sha1(mt_rand())); $encrypted = UserService::encryptPassword($password); $user->setPassword($encrypted); $this->assertTrue(UserService::verifyPassword($user, $password)); }