public function testCRUD()
{
midcom::get('auth')->request_sudo('midcom.core');
$account = midcom_core_account::get(self::$_person);
$this->assertTrue($account instanceof midcom_core_account);
$password = '******' . time();
$account->set_password($password);
$this->assertEquals(midcom_connection::prepare_password($password), $account->get_password());
$username = __CLASS__ . ' user ' . time();
$account->set_username($username);
$this->assertEquals($username, $account->get_username());
$stat = $account->save();
$this->assertTrue($stat);
$new_username = __CLASS__ . ' user ' . time();
$account->set_username($new_username);
$stat = $account->save();
$this->assertTrue($stat);
$this->assertEquals($new_username, $account->get_username());
$stat = $account->delete();
$this->assertTrue($stat);
midcom::get('auth')->drop_sudo();
}
function _migrate_account($person)
{
$user = new midgard_user();
$db_password = $person->password;
if (substr($person->password, 0, 2) == '**') {
$db_password = substr($db_password, 2);
} else {
echo ' Legacy password detected for user ' . $person->username . ". Resetting to 'password', please change ASAP\n";
$db_password = '******';
}
$user->authtype = $GLOBALS['midcom_config']['auth_type'];
$user->password = midcom_connection::prepare_password($db_password);
$user->login = $person->username;
if ($GLOBALS['midcom_config']['person_class'] != 'midgard_person') {
$mgd_person = new midgard_person($person->guid);
} else {
$mgd_person = $person;
}
$user->set_person($mgd_person);
$user->active = true;
try {
$user->create();
} catch (midgard_error_exception $e) {
return false;
}
return true;
}
/**
* Set the account's password
*
* @param string $password The password to set
* @param boolean $encode Should the password be encoded according to the configured auth type
*/
public function set_password($password, $encode = true)
{
$this->_new_password = $password;
$this->_old_password = $this->get_password();
if ($encode) {
$password = midcom_connection::prepare_password($password);
}
if ($this->_midgard2) {
$this->_user->password = $password;
} else {
$this->_person->password = $password;
}
}
/**
* Sets username and password for person
*
* @param string $username Contains username
* @param string $new_password Contains the new password to set
*/
public function set_account($username, $new_password)
{
$this->_account = midcom_core_account::get($this->_person);
if (!empty($new_password)) {
$new_password_encrypted = midcom_connection::prepare_password($new_password);
//check if the new encrypted password was already used
if ($this->check_password_reuse($new_password_encrypted) && $this->check_password_strength($new_password)) {
$this->_save_old_password();
$this->_account->set_password($new_password);
} else {
$this->errstr = "password strength too low";
return false;
}
}
$this->_account->set_username($username);
//probably username not unique
if (!$this->_account->save()) {
$this->errstr = "Failed to save account";
return false;
}
if (!empty($new_password)) {
//add timestamp of password-change
$this->_person->set_parameter("org_openpsa_user_password", "last_change", time());
}
//sets privilege
midcom::get('auth')->request_sudo($this->_component);
$this->_person->set_privilege('midgard:owner', "user:" . $this->_person->guid);
midcom::get('auth')->drop_sudo();
return true;
}
/**
* @depends testCheck_password_strength
* @depends testCheck_password_reuse
* @depends testGenerate_safe_password
*/
public function testSet_account()
{
$accounthelper = new org_openpsa_user_accounthelper(self::$_user);
$account = midcom_core_account::get(self::$_user);
$password = $account->get_password();
$username = $account->get_username();
midcom::get('auth')->request_sudo('org.openpsa.user');
self::$_user->delete_parameter('org_openpsa_user_password', 'old_passwords');
self::$_user->delete_parameter('org_openpsa_user_password', 'last_change');
do {
$new_password = $accounthelper->generate_safe_password();
} while ($password === $new_password);
$new_username = $username . time();
$this->assertTrue($accounthelper->set_account($new_username, $new_password));
midcom::get('auth')->drop_sudo();
$this->assertEquals(midcom_connection::prepare_password($new_password), $account->get_password());
$this->assertEquals($new_username, $account->get_username());
$this->assertFalse(is_null(self::$_user->get_parameter('org_openpsa_user_password', 'last_change')));
$this->assertEquals(serialize(array($password)), self::$_user->get_parameter('org_openpsa_user_password', 'old_passwords'));
}
