/** * Creates a native user in Omegaup and returns the DAO populated * * @param string $username optional * @param string $password optional * @param string $email optional * @return user (DAO) */ public static function createUser($username = null, $password = null, $email = null, $verify = true) { // If data is not provided, generate it randomly if (is_null($username)) { $username = Utils::CreateRandomString(); } if (is_null($password)) { $password = Utils::CreateRandomString(); } if (is_null($email)) { $email = Utils::CreateRandomString() . '@mail.com'; } // Populate a new Request to pass to the API UserController::$permissionKey = uniqid(); $r = new Request(array('username' => $username, 'name' => $username, 'password' => $password, 'email' => $email, 'permission_key' => UserController::$permissionKey)); // Call the API $response = UserController::apiCreate($r); // If status is not OK if (strcasecmp($response['status'], 'ok') !== 0) { throw new Exception('UserFactory::createUser failed'); } // Get user from db $user = UsersDAO::FindByUsername($username); if ($verify) { UserController::$redirectOnVerify = false; $user = self::verifyUser($user); } else { $user->verified = 0; UsersDAO::save($user); } // Password came hashed from DB. Set password in plaintext $user->setPassword($password); return $user; }
/** * Updates the password of a given user, this is the second and last step * in order to reset the password. This operation is done if and only if * the correct parameters are suplied. * @param Request $r * @return array * @throws InvalidParameterException */ public static function apiUpdate(Request $r) { self::ValidateUpdateRequest($r); $user = UsersDAO::FindByEmail($r['email']); $user->setPassword(SecurityTools::hashString($r['password'])); $user->setResetDigest(null); $user->setResetSentAt(null); UsersDAO::save($user); global $smarty; return array('status' => 'ok', 'message' => IS_TEST ? 'message' : $smarty->getConfigVariable('passwordResetResetSuccess')); }
public function testShouldRefuseMultipleRequestsInShortInterval() { $user_data = UserFactory::generateUser(); $r = new Request(array('email' => $user_data['email'])); $response = ResetController::apiCreate($r); try { ResetController::apiCreate($r); } catch (InvalidParameterException $expected) { $message = $expected->getMessage(); } $this->assertEquals('passwordResetMinWait', $message); // time travel $reset_sent_at = ApiUtils::GetStringTime(time() - PASSWORD_RESET_MIN_WAIT - 1); $user = UsersDAO::FindByEmail($user_data['email']); $user->setResetSentAt($reset_sent_at); UsersDAO::save($user); ResetController::apiCreate($r); }
public function testShouldRefuseExpiredReset() { $user_data = UserFactory::generateUser(); $r = new Request(array('email' => $user_data['email'])); $response = ResetController::apiCreate($r); $user_data['password_confirmation'] = $user_data['password']; $user_data['reset_token'] = $response['token']; // Time travel $reset_sent_at = ApiUtils::GetStringTime(time() - PASSWORD_RESET_TIMEOUT - 1); $user = UsersDAO::FindByEmail($user_data['email']); $user->setResetSentAt($reset_sent_at); UsersDAO::save($user); try { $r = new Request($user_data); $response = ResetController::apiUpdate($r); } catch (InvalidParameterException $expected) { $message = $expected->getMessage(); } $this->assertEquals('passwordResetResetExpired', $message); }
/** * Updates the main email of the current user * * @param Request $r */ public static function apiUpdateMainEmail(Request $r) { self::authenticateRequest($r); Validators::isEmail($r['email'], 'email'); try { // Update email $email = EmailsDAO::getByPK($r['current_user']->getMainEmailId()); $email->setEmail($r['email']); EmailsDAO::save($email); // Add verification_id if not there if ($r['current_user']->getVerified() == '0') { self::$log->info('User not verified.'); if ($r['current_user']->getVerificationId() == null) { self::$log->info('User does not have verification id. Generating.'); try { $r['current_user']->setVerificationId(self::randomString(50)); UsersDAO::save($r['current_user']); } catch (Exception $e) { // best effort, eat exception } } } } catch (Exception $e) { // If duplicate in DB if (strpos($e->getMessage(), '1062') !== false) { throw new DuplicatedEntryInDatabaseException('mailInUse'); } else { throw new InvalidDatabaseOperationException($e); } } // Delete profile cache Cache::deleteFromCache(Cache::USER_PROFILE, $r['current_user']->getUsername()); // Send verification email $r['user'] = $r['current_user']; self::sendVerificationEmail($r); return array('status' => 'ok'); }
/** * Logins with empty passwords in DB are disabled * * @expectedException LoginDisabledException */ public function testLoginDisabled() { // User to be verified $user = UserFactory::createUser(); // Force empty password $user->setPassword(''); UsersDAO::save($user); $this->login($user); }