public function passwordProcessAction(Request $req) { if (!$this->app['sentry']->check()) { return $this->redirectTo('login'); } $user = $this->app['sentry']->getUser(); /** * Okay, the logic is kind of weird but we can use the SignupForm * validation code to make sure our password changes are good */ $formData = array('password' => $req->get('password'), 'password2' => $req->get('password_confirm')); $form = new SignupForm($formData, $this->app['purifier']); $form->sanitize(); if ($form->validatePasswords() === false) { $this->app['session']->set('flash', array('type' => 'error', 'short' => 'Error', 'ext' => implode("<br>", $form->getErrorMessages()))); return $this->redirectTo('password_edit'); } /** * Resetting passwords looks weird because we need to use Sentry's * own built-in password reset functionality to do it */ $sanitized_data = $form->getCleanData(); $reset_code = $user->getResetPasswordCode(); if (!$user->attemptResetPassword($reset_code, $sanitized_data['password'])) { $this->app['session']->set('flash', array('type' => 'error', 'short' => 'Error', 'ext' => "Unable to update your password in the database. Please try again.")); return $this->redirectTo('password_edit'); } $this->app['session']->set('flash', array('type' => 'success', 'short' => 'Success', 'ext' => "Changed your password.")); return $this->redirectTo('password_edit'); }
/** * Test that bad passwords are being correctly matched and sanitized * * @test * @param string $passwd * @param string $passwd2 * @param string $expectedMessage * @param boolean $expectedResponse * @dataProvider badPasswordProvider */ public function badPasswordsAreBeingCorrectlyDetected($passwd, $passwd2, $expectedMessage, $expectedResponse) { $data = ['password' => $passwd, 'password2' => $passwd2]; $form = new \OpenCFP\Http\Form\SignupForm($data, $this->purifier); $form->sanitize(); $testResponse = $form->validatePasswords(); $this->assertEquals($expectedResponse, $testResponse); $this->assertContains($expectedMessage, $form->getErrorMessages(), "Did not get expected error message"); }