More cases with 8.1 warnings

4 files changed, 44 insertions, 7 deletions

diff --git a/includes/functions-auth.php b/includes/functions-auth.php
index 52a677a4..d284457a 100644
--- a/includes/functions-auth.php
+++ b/includes/functions-auth.php
@@ -173,11 +173,15 @@ function yourls_check_password_hash( $user, $submitted_password ) {
  * @return true|string  if overwrite was successful, an error message otherwise
  */
 function yourls_hash_passwords_now( $config_file ) {
-	if( !is_readable( $config_file ) )
-		return 'cannot read file'; // not sure that can actually happen...
+	if( !is_readable( $config_file ) ) {
+        yourls_debug_log( 'Cannot hash passwords: cannot read file ' . $config_file );
+        return 'cannot read file'; // not sure that can actually happen...
+    }
 
-	if( !is_writable( $config_file ) )
+	if( !is_writable( $config_file ) ) {
+        yourls_debug_log( 'Cannot hash passwords: cannot write file ' . $config_file );
 		return 'cannot write file';
+    }
 
     $yourls_user_passwords = [];
 	// Include file to read value of $yourls_user_passwords
@@ -188,11 +192,16 @@ function yourls_hash_passwords_now( $config_file ) {
 	error_reporting( $errlevel );
 
 	$configdata = file_get_contents( $config_file );
-	if( $configdata == false )
-		return 'could not read file';
+
+    if( $configdata == false ) {
+        yourls_debug_log('Cannot hash passwords: file_get_contents() false with ' . $config_file);
+        return 'could not read file';
+    }
 
 	$to_hash = 0; // keep track of number of passwords that need hashing
 	foreach ( $yourls_user_passwords as $user => $password ) {
+        // avoid "deprecated" warning when password is null -- see test case in tests/data/auth/preg_replace_problem.php
+        $password ??= '';
 		if ( !yourls_has_phpass_password( $user ) && !yourls_has_md5_password( $user ) ) {
 			$to_hash++;
 			$hash = yourls_phpass_hash( $password );
@@ -211,8 +220,10 @@ function yourls_hash_passwords_now( $config_file ) {
 		}
 	}
 
-	if( $to_hash == 0 )
-		return 0; // There was no password to encrypt
+	if( $to_hash == 0 ) {
+        yourls_debug_log('Cannot hash passwords: no password found in ' . $config_file);
+        return 'no password found';
+    }
 
 	$success = file_put_contents( $config_file, $configdata );
 	if ( $success === FALSE ) {
diff --git a/tests/data/auth/nopassword.php b/tests/data/auth/nopassword.php
new file mode 100644
index 00000000..c4f37750
--- /dev/null
+++ b/tests/data/auth/nopassword.php
@@ -0,0 +1,3 @@
+<?php
+
+/** No password defined */
diff --git a/tests/data/auth/preg_replace_problem.php b/tests/data/auth/preg_replace_problem.php
new file mode 100644
index 00000000..6639f971
--- /dev/null
+++ b/tests/data/auth/preg_replace_problem.php
@@ -0,0 +1,9 @@
+<?php
+
+/** Valid PHP syntax but too complicated for our parser */
+
+$login = 'joe';
+$password = 'some_password';
+$yourls_user_passwords = [
+    $login => $password,
+];
diff --git a/tests/tests/auth/auth.php b/tests/tests/auth/auth.php
index 3cd8b0f2..703acbb1 100644
--- a/tests/tests/auth/auth.php
+++ b/tests/tests/auth/auth.php
@@ -216,6 +216,20 @@ class Auth_Func_Tests extends PHPUnit\Framework\TestCase {
     }
 
     /**
+     * Check that encrypting file with no passwords returns expected error
+     */
+    public function test_hash_passwords_now_no_pwd() {
+        $this->assertSame('no password found', yourls_hash_passwords_now( YOURLS_TESTDATA_DIR . '/auth/nopassword.php' ) );
+    }
+
+    /**
+     * Check that encrypting file with incorrect content returns expected error
+     */
+    public function test_hash_passwords_now_bad_content() {
+        $this->assertSame('preg_replace problem', yourls_hash_passwords_now( YOURLS_TESTDATA_DIR . '/auth/preg_replace_problem.php' ) );
+    }
+
+    /**
      * Check that in-file password encryption works as expected with different kinds of passwords
      *
      * This test checks that encrypting the config file, with different kinds of pwd, results in a valid