diff options
author | Ozh <ozh@ozh.org> | 2022-05-01 20:19:44 +0300 |
---|---|---|
committer | Ozh <ozh@ozh.org> | 2022-05-01 20:19:44 +0300 |
commit | d8ebb710f4549565dfde0f4c5e806c626d63a37f (patch) | |
tree | 7a636df941605538129fb52173fe7cfdbb8767b3 | |
parent | d0292359217374ef216d83ac8c3711f5e6523603 (diff) |
More cases with 8.1 warnings
-rw-r--r-- | includes/functions-auth.php | 25 | ||||
-rw-r--r-- | tests/data/auth/nopassword.php | 3 | ||||
-rw-r--r-- | tests/data/auth/preg_replace_problem.php | 9 | ||||
-rw-r--r-- | tests/tests/auth/auth.php | 14 |
4 files changed, 44 insertions, 7 deletions
diff --git a/includes/functions-auth.php b/includes/functions-auth.php index 52a677a4..d284457a 100644 --- a/includes/functions-auth.php +++ b/includes/functions-auth.php @@ -173,11 +173,15 @@ function yourls_check_password_hash( $user, $submitted_password ) { * @return true|string if overwrite was successful, an error message otherwise */ function yourls_hash_passwords_now( $config_file ) { - if( !is_readable( $config_file ) ) - return 'cannot read file'; // not sure that can actually happen... + if( !is_readable( $config_file ) ) { + yourls_debug_log( 'Cannot hash passwords: cannot read file ' . $config_file ); + return 'cannot read file'; // not sure that can actually happen... + } - if( !is_writable( $config_file ) ) + if( !is_writable( $config_file ) ) { + yourls_debug_log( 'Cannot hash passwords: cannot write file ' . $config_file ); return 'cannot write file'; + } $yourls_user_passwords = []; // Include file to read value of $yourls_user_passwords @@ -188,11 +192,16 @@ function yourls_hash_passwords_now( $config_file ) { error_reporting( $errlevel ); $configdata = file_get_contents( $config_file ); - if( $configdata == false ) - return 'could not read file'; + + if( $configdata == false ) { + yourls_debug_log('Cannot hash passwords: file_get_contents() false with ' . $config_file); + return 'could not read file'; + } $to_hash = 0; // keep track of number of passwords that need hashing foreach ( $yourls_user_passwords as $user => $password ) { + // avoid "deprecated" warning when password is null -- see test case in tests/data/auth/preg_replace_problem.php + $password ??= ''; if ( !yourls_has_phpass_password( $user ) && !yourls_has_md5_password( $user ) ) { $to_hash++; $hash = yourls_phpass_hash( $password ); @@ -211,8 +220,10 @@ function yourls_hash_passwords_now( $config_file ) { } } - if( $to_hash == 0 ) - return 0; // There was no password to encrypt + if( $to_hash == 0 ) { + yourls_debug_log('Cannot hash passwords: no password found in ' . $config_file); + return 'no password found'; + } $success = file_put_contents( $config_file, $configdata ); if ( $success === FALSE ) { diff --git a/tests/data/auth/nopassword.php b/tests/data/auth/nopassword.php new file mode 100644 index 00000000..c4f37750 --- /dev/null +++ b/tests/data/auth/nopassword.php @@ -0,0 +1,3 @@ +<?php + +/** No password defined */ diff --git a/tests/data/auth/preg_replace_problem.php b/tests/data/auth/preg_replace_problem.php new file mode 100644 index 00000000..6639f971 --- /dev/null +++ b/tests/data/auth/preg_replace_problem.php @@ -0,0 +1,9 @@ +<?php + +/** Valid PHP syntax but too complicated for our parser */ + +$login = 'joe'; +$password = 'some_password'; +$yourls_user_passwords = [ + $login => $password, +]; diff --git a/tests/tests/auth/auth.php b/tests/tests/auth/auth.php index 3cd8b0f2..703acbb1 100644 --- a/tests/tests/auth/auth.php +++ b/tests/tests/auth/auth.php @@ -216,6 +216,20 @@ class Auth_Func_Tests extends PHPUnit\Framework\TestCase { } /** + * Check that encrypting file with no passwords returns expected error + */ + public function test_hash_passwords_now_no_pwd() { + $this->assertSame('no password found', yourls_hash_passwords_now( YOURLS_TESTDATA_DIR . '/auth/nopassword.php' ) ); + } + + /** + * Check that encrypting file with incorrect content returns expected error + */ + public function test_hash_passwords_now_bad_content() { + $this->assertSame('preg_replace problem', yourls_hash_passwords_now( YOURLS_TESTDATA_DIR . '/auth/preg_replace_problem.php' ) ); + } + + /** * Check that in-file password encryption works as expected with different kinds of passwords * * This test checks that encrypting the config file, with different kinds of pwd, results in a valid |