diff options
author | diosmosis <diosmosis@users.noreply.github.com> | 2018-09-06 19:42:06 +0300 |
---|---|---|
committer | Stefan Giehl <stefan@piwik.org> | 2018-09-06 19:42:06 +0300 |
commit | c9d4cfcb7b7fb7735058a8b265801e16406c4f69 (patch) | |
tree | e66c0958bf09f4c72eb001648e4ff7649f04c1bd | |
parent | 9acf1e0ee4a7da143ec5e72640db9660f892424b (diff) |
Make sure user is not logged out when settings saved w/ no password change. (#13391)
Makes sure when password is not deliberately set through API, ts_password_modified does not change.
-rw-r--r-- | plugins/UsersManager/API.php | 2 | ||||
-rw-r--r-- | plugins/UsersManager/Controller.php | 3 | ||||
-rw-r--r-- | plugins/UsersManager/Model.php | 9 | ||||
-rw-r--r-- | plugins/UsersManager/tests/Integration/APITest.php | 13 |
4 files changed, 22 insertions, 5 deletions
diff --git a/plugins/UsersManager/API.php b/plugins/UsersManager/API.php index 20062acbce..c5c636d3b9 100644 --- a/plugins/UsersManager/API.php +++ b/plugins/UsersManager/API.php @@ -808,7 +808,7 @@ class API extends \Piwik\Plugin\API $passwordHasBeenUpdated = false; if (empty($password)) { - $password = $userInfo['password']; + $password = false; } else { $password = Common::unsanitizeInputValue($password); diff --git a/plugins/UsersManager/Controller.php b/plugins/UsersManager/Controller.php index 310003c2d2..552e81be0f 100644 --- a/plugins/UsersManager/Controller.php +++ b/plugins/UsersManager/Controller.php @@ -410,6 +410,7 @@ class Controller extends ControllerAdmin $alias = Common::getRequestVar('alias'); $email = Common::getRequestVar('email'); $newPassword = false; + $password = Common::getRequestvar('password', false); $passwordBis = Common::getRequestvar('passwordBis', false); if (!empty($password) @@ -439,7 +440,7 @@ class Controller extends ControllerAdmin $auth = StaticContainer::get('Piwik\Auth'); $auth->setLogin($userLogin); $auth->setPassword($newPassword); - $sessionInitializer->initSession($auth, $rememberMe = false); + $sessionInitializer->initSession($auth); } } diff --git a/plugins/UsersManager/Model.php b/plugins/UsersManager/Model.php index b130459e35..e19294b160 100644 --- a/plugins/UsersManager/Model.php +++ b/plugins/UsersManager/Model.php @@ -310,12 +310,15 @@ class Model public function updateUser($userLogin, $hashedPassword, $email, $alias, $tokenAuth) { - $this->updateUserFields($userLogin, array( - 'password' => $hashedPassword, + $fields = array( 'alias' => $alias, 'email' => $email, 'token_auth' => $tokenAuth - )); + ); + if (!empty($hashedPassword)) { + $fields['password'] = $hashedPassword; + } + $this->updateUserFields($userLogin, $fields); } public function updateUserTokenAuth($userLogin, $tokenAuth) diff --git a/plugins/UsersManager/tests/Integration/APITest.php b/plugins/UsersManager/tests/Integration/APITest.php index 241ce6d4bf..4c4bae1882 100644 --- a/plugins/UsersManager/tests/Integration/APITest.php +++ b/plugins/UsersManager/tests/Integration/APITest.php @@ -304,6 +304,19 @@ class APITest extends IntegrationTestCase $this->assertTrue($passwordHelper->verify(UsersManager::getPasswordHash('newPassword'), $user['password'])); } + public function test_updateUser_doesNotChangePasswordIfFalsey() + { + $model = new Model(); + $userBefore = $model->getUser($this->login); + + $this->api->updateUser($this->login, false, 'email@example.com', 'newAlias', false); + + $user = $model->getUser($this->login); + + $this->assertSame($userBefore['password'], $user['password']); + $this->assertSame($userBefore['ts_password_modified'], $user['ts_password_modified']); + } + public function test_getSitesAccessFromUser_forSuperUser() { $user2 = 'userLogin2'; |