Password hashing (#10926)

author: Thomas Steur <tsteur@users.noreply.github.com> 2016-12-02 07:08:15 +0300
committer: Matthieu Aubry <mattab@users.noreply.github.com> 2016-12-02 07:08:15 +0300
commit: a9038318a94cc32f0f15add5272322ff6afe71f5 (patch)
tree: 9bcd2bf82fe8087e819ce679d07c678b92660ec0 /tests
parent: c10a289bf1e6dc11347b3d0f7235ffd9fa9aaaad (diff)
3 files changed, 22 insertions, 17 deletions
diff --git a/tests/PHPUnit/Framework/Fixture.php b/tests/PHPUnit/Framework/Fixture.php
index c0ea0ce4cd..131af64a0f 100644
--- a/tests/PHPUnit/Framework/Fixture.php
+++ b/tests/PHPUnit/Framework/Fixture.php
@@ -12,6 +12,7 @@ use Piwik\Application\Environment;
 use Piwik\Archive;
 use Piwik\ArchiveProcessor\PluginsArchiver;
 use Piwik\Auth;
+use Piwik\Auth\Password;
 use Piwik\Cache\Backend\File;
 use Piwik\Cache as PiwikCache;
 use Piwik\Common;
@@ -663,34 +664,38 @@ class Fixture extends \PHPUnit_Framework_Assert
      */
     public static function getTokenAuth()
     {
-        return APIUsersManager::getInstance()->getTokenAuth(
-            self::ADMIN_USER_LOGIN,
-            UsersManager::getPasswordHash(self::ADMIN_USER_PASSWORD)
-        );
+        $model = new \Piwik\Plugins\UsersManager\Model();
+        $user  = $model->getUser(self::ADMIN_USER_LOGIN);
+
+        return $user['token_auth'];
     }
 
     public static function createSuperUser($removeExisting = true)
     {
-        $login = self::ADMIN_USER_LOGIN;
-        $password = UsersManager::getPasswordHash(self::ADMIN_USER_PASSWORD);
-        $token = self::getTokenAuth();
+        $passwordHelper = new Password();
+
+        $login    = self::ADMIN_USER_LOGIN;
+        $password = $passwordHelper->hash(UsersManager::getPasswordHash(self::ADMIN_USER_PASSWORD));
+        $token    = APIUsersManager::getInstance()->createTokenAuth($login);
 
         $model = new \Piwik\Plugins\UsersManager\Model();
+        $user  = $model->getUser($login);
+
         if ($removeExisting) {
             $model->deleteUserOnly($login);
         }
 
-        $user = $model->getUser($login);
-
-        if (empty($user)) {
+        if (!empty($user) && !$removeExisting) {
+            $token = $user['token_auth'];
+        }
+        if (empty($user) || $removeExisting) {
             $model->addUser($login, $password, 'hello@example.org', $login, $token, Date::now()->getDatetime());
         } else {
             $model->updateUser($login, $password, 'hello@example.org', $login, $token);
         }
 
-        if (empty($user['superuser_access'])) {
-            $model->setSuperUserAccess($login, true);
-        }
+        $setSuperUser = empty($user) || !empty($user['superuser_access']);
+        $model->setSuperUserAccess($login, $setSuperUser);
 
         return $model->getUserByTokenAuth($token);
     }
diff --git a/tests/PHPUnit/Integration/Tracker/RequestTest.php b/tests/PHPUnit/Integration/Tracker/RequestTest.php
index bff3c80b08..05eee7ea30 100644
--- a/tests/PHPUnit/Integration/Tracker/RequestTest.php
+++ b/tests/PHPUnit/Integration/Tracker/RequestTest.php
@@ -293,7 +293,7 @@ class RequestTest extends IntegrationTestCase
         $login = 'myadmin';
         $passwordHash = UsersManager::getPasswordHash('password');
 
-        $token = API::getInstance()->getTokenAuth($login, $passwordHash);
+        $token = API::getInstance()->createTokenAuth($login);
 
         $user = new Model();
         $user->addUser($login, $passwordHash, 'admin@piwik', 'alias', $token, '2014-01-01 00:00:00');
diff --git a/tests/resources/OmniFixture-dump.sql b/tests/resources/OmniFixture-dump.sql
index 350c46c1d1..209e820824 100644
--- a/tests/resources/OmniFixture-dump.sql
+++ b/tests/resources/OmniFixture-dump.sql
@@ -814,10 +814,10 @@ DROP TABLE IF EXISTS `user`;
 /*!40101 SET character_set_client = utf8 */;
 CREATE TABLE `user` (
   `login` varchar(100) NOT NULL,
-  `password` char(32) NOT NULL,
+  `password` varchar(255) NOT NULL,
   `alias` varchar(45) NOT NULL,
   `email` varchar(100) NOT NULL,
-  `token_auth` char(32) NOT NULL,
+  `token_auth` char(64) NOT NULL,
   `superuser_access` tinyint(2) unsigned NOT NULL DEFAULT '0',
   `date_registered` timestamp NULL DEFAULT NULL,
   PRIMARY KEY (`login`),
@@ -831,7 +831,7 @@ CREATE TABLE `user` (
 
 LOCK TABLES `user` WRITE;
 /*!40000 ALTER TABLE `user` DISABLE KEYS */;
-INSERT INTO `user` VALUES ('superUserLogin','1e56c228742c0189d261500852e27a02','superUserLogin','hello@example.org','9ad1de7f8b329ab919d854c556f860c1',1,'2016-03-09 09:10:19');
+INSERT INTO `user` VALUES ('superUserLogin','$2y$10$vh5d/W6S9M7u.1G2gc1TOeetRi.6HN6OG1jq47j5JhixtqTxkdGVi','superUserLogin','hello@example.org','9ad1de7f8b329ab919d854c556f860c1',1,'2016-03-09 09:10:19');
 /*!40000 ALTER TABLE `user` ENABLE KEYS */;
 UNLOCK TABLES;
author	Thomas Steur <tsteur@users.noreply.github.com>	2016-12-02 07:08:15 +0300
committer	Matthieu Aubry <mattab@users.noreply.github.com>	2016-12-02 07:08:15 +0300
commit	a9038318a94cc32f0f15add5272322ff6afe71f5 (patch)
tree	9bcd2bf82fe8087e819ce679d07c678b92660ec0 /tests
parent	c10a289bf1e6dc11347b3d0f7235ffd9fa9aaaad (diff)