diff options
author | Thomas Steur <tsteur@users.noreply.github.com> | 2016-12-02 07:08:15 +0300 |
---|---|---|
committer | Matthieu Aubry <mattab@users.noreply.github.com> | 2016-12-02 07:08:15 +0300 |
commit | a9038318a94cc32f0f15add5272322ff6afe71f5 (patch) | |
tree | 9bcd2bf82fe8087e819ce679d07c678b92660ec0 /tests | |
parent | c10a289bf1e6dc11347b3d0f7235ffd9fa9aaaad (diff) |
Password hashing (#10926)
Diffstat (limited to 'tests')
-rw-r--r-- | tests/PHPUnit/Framework/Fixture.php | 31 | ||||
-rw-r--r-- | tests/PHPUnit/Integration/Tracker/RequestTest.php | 2 | ||||
-rw-r--r-- | tests/resources/OmniFixture-dump.sql | 6 |
3 files changed, 22 insertions, 17 deletions
diff --git a/tests/PHPUnit/Framework/Fixture.php b/tests/PHPUnit/Framework/Fixture.php index c0ea0ce4cd..131af64a0f 100644 --- a/tests/PHPUnit/Framework/Fixture.php +++ b/tests/PHPUnit/Framework/Fixture.php @@ -12,6 +12,7 @@ use Piwik\Application\Environment; use Piwik\Archive; use Piwik\ArchiveProcessor\PluginsArchiver; use Piwik\Auth; +use Piwik\Auth\Password; use Piwik\Cache\Backend\File; use Piwik\Cache as PiwikCache; use Piwik\Common; @@ -663,34 +664,38 @@ class Fixture extends \PHPUnit_Framework_Assert */ public static function getTokenAuth() { - return APIUsersManager::getInstance()->getTokenAuth( - self::ADMIN_USER_LOGIN, - UsersManager::getPasswordHash(self::ADMIN_USER_PASSWORD) - ); + $model = new \Piwik\Plugins\UsersManager\Model(); + $user = $model->getUser(self::ADMIN_USER_LOGIN); + + return $user['token_auth']; } public static function createSuperUser($removeExisting = true) { - $login = self::ADMIN_USER_LOGIN; - $password = UsersManager::getPasswordHash(self::ADMIN_USER_PASSWORD); - $token = self::getTokenAuth(); + $passwordHelper = new Password(); + + $login = self::ADMIN_USER_LOGIN; + $password = $passwordHelper->hash(UsersManager::getPasswordHash(self::ADMIN_USER_PASSWORD)); + $token = APIUsersManager::getInstance()->createTokenAuth($login); $model = new \Piwik\Plugins\UsersManager\Model(); + $user = $model->getUser($login); + if ($removeExisting) { $model->deleteUserOnly($login); } - $user = $model->getUser($login); - - if (empty($user)) { + if (!empty($user) && !$removeExisting) { + $token = $user['token_auth']; + } + if (empty($user) || $removeExisting) { $model->addUser($login, $password, 'hello@example.org', $login, $token, Date::now()->getDatetime()); } else { $model->updateUser($login, $password, 'hello@example.org', $login, $token); } - if (empty($user['superuser_access'])) { - $model->setSuperUserAccess($login, true); - } + $setSuperUser = empty($user) || !empty($user['superuser_access']); + $model->setSuperUserAccess($login, $setSuperUser); return $model->getUserByTokenAuth($token); } diff --git a/tests/PHPUnit/Integration/Tracker/RequestTest.php b/tests/PHPUnit/Integration/Tracker/RequestTest.php index bff3c80b08..05eee7ea30 100644 --- a/tests/PHPUnit/Integration/Tracker/RequestTest.php +++ b/tests/PHPUnit/Integration/Tracker/RequestTest.php @@ -293,7 +293,7 @@ class RequestTest extends IntegrationTestCase $login = 'myadmin'; $passwordHash = UsersManager::getPasswordHash('password'); - $token = API::getInstance()->getTokenAuth($login, $passwordHash); + $token = API::getInstance()->createTokenAuth($login); $user = new Model(); $user->addUser($login, $passwordHash, 'admin@piwik', 'alias', $token, '2014-01-01 00:00:00'); diff --git a/tests/resources/OmniFixture-dump.sql b/tests/resources/OmniFixture-dump.sql index 350c46c1d1..209e820824 100644 --- a/tests/resources/OmniFixture-dump.sql +++ b/tests/resources/OmniFixture-dump.sql @@ -814,10 +814,10 @@ DROP TABLE IF EXISTS `user`; /*!40101 SET character_set_client = utf8 */; CREATE TABLE `user` ( `login` varchar(100) NOT NULL, - `password` char(32) NOT NULL, + `password` varchar(255) NOT NULL, `alias` varchar(45) NOT NULL, `email` varchar(100) NOT NULL, - `token_auth` char(32) NOT NULL, + `token_auth` char(64) NOT NULL, `superuser_access` tinyint(2) unsigned NOT NULL DEFAULT '0', `date_registered` timestamp NULL DEFAULT NULL, PRIMARY KEY (`login`), @@ -831,7 +831,7 @@ CREATE TABLE `user` ( LOCK TABLES `user` WRITE; /*!40000 ALTER TABLE `user` DISABLE KEYS */; -INSERT INTO `user` VALUES ('superUserLogin','1e56c228742c0189d261500852e27a02','superUserLogin','hello@example.org','9ad1de7f8b329ab919d854c556f860c1',1,'2016-03-09 09:10:19'); +INSERT INTO `user` VALUES ('superUserLogin','$2y$10$vh5d/W6S9M7u.1G2gc1TOeetRi.6HN6OG1jq47j5JhixtqTxkdGVi','superUserLogin','hello@example.org','9ad1de7f8b329ab919d854c556f860c1',1,'2016-03-09 09:10:19'); /*!40000 ALTER TABLE `user` ENABLE KEYS */; UNLOCK TABLES; |