diff options
| author | Nathan Guse <nathaniel.guse@gmail.com> | 2014-02-20 20:54:30 -0600 |
|---|---|---|
| committer | Nathan Guse <nathaniel.guse@gmail.com> | 2014-02-20 20:54:30 -0600 |
| commit | 2df2032b4877ea59412bff80a5b54a7ea6aeb8b8 (patch) | |
| tree | 06af63083a8732f072d439cf9bec4cf34b77ac3f | |
| parent | b8d30bfc80b5127c5dab1bfe18035e70d77bb7aa (diff) | |
| parent | 92f198037776e1832f6e58c93b20b3673631674f (diff) | |
| download | forums-2df2032b4877ea59412bff80a5b54a7ea6aeb8b8.tar forums-2df2032b4877ea59412bff80a5b54a7ea6aeb8b8.tar.gz forums-2df2032b4877ea59412bff80a5b54a7ea6aeb8b8.tar.bz2 forums-2df2032b4877ea59412bff80a5b54a7ea6aeb8b8.tar.xz forums-2df2032b4877ea59412bff80a5b54a7ea6aeb8b8.zip | |
Merge pull request #2025 from marc1706/ticket/12183
[ticket/12183] Update user_newpasswd column in users table for passwords manager
| -rw-r--r-- | phpBB/includes/db/schema_data.php | 4 | ||||
| -rw-r--r-- | phpBB/install/schemas/firebird_schema.sql | 4 | ||||
| -rw-r--r-- | phpBB/install/schemas/mssql_schema.sql | 4 | ||||
| -rw-r--r-- | phpBB/install/schemas/mysql_40_schema.sql | 4 | ||||
| -rw-r--r-- | phpBB/install/schemas/mysql_41_schema.sql | 4 | ||||
| -rw-r--r-- | phpBB/install/schemas/oracle_schema.sql | 4 | ||||
| -rw-r--r-- | phpBB/install/schemas/postgres_schema.sql | 4 | ||||
| -rw-r--r-- | phpBB/install/schemas/sqlite_schema.sql | 4 | ||||
| -rw-r--r-- | phpBB/phpbb/db/migration/data/v310/passwords_p2.php | 40 | ||||
| -rw-r--r-- | tests/functional/forgot_password_test.php | 13 | ||||
| -rw-r--r-- | tests/functional/user_password_reset_test.php | 122 |
11 files changed, 191 insertions, 16 deletions
diff --git a/phpBB/includes/db/schema_data.php b/phpBB/includes/db/schema_data.php index 9d7153f6b6..0447895433 100644 --- a/phpBB/includes/db/schema_data.php +++ b/phpBB/includes/db/schema_data.php @@ -1119,6 +1119,8 @@ $schema_data['phpbb_users'] = array( 'user_password' => array('VCHAR_UNI', ''), 'user_passchg' => array('TIMESTAMP', 0), 'user_pass_convert' => array('BOOL', 0), + 'user_actkey' => array('VCHAR:32', ''), + 'user_newpasswd' => array('VCHAR_UNI', ''), 'user_email' => array('VCHAR_UNI:100', ''), 'user_email_hash' => array('BINT', 0), 'user_birthday' => array('VCHAR:10', ''), @@ -1173,8 +1175,6 @@ $schema_data['phpbb_users'] = array( 'user_msnm' => array('VCHAR_UNI', ''), 'user_jabber' => array('VCHAR_UNI', ''), 'user_website' => array('VCHAR_UNI:200', ''), - 'user_actkey' => array('VCHAR:32', ''), - 'user_newpasswd' => array('VCHAR_UNI:40', ''), 'user_form_salt' => array('VCHAR_UNI:32', ''), 'user_new' => array('BOOL', 1), 'user_reminded' => array('TINT:4', 0), diff --git a/phpBB/install/schemas/firebird_schema.sql b/phpBB/install/schemas/firebird_schema.sql index 937b06eaae..263ebb4490 100644 --- a/phpBB/install/schemas/firebird_schema.sql +++ b/phpBB/install/schemas/firebird_schema.sql @@ -1372,6 +1372,8 @@ CREATE TABLE phpbb_users ( user_password VARCHAR(255) CHARACTER SET UTF8 DEFAULT '' NOT NULL COLLATE UNICODE, user_passchg INTEGER DEFAULT 0 NOT NULL, user_pass_convert INTEGER DEFAULT 0 NOT NULL, + user_actkey VARCHAR(32) CHARACTER SET NONE DEFAULT '' NOT NULL, + user_newpasswd VARCHAR(255) CHARACTER SET UTF8 DEFAULT '' NOT NULL COLLATE UNICODE, user_email VARCHAR(100) CHARACTER SET UTF8 DEFAULT '' NOT NULL COLLATE UNICODE, user_email_hash DOUBLE PRECISION DEFAULT 0 NOT NULL, user_birthday VARCHAR(10) CHARACTER SET NONE DEFAULT '' NOT NULL, @@ -1426,8 +1428,6 @@ CREATE TABLE phpbb_users ( user_msnm VARCHAR(255) CHARACTER SET UTF8 DEFAULT '' NOT NULL COLLATE UNICODE, user_jabber VARCHAR(255) CHARACTER SET UTF8 DEFAULT '' NOT NULL COLLATE UNICODE, user_website VARCHAR(200) CHARACTER SET UTF8 DEFAULT '' NOT NULL COLLATE UNICODE, - user_actkey VARCHAR(32) CHARACTER SET NONE DEFAULT '' NOT NULL, - user_newpasswd VARCHAR(40) CHARACTER SET UTF8 DEFAULT '' NOT NULL COLLATE UNICODE, user_form_salt VARCHAR(32) CHARACTER SET UTF8 DEFAULT '' NOT NULL COLLATE UNICODE, user_new INTEGER DEFAULT 1 NOT NULL, user_reminded INTEGER DEFAULT 0 NOT NULL, diff --git a/phpBB/install/schemas/mssql_schema.sql b/phpBB/install/schemas/mssql_schema.sql index 5df33e8057..11309d67a5 100644 --- a/phpBB/install/schemas/mssql_schema.sql +++ b/phpBB/install/schemas/mssql_schema.sql @@ -1688,6 +1688,8 @@ CREATE TABLE [phpbb_users] ( [user_password] [varchar] (255) DEFAULT ('') NOT NULL , [user_passchg] [int] DEFAULT (0) NOT NULL , [user_pass_convert] [int] DEFAULT (0) NOT NULL , + [user_actkey] [varchar] (32) DEFAULT ('') NOT NULL , + [user_newpasswd] [varchar] (255) DEFAULT ('') NOT NULL , [user_email] [varchar] (100) DEFAULT ('') NOT NULL , [user_email_hash] [float] DEFAULT (0) NOT NULL , [user_birthday] [varchar] (10) DEFAULT ('') NOT NULL , @@ -1742,8 +1744,6 @@ CREATE TABLE [phpbb_users] ( [user_msnm] [varchar] (255) DEFAULT ('') NOT NULL , [user_jabber] [varchar] (255) DEFAULT ('') NOT NULL , [user_website] [varchar] (200) DEFAULT ('') NOT NULL , - [user_actkey] [varchar] (32) DEFAULT ('') NOT NULL , - [user_newpasswd] [varchar] (40) DEFAULT ('') NOT NULL , [user_form_salt] [varchar] (32) DEFAULT ('') NOT NULL , [user_new] [int] DEFAULT (1) NOT NULL , [user_reminded] [int] DEFAULT (0) NOT NULL , diff --git a/phpBB/install/schemas/mysql_40_schema.sql b/phpBB/install/schemas/mysql_40_schema.sql index e546c2e98f..16c26fac4a 100644 --- a/phpBB/install/schemas/mysql_40_schema.sql +++ b/phpBB/install/schemas/mysql_40_schema.sql @@ -981,6 +981,8 @@ CREATE TABLE phpbb_users ( user_password blob NOT NULL, user_passchg int(11) UNSIGNED DEFAULT '0' NOT NULL, user_pass_convert tinyint(1) UNSIGNED DEFAULT '0' NOT NULL, + user_actkey varbinary(32) DEFAULT '' NOT NULL, + user_newpasswd blob NOT NULL, user_email blob NOT NULL, user_email_hash bigint(20) DEFAULT '0' NOT NULL, user_birthday varbinary(10) DEFAULT '' NOT NULL, @@ -1035,8 +1037,6 @@ CREATE TABLE phpbb_users ( user_msnm blob NOT NULL, user_jabber blob NOT NULL, user_website blob NOT NULL, - user_actkey varbinary(32) DEFAULT '' NOT NULL, - user_newpasswd varbinary(120) DEFAULT '' NOT NULL, user_form_salt varbinary(96) DEFAULT '' NOT NULL, user_new tinyint(1) UNSIGNED DEFAULT '1' NOT NULL, user_reminded tinyint(4) DEFAULT '0' NOT NULL, diff --git a/phpBB/install/schemas/mysql_41_schema.sql b/phpBB/install/schemas/mysql_41_schema.sql index eec7b985b0..b345e1f474 100644 --- a/phpBB/install/schemas/mysql_41_schema.sql +++ b/phpBB/install/schemas/mysql_41_schema.sql @@ -981,6 +981,8 @@ CREATE TABLE phpbb_users ( user_password varchar(255) DEFAULT '' NOT NULL, user_passchg int(11) UNSIGNED DEFAULT '0' NOT NULL, user_pass_convert tinyint(1) UNSIGNED DEFAULT '0' NOT NULL, + user_actkey varchar(32) DEFAULT '' NOT NULL, + user_newpasswd varchar(255) DEFAULT '' NOT NULL, user_email varchar(100) DEFAULT '' NOT NULL, user_email_hash bigint(20) DEFAULT '0' NOT NULL, user_birthday varchar(10) DEFAULT '' NOT NULL, @@ -1035,8 +1037,6 @@ CREATE TABLE phpbb_users ( user_msnm varchar(255) DEFAULT '' NOT NULL, user_jabber varchar(255) DEFAULT '' NOT NULL, user_website varchar(200) DEFAULT '' NOT NULL, - user_actkey varchar(32) DEFAULT '' NOT NULL, - user_newpasswd varchar(40) DEFAULT '' NOT NULL, user_form_salt varchar(32) DEFAULT '' NOT NULL, user_new tinyint(1) UNSIGNED DEFAULT '1' NOT NULL, user_reminded tinyint(4) DEFAULT '0' NOT NULL, diff --git a/phpBB/install/schemas/oracle_schema.sql b/phpBB/install/schemas/oracle_schema.sql index ad8d354db9..b819ba2c59 100644 --- a/phpBB/install/schemas/oracle_schema.sql +++ b/phpBB/install/schemas/oracle_schema.sql @@ -1805,6 +1805,8 @@ CREATE TABLE phpbb_users ( user_password varchar2(765) DEFAULT '' , user_passchg number(11) DEFAULT '0' NOT NULL, user_pass_convert number(1) DEFAULT '0' NOT NULL, + user_actkey varchar2(32) DEFAULT '' , + user_newpasswd varchar2(765) DEFAULT '' , user_email varchar2(300) DEFAULT '' , user_email_hash number(20) DEFAULT '0' NOT NULL, user_birthday varchar2(10) DEFAULT '' , @@ -1859,8 +1861,6 @@ CREATE TABLE phpbb_users ( user_msnm varchar2(765) DEFAULT '' , user_jabber varchar2(765) DEFAULT '' , user_website varchar2(600) DEFAULT '' , - user_actkey varchar2(32) DEFAULT '' , - user_newpasswd varchar2(120) DEFAULT '' , user_form_salt varchar2(96) DEFAULT '' , user_new number(1) DEFAULT '1' NOT NULL, user_reminded number(4) DEFAULT '0' NOT NULL, diff --git a/phpBB/install/schemas/postgres_schema.sql b/phpBB/install/schemas/postgres_schema.sql index 4412e29d09..be8af3c873 100644 --- a/phpBB/install/schemas/postgres_schema.sql +++ b/phpBB/install/schemas/postgres_schema.sql @@ -1253,6 +1253,8 @@ CREATE TABLE phpbb_users ( user_password varchar(255) DEFAULT '' NOT NULL, user_passchg INT4 DEFAULT '0' NOT NULL CHECK (user_passchg >= 0), user_pass_convert INT2 DEFAULT '0' NOT NULL CHECK (user_pass_convert >= 0), + user_actkey varchar(32) DEFAULT '' NOT NULL, + user_newpasswd varchar(255) DEFAULT '' NOT NULL, user_email varchar(100) DEFAULT '' NOT NULL, user_email_hash INT8 DEFAULT '0' NOT NULL, user_birthday varchar(10) DEFAULT '' NOT NULL, @@ -1307,8 +1309,6 @@ CREATE TABLE phpbb_users ( user_msnm varchar(255) DEFAULT '' NOT NULL, user_jabber varchar(255) DEFAULT '' NOT NULL, user_website varchar(200) DEFAULT '' NOT NULL, - user_actkey varchar(32) DEFAULT '' NOT NULL, - user_newpasswd varchar(40) DEFAULT '' NOT NULL, user_form_salt varchar(32) DEFAULT '' NOT NULL, user_new INT2 DEFAULT '1' NOT NULL CHECK (user_new >= 0), user_reminded INT2 DEFAULT '0' NOT NULL, diff --git a/phpBB/install/schemas/sqlite_schema.sql b/phpBB/install/schemas/sqlite_schema.sql index 644cf775eb..717b242a57 100644 --- a/phpBB/install/schemas/sqlite_schema.sql +++ b/phpBB/install/schemas/sqlite_schema.sql @@ -952,6 +952,8 @@ CREATE TABLE phpbb_users ( user_password varchar(255) NOT NULL DEFAULT '', user_passchg INTEGER UNSIGNED NOT NULL DEFAULT '0', user_pass_convert INTEGER UNSIGNED NOT NULL DEFAULT '0', + user_actkey varchar(32) NOT NULL DEFAULT '', + user_newpasswd varchar(255) NOT NULL DEFAULT '', user_email varchar(100) NOT NULL DEFAULT '', user_email_hash bigint(20) NOT NULL DEFAULT '0', user_birthday varchar(10) NOT NULL DEFAULT '', @@ -1006,8 +1008,6 @@ CREATE TABLE phpbb_users ( user_msnm varchar(255) NOT NULL DEFAULT '', user_jabber varchar(255) NOT NULL DEFAULT '', user_website varchar(200) NOT NULL DEFAULT '', - user_actkey varchar(32) NOT NULL DEFAULT '', - user_newpasswd varchar(40) NOT NULL DEFAULT '', user_form_salt varchar(32) NOT NULL DEFAULT '', user_new INTEGER UNSIGNED NOT NULL DEFAULT '1', user_reminded tinyint(4) NOT NULL DEFAULT '0', diff --git a/phpBB/phpbb/db/migration/data/v310/passwords_p2.php b/phpBB/phpbb/db/migration/data/v310/passwords_p2.php new file mode 100644 index 0000000000..553e79403d --- /dev/null +++ b/phpBB/phpbb/db/migration/data/v310/passwords_p2.php @@ -0,0 +1,40 @@ +<?php +/** +* +* @package migration +* @copyright (c) 2014 phpBB Group +* @license http://opensource.org/licenses/gpl-license.php GNU Public License v2 +* +*/ + +namespace phpbb\db\migration\data\v310; + +class passwords_p2 extends \phpbb\db\migration\migration +{ + static public function depends_on() + { + return array('\phpbb\db\migration\data\v310\passwords'); + } + + public function update_schema() + { + return array( + 'change_columns' => array( + $this->table_prefix . 'users' => array( + 'user_newpasswd' => array('VCHAR:255', ''), + ), + ), + ); + } + + public function revert_schema() + { + return array( + 'change_columns' => array( + $this->table_prefix . 'users' => array( + 'user_newpasswd' => array('VCHAR:40', ''), + ), + ), + ); + } +} diff --git a/tests/functional/forgot_password_test.php b/tests/functional/forgot_password_test.php index 906224efbb..3b6fd15d02 100644 --- a/tests/functional/forgot_password_test.php +++ b/tests/functional/forgot_password_test.php @@ -41,4 +41,17 @@ class phpbb_functional_forgot_password_test extends phpbb_functional_test_case } + public function tearDown() + { + $this->login(); + $this->admin_login(); + + $crawler = self::request('GET', 'adm/index.php?sid=' . $this->sid . '&i=acp_board&mode=security'); + + // Enable allow_password_reset again after test + $form = $crawler->selectButton('Submit')->form(array( + 'config[allow_password_reset]' => 1, + )); + $crawler = self::submit($form); + } } diff --git a/tests/functional/user_password_reset_test.php b/tests/functional/user_password_reset_test.php new file mode 100644 index 0000000000..65222c1aa6 --- /dev/null +++ b/tests/functional/user_password_reset_test.php @@ -0,0 +1,122 @@ +<?php +/** +* +* @package testing +* @copyright (c) 2014 phpBB Group +* @license http://opensource.org/licenses/gpl-2.0.php GNU General Public License v2 +* +*/ + +/** +* @group functional +*/ +class phpbb_functional_user_password_reset_test extends phpbb_functional_test_case +{ + protected $user_data; + + public function test_password_reset() + { + $this->add_lang('ucp'); + $user_id = $this->create_user('reset-password-test-user'); + + $crawler = self::request('GET', "ucp.php?mode=sendpassword&sid={$this->sid}"); + $form = $crawler->selectButton('submit')->form(array( + 'username' => 'reset-password-test-user', + )); + $crawler = self::submit($form); + $this->assertContainsLang('NO_EMAIL_USER', $crawler->text()); + + $crawler = self::request('GET', "ucp.php?mode=sendpassword&sid={$this->sid}"); + $form = $crawler->selectButton('submit')->form(array( + 'username' => 'reset-password-test-user', + 'email' => 'nobody@example.com', + )); + $crawler = self::submit($form); + $this->assertContainsLang('PASSWORD_UPDATED', $crawler->text()); + + // Check if columns in database were updated for password reset + $this->get_user_data(); + $this->assertNotNull($this->user_data['user_actkey']); + $this->assertNotNull($this->user_data['user_newpasswd']); + + // Make sure we know the password + $db = $this->get_db(); + $this->passwords_manager = $this->get_passwords_manager(); + $sql = 'UPDATE ' . USERS_TABLE . " + SET user_newpasswd = '" . $db->sql_escape($this->passwords_manager->hash('reset-password-test-user')) . "' + WHERE user_id = " . $user_id; + $db->sql_query($sql); + } + + public function test_login_after_reset() + { + $this->login('reset-password-test-user'); + } + + public function data_activate_new_password() + { + return array( + array('WRONG_ACTIVATION', false, 'FOOBAR'), + array('ALREADY_ACTIVATED', 2, 'FOOBAR'), + array('PASSWORD_ACTIVATED', false, false), + array('ALREADY_ACTIVATED', false, false), + ); + } + + /** + * @dataProvider data_activate_new_password + */ + public function test_activate_new_password($expected, $user_id, $act_key) + { + $this->add_lang('ucp'); + $this->get_user_data(); + $user_id = (!$user_id) ? $this->user_data['user_id'] : $user_id; + $act_key = (!$act_key) ? $this->user_data['user_actkey'] : $act_key; + + $crawler = self::request('GET', "ucp.php?mode=activate&u=$user_id&k=$act_key&sid={$this->sid}"); + $this->assertContainsLang($expected, $crawler->text()); + } + + public function test_login() + { + $this->add_lang('ucp'); + $crawler = self::request('GET', 'ucp.php'); + $this->assertContains($this->lang('LOGIN_EXPLAIN_UCP'), $crawler->filter('html')->text()); + + $form = $crawler->selectButton($this->lang('LOGIN'))->form(); + $crawler = self::submit($form, array('username' => 'reset-password-test-user', 'password' => 'reset-password-test-user')); + $this->assertNotContains($this->lang('LOGIN'), $crawler->filter('.navbar')->text()); + + $cookies = self::$cookieJar->all(); + + // The session id is stored in a cookie that ends with _sid - we assume there is only one such cookie + foreach ($cookies as $cookie); + { + if (substr($cookie->getName(), -4) == '_sid') + { + $this->sid = $cookie->getValue(); + } + } + + $this->logout(); + + $crawler = self::request('GET', 'ucp.php'); + $this->assertContains($this->lang('LOGIN_EXPLAIN_UCP'), $crawler->filter('html')->text()); + + $form = $crawler->selectButton($this->lang('LOGIN'))->form(); + // Try logging in with the old password + $crawler = self::submit($form, array('username' => 'reset-password-test-user', 'password' => 'reset-password-test-userreset-password-test-user')); + $this->assertContains($this->lang('LOGIN_ERROR_PASSWORD', '', ''), $crawler->filter('html')->text()); + } + + protected function get_user_data() + { + $db = $this->get_db(); + $sql = 'SELECT user_id, username, user_type, user_email, user_newpasswd, user_lang, user_notify_type, user_actkey, user_inactive_reason + FROM ' . USERS_TABLE . " + WHERE username = 'reset-password-test-user'"; + $result = $db->sql_query($sql); + $this->user_data = $db->sql_fetchrow($result); + $db->sql_freeresult($result); + } +} |