FIX Update meber passwordencryption to default on password change

This commit is contained in:
Daniel Hensby 2017-11-23 20:28:25 +00:00
parent 79bba8bfd1
commit 2ad3cc07d5
No known key found for this signature in database
GPG Key ID: B00D1E9767F0B06E
2 changed files with 18 additions and 27 deletions

View File

@ -975,8 +975,7 @@ class Member extends DataObject implements TemplateGlobalProvider {
$encryption_details = Security::encrypt_password( $encryption_details = Security::encrypt_password(
$this->Password, // this is assumed to be cleartext $this->Password, // this is assumed to be cleartext
$this->Salt, $this->Salt,
($this->PasswordEncryption) ? $this->isChanged('PasswordEncryption') ? $this->PasswordEncryption : null,
$this->PasswordEncryption : Security::config()->password_encryption_algorithm,
$this $this
); );

View File

@ -45,7 +45,21 @@ class MemberTest extends FunctionalTest {
parent::tearDown(); parent::tearDown();
} }
public function testPasswordEncryptionUpdatedOnChangedPassword()
{
Config::inst()->update('Security', 'password_encryption_algorithm', 'none');
$member = Member::create();
$member->SetPassword = 'password';
$member->write();
$this->assertEquals('password', $member->Password);
$this->assertEquals('none', $member->PasswordEncryption);
Config::inst()->update('Security', 'password_encryption_algorithm', 'blowfish');
$member->SetPassword = 'newpassword';
$member->write();
$this->assertNotEquals('password', $member->Password);
$this->assertNotEquals('newpassword', $member->Password);
$this->assertEquals('blowfish', $member->PasswordEncryption);
}
/** /**
* @expectedException ValidationException * @expectedException ValidationException
@ -94,28 +108,6 @@ class MemberTest extends FunctionalTest {
); );
} }
public function testDefaultPasswordEncryptionDoesntChangeExistingMembers() {
$member = new Member();
$member->Password = 'mypassword';
$member->PasswordEncryption = 'sha1_v2.4';
$member->write();
$origAlgo = Security::config()->password_encryption_algorithm;
Security::config()->password_encryption_algorithm = 'none';
$member->Password = 'mynewpassword';
$member->write();
$this->assertEquals(
$member->PasswordEncryption,
'sha1_v2.4'
);
$result = $member->checkPassword('mynewpassword');
$this->assertTrue($result->valid());
Security::config()->password_encryption_algorithm = $origAlgo;
}
public function testKeepsEncryptionOnEmptyPasswords() { public function testKeepsEncryptionOnEmptyPasswords() {
$member = new Member(); $member = new Member();
$member->Password = 'mypassword'; $member->Password = 'mypassword';
@ -126,8 +118,8 @@ class MemberTest extends FunctionalTest {
$member->write(); $member->write();
$this->assertEquals( $this->assertEquals(
$member->PasswordEncryption, Security::config()->get('password_encryption_algorithm'),
'sha1_v2.4' $member->PasswordEncryption
); );
$result = $member->checkPassword(''); $result = $member->checkPassword('');
$this->assertTrue($result->valid()); $this->assertTrue($result->valid());