Merge pull request #7635 from dhensby/pulls/3.5/update-pwd-encryption-on-change

FIX Update meber passwordencryption to default on password change
This commit is contained in:
Loz Calver 2017-11-27 09:05:43 +00:00 committed by GitHub
commit b31b22ac8e
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
2 changed files with 18 additions and 27 deletions

View File

@ -975,8 +975,7 @@ class Member extends DataObject implements TemplateGlobalProvider {
$encryption_details = Security::encrypt_password(
$this->Password, // this is assumed to be cleartext
$this->Salt,
($this->PasswordEncryption) ?
$this->PasswordEncryption : Security::config()->password_encryption_algorithm,
$this->isChanged('PasswordEncryption') ? $this->PasswordEncryption : null,
$this
);

View File

@ -45,7 +45,21 @@ class MemberTest extends FunctionalTest {
parent::tearDown();
}
public function testPasswordEncryptionUpdatedOnChangedPassword()
{
Config::inst()->update('Security', 'password_encryption_algorithm', 'none');
$member = Member::create();
$member->SetPassword = 'password';
$member->write();
$this->assertEquals('password', $member->Password);
$this->assertEquals('none', $member->PasswordEncryption);
Config::inst()->update('Security', 'password_encryption_algorithm', 'blowfish');
$member->SetPassword = 'newpassword';
$member->write();
$this->assertNotEquals('password', $member->Password);
$this->assertNotEquals('newpassword', $member->Password);
$this->assertEquals('blowfish', $member->PasswordEncryption);
}
/**
* @expectedException ValidationException
@ -94,28 +108,6 @@ class MemberTest extends FunctionalTest {
);
}
public function testDefaultPasswordEncryptionDoesntChangeExistingMembers() {
$member = new Member();
$member->Password = 'mypassword';
$member->PasswordEncryption = 'sha1_v2.4';
$member->write();
$origAlgo = Security::config()->password_encryption_algorithm;
Security::config()->password_encryption_algorithm = 'none';
$member->Password = 'mynewpassword';
$member->write();
$this->assertEquals(
$member->PasswordEncryption,
'sha1_v2.4'
);
$result = $member->checkPassword('mynewpassword');
$this->assertTrue($result->valid());
Security::config()->password_encryption_algorithm = $origAlgo;
}
public function testKeepsEncryptionOnEmptyPasswords() {
$member = new Member();
$member->Password = 'mypassword';
@ -126,8 +118,8 @@ class MemberTest extends FunctionalTest {
$member->write();
$this->assertEquals(
$member->PasswordEncryption,
'sha1_v2.4'
Security::config()->get('password_encryption_algorithm'),
$member->PasswordEncryption
);
$result = $member->checkPassword('');
$this->assertTrue($result->valid());