mirror of
https://github.com/silverstripe/silverstripe-framework
synced 2024-10-22 14:05:37 +02:00
Merge pull request #7635 from dhensby/pulls/3.5/update-pwd-encryption-on-change
FIX Update meber passwordencryption to default on password change
This commit is contained in:
commit
b31b22ac8e
@ -975,8 +975,7 @@ class Member extends DataObject implements TemplateGlobalProvider {
|
||||
$encryption_details = Security::encrypt_password(
|
||||
$this->Password, // this is assumed to be cleartext
|
||||
$this->Salt,
|
||||
($this->PasswordEncryption) ?
|
||||
$this->PasswordEncryption : Security::config()->password_encryption_algorithm,
|
||||
$this->isChanged('PasswordEncryption') ? $this->PasswordEncryption : null,
|
||||
$this
|
||||
);
|
||||
|
||||
|
@ -45,7 +45,21 @@ class MemberTest extends FunctionalTest {
|
||||
parent::tearDown();
|
||||
}
|
||||
|
||||
|
||||
public function testPasswordEncryptionUpdatedOnChangedPassword()
|
||||
{
|
||||
Config::inst()->update('Security', 'password_encryption_algorithm', 'none');
|
||||
$member = Member::create();
|
||||
$member->SetPassword = 'password';
|
||||
$member->write();
|
||||
$this->assertEquals('password', $member->Password);
|
||||
$this->assertEquals('none', $member->PasswordEncryption);
|
||||
Config::inst()->update('Security', 'password_encryption_algorithm', 'blowfish');
|
||||
$member->SetPassword = 'newpassword';
|
||||
$member->write();
|
||||
$this->assertNotEquals('password', $member->Password);
|
||||
$this->assertNotEquals('newpassword', $member->Password);
|
||||
$this->assertEquals('blowfish', $member->PasswordEncryption);
|
||||
}
|
||||
|
||||
/**
|
||||
* @expectedException ValidationException
|
||||
@ -94,28 +108,6 @@ class MemberTest extends FunctionalTest {
|
||||
);
|
||||
}
|
||||
|
||||
public function testDefaultPasswordEncryptionDoesntChangeExistingMembers() {
|
||||
$member = new Member();
|
||||
$member->Password = 'mypassword';
|
||||
$member->PasswordEncryption = 'sha1_v2.4';
|
||||
$member->write();
|
||||
|
||||
$origAlgo = Security::config()->password_encryption_algorithm;
|
||||
Security::config()->password_encryption_algorithm = 'none';
|
||||
|
||||
$member->Password = 'mynewpassword';
|
||||
$member->write();
|
||||
|
||||
$this->assertEquals(
|
||||
$member->PasswordEncryption,
|
||||
'sha1_v2.4'
|
||||
);
|
||||
$result = $member->checkPassword('mynewpassword');
|
||||
$this->assertTrue($result->valid());
|
||||
|
||||
Security::config()->password_encryption_algorithm = $origAlgo;
|
||||
}
|
||||
|
||||
public function testKeepsEncryptionOnEmptyPasswords() {
|
||||
$member = new Member();
|
||||
$member->Password = 'mypassword';
|
||||
@ -126,8 +118,8 @@ class MemberTest extends FunctionalTest {
|
||||
$member->write();
|
||||
|
||||
$this->assertEquals(
|
||||
$member->PasswordEncryption,
|
||||
'sha1_v2.4'
|
||||
Security::config()->get('password_encryption_algorithm'),
|
||||
$member->PasswordEncryption
|
||||
);
|
||||
$result = $member->checkPassword('');
|
||||
$this->assertTrue($result->valid());
|
||||
|
Loading…
Reference in New Issue
Block a user