mirror of
https://github.com/silverstripe/silverstripe-framework
synced 2024-10-22 14:05:37 +02:00
3ee8f505b7
The main benefit of this is so that authors who make use of .editorconfig don't end up with whitespace changes in their PRs. Spaces vs. tabs has been left alone, although that could do with a tidy-up in SS4 after the switch to PSR-1/2. The command used was this: for match in '*.ss' '*.css' '*.scss' '*.html' '*.yml' '*.php' '*.js' '*.csv' '*.inc' '*.php5'; do find . -path ./thirdparty -not -prune -o -path ./admin/thirdparty -not -prune -o -type f -name "$match" -exec sed -E -i '' 's/[[:space:]]+$//' {} \+ find . -path ./thirdparty -not -prune -o -path ./admin/thirdparty -not -prune -o -type f -name "$match" | xargs perl -pi -e 's/ +$//' done
168 lines
4.9 KiB
PHP
168 lines
4.9 KiB
PHP
<?php
|
|
/**
|
|
* @package framework
|
|
* @subpackage tests
|
|
*/
|
|
class MemberAuthenticatorTest extends SapphireTest {
|
|
|
|
protected $usesDatabase = true;
|
|
|
|
protected $defaultUsername = null;
|
|
protected $defaultPassword = null;
|
|
|
|
public function setUp() {
|
|
parent::setUp();
|
|
|
|
$this->defaultUsername = Security::default_admin_username();
|
|
$this->defaultPassword = Security::default_admin_password();
|
|
Security::clear_default_admin();
|
|
Security::setDefaultAdmin('admin', 'password');
|
|
}
|
|
|
|
public function tearDown() {
|
|
Security::setDefaultAdmin($this->defaultUsername, $this->defaultPassword);
|
|
parent::tearDown();
|
|
}
|
|
|
|
public function testLegacyPasswordHashMigrationUponLogin() {
|
|
$member = new Member();
|
|
|
|
$field=Member::config()->unique_identifier_field;
|
|
|
|
$member->$field = 'test1@test.com';
|
|
$member->PasswordEncryption = "sha1";
|
|
$member->Password = "mypassword";
|
|
$member->write();
|
|
|
|
$data = array(
|
|
'Email' => $member->$field,
|
|
'Password' => 'mypassword'
|
|
);
|
|
MemberAuthenticator::authenticate($data);
|
|
|
|
$member = DataObject::get_by_id('Member', $member->ID);
|
|
$this->assertEquals($member->PasswordEncryption, "sha1_v2.4");
|
|
$result = $member->checkPassword('mypassword');
|
|
$this->assertTrue($result->valid());
|
|
}
|
|
|
|
public function testNoLegacyPasswordHashMigrationOnIncompatibleAlgorithm() {
|
|
Config::inst()->update('PasswordEncryptor', 'encryptors',
|
|
array('crc32'=>array('PasswordEncryptor_PHPHash'=>'crc32')));
|
|
$field=Member::config()->unique_identifier_field;
|
|
|
|
$member = new Member();
|
|
$member->$field = 'test2@test.com';
|
|
$member->PasswordEncryption = "crc32";
|
|
$member->Password = "mypassword";
|
|
$member->write();
|
|
|
|
$data = array(
|
|
'Email' => $member->$field,
|
|
'Password' => 'mypassword'
|
|
);
|
|
MemberAuthenticator::authenticate($data);
|
|
|
|
$member = DataObject::get_by_id('Member', $member->ID);
|
|
$this->assertEquals($member->PasswordEncryption, "crc32");
|
|
$result = $member->checkPassword('mypassword');
|
|
$this->assertTrue($result->valid());
|
|
}
|
|
|
|
public function testCustomIdentifierField(){
|
|
|
|
$origField = Member::config()->unique_identifier_field;
|
|
Member::config()->unique_identifier_field = 'Username';
|
|
|
|
$label=singleton('Member')->fieldLabel(Member::config()->unique_identifier_field);
|
|
|
|
$this->assertEquals($label, 'Username');
|
|
|
|
Member::config()->unique_identifier_field = $origField;
|
|
}
|
|
|
|
public function testGenerateLoginForm() {
|
|
$controller = new Security();
|
|
|
|
// Create basic login form
|
|
$frontendForm = MemberAuthenticator::get_login_form($controller);
|
|
$this->assertTrue($frontendForm instanceof MemberLoginForm);
|
|
|
|
// Supports cms login form
|
|
$this->assertTrue(MemberAuthenticator::supports_cms());
|
|
$cmsForm = MemberAuthenticator::get_cms_login_form($controller);
|
|
$this->assertTrue($cmsForm instanceof CMSMemberLoginForm);
|
|
}
|
|
|
|
/**
|
|
* Test that a member can be authenticated via their temp id
|
|
*/
|
|
public function testAuthenticateByTempID() {
|
|
$member = new Member();
|
|
$member->Email = 'test1@test.com';
|
|
$member->PasswordEncryption = "sha1";
|
|
$member->Password = "mypassword";
|
|
$member->write();
|
|
|
|
// Make form
|
|
$controller = new Security();
|
|
$form = new Form($controller, 'Form', new FieldList(), new FieldList());
|
|
|
|
// If the user has never logged in, then the tempid should be empty
|
|
$tempID = $member->TempIDHash;
|
|
$this->assertEmpty($tempID);
|
|
|
|
// If the user logs in then they have a temp id
|
|
$member->logIn(true);
|
|
$tempID = $member->TempIDHash;
|
|
$this->assertNotEmpty($tempID);
|
|
|
|
// Test correct login
|
|
$result = MemberAuthenticator::authenticate(array(
|
|
'tempid' => $tempID,
|
|
'Password' => 'mypassword'
|
|
), $form);
|
|
$this->assertNotEmpty($result);
|
|
$this->assertEquals($result->ID, $member->ID);
|
|
$this->assertEmpty($form->Message());
|
|
|
|
// Test incorrect login
|
|
$form->clearMessage();
|
|
$result = MemberAuthenticator::authenticate(array(
|
|
'tempid' => $tempID,
|
|
'Password' => 'notmypassword'
|
|
), $form);
|
|
$this->assertEmpty($result);
|
|
$this->assertEquals('The provided details don't seem to be correct. Please try again.', $form->Message());
|
|
$this->assertEquals('bad', $form->MessageType());
|
|
}
|
|
|
|
/**
|
|
* Test that the default admin can be authenticated
|
|
*/
|
|
public function testDefaultAdmin() {
|
|
// Make form
|
|
$controller = new Security();
|
|
$form = new Form($controller, 'Form', new FieldList(), new FieldList());
|
|
|
|
// Test correct login
|
|
$result = MemberAuthenticator::authenticate(array(
|
|
'Email' => 'admin',
|
|
'Password' => 'password'
|
|
), $form);
|
|
$this->assertNotEmpty($result);
|
|
$this->assertEquals($result->Email, Security::default_admin_username());
|
|
$this->assertEmpty($form->Message());
|
|
|
|
// Test incorrect login
|
|
$form->clearMessage();
|
|
$result = MemberAuthenticator::authenticate(array(
|
|
'Email' => 'admin',
|
|
'Password' => 'notmypassword'
|
|
), $form);
|
|
$this->assertEmpty($result);
|
|
$this->assertEquals('The provided details don't seem to be correct. Please try again.', $form->Message());
|
|
$this->assertEquals('bad', $form->MessageType());
|
|
}
|
|
}
|