Permalink
Browse files

Enforce new password policy during installation

Closes #1087
  • Loading branch information...
1 parent 9da118e commit abc434e21ec9d74032a36c4c91f1343aa69eb28a @randomecho randomecho committed with ginatrapani Oct 31, 2011
@@ -174,8 +174,8 @@ public function testFreshInstallStep3InvalidEmail() {
$_POST['db_socket'] = "/tmp/mysql.sock";
$_POST['db_port'] = "";
$_POST['db_prefix'] = "tu_";
- $_POST['password'] = "yoyoo";
- $_POST['confirm_password'] = "yoyoo";
+ $_POST['password'] = "7yoyoo123";
+ $_POST['confirm_password'] = "7yoyoo123";
$_POST['full_name'] = "My Full Name";
$_POST['timezone'] = "America/Los_Angeles";
@@ -246,7 +246,7 @@ public function testFreshInstallStep3MismatchedPasswords() {
$this->restoreConfigFile();
}
- public function testFreshInstallStep3PasswordsToShort() {
+ public function testFreshInstallStep3PasswordsTooShort() {
//drop DB
$this->testdb_helper->drop($this->test_database_name);
//remove config file
@@ -272,7 +272,37 @@ public function testFreshInstallStep3PasswordsToShort() {
$controller = new InstallerController(true);
$this->assertTrue(isset($controller));
$result = $controller->go();
- $this->assertPattern('/Password must be at least 5 characters./', $result);
+ $this->assertPattern('/Password must be at least 8 characters and contain both numbers and letters./', $result);
+ $this->restoreConfigFile();
+ }
+
+ public function testFreshInstallStep3PasswordsNotAlphanumeric() {
+ //drop DB
+ $this->testdb_helper->drop($this->test_database_name);
+ //remove config file
+ Config::destroyInstance();
+ $this->removeConfigFile();
+ //set param for step 2
+ $_GET['step'] = '3';
+ //set post values from form
+ $_POST['site_email'] = "you@example.com";
+ $_POST['db_user'] = "username";
+ $_POST['db_passwd'] = "pass";
+ $_POST['db_name'] = "mythinkupdb";
+ $_POST['db_type'] = "mysql";
+ $_POST['db_host'] = "localhost";
+ $_POST['db_socket'] = "/tmp/mysql.sock";
+ $_POST['db_port'] = "";
+ $_POST['db_prefix'] = "tu_";
+ $_POST['password'] = "freshtestword";
+ $_POST['confirm_password'] = "freshtestword";
+ $_POST['full_name'] = "My Full Name";
+ $_POST['timezone'] = "America/Los_Angeles";
+
+ $controller = new InstallerController(true);
+ $this->assertTrue(isset($controller));
+ $result = $controller->go();
+ $this->assertPattern('/Password must be at least 8 characters and contain both numbers and letters/', $result);
$this->restoreConfigFile();
}
@@ -294,14 +324,15 @@ public function testFreshInstallStep3NoTimezoneSet() {
$_POST['db_socket'] = "/tmp/mysql.sock";
$_POST['db_port'] = "";
$_POST['db_prefix'] = "tu_";
- $_POST['password'] = "pass";
- $_POST['confirm_password'] = "asdfasdfasdfasdfasdf";
+ $_POST['password'] = "pass12345";
+ $_POST['confirm_password'] = "pass12345";
$_POST['full_name'] = "My Full Name";
$_POST['timezone'] = "";
$controller = new InstallerController(true);
$this->assertTrue(isset($controller));
$result = $controller->go();
+ $this->debug($result);
$this->assertPattern("/Please select a time zone./", $result);
$this->restoreConfigFile();
}
@@ -332,8 +363,8 @@ public function testFreshInstallStep3InvalidDatabaseCredentials() {
$_POST['db_socket'] = $valid_db_socket;
$_POST['db_port'] = "";
$_POST['db_prefix'] = "tu_";
- $_POST['password'] = "asdfadsf";
- $_POST['confirm_password'] = "asdfadsf";
+ $_POST['password'] = "987asdfadsf";
+ $_POST['confirm_password'] = "987asdfadsf";
$_POST['full_name'] = "My Full Name";
$_POST['timezone'] = "America/Los_Angeles";
@@ -377,8 +408,8 @@ public function testFreshInstallStep3InvalidDatabaseName() {
$_POST['db_socket'] = $valid_db_socket;
$_POST['db_port'] = "";
$_POST['db_prefix'] = "tu_";
- $_POST['password'] = "asdfadsf";
- $_POST['confirm_password'] = "asdfadsf";
+ $_POST['password'] = "asdfadsf123";
+ $_POST['confirm_password'] = "asdfadsf123";
$_POST['full_name'] = "My Full Name";
$_POST['timezone'] = "America/Los_Angeles";
@@ -423,8 +454,8 @@ public function testFreshInstallStep3InvalidDatabaseHost() {
$_POST['db_socket'] = $valid_db_socket;
$_POST['db_port'] = $valid_db_port;
$_POST['db_prefix'] = "tu_";
- $_POST['password'] = "asdfadsf";
- $_POST['confirm_password'] = "asdfadsf";
+ $_POST['password'] = "asdfads123f";
+ $_POST['confirm_password'] = "asdfads123f";
$_POST['full_name'] = "My Full Name";
$_POST['timezone'] = "America/Los_Angeles";
@@ -468,8 +499,8 @@ public function testFreshInstallStep3SuccessfulInstall() {
$_GET['step'] = '3';
//set post values from form
$_POST['site_email'] = "you@example.com";
- $_POST['password'] = "asdfadsf";
- $_POST['confirm_password'] = "asdfadsf";
+ $_POST['password'] = "asdfadsf123";
+ $_POST['confirm_password'] = "asdfadsf123";
$_POST['db_user'] = $valid_db_username;
$_POST['db_passwd'] = $valid_db_pwd;
$_POST['db_name'] = $valid_db_name;
@@ -86,8 +86,8 @@ public function testSuccessfulInstallationAndAccountActivation() {
$this->assertText('Create Your ThinkUp Account');
$this->setField('full_name', 'ThinkUp J. User');
$this->setField('site_email', 'user@example.com');
- $this->setField('password', 'secret');
- $this->setField('confirm_password', 'secret');
+ $this->setField('password', 'secret12345');
+ $this->setField('confirm_password', 'secret12345');
$this->setField('timezone', 'America/Los_Angeles');
$this->setField('db_host', $THINKUP_CFG['db_host']);
@@ -124,7 +124,7 @@ public function testSuccessfulInstallationAndAccountActivation() {
$this->clickLink('Log in');
$this->setField('email', 'user@example.com');
- $this->setField('pwd', 'secret');
+ $this->setField('pwd', 'secret12345');
$this->click("Log In");
$this->assertText('Welcome to ThinkUp. Let\'s get started.');
//$this->showSource();
@@ -50,9 +50,9 @@ public function __construct($session_started=false, $reqs=null) {
//Instead, set up the view manager with manual array configuration
$cfg_array = array(
'site_root_path'=>THINKUP_BASE_URL,
- 'source_root_path'=>THINKUP_ROOT_PATH,
- 'debug'=>false,
- 'app_title'=>"ThinkUp",
+ 'source_root_path'=>THINKUP_ROOT_PATH,
+ 'debug'=>false,
+ 'app_title'=>"ThinkUp",
'cache_pages'=>false);
$this->view_mgr = new SmartyThinkUp($cfg_array);
$this->setPageTitle('Install ThinkUp');
@@ -257,33 +257,35 @@ private function step3() {
// check email
if ( !Utils::validateEmail($email) ) {
$this->addErrorMessage("Please enter a valid email address.", "email");
- $this->setViewTemplate('install.step2.tpl');
$display_errors = true;
}
- if ( $password != $confirm_password || $password == '' || strlen($password) < 5 ) { //check password
+ if ( $password != $confirm_password || $password == ''
+ || !preg_match("/(?=.{8,})(?=.*[a-zA-Z])(?=.*[0-9])/", $password) ) { //check password
if ($password != $confirm_password) {
$this->addErrorMessage("Your passwords did not match.", "password");
} else if ( $password == '' ) {
$this->addErrorMessage("Please choose a password.", "password");
- } else if ( strlen($password) < 5 ) {
- $this->addErrorMessage("Password must be at least 5 characters.", "password");
+ } else if ( !preg_match("/(?=.{8,})(?=.*[a-zA-Z])(?=.*[0-9])/", $password) ) {
+ $this->addErrorMessage("Password must be at least 8 characters and contain both numbers and letters.",
+ "password");
}
-
- $this->setViewTemplate('install.step2.tpl');
$display_errors = true;
}
if ($_POST['db_name'] == '') {
$this->addErrorMessage("Please enter a database name.", "database_name");
+ $display_errors = true;
}
if ( $_POST['db_host'] == '') {
$this->addErrorMessage("Please enter a database host.", "database_host");
+ $display_errors = true;
}
if ($_POST['timezone'] == '') {
$this->addErrorMessage("Please select a time zone.", "timezone");
+ $display_errors = true;
}
if (($error = $this->installer->checkDb($db_config)) !== true) { //check db
@@ -297,11 +299,11 @@ private function step3() {
}
$this->addErrorMessage("ThinkUp couldn't connect to your database. The error message is:<br /> ".
" <strong>$db_error</strong><br />Please correct your database information and try again.", "database");
- $this->setViewTemplate('install.step2.tpl');
$display_errors = true;
}
if ( $display_errors ) {
+ $this->setViewTemplate('install.step2.tpl');
$this->addToView('db_name', $db_config['db_name']);
$this->addToView('db_user', $db_config['db_user']);
$this->addToView('db_passwd', $db_config['db_password']);
@@ -330,13 +332,13 @@ private function step3() {
$this->addErrorMessage("ThinkUp couldn't write the <code>config.inc.php</code> file.<br /><br />".
"Use root (or sudo) to create the file manually, and allow PHP to write to it, by executing the ".
"following commands:<br /><code>touch " . escapeshellcmd(THINKUP_WEBAPP_PATH . "config.inc.php") .
- "</code><br /><code>chown $whoami " . escapeshellcmd(THINKUP_WEBAPP_PATH .
- "config.inc.php") ."</code><br /><br />If you don't have root access, create the <code>" .
+ "</code><br /><code>chown $whoami " . escapeshellcmd(THINKUP_WEBAPP_PATH .
+ "config.inc.php") ."</code><br /><br />If you don't have root access, create the <code>" .
THINKUP_WEBAPP_PATH . "config.inc.php</code> file manually, and paste the following text into it.".
"<br /><br />Click the <strong>Next Step</strong> button below once you did either.");
} else {
$this->addErrorMessage("ThinkUp couldn't write the <code>config.inc.php</code> file.<br /><br />".
- "You will need to create the <code>" .
+ "You will need to create the <code>" .
THINKUP_WEBAPP_PATH . "config.inc.php</code> file manually, and paste the following text into it.".
"<br /><br />Click the <strong>Next Step</strong> button once this is done.");
}
@@ -360,9 +362,9 @@ private function step3() {
// view for email
$cfg_array = array(
'site_root_path'=>THINKUP_BASE_URL,
- 'source_root_path'=>THINKUP_ROOT_PATH,
- 'debug'=>false,
- 'app_title'=>"ThinkUp",
+ 'source_root_path'=>THINKUP_ROOT_PATH,
+ 'debug'=>false,
+ 'app_title'=>"ThinkUp",
'cache_pages'=>false);
$email_view = new SmartyThinkUp($cfg_array);
$email_view->caching=false;

0 comments on commit abc434e

Please sign in to comment.