Implemented salt handling

aimeos · Dec 19, 2016 · f07eb74 · f07eb74
1 parent 64fdfa8
commit f07eb74
Show file tree

Hide file tree

Showing 5 changed files with 153 additions and 41 deletions.
diff --git a/lib/custom/config/mshop/customer/manager/fosuser.php b/lib/custom/config/mshop/customer/manager/fosuser.php
@@ -19,10 +19,10 @@
 				"firstname", "lastname", "address1", "address2", "address3",
 				"postal", "city", "state", "countryid", "langid", "telephone",
 				"email_canonical", "email", "telefax", "website", "longitude", "latitude",
-				"birthday", "enabled", "vdate", "password", "mtime", "editor", "roles",
-				"ctime", "salt", "locked", "expired", "credentials_expired"
+				"birthday", "enabled", "vdate", "password", "mtime", "editor", "roles", "salt",
+				"ctime", "locked", "expired", "credentials_expired"
 			) VALUES (
-				?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?, \'\', 0, 0, 0
+				?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?, 0, 0, 0
 			)
 		',
 	),
@@ -35,7 +35,7 @@
 				"city" = ?, "state" = ?, "countryid" = ?, "langid" = ?,
 				"telephone" = ?, "email_canonical" = ?, "email" = ?, "telefax" = ?,
 				"website" = ?, "longitude" = ?, "latitude" = ?, "birthday" = ?, "enabled" = ?,
-				"vdate" = ?, "password" = ?, "mtime" = ?, "editor" = ?, "roles" = ?
+				"vdate" = ?, "password" = ?, "mtime" = ?, "editor" = ?, "roles" = ?, "salt" = ?
 			WHERE "id" = ?
 		',
 	),
@@ -56,7 +56,7 @@
 				fos."birthday" AS "customer.birthday", fos."enabled" AS "customer.status",
 				fos."vdate" AS "customer.vdate", fos."password" AS "customer.password",
 				fos."ctime" AS "customer.ctime", fos."mtime" AS "customer.mtime",
-				fos."editor" AS "customer.editor", fos."roles"
+				fos."editor" AS "customer.editor", fos."roles", fos."salt"
 			FROM "fos_user" AS fos
 			:joins
 			WHERE :cond
@@ -67,7 +67,7 @@
 				fos."countryid", fos."langid", fos."telephone", fos."email_canonical",
 				fos."telefax", fos."website", fos."longitude", fos."latitude",
 				fos."birthday", fos."enabled", fos."vdate", fos."password",
-				fos."ctime", fos."mtime", fos."editor", fos."roles"
+				fos."ctime", fos."mtime", fos."editor", fos."roles", fos."salt"
 			/*-orderby*/ ORDER BY :order /*orderby-*/
 			LIMIT :size OFFSET :start
 		',

diff --git a/lib/custom/src/MShop/Customer/Item/FosUser.php b/lib/custom/src/MShop/Customer/Item/FosUser.php
@@ -20,7 +20,64 @@
 class FosUser
 	extends \Aimeos\MShop\Customer\Item\Standard
 {
-	private $roles;
+	private $values;
+	private $helper;
+
+
+	/**
+	 * Initializes the customer item object
+	 *
+	 * @param \Aimeos\MShop\Common\Item\Address\Iface $address Payment address item object
+	 * @param array $values List of attributes that belong to the customer item
+	 * @param \Aimeos\MShop\Common\Lists\Item\Iface[] $listItems List of list items
+	 * @param \Aimeos\MShop\Common\Item\Iface[] $refItems List of referenced items
+	 * @param \Aimeos\MShop\Common\Item\Helper\Password\Iface|null $helper Password encryption helper object
+	 */
+	public function __construct( \Aimeos\MShop\Common\Item\Address\Iface $address, array $values = array(),
+		array $listItems = array(), array $refItems = array(), \Aimeos\MShop\Common\Item\Helper\Password\Iface $helper = null )
+	{
+		parent::__construct( $address, $values, $listItems, $refItems, $helper );
+
+		$this->values = $values;
+		$this->helper = $helper;
+	}
+
+
+
+	/**
+	 * Returns the password of the customer item.
+	 *
+	 * @return string Password string
+	 */
+	public function getPassword()
+	{
+		if( isset( $this->values['customer.password'] ) ) {
+			return (string) $this->values['customer.password'];
+		}
+
+		return '';
+	}
+
+
+	/**
+	 * Sets the password of the customer item.
+	 *
+	 * @param string $value Password of the customer item
+	 * @return \Aimeos\MShop\Customer\Item\Iface Customer item for chaining method calls
+	 */
+	public function setPassword( $value )
+	{
+		if( $value == $this->getPassword() ) { return $this; }
+
+		if( $this->helper !== null ) {
+			$value = $this->helper->encode( $value, $this->getSalt() );
+		}
+
+		$this->values['customer.password'] = (string) $value;
+		$this->setModified();
+
+		return $this;
+	}
 
 
 	/**
@@ -30,12 +87,11 @@ class FosUser
 	 */
 	public function getRoles()
 	{
-		if( isset( $this->roles ) ) {
-			return $this->roles;
+		if( isset( $this->values['roles'] ) ) {
+			return (array) $this->values['roles'];
 		}
 
-		$values = $this->getRawValues();
-		return ( isset( $values['roles'] ) ? (array) $values['roles'] : array() );
+		return array();
 	}
 
 
@@ -46,7 +102,38 @@ public function getRoles()
 	 */
 	public function setRoles( array $roles )
 	{
-		$this->roles = $roles;
+		$this->values['roles'] = $roles;
+		$this->setModified();
+
+		return $this;
+	}
+
+
+	/**
+	 * Returns the password salt
+	 *
+	 * @return string Password salt
+	 */
+	public function getSalt()
+	{
+		if( !isset( $this->values['salt'] ) ) {
+			$this->values['salt'] = sha1( microtime( true ) . getmypid() );
+		}
+
+		return $this->values['salt'];
+	}
+
+
+	/**
+	 * Sets the password salt
+	 *
+	 * @param string $value Password salt
+	 */
+	public function setSalt( $value )
+	{
+		$this->values['salt'] = (string) $value;
 		$this->setModified();
+
+		return $this;
 	}
 }
diff --git a/lib/custom/src/MShop/Customer/Manager/FosUser.php b/lib/custom/src/MShop/Customer/Manager/FosUser.php
@@ -410,12 +410,13 @@ public function saveItem( \Aimeos\MShop\Common\Item\Iface $item, $fetch = true )
 			$stmt->bind( 28, $date ); // Modification time
 			$stmt->bind( 29, $context->getEditor() );
 			$stmt->bind( 30, serialize( $item->getRoles() ) );
+			$stmt->bind( 31, $item->getSalt() );
 
 			if( $id !== null ) {
-				$stmt->bind( 31, $id, \Aimeos\MW\DB\Statement\Base::PARAM_INT );
+				$stmt->bind( 32, $id, \Aimeos\MW\DB\Statement\Base::PARAM_INT );
 				$item->setId( $id );
 			} else {
-				$stmt->bind( 31, $date ); // Creation time
+				$stmt->bind( 32, $date ); // Creation time
 			}
 
 			$stmt->execute()->finish();

diff --git a/lib/custom/tests/MShop/Customer/Item/FosUserTest.php b/lib/custom/tests/MShop/Customer/Item/FosUserTest.php
@@ -9,28 +9,20 @@
 namespace Aimeos\MShop\Customer\Item;
 
 
-/**
- * Test class for \Aimeos\MShop\Customer\Item\FosUser.
- */
 class FosUserTest extends \PHPUnit_Framework_TestCase
 {
+	private $address;
 	private $object;
 
 
-	/**
-	 * Sets up the fixture, for example, opens a network connection.
-	 * This method is called before a test is executed.
-	 *
-	 * @access protected
-	 */
 	protected function setUp()
 	{
 		$addressValues = array(
 			'customer.address.parentid' => 'referenceid',
 			'customer.address.position' => 1,
 		);
 
-		$address = new \Aimeos\MShop\Common\Item\Address\Standard( 'common.address.', $addressValues );
+		$this->address = new \Aimeos\MShop\Common\Item\Address\Standard( 'common.address.', $addressValues );
 
 		$values = array(
 			'customer.id' => 541,
@@ -39,7 +31,7 @@ protected function setUp()
 			'customer.code' => '12345ABCDEF',
 			'customer.birthday' => '2010-01-01',
 			'customer.status' => 1,
-			'customer.password' => '',
+			'customer.password' => 'testpwd',
 			'customer.vdate' => null,
 			'customer.company' => 'unitCompany',
 			'customer.vatid' => 'DE999999999',
@@ -63,22 +55,38 @@ protected function setUp()
 			'customer.ctime'=> '2010-01-01 00:00:00',
 			'customer.editor' => 'unitTestUser',
 			'roles' => array( 'ROLE_ADMIN' ),
+			'salt' => 'test',
 		);
 
-		$this->object = new \Aimeos\MShop\Customer\Item\FosUser( $address, $values );
+		$this->object = new \Aimeos\MShop\Customer\Item\FosUser( $this->address, $values );
 	}
 
-	/**
-	 * Tears down the fixture, for example, closes a network connection.
-	 * This method is called after a test is executed.
-	 *
-	 * @access protected
-	 */
 	protected function tearDown()
 	{
 		unset( $this->object );
 	}
 
+	public function testGetPassword()
+	{
+		$this->assertEquals( 'testpwd', $this->object->getPassword() );
+	}
+
+	public function testSetPassword()
+	{
+		$this->object->setPassword( 'new' );
+		$this->assertTrue( $this->object->isModified() );
+		$this->assertEquals( 'new', $this->object->getPassword() );
+	}
+
+	public function testSetPasswordGenerated()
+	{
+		$helper = new \Aimeos\MShop\Common\Item\Helper\Password\Standard( array( 'format' => '%1$s{%2$s}' ) );
+		$object = new \Aimeos\MShop\Customer\Item\FosUser( $this->address, array(), array(), array(), $helper );
+
+		$object->setPassword( 'newpwd' );
+		$this->assertEquals( sha1( 'newpwd{' . $object->getSalt() . '}' ), $object->getPassword() );
+	}
+
 	public function testGetRoles()
 	{
 		$this->assertEquals( array( 'ROLE_ADMIN' ), $this->object->getRoles() );
@@ -91,6 +99,24 @@ public function testSetRoles()
 		$this->assertEquals( array( 'ROLE_USER' ), $this->object->getRoles() );
 	}
 
+	public function testGetSalt()
+	{
+		$this->assertEquals( 'test', $this->object->getSalt() );
+	}
+
+	public function testGetSaltGenerated()
+	{
+		$object = new \Aimeos\MShop\Customer\Item\FosUser( $this->address, array() );
+		$this->assertInternalType( 'string', $object->getSalt() );
+	}
+
+	public function testSetSalt()
+	{
+		$this->object->setSalt( 'new' );
+		$this->assertTrue( $this->object->isModified() );
+		$this->assertEquals( 'new', $this->object->getSalt() );
+	}
+
 	public function testIsModified()
 	{
 		$this->assertFalse( $this->object->isModified() );

diff --git a/lib/custom/tests/MShop/Customer/Manager/FosUserTest.php b/lib/custom/tests/MShop/Customer/Manager/FosUserTest.php
@@ -1,12 +1,14 @@
 <?php
 
-namespace Aimeos\MShop\Customer\Manager;
-
-
 /**
  * @license LGPLv3, http://opensource.org/licenses/LGPL-3.0
  * @copyright Aimeos (aimeos.org), 2015-2016
  */
+
+
+namespace Aimeos\MShop\Customer\Manager;
+
+
 class FosUserTest extends \PHPUnit_Framework_TestCase
 {
 	private $object;
@@ -15,9 +17,6 @@ class FosUserTest extends \PHPUnit_Framework_TestCase
 	private $editor = '';
 
 
-	/**
-	 * Sets up the fixture. This method is called before a test is executed.
-	 */
 	protected function setUp()
 	{
 		$context = \TestHelper::getContext();
@@ -33,9 +32,6 @@ protected function setUp()
 	}
 
 
-	/**
-	 * Tears down the fixture. This method is called after a test is executed.
-	 */
 	protected function tearDown()
 	{
 		unset( $this->object, $this->fixture, $this->address );
@@ -112,6 +108,7 @@ public function testSaveUpdateDeleteItem()
 		$this->assertEquals( $item->getBirthday(), $itemSaved->getBirthday() );
 		$this->assertEquals( $item->getPassword(), $itemSaved->getPassword() );
 		$this->assertEquals( $item->getRoles(), $itemSaved->getRoles() );
+		$this->assertEquals( $item->getSalt(), $itemSaved->getSalt() );
 
 		$this->assertEquals( $this->editor, $itemSaved->getEditor() );
 		$this->assertRegExp( '/\d{4}-\d{2}-\d{2} \d{2}:\d{2}:\d{2}/', $itemSaved->getTimeCreated() );
@@ -126,6 +123,7 @@ public function testSaveUpdateDeleteItem()
 		$this->assertEquals( $itemExp->getBirthday(), $itemUpd->getBirthday() );
 		$this->assertEquals( $itemExp->getPassword(), $itemUpd->getPassword() );
 		$this->assertEquals( $itemExp->getRoles(), $itemUpd->getRoles() );
+		$this->assertEquals( $itemExp->getSalt(), $itemUpd->getSalt() );
 
 		$this->assertEquals( $this->editor, $itemUpd->getEditor() );
 		$this->assertEquals( $itemExp->getTimeCreated(), $itemUpd->getTimeCreated() );