Browse files

updating auth component and test with additional checks for missing data

git-svn-id: https://svn.cakephp.org/repo/branches/1.2.x.x@7979 3807eeeb-6ff5-0310-8944-8be069107fe0
  • Loading branch information...
1 parent 4a636b9 commit e496fc94349c9541d845bcc5013f24667eda0edf gwoo committed Jan 14, 2009
Showing with 34 additions and 15 deletions.
  1. +20 −14 cake/libs/controller/components/auth.php
  2. +14 −1 cake/tests/cases/libs/controller/components/auth.test.php
View
34 cake/libs/controller/components/auth.php
@@ -297,23 +297,29 @@ function startup(&$controller) {
}
return false;
}
- $username = $controller->data[$this->userModel][$this->fields['username']];
- $password = $controller->data[$this->userModel][$this->fields['password']];
- $data = array(
- $this->userModel . '.' . $this->fields['username'] => $username,
- $this->userModel . '.' . $this->fields['password'] => $password
- );
+ $isValid = !empty($controller->data[$this->userModel][$this->fields['username']]) &&
+ !empty($controller->data[$this->userModel][$this->fields['password']]);
- if ($this->login($data)) {
- if ($this->autoRedirect) {
- $controller->redirect($this->redirect(), null, true);
+ if ($isValid) {
+ $username = $controller->data[$this->userModel][$this->fields['username']];
+ $password = $controller->data[$this->userModel][$this->fields['password']];
+
+ $data = array(
+ $this->userModel . '.' . $this->fields['username'] => $username,
+ $this->userModel . '.' . $this->fields['password'] => $password
+ );
+
+ if ($this->login($data)) {
+ if ($this->autoRedirect) {
+ $controller->redirect($this->redirect(), null, true);
+ }
+ return true;
}
- return true;
- } else {
- $this->Session->setFlash($this->loginError, 'default', array(), 'auth');
- $controller->data[$this->userModel][$this->fields['password']] = null;
}
+
+ $this->Session->setFlash($this->loginError, 'default', array(), 'auth');
+ $controller->data[$this->userModel][$this->fields['password']] = null;
return false;
} else {
if (!$this->user()) {
@@ -794,7 +800,7 @@ function identify($user = null, $conditions = null) {
if (empty($data) || empty($data[$this->userModel])) {
return null;
}
- } elseif (!empty($user)) {
+ } elseif (!empty($user) && is_string($user)) {
$model =& $this->getModel();
$data = $model->find(array_merge(array($model->escapeField() => $user), $conditions));
View
15 cake/tests/cases/libs/controller/components/auth.test.php
@@ -822,7 +822,6 @@ function testEmptyUsernameOrPassword() {
*/
function testInjection() {
$this->AuthUser =& new AuthUser();
- Configure::write('debug', 1);
$this->AuthUser->id = 2;
$this->AuthUser->saveField('password', Security::hash(Configure::read('Security.salt') . 'cake'));
@@ -856,6 +855,20 @@ function testInjection() {
$this->Controller->Auth->startup($this->Controller);
$this->assertTrue(is_null($this->Controller->Auth->user()));
+
+ unset($this->Controller->data['AuthUser']['password']);
+ $this->Controller->data['AuthUser']['username'] = "1'1";
+ $this->Controller->Auth->initialize($this->Controller);
+
+ $this->Controller->Auth->startup($this->Controller);
+ $this->assertTrue(is_null($this->Controller->Auth->user()));
+
+ unset($this->Controller->data['AuthUser']['username']);
+ $this->Controller->data['AuthUser']['password'] = "1'1";
+ $this->Controller->Auth->initialize($this->Controller);
+
+ $this->Controller->Auth->startup($this->Controller);
+ $this->assertTrue(is_null($this->Controller->Auth->user()));
}
/**
* test Hashing of passwords

0 comments on commit e496fc9

Please sign in to comment.