ENH: refs #952. Fix failing user-related tests

They broke as a result of the password hashing changes

Author: zachmullen

core/tests/controllers/UserControllerTest.php

@@ -94,9 +94,8 @@ public function testLoginAction()
     $this->assertTrue(is_string($resp->message) && strlen($resp->message) > 0);
     $this->assertFalse(Zend_Auth::getInstance()->hasIdentity());
 
-    // Must set the password here since our salt is dynamic
     $userDao = $this->User->getByEmail('user1@user1.com');
-    $userDao->setPassword(md5(Zend_Registry::get('configGlobal')->password->prefix.'test'));
+    $this->User->changePassword($userDao, 'test');
     $this->User->save($userDao);
 
     $this->resetAll();
@@ -139,7 +138,7 @@ public function testRecoverpasswordAction()
     $this->dispatchUrI("/user/recoverpassword", null);
 
     $userDao2 = $this->User->getByEmail($this->params['email']);
-    $this->assertNotEquals($userDao->getPassword(), $userDao2->getPassword(), 'Unable to change password');
+    $this->assertNotEquals($userDao->getSalt(), $userDao2->getSalt(), 'Salt should have changed');
     $this->setupDatabase(array('default'));
     }
 
@@ -243,14 +242,25 @@ public function testSettingsAction()
     $this->params['newPassword'] = 'newPassword';
     $this->request->setMethod('POST');
     $this->dispatchUrI("/user/settings", $userDao);
+    $resp = json_decode($this->getBody());
+    $this->assertTrue($resp[0] == false);
 
-    $userCheckDao = $this->User->getByEmail($userDao->getEmail());
-    // Must set the password here since our salt is dynamic
-    $userCheckDao->setPassword(md5(Zend_Registry::get('configGlobal')->password->prefix.'test'));
-    $this->User->save($userCheckDao);
-
-    $this->assertNotEquals($userDao->getPassword(), $userCheckDao->getPassword(), 'Unable to change password');
+    // Store old password so it will authenticate
+    $instanceSalt = Zend_Registry::get('configGlobal')->password->prefix;
+    $this->User->storePasswordHash(hash('sha256', $instanceSalt.$userDao->getSalt().'test'));
+    $this->resetAll();
+    $this->params = array();
+    $this->params['modifyPassword'] = 'true';
+    $this->params['oldPassword'] = 'test';
+    $this->params['newPassword'] = 'newPassword';
+    $this->request->setMethod('POST');
+    $this->dispatchUrI("/user/settings", $userDao);
+    $resp = json_decode($this->getBody());
+    $this->assertTrue($resp[0] == true);
 
+    $userCheckDao = $this->User->getByEmail($userDao->getEmail());
+    $this->assertNotEquals($userDao->getSalt(), $userCheckDao->getSalt(), 'Salt should have changed');
+    $this->assertTrue($this->User->hashExists(hash('sha256', $instanceSalt.$userCheckDao->getSalt().'newPassword')), 'New hash should have been added to password table');
     $this->setupDatabase(array('default'));
 
     $this->resetAll();
@@ -407,9 +417,8 @@ public function testUserexistsAction()
     $resp = json_decode($this->getBody());
     $this->assertTrue($resp->status == false);
 
-    // Must set the password here since our salt is dynamic
     $userDao = $this->User->getByEmail('user1@user1.com');
-    $userDao->setPassword(md5(Zend_Registry::get('configGlobal')->password->prefix.'test'));
+    $this->User->changePassword($userDao, 'test');
     $this->User->save($userDao);
 
     $this->resetAll();

core/tests/databaseDataset/adminUser.xml

@@ -1,7 +1,7 @@
 <?xml version="1.0" encoding="UTF-8" ?>
 <dataset>
     <user user_id="11111" firstname="FirstName11111" lastname="LastName11111"
-      email="user11111@user11111.com" password="35fd8ba86ba403ffcc00feac5355ad20" creation="2011-01-27 12:09:02"
+      email="user11111@user11111.com" creation="2011-01-27 12:09:02" hash_alg="sha256"
       folder_id="11110" admin="1"/>
 
     <folder folder_id="11110" name="User 11111 name Folder 1"  uuid='4e311fdf82007c245b07d8d6c4fcb4205f2621eb70'

core/tests/databaseDataset/default.xml

@@ -48,18 +48,16 @@
     name="Community test User 1 Member" />
 
 
-  <user user_id="1" firstname="FirstName1" lastname="LastName1"
-    email="user1@user1.com" password="35fd8ba86ba403ffcc00feac5355ad20"
-    creation="2011-01-27 12:09:02" folder_id="1000" admin="0" />
+  <user user_id="1" firstname="FirstName1" lastname="LastName1"  hash_alg="sha256"
+    email="user1@user1.com" creation="2011-01-27 12:09:02" folder_id="1000" admin="0" />
 
 <!-- To test Export component -->
-  <user user_id="2" firstname="FirstName2" lastname="LastName2"
-    email="user2@user2.com" password="35fd8ba86ba403ffcc00feac5355ad20" creation="2011-01-27 12:10:02" admin="0" />
+  <user user_id="2" firstname="FirstName2" lastname="LastName2"  hash_alg="sha256"
+    email="user2@user2.com" creation="2011-01-27 12:10:02" admin="0" />
   <folderpolicygroup folder_id="1001" group_id="0" policy="0" />
 <!-- To test admin user capabilities -->
-  <user user_id="3" firstname="Admin" lastname="Admin"
-    email="admin@admin.com" password="35fd8ba86ba403ffcc00feac5355ad20" creation="2011-01-27 12:11:02" admin="1"
-    folder_id="1006" />
+  <user user_id="3" firstname="Admin" lastname="Admin"  hash_alg="sha256"
+    email="admin@admin.com" creation="2011-01-27 12:11:02" admin="1" folder_id="1006" />
 
   <user2group group_id="3000" user_id="1" />
   <user2group group_id="3002" user_id="1" />
@@ -168,16 +166,17 @@
   <itempolicyuser item_id="1006" user_id="1" policy='2' />
   <item2folder item_id="1006" folder_id='1014' />
 
-  <user user_id="4" firstname="community2001" lastname="Member"
-    admin="0" email="community2001@member.com" password="35fd8ba86ba403ffcc00feac5355ad20" creation="2011-01-27 12:11:02" folder_id="1006" />
+  <user user_id="4" firstname="community2001" lastname="Member" hash_alg="sha256"
+    admin="0" email="community2001@member.com" creation="2011-01-27 12:11:02" folder_id="1006" />
   <user2group group_id="3005" user_id="4" />
-  <user user_id="5" firstname="community2001" lastname="Moderator"
-    admin="0" email="community2001@moderator.com" password="35fd8ba86ba403ffcc00feac5355ad20" creation="2011-01-27 12:11:02" folder_id="1006" />
+  <user user_id="5" firstname="community2001" lastname="Moderator"  hash_alg="sha256"
+    admin="0" email="community2001@moderator.com" creation="2011-01-27 12:11:02" folder_id="1006" />
   <user2group group_id="3004" user_id="5" />
-  <user user_id="6" firstname="community2001" lastname="Admin"
-    admin="0" email="community2001@admin.com" password="35fd8ba86ba403ffcc00feac5355ad20" creation="2011-01-27 12:11:02" folder_id="1006" />
+  <user user_id="6" firstname="community2001" lastname="Admin"  hash_alg="sha256"
+    admin="0" email="community2001@admin.com" creation="2011-01-27 12:11:02" folder_id="1006" />
   <user2group group_id="3003" user_id="6" />
 
   <newuserinvitation newuserinvitation_id="1001" email="dummy@dummy.com" auth_key="12345" inviter_id="4" community_id="2001" group_id="3003" date_creation="2011-01-27 12:11:02" />
-  <pendinguser pendinguser_id="1001" email="dummy@dummy.com" auth_key="12345" password="abcdef" firstname="Dummy" lastname="Dummy" date_creation="2011-01-27 12:11:02" />
+  <pendinguser pendinguser_id="1001" email="dummy@dummy.com" auth_key="12345" firstname="Dummy" lastname="Dummy" date_creation="2011-01-27 12:11:02" />
+  <password hash="dummy_hash" />
 </dataset>

core/tests/databaseDataset/policies.xml

@@ -5,14 +5,14 @@
     creation="2011-01-27 12:09:02"  privacy="0" folder_id="1003" admingroup_id="3000" moderatorgroup_id="3001"
     membergroup_id="3002" uuid='4e311fdf82107d245f0798d654fc24205f2621eb72777' />
 
-  <user user_id="1" firstname="FirstName1" lastname="LastName1" email="user1@user1.com" password="35fd8ba86ba403ffcc00feac5355ad20"
-    creation="2011-01-27 12:09:02" folder_id="1000" admin="0" />
-  <user user_id="2" firstname="FirstName2" lastname="LastName2" email="user2@user2.com" password="35fd8ba86ba403ffcc00feac5355ad20"
-    creation="2011-01-27 12:10:02" admin="0" />
-  <user user_id="3" firstname="FirstName3" lastname="LastName3" email="user3@user3.com" password="35fd8ba86ba403ffcc00feac5355ad20"
-    creation="2011-01-27 12:08:02" admin="0" />
-  <user user_id="4" firstname="Admin" lastname="Admin" email="admin@admin.com" password="35fd8ba86ba403ffcc00feac5355ad20"
-    creation="2011-01-27 12:11:02" admin="1" />
+  <user user_id="1" firstname="FirstName1" lastname="LastName1" email="user1@user1.com"
+    creation="2011-01-27 12:09:02" folder_id="1000" admin="0"  hash_alg="sha256" />
+  <user user_id="2" firstname="FirstName2" lastname="LastName2" email="user2@user2.com"
+    creation="2011-01-27 12:10:02" admin="0"  hash_alg="sha256" />
+  <user user_id="3" firstname="FirstName3" lastname="LastName3" email="user3@user3.com"
+    creation="2011-01-27 12:08:02" admin="0"  hash_alg="sha256" />
+  <user user_id="4" firstname="Admin" lastname="Admin" email="admin@admin.com"
+    creation="2011-01-27 12:11:02" admin="1"  hash_alg="sha256" />
 
   <group group_id="3000" community_id="2000" name="Community 1 Admin" />
   <group group_id="3001" community_id="2000" name="Community 1 Moderator" />

core/tests/databaseDataset/search.xml

@@ -44,17 +44,16 @@
     name="Community test User 1 Member" />
 
 
-  <user user_id="1" firstname="Firstname1" lastname="Lastname1"
-    email="user1@user1.com" password="35fd8ba86ba403ffcc00feac5355ad20" creation="2011-01-27 12:09:02"
-    folder_id="1000" admin="0" />
+  <user user_id="1" firstname="Firstname1" lastname="Lastname1" email="user1@user1.com" creation="2011-01-27 12:09:02"
+    folder_id="1000" admin="0"  hash_alg="sha256" />
 
 <!-- To test Export component -->
-  <user user_id="2" firstname="Firstname2" lastname="Lastname2"
-    email="user2@user2.com" password="35fd8ba86ba403ffcc00feac5355ad20" creation="2011-01-27 12:10:02" admin="0" />
+  <user user_id="2" firstname="Firstname2" lastname="Lastname2"  hash_alg="sha256"
+    email="user2@user2.com" creation="2011-01-27 12:10:02" admin="0" />
   <folderpolicygroup folder_id="1001" group_id="0" policy="0" />
 <!-- To test admin user capabilities -->
-  <user user_id="3" firstname="Admin" lastname="Admin"
-    email="admin@admin.com" password="35fd8ba86ba403ffcc00feac5355ad20" creation="2011-01-27 12:11:02" admin="1" />
+  <user user_id="3" firstname="Admin" lastname="Admin"  hash_alg="sha256"
+    email="admin@admin.com" creation="2011-01-27 12:11:02" admin="1" />
 
   <user2group group_id="3000" user_id="1" />
   <user2group group_id="3002" user_id="1" />

modules/api/tests/controllers/ApiCallUserMethodsTest.php

@@ -68,8 +68,7 @@ public function testUserApikeyDefault()
 
     $this->resetAll();
 
-    // Must set the password here since our salt is dynamic
-    $userDao->setPassword(md5(Zend_Registry::get('configGlobal')->password->prefix.'test'));
+    $this->User->changePassword($userDao, 'test');
     $this->User->save($userDao);
 
     $this->params['method'] = 'midas.user.apikey.default';

modules/api/tests/controllers/ApiKeyControllerTest.php

@@ -38,8 +38,7 @@ public function testChangePasswordChangesDefaultApiKey()
     $usersFile = $this->loadData('User', 'default');
     $userDao = $this->User->load($usersFile[0]->getKey());
 
-    // Must set the password here since our salt is dynamic
-    $userDao->setPassword(md5(Zend_Registry::get('configGlobal')->password->prefix.'test'));
+    $this->User->changePassword($userDao, 'test');
     $this->User->save($userDao);
 
     $userApiModel = MidasLoader::loadModel('Userapi', 'api');
@@ -58,8 +57,6 @@ public function testChangePasswordChangesDefaultApiKey()
 
     $postKey = $userApiModel->getByAppAndUser('Default', $userDao)->getApikey();
     $this->assertNotEquals($preKey, $postKey);
-    $passwordPrefix = Zend_Registry::get('configGlobal')->password->prefix;
-    $this->assertEquals($postKey, md5($userDao->getEmail().md5($passwordPrefix.'test1').'Default'));
     }
 
   /** Make sure adding a new user adds a default api key */
@@ -79,8 +76,7 @@ public function testNewUserGetsDefaultApiKey()
     // Check that their default api key was created
     $userApiModel = MidasLoader::loadModel('Userapi', 'api');
     $key = $userApiModel->getByAppAndEmail('Default', 'some.user@server.com')->getApikey();
-    $passwordPrefix = Zend_Registry::get('configGlobal')->password->prefix;
-    $this->assertEquals($key, md5('some.user@server.com'.md5($passwordPrefix.'midas').'Default'));
+    $this->assertNotEmpty($key);
     }
 
   /**
@@ -99,6 +95,6 @@ public function testExistingUsersGetDefaultKeysOnInstall()
     $userApiDao = $userApiModel->getByAppAndEmail('Default', 'user1@user1.com');
 
     $this->assertTrue($userApiDao != false, 'Api key was not created for existing user');
-    $this->assertEquals($userApiDao->getApikey(), md5('user1@user1.com35fd8ba86ba403ffcc00feac5355ad20Default'));
+    $this->assertNotEmpty($userApiDao->getApikey());
     }
   }

modules/api/tests/models/base/UserApiModelTest.php

@@ -33,15 +33,15 @@ public function setUp()
   public function testDefaultApiKeyModel()
     {
     $userApiModel = MidasLoader::loadModel('Userapi', 'api');
+    $userModel = MidasLoader::loadModel('User');
 
-    $userDao = new UserDao();
+    $userDao = MidasLoader::newDao('UserDao');
     $userDao->setUserId(1);
     $userDao->setEmail('user1@user1.com');
-    $userDao->setPassword('35fd8ba86ba403ffcc00feac5355ad20');
+
     $userApiModel->createDefaultApiKey($userDao);
 
     $dao = $userApiModel->getByAppAndEmail('Default', 'user1@user1.com');
     $this->assertTrue($dao instanceof Api_UserapiDao);
-    $this->assertEquals(md5('user1@user1.com35fd8ba86ba403ffcc00feac5355ad20Default'), $dao->getApikey());
     }
   }