Merge branch 'MDL-64950-35-2' of git://github.com/junpataleta/moodle …

…into MOODLE_35_STABLE
moodle · Mar 6, 2019 · e4a8e40 · e4a8e40
2 parents 5d4597c + b51a2cc
commit e4a8e40
Show file tree

Hide file tree

Showing 3 changed files with 203 additions and 1 deletion.
diff --git a/lib/moodlelib.php b/lib/moodlelib.php
@@ -4703,9 +4703,22 @@ function get_complete_user_data($field, $value, $mnethostid = null) {
         return false;
     }
 
+    // Change the field to lowercase.
+    $field = core_text::strtolower($field);
+
+    // List of case insensitive fields.
+    $caseinsensitivefields = ['username'];
+
     // Build the WHERE clause for an SQL query.
     $params = array('fieldval' => $value);
-    $constraints = "$field = :fieldval AND deleted <> 1";
+
+    // Do a case-insensitive query, if necessary.
+    if (in_array($field, $caseinsensitivefields)) {
+        $fieldselect = $DB->sql_equal($field, ':fieldval', false);
+    } else {
+        $fieldselect = "$field = :fieldval";
+    }
+    $constraints = "$fieldselect AND deleted <> 1";
 
     // If we are loading user data based on anything other than id,
     // we must also restrict our search based on mnet host.

diff --git a/lib/tests/moodlelib_test.php b/lib/tests/moodlelib_test.php
@@ -4275,4 +4275,65 @@ function($a) { return $a; },
             ],
         ];
     }
+
+    /**
+     * Data provider for \core_moodlelib_testcase::test_get_complete_user_data().
+     *
+     * @return array
+     */
+    public function user_data_provider() {
+        return [
+            'Fetch data using a valid username' => [
+                'username', 's1', true
+            ],
+            'Fetch data using a valid username, different case' => [
+                'username', 'S1', true
+            ],
+            'Fetch data using a valid username, different case for fieldname and value' => [
+                'USERNAME', 'S1', true
+            ],
+            'Fetch data using an invalid username' => [
+                'username', 's2', false
+            ],
+        ];
+    }
+
+    /**
+     * Test for get_complete_user_data().
+     *
+     * @dataProvider user_data_provider
+     * @param string $field The field to use for the query.
+     * @param string|boolean $value The field value. When fetching by ID, set true to fetch valid user ID, false otherwise.
+     * @param boolean $success Whether we expect for the fetch to succeed or return false.
+     */
+    public function test_get_complete_user_data($field, $value, $success) {
+        $this->resetAfterTest();
+
+        // Generate the user data.
+        $generator = $this->getDataGenerator();
+        $userdata = [
+            'username' => 's1',
+            'email' => 's1@example.com',
+        ];
+        $user = $generator->create_user($userdata);
+
+        // Since the data provider can't know what user ID to use, do a special handling for ID field tests.
+        if ($field === 'id') {
+            if ($value) {
+                // Test for fetching data using a valid user ID. Use the generated user's ID.
+                $value = $user->id;
+            } else {
+                // Test for fetching data using a non-existent user ID.
+                $value = $user->id + 1;
+            }
+        }
+        $fetcheduser = get_complete_user_data($field, $value);
+        if ($success) {
+            $this->assertEquals($user->id, $fetcheduser->id);
+            $this->assertEquals($user->username, $fetcheduser->username);
+            $this->assertEquals($user->email, $fetcheduser->email);
+        } else {
+            $this->assertFalse($fetcheduser);
+        }
+    }
 }
diff --git a/login/tests/lib_test.php b/login/tests/lib_test.php
@@ -222,4 +222,132 @@ public function test_core_login_process_password_reset_invalid_email_without_use
         list($status, $notice, $url) = core_login_process_password_reset(null, 'fakeemail@nofd.zdy');
         $this->assertEquals('emailpasswordconfirmnotsent', $status);
     }
+
+    /**
+     * Data provider for \core_login_lib_testcase::test_core_login_validate_forgot_password_data().
+     */
+    public function forgot_password_data_provider() {
+        return [
+            'Both username and password supplied' => [
+                [
+                    'username' => 's1',
+                    'email' => 's1@example.com'
+                ],
+                [
+                    'username' => get_string('usernameoremail'),
+                    'email' => get_string('usernameoremail'),
+                ]
+            ],
+            'Valid username' => [
+                ['username' => 's1']
+            ],
+            'Valid username, different case' => [
+                ['username' => 'S1']
+            ],
+            'Valid username, different case, username protection off' => [
+                ['username' => 'S1'],
+                [],
+                ['protectusernames' => 0]
+            ],
+            'Non-existent username' => [
+                ['username' => 's2'],
+            ],
+            'Non-existing username, username protection off' => [
+                ['username' => 's2'],
+                ['username' => get_string('usernamenotfound')],
+                ['protectusernames' => 0]
+            ],
+            'Valid username, unconfirmed username' => [
+                ['username' => 's1'],
+                ['email' => get_string('confirmednot')],
+                ['confirmed' => 0]
+            ],
+            'Invalid email' => [
+                ['email' => 's1-example.com'],
+                ['email' => get_string('invalidemail')]
+            ],
+            'Multiple accounts with the same email' => [
+                ['email' => 's1@example.com'],
+                ['email' => get_string('forgottenduplicate')],
+                ['allowaccountssameemail' => 1]
+            ],
+            'Non-existent email, username protection on' => [
+                ['email' => 's2@example.com']
+            ],
+            'Non-existent email, username protection off' => [
+                ['email' => 's2@example.com'],
+                ['email' => get_string('emailnotfound')],
+                ['protectusernames' => 0]
+            ],
+            'Valid email' => [
+                ['email' => 's1@example.com']
+            ],
+            'Valid email, different case' => [
+                ['email' => 'S1@EXAMPLE.COM']
+            ],
+            'Valid email, unconfirmed user' => [
+                ['email' => 's1@example.com'],
+                ['email' => get_string('confirmednot')],
+                ['confirmed' => 0]
+            ],
+        ];
+    }
+
+    /**
+     * Test for core_login_validate_forgot_password_data().
+     *
+     * @dataProvider forgot_password_data_provider
+     * @param array $data Key-value array containing username and email data.
+     * @param array $errors Key-value array containing error messages for the username and email fields.
+     * @param array $options Options for $CFG->protectusernames, $CFG->allowaccountssameemail and $user->confirmed.
+     */
+    public function test_core_login_validate_forgot_password_data($data, $errors = [], $options = []) {
+        $this->resetAfterTest();
+
+        // Set config settings we need for our environment.
+        $protectusernames = $options['protectusernames'] ?? 1;
+        set_config('protectusernames', $protectusernames);
+
+        $allowaccountssameemail = $options['allowaccountssameemail'] ?? 0;
+        set_config('allowaccountssameemail', $allowaccountssameemail);
+
+        // Generate the user data.
+        $generator = $this->getDataGenerator();
+        $userdata = [
+            'username' => 's1',
+            'email' => 's1@example.com',
+            'confirmed' => $options['confirmed'] ?? 1
+        ];
+        $generator->create_user($userdata);
+
+        if ($allowaccountssameemail) {
+            // Create another user with the same email address.
+            $generator->create_user(['email' => 's1@example.com']);
+        }
+
+        // Validate the data.
+        $validationerrors = core_login_validate_forgot_password_data($data);
+
+        // Check validation errors for the username field.
+        if (isset($errors['username'])) {
+            // If we expect and error for the username field, confirm that it's set.
+            $this->assertArrayHasKey('username', $validationerrors);
+            // And the actual validation error is equal to the expected validation error.
+            $this->assertEquals($errors['username'], $validationerrors['username']);
+        } else {
+            // If we don't expect that there's a validation for the username field, confirm that it's not set.
+            $this->assertArrayNotHasKey('username', $validationerrors);
+        }
+
+        // Check validation errors for the email field.
+        if (isset($errors['email'])) {
+            // If we expect and error for the email field, confirm that it's set.
+            $this->assertArrayHasKey('email', $validationerrors);
+            // And the actual validation error is equal to the expected validation error.
+            $this->assertEquals($errors['email'], $validationerrors['email']);
+        } else {
+            // If we don't expect that there's a validation for the email field, confirm that it's not set.
+            $this->assertArrayNotHasKey('email', $validationerrors);
+        }
+    }
 }