diff --git a/core/tests/controllers/UserControllerTest.php b/core/tests/controllers/UserControllerTest.php
index 02a696648..e065496ee 100644
--- a/core/tests/controllers/UserControllerTest.php
+++ b/core/tests/controllers/UserControllerTest.php
@@ -94,9 +94,8 @@ public function testLoginAction()
$this->assertTrue(is_string($resp->message) && strlen($resp->message) > 0);
$this->assertFalse(Zend_Auth::getInstance()->hasIdentity());
- // Must set the password here since our salt is dynamic
$userDao = $this->User->getByEmail('user1@user1.com');
- $userDao->setPassword(md5(Zend_Registry::get('configGlobal')->password->prefix.'test'));
+ $this->User->changePassword($userDao, 'test');
$this->User->save($userDao);
$this->resetAll();
@@ -139,7 +138,7 @@ public function testRecoverpasswordAction()
$this->dispatchUrI("/user/recoverpassword", null);
$userDao2 = $this->User->getByEmail($this->params['email']);
- $this->assertNotEquals($userDao->getPassword(), $userDao2->getPassword(), 'Unable to change password');
+ $this->assertNotEquals($userDao->getSalt(), $userDao2->getSalt(), 'Salt should have changed');
$this->setupDatabase(array('default'));
}
@@ -243,14 +242,25 @@ public function testSettingsAction()
$this->params['newPassword'] = 'newPassword';
$this->request->setMethod('POST');
$this->dispatchUrI("/user/settings", $userDao);
+ $resp = json_decode($this->getBody());
+ $this->assertTrue($resp[0] == false);
- $userCheckDao = $this->User->getByEmail($userDao->getEmail());
- // Must set the password here since our salt is dynamic
- $userCheckDao->setPassword(md5(Zend_Registry::get('configGlobal')->password->prefix.'test'));
- $this->User->save($userCheckDao);
-
- $this->assertNotEquals($userDao->getPassword(), $userCheckDao->getPassword(), 'Unable to change password');
+ // Store old password so it will authenticate
+ $instanceSalt = Zend_Registry::get('configGlobal')->password->prefix;
+ $this->User->storePasswordHash(hash('sha256', $instanceSalt.$userDao->getSalt().'test'));
+ $this->resetAll();
+ $this->params = array();
+ $this->params['modifyPassword'] = 'true';
+ $this->params['oldPassword'] = 'test';
+ $this->params['newPassword'] = 'newPassword';
+ $this->request->setMethod('POST');
+ $this->dispatchUrI("/user/settings", $userDao);
+ $resp = json_decode($this->getBody());
+ $this->assertTrue($resp[0] == true);
+ $userCheckDao = $this->User->getByEmail($userDao->getEmail());
+ $this->assertNotEquals($userDao->getSalt(), $userCheckDao->getSalt(), 'Salt should have changed');
+ $this->assertTrue($this->User->hashExists(hash('sha256', $instanceSalt.$userCheckDao->getSalt().'newPassword')), 'New hash should have been added to password table');
$this->setupDatabase(array('default'));
$this->resetAll();
@@ -407,9 +417,8 @@ public function testUserexistsAction()
$resp = json_decode($this->getBody());
$this->assertTrue($resp->status == false);
- // Must set the password here since our salt is dynamic
$userDao = $this->User->getByEmail('user1@user1.com');
- $userDao->setPassword(md5(Zend_Registry::get('configGlobal')->password->prefix.'test'));
+ $this->User->changePassword($userDao, 'test');
$this->User->save($userDao);
$this->resetAll();
diff --git a/core/tests/databaseDataset/adminUser.xml b/core/tests/databaseDataset/adminUser.xml
index c8ff11b32..e79b67b59 100644
--- a/core/tests/databaseDataset/adminUser.xml
+++ b/core/tests/databaseDataset/adminUser.xml
@@ -1,7 +1,7 @@
-
+
-
+
-
+
@@ -168,16 +166,17 @@
-
+
-
+
-
+
-
+
+
diff --git a/core/tests/databaseDataset/policies.xml b/core/tests/databaseDataset/policies.xml
index 5461b986f..ef331133a 100644
--- a/core/tests/databaseDataset/policies.xml
+++ b/core/tests/databaseDataset/policies.xml
@@ -5,14 +5,14 @@
creation="2011-01-27 12:09:02" privacy="0" folder_id="1003" admingroup_id="3000" moderatorgroup_id="3001"
membergroup_id="3002" uuid='4e311fdf82107d245f0798d654fc24205f2621eb72777' />
-
-
-
-
+
+
+
+
diff --git a/core/tests/databaseDataset/search.xml b/core/tests/databaseDataset/search.xml
index 56fc864e2..9db1a12b8 100644
--- a/core/tests/databaseDataset/search.xml
+++ b/core/tests/databaseDataset/search.xml
@@ -44,17 +44,16 @@
name="Community test User 1 Member" />
-
+
-
+
-
+
diff --git a/modules/api/tests/controllers/ApiCallUserMethodsTest.php b/modules/api/tests/controllers/ApiCallUserMethodsTest.php
index 4059c9185..a5fb4cbcc 100644
--- a/modules/api/tests/controllers/ApiCallUserMethodsTest.php
+++ b/modules/api/tests/controllers/ApiCallUserMethodsTest.php
@@ -68,8 +68,7 @@ public function testUserApikeyDefault()
$this->resetAll();
- // Must set the password here since our salt is dynamic
- $userDao->setPassword(md5(Zend_Registry::get('configGlobal')->password->prefix.'test'));
+ $this->User->changePassword($userDao, 'test');
$this->User->save($userDao);
$this->params['method'] = 'midas.user.apikey.default';
diff --git a/modules/api/tests/controllers/ApiKeyControllerTest.php b/modules/api/tests/controllers/ApiKeyControllerTest.php
index 04e72c15a..ecb581eb6 100644
--- a/modules/api/tests/controllers/ApiKeyControllerTest.php
+++ b/modules/api/tests/controllers/ApiKeyControllerTest.php
@@ -38,8 +38,7 @@ public function testChangePasswordChangesDefaultApiKey()
$usersFile = $this->loadData('User', 'default');
$userDao = $this->User->load($usersFile[0]->getKey());
- // Must set the password here since our salt is dynamic
- $userDao->setPassword(md5(Zend_Registry::get('configGlobal')->password->prefix.'test'));
+ $this->User->changePassword($userDao, 'test');
$this->User->save($userDao);
$userApiModel = MidasLoader::loadModel('Userapi', 'api');
@@ -58,8 +57,6 @@ public function testChangePasswordChangesDefaultApiKey()
$postKey = $userApiModel->getByAppAndUser('Default', $userDao)->getApikey();
$this->assertNotEquals($preKey, $postKey);
- $passwordPrefix = Zend_Registry::get('configGlobal')->password->prefix;
- $this->assertEquals($postKey, md5($userDao->getEmail().md5($passwordPrefix.'test1').'Default'));
}
/** Make sure adding a new user adds a default api key */
@@ -79,8 +76,7 @@ public function testNewUserGetsDefaultApiKey()
// Check that their default api key was created
$userApiModel = MidasLoader::loadModel('Userapi', 'api');
$key = $userApiModel->getByAppAndEmail('Default', 'some.user@server.com')->getApikey();
- $passwordPrefix = Zend_Registry::get('configGlobal')->password->prefix;
- $this->assertEquals($key, md5('some.user@server.com'.md5($passwordPrefix.'midas').'Default'));
+ $this->assertNotEmpty($key);
}
/**
@@ -99,6 +95,6 @@ public function testExistingUsersGetDefaultKeysOnInstall()
$userApiDao = $userApiModel->getByAppAndEmail('Default', 'user1@user1.com');
$this->assertTrue($userApiDao != false, 'Api key was not created for existing user');
- $this->assertEquals($userApiDao->getApikey(), md5('user1@user1.com35fd8ba86ba403ffcc00feac5355ad20Default'));
+ $this->assertNotEmpty($userApiDao->getApikey());
}
}
diff --git a/modules/api/tests/models/base/UserApiModelTest.php b/modules/api/tests/models/base/UserApiModelTest.php
index 25bf2a626..d9b74706a 100644
--- a/modules/api/tests/models/base/UserApiModelTest.php
+++ b/modules/api/tests/models/base/UserApiModelTest.php
@@ -33,15 +33,15 @@ public function setUp()
public function testDefaultApiKeyModel()
{
$userApiModel = MidasLoader::loadModel('Userapi', 'api');
+ $userModel = MidasLoader::loadModel('User');
- $userDao = new UserDao();
+ $userDao = MidasLoader::newDao('UserDao');
$userDao->setUserId(1);
$userDao->setEmail('user1@user1.com');
- $userDao->setPassword('35fd8ba86ba403ffcc00feac5355ad20');
+
$userApiModel->createDefaultApiKey($userDao);
$dao = $userApiModel->getByAppAndEmail('Default', 'user1@user1.com');
$this->assertTrue($dao instanceof Api_UserapiDao);
- $this->assertEquals(md5('user1@user1.com35fd8ba86ba403ffcc00feac5355ad20Default'), $dao->getApikey());
}
}