Merge pull request #2025 from marc1706/ticket/12183

[ticket/12183] Update user_newpasswd column in users table for passwords manager
2025-07-25 19:38:53 +00:00 · 2014-02-20 20:54:30 -06:00 · 2014-02-20 20:54:30 -06:00 · 2df2032b48
commit 2df2032b48
parent b8d30bfc80 92f1980377
11 changed files with 191 additions and 16 deletions
--- a/phpBB/includes/db/schema_data.php
+++ b/phpBB/includes/db/schema_data.php
@ -1119,6 +1119,8 @@ $schema_data['phpbb_users'] = array(
 		'user_password'				=> array('VCHAR_UNI', ''),
 		'user_passchg'				=> array('TIMESTAMP', 0),
 		'user_pass_convert'			=> array('BOOL', 0),
+		'user_actkey'				=> array('VCHAR:32', ''),
+		'user_newpasswd'			=> array('VCHAR_UNI', ''),
 		'user_email'				=> array('VCHAR_UNI:100', ''),
 		'user_email_hash'			=> array('BINT', 0),
 		'user_birthday'				=> array('VCHAR:10', ''),
@ -1173,8 +1175,6 @@ $schema_data['phpbb_users'] = array(
 		'user_msnm'					=> array('VCHAR_UNI', ''),
 		'user_jabber'				=> array('VCHAR_UNI', ''),
 		'user_website'				=> array('VCHAR_UNI:200', ''),
-		'user_actkey'				=> array('VCHAR:32', ''),
-		'user_newpasswd'			=> array('VCHAR_UNI:40', ''),
 		'user_form_salt'			=> array('VCHAR_UNI:32', ''),
 		'user_new'					=> array('BOOL', 1),
 		'user_reminded'				=> array('TINT:4', 0),
--- a/phpBB/install/schemas/firebird_schema.sql
+++ b/phpBB/install/schemas/firebird_schema.sql
@ -1372,6 +1372,8 @@ CREATE TABLE phpbb_users (
 	user_password VARCHAR(255) CHARACTER SET UTF8 DEFAULT '' NOT NULL COLLATE UNICODE,
 	user_passchg INTEGER DEFAULT 0 NOT NULL,
 	user_pass_convert INTEGER DEFAULT 0 NOT NULL,
+	user_actkey VARCHAR(32) CHARACTER SET NONE DEFAULT '' NOT NULL,
+	user_newpasswd VARCHAR(255) CHARACTER SET UTF8 DEFAULT '' NOT NULL COLLATE UNICODE,
 	user_email VARCHAR(100) CHARACTER SET UTF8 DEFAULT '' NOT NULL COLLATE UNICODE,
 	user_email_hash DOUBLE PRECISION DEFAULT 0 NOT NULL,
 	user_birthday VARCHAR(10) CHARACTER SET NONE DEFAULT '' NOT NULL,
@ -1426,8 +1428,6 @@ CREATE TABLE phpbb_users (
 	user_msnm VARCHAR(255) CHARACTER SET UTF8 DEFAULT '' NOT NULL COLLATE UNICODE,
 	user_jabber VARCHAR(255) CHARACTER SET UTF8 DEFAULT '' NOT NULL COLLATE UNICODE,
 	user_website VARCHAR(200) CHARACTER SET UTF8 DEFAULT '' NOT NULL COLLATE UNICODE,
-	user_actkey VARCHAR(32) CHARACTER SET NONE DEFAULT '' NOT NULL,
-	user_newpasswd VARCHAR(40) CHARACTER SET UTF8 DEFAULT '' NOT NULL COLLATE UNICODE,
 	user_form_salt VARCHAR(32) CHARACTER SET UTF8 DEFAULT '' NOT NULL COLLATE UNICODE,
 	user_new INTEGER DEFAULT 1 NOT NULL,
 	user_reminded INTEGER DEFAULT 0 NOT NULL,
--- a/phpBB/install/schemas/mssql_schema.sql
+++ b/phpBB/install/schemas/mssql_schema.sql
@ -1688,6 +1688,8 @@ CREATE TABLE [phpbb_users] (
 	[user_password] [varchar] (255) DEFAULT ('') NOT NULL ,
 	[user_passchg] [int] DEFAULT (0) NOT NULL ,
 	[user_pass_convert] [int] DEFAULT (0) NOT NULL ,
+	[user_actkey] [varchar] (32) DEFAULT ('') NOT NULL ,
+	[user_newpasswd] [varchar] (255) DEFAULT ('') NOT NULL ,
 	[user_email] [varchar] (100) DEFAULT ('') NOT NULL ,
 	[user_email_hash] [float] DEFAULT (0) NOT NULL ,
 	[user_birthday] [varchar] (10) DEFAULT ('') NOT NULL ,
@ -1742,8 +1744,6 @@ CREATE TABLE [phpbb_users] (
 	[user_msnm] [varchar] (255) DEFAULT ('') NOT NULL ,
 	[user_jabber] [varchar] (255) DEFAULT ('') NOT NULL ,
 	[user_website] [varchar] (200) DEFAULT ('') NOT NULL ,
-	[user_actkey] [varchar] (32) DEFAULT ('') NOT NULL ,
-	[user_newpasswd] [varchar] (40) DEFAULT ('') NOT NULL ,
 	[user_form_salt] [varchar] (32) DEFAULT ('') NOT NULL ,
 	[user_new] [int] DEFAULT (1) NOT NULL ,
 	[user_reminded] [int] DEFAULT (0) NOT NULL ,
--- a/phpBB/install/schemas/mysql_40_schema.sql
+++ b/phpBB/install/schemas/mysql_40_schema.sql
@ -981,6 +981,8 @@ CREATE TABLE phpbb_users (
 	user_password blob NOT NULL,
 	user_passchg int(11) UNSIGNED DEFAULT '0' NOT NULL,
 	user_pass_convert tinyint(1) UNSIGNED DEFAULT '0' NOT NULL,
+	user_actkey varbinary(32) DEFAULT '' NOT NULL,
+	user_newpasswd blob NOT NULL,
 	user_email blob NOT NULL,
 	user_email_hash bigint(20) DEFAULT '0' NOT NULL,
 	user_birthday varbinary(10) DEFAULT '' NOT NULL,
@ -1035,8 +1037,6 @@ CREATE TABLE phpbb_users (
 	user_msnm blob NOT NULL,
 	user_jabber blob NOT NULL,
 	user_website blob NOT NULL,
-	user_actkey varbinary(32) DEFAULT '' NOT NULL,
-	user_newpasswd varbinary(120) DEFAULT '' NOT NULL,
 	user_form_salt varbinary(96) DEFAULT '' NOT NULL,
 	user_new tinyint(1) UNSIGNED DEFAULT '1' NOT NULL,
 	user_reminded tinyint(4) DEFAULT '0' NOT NULL,
--- a/phpBB/install/schemas/mysql_41_schema.sql
+++ b/phpBB/install/schemas/mysql_41_schema.sql
@ -981,6 +981,8 @@ CREATE TABLE phpbb_users (
 	user_password varchar(255) DEFAULT '' NOT NULL,
 	user_passchg int(11) UNSIGNED DEFAULT '0' NOT NULL,
 	user_pass_convert tinyint(1) UNSIGNED DEFAULT '0' NOT NULL,
+	user_actkey varchar(32) DEFAULT '' NOT NULL,
+	user_newpasswd varchar(255) DEFAULT '' NOT NULL,
 	user_email varchar(100) DEFAULT '' NOT NULL,
 	user_email_hash bigint(20) DEFAULT '0' NOT NULL,
 	user_birthday varchar(10) DEFAULT '' NOT NULL,
@ -1035,8 +1037,6 @@ CREATE TABLE phpbb_users (
 	user_msnm varchar(255) DEFAULT '' NOT NULL,
 	user_jabber varchar(255) DEFAULT '' NOT NULL,
 	user_website varchar(200) DEFAULT '' NOT NULL,
-	user_actkey varchar(32) DEFAULT '' NOT NULL,
-	user_newpasswd varchar(40) DEFAULT '' NOT NULL,
 	user_form_salt varchar(32) DEFAULT '' NOT NULL,
 	user_new tinyint(1) UNSIGNED DEFAULT '1' NOT NULL,
 	user_reminded tinyint(4) DEFAULT '0' NOT NULL,
--- a/phpBB/install/schemas/oracle_schema.sql
+++ b/phpBB/install/schemas/oracle_schema.sql
@ -1805,6 +1805,8 @@ CREATE TABLE phpbb_users (
 	user_password varchar2(765) DEFAULT '' ,
 	user_passchg number(11) DEFAULT '0' NOT NULL,
 	user_pass_convert number(1) DEFAULT '0' NOT NULL,
+	user_actkey varchar2(32) DEFAULT '' ,
+	user_newpasswd varchar2(765) DEFAULT '' ,
 	user_email varchar2(300) DEFAULT '' ,
 	user_email_hash number(20) DEFAULT '0' NOT NULL,
 	user_birthday varchar2(10) DEFAULT '' ,
@ -1859,8 +1861,6 @@ CREATE TABLE phpbb_users (
 	user_msnm varchar2(765) DEFAULT '' ,
 	user_jabber varchar2(765) DEFAULT '' ,
 	user_website varchar2(600) DEFAULT '' ,
-	user_actkey varchar2(32) DEFAULT '' ,
-	user_newpasswd varchar2(120) DEFAULT '' ,
 	user_form_salt varchar2(96) DEFAULT '' ,
 	user_new number(1) DEFAULT '1' NOT NULL,
 	user_reminded number(4) DEFAULT '0' NOT NULL,
--- a/phpBB/install/schemas/postgres_schema.sql
+++ b/phpBB/install/schemas/postgres_schema.sql
@ -1253,6 +1253,8 @@ CREATE TABLE phpbb_users (
 	user_password varchar(255) DEFAULT '' NOT NULL,
 	user_passchg INT4 DEFAULT '0' NOT NULL CHECK (user_passchg >= 0),
 	user_pass_convert INT2 DEFAULT '0' NOT NULL CHECK (user_pass_convert >= 0),
+	user_actkey varchar(32) DEFAULT '' NOT NULL,
+	user_newpasswd varchar(255) DEFAULT '' NOT NULL,
 	user_email varchar(100) DEFAULT '' NOT NULL,
 	user_email_hash INT8 DEFAULT '0' NOT NULL,
 	user_birthday varchar(10) DEFAULT '' NOT NULL,
@ -1307,8 +1309,6 @@ CREATE TABLE phpbb_users (
 	user_msnm varchar(255) DEFAULT '' NOT NULL,
 	user_jabber varchar(255) DEFAULT '' NOT NULL,
 	user_website varchar(200) DEFAULT '' NOT NULL,
-	user_actkey varchar(32) DEFAULT '' NOT NULL,
-	user_newpasswd varchar(40) DEFAULT '' NOT NULL,
 	user_form_salt varchar(32) DEFAULT '' NOT NULL,
 	user_new INT2 DEFAULT '1' NOT NULL CHECK (user_new >= 0),
 	user_reminded INT2 DEFAULT '0' NOT NULL,
--- a/phpBB/install/schemas/sqlite_schema.sql
+++ b/phpBB/install/schemas/sqlite_schema.sql
@ -952,6 +952,8 @@ CREATE TABLE phpbb_users (
 	user_password varchar(255) NOT NULL DEFAULT '',
 	user_passchg INTEGER UNSIGNED NOT NULL DEFAULT '0',
 	user_pass_convert INTEGER UNSIGNED NOT NULL DEFAULT '0',
+	user_actkey varchar(32) NOT NULL DEFAULT '',
+	user_newpasswd varchar(255) NOT NULL DEFAULT '',
 	user_email varchar(100) NOT NULL DEFAULT '',
 	user_email_hash bigint(20) NOT NULL DEFAULT '0',
 	user_birthday varchar(10) NOT NULL DEFAULT '',
@ -1006,8 +1008,6 @@ CREATE TABLE phpbb_users (
 	user_msnm varchar(255) NOT NULL DEFAULT '',
 	user_jabber varchar(255) NOT NULL DEFAULT '',
 	user_website varchar(200) NOT NULL DEFAULT '',
-	user_actkey varchar(32) NOT NULL DEFAULT '',
-	user_newpasswd varchar(40) NOT NULL DEFAULT '',
 	user_form_salt varchar(32) NOT NULL DEFAULT '',
 	user_new INTEGER UNSIGNED NOT NULL DEFAULT '1',
 	user_reminded tinyint(4) NOT NULL DEFAULT '0',
--- a/phpBB/phpbb/db/migration/data/v310/passwords_p2.php
+++ b/phpBB/phpbb/db/migration/data/v310/passwords_p2.php
@ -0,0 +1,40 @@
+<?php
+/**
+*
+* @package migration
+* @copyright (c) 2014 phpBB Group
+* @license http://opensource.org/licenses/gpl-license.php GNU Public License v2
+*
+*/
+
+namespace phpbb\db\migration\data\v310;
+
+class passwords_p2 extends \phpbb\db\migration\migration
+{
+	static public function depends_on()
+	{
+		return array('\phpbb\db\migration\data\v310\passwords');
+	}
+
+	public function update_schema()
+	{
+		return array(
+			'change_columns'	=> array(
+				$this->table_prefix . 'users'	=> array(
+					'user_newpasswd'		=> array('VCHAR:255', ''),
+				),
+			),
+		);
+	}
+
+	public function revert_schema()
+	{
+		return array(
+			'change_columns'	=> array(
+				$this->table_prefix . 'users'	=> array(
+					'user_newpasswd'		=> array('VCHAR:40', ''),
+				),
+			),
+		);
+	}
+}
--- a/tests/functional/forgot_password_test.php
+++ b/tests/functional/forgot_password_test.php
@ -41,4 +41,17 @@ class phpbb_functional_forgot_password_test extends phpbb_functional_test_case

 	}

+	public function tearDown()
+	{
+		$this->login();
+		$this->admin_login();
+
+		$crawler = self::request('GET', 'adm/index.php?sid=' . $this->sid . '&i=acp_board&mode=security');
+
+		// Enable allow_password_reset again after test
+		$form = $crawler->selectButton('Submit')->form(array(
+			'config[allow_password_reset]'	=> 1,
+		));
+		$crawler = self::submit($form);
+	}
 }
--- a/tests/functional/user_password_reset_test.php
+++ b/tests/functional/user_password_reset_test.php
@ -0,0 +1,122 @@
+<?php
+/**
+*
+* @package testing
+* @copyright (c) 2014 phpBB Group
+* @license http://opensource.org/licenses/gpl-2.0.php GNU General Public License v2
+*
+*/
+
+/**
+* @group functional
+*/
+class phpbb_functional_user_password_reset_test extends phpbb_functional_test_case
+{
+	protected $user_data;
+
+	public function test_password_reset()
+	{
+		$this->add_lang('ucp');
+		$user_id = $this->create_user('reset-password-test-user');
+
+		$crawler = self::request('GET', "ucp.php?mode=sendpassword&sid={$this->sid}");
+		$form = $crawler->selectButton('submit')->form(array(
+			'username'	=> 'reset-password-test-user',
+		));
+		$crawler = self::submit($form);
+		$this->assertContainsLang('NO_EMAIL_USER', $crawler->text());
+
+		$crawler = self::request('GET', "ucp.php?mode=sendpassword&sid={$this->sid}");
+		$form = $crawler->selectButton('submit')->form(array(
+			'username'	=> 'reset-password-test-user',
+			'email'		=> 'nobody@example.com',
+		));
+		$crawler = self::submit($form);
+		$this->assertContainsLang('PASSWORD_UPDATED', $crawler->text());
+
+		// Check if columns in database were updated for password reset
+		$this->get_user_data();
+		$this->assertNotNull($this->user_data['user_actkey']);
+		$this->assertNotNull($this->user_data['user_newpasswd']);
+
+		// Make sure we know the password
+		$db = $this->get_db();
+		$this->passwords_manager = $this->get_passwords_manager();
+		$sql = 'UPDATE ' . USERS_TABLE . "
+			SET user_newpasswd = '" . $db->sql_escape($this->passwords_manager->hash('reset-password-test-user')) . "'
+			WHERE user_id = " . $user_id;
+		$db->sql_query($sql);
+	}
+
+	public function test_login_after_reset()
+	{
+		$this->login('reset-password-test-user');
+	}
+
+	public function data_activate_new_password()
+	{
+		return array(
+			array('WRONG_ACTIVATION', false, 'FOOBAR'),
+			array('ALREADY_ACTIVATED', 2, 'FOOBAR'),
+			array('PASSWORD_ACTIVATED', false, false),
+			array('ALREADY_ACTIVATED', false, false),
+		);
+	}
+
+	/**
+	* @dataProvider data_activate_new_password
+	*/
+	public function test_activate_new_password($expected, $user_id, $act_key)
+	{
+		$this->add_lang('ucp');
+		$this->get_user_data();
+		$user_id = (!$user_id) ? $this->user_data['user_id'] : $user_id;
+		$act_key = (!$act_key) ? $this->user_data['user_actkey'] : $act_key;
+
+		$crawler = self::request('GET', "ucp.php?mode=activate&u=$user_id&k=$act_key&sid={$this->sid}");
+		$this->assertContainsLang($expected, $crawler->text());
+	}
+
+	public function test_login()
+	{
+		$this->add_lang('ucp');
+		$crawler = self::request('GET', 'ucp.php');
+		$this->assertContains($this->lang('LOGIN_EXPLAIN_UCP'), $crawler->filter('html')->text());
+
+		$form = $crawler->selectButton($this->lang('LOGIN'))->form();
+		$crawler = self::submit($form, array('username' => 'reset-password-test-user', 'password' => 'reset-password-test-user'));
+		$this->assertNotContains($this->lang('LOGIN'), $crawler->filter('.navbar')->text());
+
+		$cookies = self::$cookieJar->all();
+
+		// The session id is stored in a cookie that ends with _sid - we assume there is only one such cookie
+		foreach ($cookies as $cookie);
+		{
+			if (substr($cookie->getName(), -4) == '_sid')
+			{
+				$this->sid = $cookie->getValue();
+			}
+		}
+
+		$this->logout();
+
+		$crawler = self::request('GET', 'ucp.php');
+		$this->assertContains($this->lang('LOGIN_EXPLAIN_UCP'), $crawler->filter('html')->text());
+
+		$form = $crawler->selectButton($this->lang('LOGIN'))->form();
+		// Try logging in with the old password
+		$crawler = self::submit($form, array('username' => 'reset-password-test-user', 'password' => 'reset-password-test-userreset-password-test-user'));
+		$this->assertContains($this->lang('LOGIN_ERROR_PASSWORD', '', ''), $crawler->filter('html')->text());
+	}
+
+	protected function get_user_data()
+	{
+		$db = $this->get_db();
+		$sql = 'SELECT user_id, username, user_type, user_email, user_newpasswd, user_lang, user_notify_type, user_actkey, user_inactive_reason
+			FROM ' . USERS_TABLE . "
+			WHERE username = 'reset-password-test-user'";
+		$result = $db->sql_query($sql);
+		$this->user_data = $db->sql_fetchrow($result);
+		$db->sql_freeresult($result);
+	}
+}