From 5ce0bb76308e8b96050316e4dc89f34ba3967cab Mon Sep 17 00:00:00 2001 From: Marc Alexander Date: Mon, 10 Feb 2014 22:06:42 +0100 Subject: [PATCH 1/8] [ticket/12183] Update user_newpasswd column to length of 255 in schema files PHPBB3-12183 --- phpBB/includes/db/schema_data.php | 2 +- phpBB/install/schemas/firebird_schema.sql | 2 +- phpBB/install/schemas/mssql_schema.sql | 2 +- phpBB/install/schemas/mysql_40_schema.sql | 2 +- phpBB/install/schemas/mysql_41_schema.sql | 2 +- phpBB/install/schemas/oracle_schema.sql | 2 +- phpBB/install/schemas/postgres_schema.sql | 2 +- phpBB/install/schemas/sqlite_schema.sql | 2 +- 8 files changed, 8 insertions(+), 8 deletions(-) diff --git a/phpBB/includes/db/schema_data.php b/phpBB/includes/db/schema_data.php index cb09116856..1373d5fa96 100644 --- a/phpBB/includes/db/schema_data.php +++ b/phpBB/includes/db/schema_data.php @@ -1173,7 +1173,7 @@ $schema_data['phpbb_users'] = array( 'user_jabber' => array('VCHAR_UNI', ''), 'user_website' => array('VCHAR_UNI:200', ''), 'user_actkey' => array('VCHAR:32', ''), - 'user_newpasswd' => array('VCHAR_UNI:40', ''), + 'user_newpasswd' => array('VCHAR_UNI', ''), 'user_form_salt' => array('VCHAR_UNI:32', ''), 'user_new' => array('BOOL', 1), 'user_reminded' => array('TINT:4', 0), diff --git a/phpBB/install/schemas/firebird_schema.sql b/phpBB/install/schemas/firebird_schema.sql index c717cb7416..7fdb7569c5 100644 --- a/phpBB/install/schemas/firebird_schema.sql +++ b/phpBB/install/schemas/firebird_schema.sql @@ -1426,7 +1426,7 @@ CREATE TABLE phpbb_users ( user_jabber VARCHAR(255) CHARACTER SET UTF8 DEFAULT '' NOT NULL COLLATE UNICODE, user_website VARCHAR(200) CHARACTER SET UTF8 DEFAULT '' NOT NULL COLLATE UNICODE, user_actkey VARCHAR(32) CHARACTER SET NONE DEFAULT '' NOT NULL, - user_newpasswd VARCHAR(40) CHARACTER SET UTF8 DEFAULT '' NOT NULL COLLATE UNICODE, + user_newpasswd VARCHAR(255) CHARACTER SET UTF8 DEFAULT '' NOT NULL COLLATE UNICODE, user_form_salt VARCHAR(32) CHARACTER SET UTF8 DEFAULT '' NOT NULL COLLATE UNICODE, user_new INTEGER DEFAULT 1 NOT NULL, user_reminded INTEGER DEFAULT 0 NOT NULL, diff --git a/phpBB/install/schemas/mssql_schema.sql b/phpBB/install/schemas/mssql_schema.sql index 9d7d0e324b..eb4aefcbe9 100644 --- a/phpBB/install/schemas/mssql_schema.sql +++ b/phpBB/install/schemas/mssql_schema.sql @@ -1742,7 +1742,7 @@ CREATE TABLE [phpbb_users] ( [user_jabber] [varchar] (255) DEFAULT ('') NOT NULL , [user_website] [varchar] (200) DEFAULT ('') NOT NULL , [user_actkey] [varchar] (32) DEFAULT ('') NOT NULL , - [user_newpasswd] [varchar] (40) DEFAULT ('') NOT NULL , + [user_newpasswd] [varchar] (255) DEFAULT ('') NOT NULL , [user_form_salt] [varchar] (32) DEFAULT ('') NOT NULL , [user_new] [int] DEFAULT (1) NOT NULL , [user_reminded] [int] DEFAULT (0) NOT NULL , diff --git a/phpBB/install/schemas/mysql_40_schema.sql b/phpBB/install/schemas/mysql_40_schema.sql index b5ccb6c783..68cda258bf 100644 --- a/phpBB/install/schemas/mysql_40_schema.sql +++ b/phpBB/install/schemas/mysql_40_schema.sql @@ -1035,7 +1035,7 @@ CREATE TABLE phpbb_users ( user_jabber blob NOT NULL, user_website blob NOT NULL, user_actkey varbinary(32) DEFAULT '' NOT NULL, - user_newpasswd varbinary(120) DEFAULT '' NOT NULL, + user_newpasswd blob NOT NULL, user_form_salt varbinary(96) DEFAULT '' NOT NULL, user_new tinyint(1) UNSIGNED DEFAULT '1' NOT NULL, user_reminded tinyint(4) DEFAULT '0' NOT NULL, diff --git a/phpBB/install/schemas/mysql_41_schema.sql b/phpBB/install/schemas/mysql_41_schema.sql index 9e911560db..e52b9c63aa 100644 --- a/phpBB/install/schemas/mysql_41_schema.sql +++ b/phpBB/install/schemas/mysql_41_schema.sql @@ -1035,7 +1035,7 @@ CREATE TABLE phpbb_users ( user_jabber varchar(255) DEFAULT '' NOT NULL, user_website varchar(200) DEFAULT '' NOT NULL, user_actkey varchar(32) DEFAULT '' NOT NULL, - user_newpasswd varchar(40) DEFAULT '' NOT NULL, + user_newpasswd varchar(255) DEFAULT '' NOT NULL, user_form_salt varchar(32) DEFAULT '' NOT NULL, user_new tinyint(1) UNSIGNED DEFAULT '1' NOT NULL, user_reminded tinyint(4) DEFAULT '0' NOT NULL, diff --git a/phpBB/install/schemas/oracle_schema.sql b/phpBB/install/schemas/oracle_schema.sql index b752908ef8..1b27beb8ca 100644 --- a/phpBB/install/schemas/oracle_schema.sql +++ b/phpBB/install/schemas/oracle_schema.sql @@ -1859,7 +1859,7 @@ CREATE TABLE phpbb_users ( user_jabber varchar2(765) DEFAULT '' , user_website varchar2(600) DEFAULT '' , user_actkey varchar2(32) DEFAULT '' , - user_newpasswd varchar2(120) DEFAULT '' , + user_newpasswd varchar2(765) DEFAULT '' , user_form_salt varchar2(96) DEFAULT '' , user_new number(1) DEFAULT '1' NOT NULL, user_reminded number(4) DEFAULT '0' NOT NULL, diff --git a/phpBB/install/schemas/postgres_schema.sql b/phpBB/install/schemas/postgres_schema.sql index 229a57a11b..016dbfb8aa 100644 --- a/phpBB/install/schemas/postgres_schema.sql +++ b/phpBB/install/schemas/postgres_schema.sql @@ -1307,7 +1307,7 @@ CREATE TABLE phpbb_users ( user_jabber varchar(255) DEFAULT '' NOT NULL, user_website varchar(200) DEFAULT '' NOT NULL, user_actkey varchar(32) DEFAULT '' NOT NULL, - user_newpasswd varchar(40) DEFAULT '' NOT NULL, + user_newpasswd varchar(255) DEFAULT '' NOT NULL, user_form_salt varchar(32) DEFAULT '' NOT NULL, user_new INT2 DEFAULT '1' NOT NULL CHECK (user_new >= 0), user_reminded INT2 DEFAULT '0' NOT NULL, diff --git a/phpBB/install/schemas/sqlite_schema.sql b/phpBB/install/schemas/sqlite_schema.sql index 4b1ad2ce46..3df26e2d91 100644 --- a/phpBB/install/schemas/sqlite_schema.sql +++ b/phpBB/install/schemas/sqlite_schema.sql @@ -1006,7 +1006,7 @@ CREATE TABLE phpbb_users ( user_jabber varchar(255) NOT NULL DEFAULT '', user_website varchar(200) NOT NULL DEFAULT '', user_actkey varchar(32) NOT NULL DEFAULT '', - user_newpasswd varchar(40) NOT NULL DEFAULT '', + user_newpasswd varchar(255) NOT NULL DEFAULT '', user_form_salt varchar(32) NOT NULL DEFAULT '', user_new INTEGER UNSIGNED NOT NULL DEFAULT '1', user_reminded tinyint(4) NOT NULL DEFAULT '0', From c864d06ac6dc09535cae7c2bbc6320d9ef5f4d74 Mon Sep 17 00:00:00 2001 From: Marc Alexander Date: Mon, 10 Feb 2014 22:10:31 +0100 Subject: [PATCH 2/8] [ticket/12183] Add migration file for updating user_newpasswd column PHPBB3-12183 --- .../db/migration/data/v310/passwords_p2.php | 40 +++++++++++++++++++ 1 file changed, 40 insertions(+) create mode 100644 phpBB/phpbb/db/migration/data/v310/passwords_p2.php diff --git a/phpBB/phpbb/db/migration/data/v310/passwords_p2.php b/phpBB/phpbb/db/migration/data/v310/passwords_p2.php new file mode 100644 index 0000000000..553e79403d --- /dev/null +++ b/phpBB/phpbb/db/migration/data/v310/passwords_p2.php @@ -0,0 +1,40 @@ + array( + $this->table_prefix . 'users' => array( + 'user_newpasswd' => array('VCHAR:255', ''), + ), + ), + ); + } + + public function revert_schema() + { + return array( + 'change_columns' => array( + $this->table_prefix . 'users' => array( + 'user_newpasswd' => array('VCHAR:40', ''), + ), + ), + ); + } +} From 488bd1a1b1e47cbcf570b5b7f2bf1ae77840888f Mon Sep 17 00:00:00 2001 From: Marc Alexander Date: Mon, 10 Feb 2014 22:37:28 +0100 Subject: [PATCH 3/8] [ticket/12183] Add functional test for user password reset PHPBB3-12183 --- tests/functional/user_password_reset_test.php | 35 +++++++++++++++++++ 1 file changed, 35 insertions(+) create mode 100644 tests/functional/user_password_reset_test.php diff --git a/tests/functional/user_password_reset_test.php b/tests/functional/user_password_reset_test.php new file mode 100644 index 0000000000..4e151202b1 --- /dev/null +++ b/tests/functional/user_password_reset_test.php @@ -0,0 +1,35 @@ +add_lang('ucp'); + $this->create_user('reset-password-test-user'); + + $crawler = self::request('GET', "ucp.php?mode=sendpassword&sid={$this->sid}"); + $form = $crawler->selectButton('submit')->form(array( + 'username' => 'reset-password-test-user', + )); + $crawler = self::submit($form); + $this->assertContainsLang('NO_EMAIL_USER', $crawler->text()); + + $crawler = self::request('GET', "ucp.php?mode=sendpassword&sid={$this->sid}"); + $form = $crawler->selectButton('submit')->form(array( + 'username' => 'reset-password-test-user', + 'email' => 'nobody@example.com', + )); + $crawler = self::submit($form); + $this->assertContainsLang('PASSWORD_UPDATED', $crawler->text()); + } +} From 4c62cb4989fbf8d2fa9f5d60839311ea5b4c5f68 Mon Sep 17 00:00:00 2001 From: Marc Alexander Date: Tue, 11 Feb 2014 08:24:12 +0100 Subject: [PATCH 4/8] [ticket/12183] Make sure to undo changes to config in forgot_password_test The forgot_password_test disables the password reset functionalty but doesn't enable it again afterwards. PHPBB3-12183 --- tests/functional/forgot_password_test.php | 13 +++++++++++++ 1 file changed, 13 insertions(+) diff --git a/tests/functional/forgot_password_test.php b/tests/functional/forgot_password_test.php index 906224efbb..3b6fd15d02 100644 --- a/tests/functional/forgot_password_test.php +++ b/tests/functional/forgot_password_test.php @@ -41,4 +41,17 @@ class phpbb_functional_forgot_password_test extends phpbb_functional_test_case } + public function tearDown() + { + $this->login(); + $this->admin_login(); + + $crawler = self::request('GET', 'adm/index.php?sid=' . $this->sid . '&i=acp_board&mode=security'); + + // Enable allow_password_reset again after test + $form = $crawler->selectButton('Submit')->form(array( + 'config[allow_password_reset]' => 1, + )); + $crawler = self::submit($form); + } } From 3cb702f4ab66f21b267d51f2402a9bd5ef7f97e1 Mon Sep 17 00:00:00 2001 From: Marc Alexander Date: Mon, 17 Feb 2014 16:14:37 +0100 Subject: [PATCH 5/8] [ticket/12183] Test activating new password after reset PHPBB3-12183 --- tests/functional/user_password_reset_test.php | 66 ++++++++++++++++++- 1 file changed, 65 insertions(+), 1 deletion(-) diff --git a/tests/functional/user_password_reset_test.php b/tests/functional/user_password_reset_test.php index 4e151202b1..9548b70eeb 100644 --- a/tests/functional/user_password_reset_test.php +++ b/tests/functional/user_password_reset_test.php @@ -12,10 +12,12 @@ */ class phpbb_functional_user_password_reset_test extends phpbb_functional_test_case { + protected $user_data; + public function test_password_reset() { $this->add_lang('ucp'); - $this->create_user('reset-password-test-user'); + $user_id = $this->create_user('reset-password-test-user'); $crawler = self::request('GET', "ucp.php?mode=sendpassword&sid={$this->sid}"); $form = $crawler->selectButton('submit')->form(array( @@ -31,5 +33,67 @@ class phpbb_functional_user_password_reset_test extends phpbb_functional_test_ca )); $crawler = self::submit($form); $this->assertContainsLang('PASSWORD_UPDATED', $crawler->text()); + + // Make sure we know the password + $db = $this->get_db(); + $this->passwords_manager = $this->get_passwords_manager(); + $sql = 'UPDATE ' . USERS_TABLE . " + SET user_newpasswd = '" . $db->sql_escape($this->passwords_manager->hash('reset-password-test-user')) . "' + WHERE user_id = " . $user_id; + $db->sql_query($sql); + } + + public function test_login_after_reset() + { + $this->get_user_data(); + $this->assertNotNull($this->user_data['user_actkey']); + $this->assertNotNull($this->user_data['user_newpasswd']); + $this->login('reset-password-test-user'); + } + + public function data_activate_new_password() + { + return array( + array('WRONG_ACTIVATION', false, 'FOOBAR', false), + array('ALREADY_ACTIVATED', 2, 'FOOBAR', false), + array('PASSWORD_ACTIVATED', false, false, true), + array('ALREADY_ACTIVATED', false, false, false), + ); + } + + /** + * @dataProvider data_activate_new_password + */ + public function test_activate_new_password($expected, $user_id, $act_key, $login_with_newpasswd) + { + $this->add_lang('ucp'); + $this->get_user_data(); + $user_id = (!$user_id) ? $this->user_data['user_id'] : $user_id; + $act_key = (!$act_key) ? $this->user_data['user_actkey'] : $act_key; + + $crawler = self::request('GET', "ucp.php?mode=activate&u=$user_id&k=$act_key&sid={$this->sid}"); + $this->assertContainsLang($expected, $crawler->text()); + + // Can't use login method here + if ($login_with_newpasswd) + { + $crawler = self::request('GET', 'ucp.php'); + $this->assertContains($this->lang('LOGIN_EXPLAIN_UCP'), $crawler->filter('html')->text()); + + $form = $crawler->selectButton($this->lang('LOGIN'))->form(); + $crawler = self::submit($form, array('username' => 'reset-password-test-user', 'password' => 'reset-password-test-user')); + $this->assertNotContains($this->lang('LOGIN'), $crawler->filter('.navbar')->text()); + } + } + + protected function get_user_data() + { + $db = $this->get_db(); + $sql = 'SELECT user_id, username, user_type, user_email, user_newpasswd, user_lang, user_notify_type, user_actkey, user_inactive_reason + FROM ' . USERS_TABLE . " + WHERE username = 'reset-password-test-user'"; + $result = $db->sql_query($sql); + $this->user_data = $db->sql_fetchrow($result); + $db->sql_freeresult($result); } } From f1c913f1762e8854ba98b0b810a5a984263a06cb Mon Sep 17 00:00:00 2001 From: Marc Alexander Date: Mon, 17 Feb 2014 16:28:36 +0100 Subject: [PATCH 6/8] [ticket/12183] Move user_newpasswd, user_actkey below user_pass_convert PHPBB3-12183 --- phpBB/includes/db/schema_data.php | 4 ++-- phpBB/install/schemas/firebird_schema.sql | 4 ++-- phpBB/install/schemas/mssql_schema.sql | 4 ++-- phpBB/install/schemas/mysql_40_schema.sql | 4 ++-- phpBB/install/schemas/mysql_41_schema.sql | 4 ++-- phpBB/install/schemas/oracle_schema.sql | 4 ++-- phpBB/install/schemas/postgres_schema.sql | 4 ++-- phpBB/install/schemas/sqlite_schema.sql | 4 ++-- 8 files changed, 16 insertions(+), 16 deletions(-) diff --git a/phpBB/includes/db/schema_data.php b/phpBB/includes/db/schema_data.php index 1373d5fa96..0d8ee6a648 100644 --- a/phpBB/includes/db/schema_data.php +++ b/phpBB/includes/db/schema_data.php @@ -1117,6 +1117,8 @@ $schema_data['phpbb_users'] = array( 'user_password' => array('VCHAR_UNI', ''), 'user_passchg' => array('TIMESTAMP', 0), 'user_pass_convert' => array('BOOL', 0), + 'user_actkey' => array('VCHAR:32', ''), + 'user_newpasswd' => array('VCHAR_UNI', ''), 'user_email' => array('VCHAR_UNI:100', ''), 'user_email_hash' => array('BINT', 0), 'user_birthday' => array('VCHAR:10', ''), @@ -1172,8 +1174,6 @@ $schema_data['phpbb_users'] = array( 'user_msnm' => array('VCHAR_UNI', ''), 'user_jabber' => array('VCHAR_UNI', ''), 'user_website' => array('VCHAR_UNI:200', ''), - 'user_actkey' => array('VCHAR:32', ''), - 'user_newpasswd' => array('VCHAR_UNI', ''), 'user_form_salt' => array('VCHAR_UNI:32', ''), 'user_new' => array('BOOL', 1), 'user_reminded' => array('TINT:4', 0), diff --git a/phpBB/install/schemas/firebird_schema.sql b/phpBB/install/schemas/firebird_schema.sql index 7fdb7569c5..d49661c76e 100644 --- a/phpBB/install/schemas/firebird_schema.sql +++ b/phpBB/install/schemas/firebird_schema.sql @@ -1370,6 +1370,8 @@ CREATE TABLE phpbb_users ( user_password VARCHAR(255) CHARACTER SET UTF8 DEFAULT '' NOT NULL COLLATE UNICODE, user_passchg INTEGER DEFAULT 0 NOT NULL, user_pass_convert INTEGER DEFAULT 0 NOT NULL, + user_actkey VARCHAR(32) CHARACTER SET NONE DEFAULT '' NOT NULL, + user_newpasswd VARCHAR(255) CHARACTER SET UTF8 DEFAULT '' NOT NULL COLLATE UNICODE, user_email VARCHAR(100) CHARACTER SET UTF8 DEFAULT '' NOT NULL COLLATE UNICODE, user_email_hash DOUBLE PRECISION DEFAULT 0 NOT NULL, user_birthday VARCHAR(10) CHARACTER SET NONE DEFAULT '' NOT NULL, @@ -1425,8 +1427,6 @@ CREATE TABLE phpbb_users ( user_msnm VARCHAR(255) CHARACTER SET UTF8 DEFAULT '' NOT NULL COLLATE UNICODE, user_jabber VARCHAR(255) CHARACTER SET UTF8 DEFAULT '' NOT NULL COLLATE UNICODE, user_website VARCHAR(200) CHARACTER SET UTF8 DEFAULT '' NOT NULL COLLATE UNICODE, - user_actkey VARCHAR(32) CHARACTER SET NONE DEFAULT '' NOT NULL, - user_newpasswd VARCHAR(255) CHARACTER SET UTF8 DEFAULT '' NOT NULL COLLATE UNICODE, user_form_salt VARCHAR(32) CHARACTER SET UTF8 DEFAULT '' NOT NULL COLLATE UNICODE, user_new INTEGER DEFAULT 1 NOT NULL, user_reminded INTEGER DEFAULT 0 NOT NULL, diff --git a/phpBB/install/schemas/mssql_schema.sql b/phpBB/install/schemas/mssql_schema.sql index eb4aefcbe9..a9ddd1e2b6 100644 --- a/phpBB/install/schemas/mssql_schema.sql +++ b/phpBB/install/schemas/mssql_schema.sql @@ -1686,6 +1686,8 @@ CREATE TABLE [phpbb_users] ( [user_password] [varchar] (255) DEFAULT ('') NOT NULL , [user_passchg] [int] DEFAULT (0) NOT NULL , [user_pass_convert] [int] DEFAULT (0) NOT NULL , + [user_actkey] [varchar] (32) DEFAULT ('') NOT NULL , + [user_newpasswd] [varchar] (255) DEFAULT ('') NOT NULL , [user_email] [varchar] (100) DEFAULT ('') NOT NULL , [user_email_hash] [float] DEFAULT (0) NOT NULL , [user_birthday] [varchar] (10) DEFAULT ('') NOT NULL , @@ -1741,8 +1743,6 @@ CREATE TABLE [phpbb_users] ( [user_msnm] [varchar] (255) DEFAULT ('') NOT NULL , [user_jabber] [varchar] (255) DEFAULT ('') NOT NULL , [user_website] [varchar] (200) DEFAULT ('') NOT NULL , - [user_actkey] [varchar] (32) DEFAULT ('') NOT NULL , - [user_newpasswd] [varchar] (255) DEFAULT ('') NOT NULL , [user_form_salt] [varchar] (32) DEFAULT ('') NOT NULL , [user_new] [int] DEFAULT (1) NOT NULL , [user_reminded] [int] DEFAULT (0) NOT NULL , diff --git a/phpBB/install/schemas/mysql_40_schema.sql b/phpBB/install/schemas/mysql_40_schema.sql index 68cda258bf..dc6aeb8300 100644 --- a/phpBB/install/schemas/mysql_40_schema.sql +++ b/phpBB/install/schemas/mysql_40_schema.sql @@ -979,6 +979,8 @@ CREATE TABLE phpbb_users ( user_password blob NOT NULL, user_passchg int(11) UNSIGNED DEFAULT '0' NOT NULL, user_pass_convert tinyint(1) UNSIGNED DEFAULT '0' NOT NULL, + user_actkey varbinary(32) DEFAULT '' NOT NULL, + user_newpasswd blob NOT NULL, user_email blob NOT NULL, user_email_hash bigint(20) DEFAULT '0' NOT NULL, user_birthday varbinary(10) DEFAULT '' NOT NULL, @@ -1034,8 +1036,6 @@ CREATE TABLE phpbb_users ( user_msnm blob NOT NULL, user_jabber blob NOT NULL, user_website blob NOT NULL, - user_actkey varbinary(32) DEFAULT '' NOT NULL, - user_newpasswd blob NOT NULL, user_form_salt varbinary(96) DEFAULT '' NOT NULL, user_new tinyint(1) UNSIGNED DEFAULT '1' NOT NULL, user_reminded tinyint(4) DEFAULT '0' NOT NULL, diff --git a/phpBB/install/schemas/mysql_41_schema.sql b/phpBB/install/schemas/mysql_41_schema.sql index e52b9c63aa..b1cbc80a32 100644 --- a/phpBB/install/schemas/mysql_41_schema.sql +++ b/phpBB/install/schemas/mysql_41_schema.sql @@ -979,6 +979,8 @@ CREATE TABLE phpbb_users ( user_password varchar(255) DEFAULT '' NOT NULL, user_passchg int(11) UNSIGNED DEFAULT '0' NOT NULL, user_pass_convert tinyint(1) UNSIGNED DEFAULT '0' NOT NULL, + user_actkey varchar(32) DEFAULT '' NOT NULL, + user_newpasswd varchar(255) DEFAULT '' NOT NULL, user_email varchar(100) DEFAULT '' NOT NULL, user_email_hash bigint(20) DEFAULT '0' NOT NULL, user_birthday varchar(10) DEFAULT '' NOT NULL, @@ -1034,8 +1036,6 @@ CREATE TABLE phpbb_users ( user_msnm varchar(255) DEFAULT '' NOT NULL, user_jabber varchar(255) DEFAULT '' NOT NULL, user_website varchar(200) DEFAULT '' NOT NULL, - user_actkey varchar(32) DEFAULT '' NOT NULL, - user_newpasswd varchar(255) DEFAULT '' NOT NULL, user_form_salt varchar(32) DEFAULT '' NOT NULL, user_new tinyint(1) UNSIGNED DEFAULT '1' NOT NULL, user_reminded tinyint(4) DEFAULT '0' NOT NULL, diff --git a/phpBB/install/schemas/oracle_schema.sql b/phpBB/install/schemas/oracle_schema.sql index 1b27beb8ca..69a2b4766e 100644 --- a/phpBB/install/schemas/oracle_schema.sql +++ b/phpBB/install/schemas/oracle_schema.sql @@ -1803,6 +1803,8 @@ CREATE TABLE phpbb_users ( user_password varchar2(765) DEFAULT '' , user_passchg number(11) DEFAULT '0' NOT NULL, user_pass_convert number(1) DEFAULT '0' NOT NULL, + user_actkey varchar2(32) DEFAULT '' , + user_newpasswd varchar2(765) DEFAULT '' , user_email varchar2(300) DEFAULT '' , user_email_hash number(20) DEFAULT '0' NOT NULL, user_birthday varchar2(10) DEFAULT '' , @@ -1858,8 +1860,6 @@ CREATE TABLE phpbb_users ( user_msnm varchar2(765) DEFAULT '' , user_jabber varchar2(765) DEFAULT '' , user_website varchar2(600) DEFAULT '' , - user_actkey varchar2(32) DEFAULT '' , - user_newpasswd varchar2(765) DEFAULT '' , user_form_salt varchar2(96) DEFAULT '' , user_new number(1) DEFAULT '1' NOT NULL, user_reminded number(4) DEFAULT '0' NOT NULL, diff --git a/phpBB/install/schemas/postgres_schema.sql b/phpBB/install/schemas/postgres_schema.sql index 016dbfb8aa..d3fecccb1d 100644 --- a/phpBB/install/schemas/postgres_schema.sql +++ b/phpBB/install/schemas/postgres_schema.sql @@ -1251,6 +1251,8 @@ CREATE TABLE phpbb_users ( user_password varchar(255) DEFAULT '' NOT NULL, user_passchg INT4 DEFAULT '0' NOT NULL CHECK (user_passchg >= 0), user_pass_convert INT2 DEFAULT '0' NOT NULL CHECK (user_pass_convert >= 0), + user_actkey varchar(32) DEFAULT '' NOT NULL, + user_newpasswd varchar(255) DEFAULT '' NOT NULL, user_email varchar(100) DEFAULT '' NOT NULL, user_email_hash INT8 DEFAULT '0' NOT NULL, user_birthday varchar(10) DEFAULT '' NOT NULL, @@ -1306,8 +1308,6 @@ CREATE TABLE phpbb_users ( user_msnm varchar(255) DEFAULT '' NOT NULL, user_jabber varchar(255) DEFAULT '' NOT NULL, user_website varchar(200) DEFAULT '' NOT NULL, - user_actkey varchar(32) DEFAULT '' NOT NULL, - user_newpasswd varchar(255) DEFAULT '' NOT NULL, user_form_salt varchar(32) DEFAULT '' NOT NULL, user_new INT2 DEFAULT '1' NOT NULL CHECK (user_new >= 0), user_reminded INT2 DEFAULT '0' NOT NULL, diff --git a/phpBB/install/schemas/sqlite_schema.sql b/phpBB/install/schemas/sqlite_schema.sql index 3df26e2d91..71eb2931cb 100644 --- a/phpBB/install/schemas/sqlite_schema.sql +++ b/phpBB/install/schemas/sqlite_schema.sql @@ -950,6 +950,8 @@ CREATE TABLE phpbb_users ( user_password varchar(255) NOT NULL DEFAULT '', user_passchg INTEGER UNSIGNED NOT NULL DEFAULT '0', user_pass_convert INTEGER UNSIGNED NOT NULL DEFAULT '0', + user_actkey varchar(32) NOT NULL DEFAULT '', + user_newpasswd varchar(255) NOT NULL DEFAULT '', user_email varchar(100) NOT NULL DEFAULT '', user_email_hash bigint(20) NOT NULL DEFAULT '0', user_birthday varchar(10) NOT NULL DEFAULT '', @@ -1005,8 +1007,6 @@ CREATE TABLE phpbb_users ( user_msnm varchar(255) NOT NULL DEFAULT '', user_jabber varchar(255) NOT NULL DEFAULT '', user_website varchar(200) NOT NULL DEFAULT '', - user_actkey varchar(32) NOT NULL DEFAULT '', - user_newpasswd varchar(255) NOT NULL DEFAULT '', user_form_salt varchar(32) NOT NULL DEFAULT '', user_new INTEGER UNSIGNED NOT NULL DEFAULT '1', user_reminded tinyint(4) NOT NULL DEFAULT '0', From c82967d92b03873acdba074c12efea062160d91c Mon Sep 17 00:00:00 2001 From: Marc Alexander Date: Mon, 17 Feb 2014 23:43:53 +0100 Subject: [PATCH 7/8] [ticket/12183] Test that login with old password doesn't work after reset PHPBB3-12183 --- tests/functional/user_password_reset_test.php | 47 ++++++++++++++----- 1 file changed, 34 insertions(+), 13 deletions(-) diff --git a/tests/functional/user_password_reset_test.php b/tests/functional/user_password_reset_test.php index 9548b70eeb..a30efc679a 100644 --- a/tests/functional/user_password_reset_test.php +++ b/tests/functional/user_password_reset_test.php @@ -54,17 +54,17 @@ class phpbb_functional_user_password_reset_test extends phpbb_functional_test_ca public function data_activate_new_password() { return array( - array('WRONG_ACTIVATION', false, 'FOOBAR', false), - array('ALREADY_ACTIVATED', 2, 'FOOBAR', false), - array('PASSWORD_ACTIVATED', false, false, true), - array('ALREADY_ACTIVATED', false, false, false), + array('WRONG_ACTIVATION', false, 'FOOBAR'), + array('ALREADY_ACTIVATED', 2, 'FOOBAR'), + array('PASSWORD_ACTIVATED', false, false), + array('ALREADY_ACTIVATED', false, false), ); } /** * @dataProvider data_activate_new_password */ - public function test_activate_new_password($expected, $user_id, $act_key, $login_with_newpasswd) + public function test_activate_new_password($expected, $user_id, $act_key) { $this->add_lang('ucp'); $this->get_user_data(); @@ -73,17 +73,38 @@ class phpbb_functional_user_password_reset_test extends phpbb_functional_test_ca $crawler = self::request('GET', "ucp.php?mode=activate&u=$user_id&k=$act_key&sid={$this->sid}"); $this->assertContainsLang($expected, $crawler->text()); + } - // Can't use login method here - if ($login_with_newpasswd) + public function test_login() + { + $this->add_lang('ucp'); + $crawler = self::request('GET', 'ucp.php'); + $this->assertContains($this->lang('LOGIN_EXPLAIN_UCP'), $crawler->filter('html')->text()); + + $form = $crawler->selectButton($this->lang('LOGIN'))->form(); + $crawler = self::submit($form, array('username' => 'reset-password-test-user', 'password' => 'reset-password-test-user')); + $this->assertNotContains($this->lang('LOGIN'), $crawler->filter('.navbar')->text()); + + $cookies = self::$cookieJar->all(); + + // The session id is stored in a cookie that ends with _sid - we assume there is only one such cookie + foreach ($cookies as $cookie); { - $crawler = self::request('GET', 'ucp.php'); - $this->assertContains($this->lang('LOGIN_EXPLAIN_UCP'), $crawler->filter('html')->text()); - - $form = $crawler->selectButton($this->lang('LOGIN'))->form(); - $crawler = self::submit($form, array('username' => 'reset-password-test-user', 'password' => 'reset-password-test-user')); - $this->assertNotContains($this->lang('LOGIN'), $crawler->filter('.navbar')->text()); + if (substr($cookie->getName(), -4) == '_sid') + { + $this->sid = $cookie->getValue(); + } } + + $this->logout(); + + $crawler = self::request('GET', 'ucp.php'); + $this->assertContains($this->lang('LOGIN_EXPLAIN_UCP'), $crawler->filter('html')->text()); + + $form = $crawler->selectButton($this->lang('LOGIN'))->form(); + // Try logging in with the old password + $crawler = self::submit($form, array('username' => 'reset-password-test-user', 'password' => 'reset-password-test-userreset-password-test-user')); + $this->assertContains($this->lang('LOGIN_ERROR_PASSWORD', '', ''), $crawler->filter('html')->text()); } protected function get_user_data() From 92f198037776e1832f6e58c93b20b3673631674f Mon Sep 17 00:00:00 2001 From: Marc Alexander Date: Wed, 19 Feb 2014 18:59:45 +0100 Subject: [PATCH 8/8] [ticket/12183] Check if database columns were updated before changing them PHPBB3-12183 --- tests/functional/user_password_reset_test.php | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) diff --git a/tests/functional/user_password_reset_test.php b/tests/functional/user_password_reset_test.php index a30efc679a..65222c1aa6 100644 --- a/tests/functional/user_password_reset_test.php +++ b/tests/functional/user_password_reset_test.php @@ -34,6 +34,11 @@ class phpbb_functional_user_password_reset_test extends phpbb_functional_test_ca $crawler = self::submit($form); $this->assertContainsLang('PASSWORD_UPDATED', $crawler->text()); + // Check if columns in database were updated for password reset + $this->get_user_data(); + $this->assertNotNull($this->user_data['user_actkey']); + $this->assertNotNull($this->user_data['user_newpasswd']); + // Make sure we know the password $db = $this->get_db(); $this->passwords_manager = $this->get_passwords_manager(); @@ -45,9 +50,6 @@ class phpbb_functional_user_password_reset_test extends phpbb_functional_test_ca public function test_login_after_reset() { - $this->get_user_data(); - $this->assertNotNull($this->user_data['user_actkey']); - $this->assertNotNull($this->user_data['user_newpasswd']); $this->login('reset-password-test-user'); }