Реализовано автоматическое обновление алгоритма хэширования пароля во время авторизации пользователя

2024-11-30 10:42:16 +05:30 · 2016-05-23 22:42:50 +03:00 · 2016-05-23 22:42:50 +03:00 · fe2c422621
commit fe2c422621
parent 3d6d9d484c
3 changed files with 38 additions and 18 deletions
--- a/api/models/authentication/LoginForm.php
+++ b/api/models/authentication/LoginForm.php
@ -67,7 +67,17 @@ class LoginForm extends ApiForm {
            return false;
        }

-        return $this->getAccount()->getJWT();
+        if ($this->rememberMe) {
+            // TODO: здесь нужно записать какую-то
+        }
+
+        $account = $this->getAccount();
+        if ($account->password_hash_strategy === Account::PASS_HASH_STRATEGY_OLD_ELY) {
+            $account->setPassword($this->password);
+            $account->save();
+        }
+
+        return $account->getJWT();
    }

 }
--- a/tests/codeception/api/functional/AccountsChangeEmailInitializeCest.php
+++ b/tests/codeception/api/functional/AccountsChangeEmailInitializeCest.php
@ -28,19 +28,4 @@ class AccountsChangeEmailInitializeCest {
        ]);
    }

-    public function testChangeEmailWithOldPasswordStrategy(FunctionalTester $I) {
-        $I->wantTo('see, that account use old account password hash strategy');
-        $I->loggedInAsActiveAccount('AccWithOldPassword', '12345678');
-
-        $this->route->changeEmailInitialize('password_0');
-        $I->canSeeResponseCodeIs(200);
-        $I->canSeeResponseIsJson();
-        $I->canSeeResponseContainsJson([
-            'success' => false,
-            'errors' => [
-                'email' => 'error.old_hash_strategy',
-            ],
-        ]);
-    }
-
 }
--- a/tests/codeception/api/unit/models/authentication/LoginFormTest.php
+++ b/tests/codeception/api/unit/models/authentication/LoginFormTest.php
@ -4,12 +4,25 @@ namespace tests\codeception\api\models\authentication;
 use api\models\authentication\LoginForm;
 use Codeception\Specify;
 use common\models\Account;
-use tests\codeception\api\unit\TestCase;
+use tests\codeception\api\unit\DbTestCase;
+use tests\codeception\common\fixtures\AccountFixture;
 use Yii;

-class LoginFormTest extends TestCase {
+/**
+ * @property AccountFixture $accounts
+ */
+class LoginFormTest extends DbTestCase {
    use Specify;

+    public function fixtures() {
+        return [
+            'accounts' => [
+                'class' => AccountFixture::class,
+                'dataFile' => '@tests/codeception/common/fixtures/data/accounts.php',
+            ],
+        ];
+    }
+
    public function testValidateLogin() {
        $this->specify('error.login_not_exist if login not exists', function () {
            $model = $this->createModel([
@ -84,6 +97,18 @@ class LoginFormTest extends TestCase {
        });
    }

+    public function testLoginWithRehashing() {
+        $this->specify('user, that login using account with old pass hash strategy should update it automatically', function () {
+            $model = new LoginForm([
+                'login' => $this->accounts['user-with-old-password-type']['username'],
+                'password' => '12345678',
+            ]);
+            expect($model->login())->notEquals(false);
+            expect($model->errors)->isEmpty();
+            expect($model->getAccount()->password_hash_strategy)->equals(Account::PASS_HASH_STRATEGY_YII2);
+        });
+    }
+
    /**
     * @param array $params
     * @return LoginForm