From 6db9b101ed3e01713c308b917fff86a09ae81d15 Mon Sep 17 00:00:00 2001 From: Rich Lott / Artful Robot Date: Fri, 29 Sep 2023 09:04:38 +0100 Subject: [PATCH] standalone: rename User field plaintext_password to just password --- .../Civi/Api4/Action/User/WriteTrait.php | 18 ++++++++--------- .../Spec/Provider/UserSpecProvider.php | 10 +++++----- .../Civi/Standalone/Security.php | 2 +- ext/standaloneusers/ang/crmChangePassword.js | 2 +- .../phpunit/Civi/Standalone/SecurityTest.php | 20 +++++++++---------- 5 files changed, 26 insertions(+), 26 deletions(-) diff --git a/ext/standaloneusers/Civi/Api4/Action/User/WriteTrait.php b/ext/standaloneusers/Civi/Api4/Action/User/WriteTrait.php index 7a23f99450..146426c590 100644 --- a/ext/standaloneusers/Civi/Api4/Action/User/WriteTrait.php +++ b/ext/standaloneusers/Civi/Api4/Action/User/WriteTrait.php @@ -53,11 +53,11 @@ trait WriteTrait { throw new UnauthorizedException("Not allowed to change " . implode(' or ', array_keys($forbidden))); } } - if (isset($record['plaintext_password'])) { + if (isset($record['password'])) { if (!empty($record['hashed_password'])) { - throw new API_Exception("Ambiguous password parameters: Cannot pass plaintext_password AND hashed_password."); + throw new API_Exception("Ambiguous password parameters: Cannot pass password AND hashed_password."); } - if (empty($record['plaintext_password'])) { + if (empty($record['password'])) { throw new API_Exception("Disallowing empty password."); } } @@ -67,7 +67,7 @@ trait WriteTrait { /** * This is called with the values for a record fully loaded. * - * Note that we will now have hashed_password, as well as possibly plaintext_password. + * Note that we will now have hashed_password, as well as possibly password. * */ protected function validateValues() { @@ -101,7 +101,7 @@ trait WriteTrait { } // If changing a password, require user to re-authenticate as themself. - if (isset(($values['plaintext_password'])) && !$hasAuthenticated) { + if (isset(($values['password'])) && !$hasAuthenticated) { throw new UnauthorizedException("Unauthorized"); } } @@ -117,10 +117,10 @@ trait WriteTrait { */ protected function write(array $items) { foreach ($items as &$item) { - // If given, convert plaintext_password to hashed_password now. - if (isset($item['plaintext_password'])) { - $item['hashed_password'] = Security::singleton()->hashPassword($item['plaintext_password']); - unset($item['plaintext_password']); + // If given, convert password to hashed_password now. + if (isset($item['password'])) { + $item['hashed_password'] = Security::singleton()->hashPassword($item['password']); + unset($item['password']); } } return parent::write($items); diff --git a/ext/standaloneusers/Civi/Api4/Service/Spec/Provider/UserSpecProvider.php b/ext/standaloneusers/Civi/Api4/Service/Spec/Provider/UserSpecProvider.php index 42e7344885..e699055ef7 100644 --- a/ext/standaloneusers/Civi/Api4/Service/Spec/Provider/UserSpecProvider.php +++ b/ext/standaloneusers/Civi/Api4/Service/Spec/Provider/UserSpecProvider.php @@ -25,11 +25,11 @@ class UserSpecProvider extends \Civi\Core\Service\AutoService implements Generic * @inheritDoc */ public function modifySpec(RequestSpec $spec) { - $plaintextPassword = new FieldSpec('plaintext_password', 'User', 'String'); - $plaintextPassword->setTitle(ts('New password')); - $plaintextPassword->setDescription('Provide a new password for this user.'); - $plaintextPassword->setInputType('Text'); - $spec->addFieldSpec($plaintextPassword); + $password = new FieldSpec('password', 'User', 'String'); + $password->setTitle(ts('New password')); + $password->setDescription('Provide a new password for this user.'); + $password->setInputType('Text'); + $spec->addFieldSpec($password); } /** diff --git a/ext/standaloneusers/Civi/Standalone/Security.php b/ext/standaloneusers/Civi/Standalone/Security.php index 2c90dcccdd..c0e8de0f84 100644 --- a/ext/standaloneusers/Civi/Standalone/Security.php +++ b/ext/standaloneusers/Civi/Standalone/Security.php @@ -142,7 +142,7 @@ class Security { $userID = \Civi\Api4\User::create(FALSE) ->addValue('username', $params['cms_name']) ->addValue('email', $mail) - ->addValue('plaintext_password', $params['cms_pass']) + ->addValue('password', $params['cms_pass']) ->execute()->single()['id']; } catch (\Exception $e) { diff --git a/ext/standaloneusers/ang/crmChangePassword.js b/ext/standaloneusers/ang/crmChangePassword.js index c74273825d..0c6bc4efa8 100644 --- a/ext/standaloneusers/ang/crmChangePassword.js +++ b/ext/standaloneusers/ang/crmChangePassword.js @@ -82,7 +82,7 @@ // Now submit api request. const userUpdateParams = { actorPassword: ctrl.actorPassword, - values: {plaintext_password: ctrl.newPassword}, + values: {password: ctrl.newPassword}, where: [['id', '=', ctrl.userId]] }; return crmApi4('User', 'Update', userUpdateParams) diff --git a/ext/standaloneusers/tests/phpunit/Civi/Standalone/SecurityTest.php b/ext/standaloneusers/tests/phpunit/Civi/Standalone/SecurityTest.php index 0c1ee14885..cb2579ac47 100644 --- a/ext/standaloneusers/tests/phpunit/Civi/Standalone/SecurityTest.php +++ b/ext/standaloneusers/tests/phpunit/Civi/Standalone/SecurityTest.php @@ -201,7 +201,7 @@ class SecurityTest extends \PHPUnit\Framework\TestCase implements EndToEndInterf $userID = User::create(FALSE) ->setValues([ 'username' => 'testuser1', - 'plaintext_password' => 'shhh', + 'password' => 'shhh', 'contact_id' => $stafferContactID, 'roles:name' => ['staff'], 'email' => 'testuser1@example.org', @@ -218,7 +218,7 @@ class SecurityTest extends \PHPUnit\Framework\TestCase implements EndToEndInterf $userId = \CRM_Core_BAO_UFMatch::getUFId($stafferContactID); $this->assertNotNull($userId); - $this->assertArrayNotHasKey('plaintext_password', $user); + $this->assertArrayNotHasKey('password', $user); $this->assertMatchesRegularExpression('/^[$].+[$].+/', $user['hashed_password']); // Update to the loaded values should NOT result in the password being changed. @@ -248,10 +248,10 @@ class SecurityTest extends \PHPUnit\Framework\TestCase implements EndToEndInterf // Now move on to tests with checkPermissions:TRUE // Check we are allowed to update this user's password if we provide our own, since we have 'cms:administer users' - // ...by plaintext_password + // ...by password $previousHash = $updatedUser['hashed_password']; $updatedUser = User::update(TRUE) - ->addValue('plaintext_password', 'topSecret') + ->addValue('password', 'topSecret') ->addWhere('id', '=', $user['id']) ->setActorPassword('secret1') ->setReload(TRUE) @@ -276,7 +276,7 @@ class SecurityTest extends \PHPUnit\Framework\TestCase implements EndToEndInterf // Check that if we don't supply OUR correct password, we're not allowed to update the user's password. try { User::update(TRUE) - ->addValue('plaintext_password', 'anotherNewPassword') + ->addValue('password', 'anotherNewPassword') ->addWhere('id', '=', $user['id']) ->setActorPassword('wrong pass') ->execute(); @@ -289,7 +289,7 @@ class SecurityTest extends \PHPUnit\Framework\TestCase implements EndToEndInterf // Check that if we don't supply OUR password at all, we're not allowed to update the user's password. try { User::update(TRUE) - ->addValue('plaintext_password', 'anotherNewPassword') + ->addValue('password', 'anotherNewPassword') ->addWhere('id', '=', $user['id']) ->execute(); $this->fail("Expected UnauthorizedException got none."); @@ -304,7 +304,7 @@ class SecurityTest extends \PHPUnit\Framework\TestCase implements EndToEndInterf // Check we are allowed to update our own password if we provide the current one. $updatedUser = User::update(TRUE) ->setActorPassword('topSecret') - ->addValue('plaintext_password', 'ourNewSecret') + ->addValue('password', 'ourNewSecret') ->addWhere('id', '=', $user['id']) ->setReload(TRUE) ->execute()->first(); @@ -314,7 +314,7 @@ class SecurityTest extends \PHPUnit\Framework\TestCase implements EndToEndInterf // Check that if we don't supply OUR correct password, we're not allowed to update our password. try { User::update(TRUE) - ->addValue('plaintext_password', 'anotherNewPassword') + ->addValue('password', 'anotherNewPassword') ->addWhere('id', '=', $user['id']) ->setActorPassword('wrong pass') ->execute(); @@ -327,7 +327,7 @@ class SecurityTest extends \PHPUnit\Framework\TestCase implements EndToEndInterf // Check that if we don't supply OUR password at all, we're not allowed to update the user's password. try { User::update(TRUE) - ->addValue('plaintext_password', 'anotherNewPassword') + ->addValue('password', 'anotherNewPassword') ->addWhere('id', '=', $user['id']) ->execute(); $this->fail("Expected UnauthorizedException got none."); @@ -339,7 +339,7 @@ class SecurityTest extends \PHPUnit\Framework\TestCase implements EndToEndInterf // Check that we're not allowed to update the admin user's password, since we are not an admin. try { User::update(TRUE) - ->addValue('plaintext_password', 'anotherNewPassword') + ->addValue('password', 'anotherNewPassword') ->addWhere('id', '=', $adminUserID) ->setActorPassword('ourNewSecret') ->execute(); -- 2.25.1