diff --git a/src/ZfcUser/Authentication/Adapter/Db.php b/src/ZfcUser/Authentication/Adapter/Db.php index c9bae4f8..62224297 100644 --- a/src/ZfcUser/Authentication/Adapter/Db.php +++ b/src/ZfcUser/Authentication/Adapter/Db.php @@ -55,14 +55,13 @@ public function authenticate(AuthenticationEvent $event) if ($this->isSatisfied()) { $storage = $this->getStorage()->read(); $event->setIdentity($storage['identity']) - ->setCode(AuthenticationResult::SUCCESS) - ->setMessages(array('Authentication successful.')); + ->setCode(AuthenticationResult::SUCCESS) + ->setMessages(array('Authentication successful.')); return; } $identity = $event->getRequest()->getPost()->get('identity'); $credential = $event->getRequest()->getPost()->get('credential'); - $credential = $this->preProcessCredential($credential); $userObject = null; // Cycle through the configured identity sources and test each @@ -81,7 +80,7 @@ public function authenticate(AuthenticationEvent $event) if (!$userObject) { $event->setCode(AuthenticationResult::FAILURE_IDENTITY_NOT_FOUND) - ->setMessages(array('A record with the supplied identity could not be found.')); + ->setMessages(array('A record with the supplied identity could not be found.')); $this->setSatisfied(false); return false; } @@ -90,17 +89,18 @@ public function authenticate(AuthenticationEvent $event) // Don't allow user to login if state is not in allowed list if (!in_array($userObject->getState(), $this->getOptions()->getAllowedLoginStates())) { $event->setCode(AuthenticationResult::FAILURE_UNCATEGORIZED) - ->setMessages(array('A record with the supplied identity is not active.')); + ->setMessages(array('A record with the supplied identity is not active.')); $this->setSatisfied(false); return false; } } + $preprocessedCredential = $this->preProcessCredential($credential); $cryptoService = $this->getHydrator()->getCryptoService(); - if (!$cryptoService->verify($credential, $userObject->getPassword())) { + if (!$cryptoService->verify($preprocessedCredential, $userObject->getPassword())) { // Password does not match $event->setCode(AuthenticationResult::FAILURE_CREDENTIAL_INVALID) - ->setMessages(array('Supplied credential is invalid.')); + ->setMessages(array('Supplied credential is invalid.')); $this->setSatisfied(false); return false; } elseif ($cryptoService instanceof Bcrypt) { @@ -119,7 +119,7 @@ public function authenticate(AuthenticationEvent $event) $storage['identity'] = $event->getIdentity(); $this->getStorage()->write($storage); $event->setCode(AuthenticationResult::SUCCESS) - ->setMessages(array('Authentication successful.')); + ->setMessages(array('Authentication successful.')); } protected function updateUserPasswordHash(UserEntity $user, $password, Bcrypt $bcrypt) diff --git a/tests/ZfcUserTest/Authentication/Adapter/DbTest.php b/tests/ZfcUserTest/Authentication/Adapter/DbTest.php index 5d8b3e69..2b235e78 100644 --- a/tests/ZfcUserTest/Authentication/Adapter/DbTest.php +++ b/tests/ZfcUserTest/Authentication/Adapter/DbTest.php @@ -4,6 +4,7 @@ use PHPUnit_Framework_MockObject_MockObject as MockObject; use PHPUnit_Framework_TestCase as TestCase; +use Zend\Crypt\Password\Bcrypt; use ZfcUser\Authentication\Adapter\Db; class DbTest extends TestCase @@ -392,6 +393,60 @@ public function testUpdateUserPasswordHashWithoutSameCost() $method->invoke($this->db, $this->user, 'ZfcUserNew', $this->bcrypt); } + /** + * @covers ZfcUser\Authentication\Adapter\Db::Authenticate + */ + public function testUpdatePasswordUsesUnprocessedCredential() + { + $this->setAuthenticationCredentials('zfc-user@zf-commons.io'); + $this->setAuthenticationEmail(); + + $this->options->expects($this->once()) + ->method('getEnableUserState') + ->will($this->returnValue(false)); + + $this->bcrypt->expects($this->once()) + ->method('verify') + ->will($this->returnValue(true)); + $this->bcrypt->expects($this->any()) + ->method('getCost') + ->will($this->returnValue(static::PASSWORD_COST_10)); + + $this->user->expects($this->exactly(2)) + ->method('getPassword') + ->will($this->returnValue('$2a$04$5kq1mnYWbww8X.rIj7eOVOHXtvGw/peefjIcm0lDGxRTEjm9LnOae')); + $this->user->expects($this->once()) + ->method('getId') + ->will($this->returnValue(1)); + + $this->storage->expects($this->any()) + ->method('getNameSpace') + ->will($this->returnValue('test')); + + $this->authEvent->expects($this->once()) + ->method('setIdentity') + ->with(1) + ->will($this->returnValue($this->authEvent)); + $this->authEvent->expects($this->once()) + ->method('setCode') + ->with(\Zend\Authentication\Result::SUCCESS) + ->will($this->returnValue($this->authEvent)); + $this->authEvent->expects($this->once()) + ->method('setMessages') + ->with(array('Authentication successful.')) + ->will($this->returnValue($this->authEvent)); + + $this->db->setCredentialPreprocessor(function() { + return 'should-not-be-used'; + }); + $this->hydrator->expects($this->once()) + ->method('hydrate') + ->with(['password' => 'ZfcUserPassword'], $this->user) + ->will($this->returnValue($this->user)); + + $this->db->authenticate($this->authEvent); + } + /** * @covers ZfcUser\Authentication\Adapter\Db::getCredentialPreprocessor * @covers ZfcUser\Authentication\Adapter\Db::setCredentialPreprocessor