From ae376d3b2f8e5b44421186e48e1b0e085c51d71f Mon Sep 17 00:00:00 2001 From: Mark Nielsen Date: Wed, 27 Aug 2014 11:30:04 -0700 Subject: [PATCH] MDL-43639: Prevent user updated event on every login If auth plugin prevents local passwords, then user is updated and event is triggered on every login. --- lib/moodlelib.php | 2 +- lib/tests/moodlelib_test.php | 38 ++++++++++++++++++++++++++++++++++++ 2 files changed, 39 insertions(+), 1 deletion(-) diff --git a/lib/moodlelib.php b/lib/moodlelib.php index f4ffd63ee24..12707d7d2d1 100644 --- a/lib/moodlelib.php +++ b/lib/moodlelib.php @@ -4706,7 +4706,7 @@ function update_internal_user_password($user, $password) { $hashedpassword = hash_internal_user_password($password); } - if ($legacyhash) { + if ($legacyhash || $hashedpassword == AUTH_PASSWORD_NOT_CACHED) { $passwordchanged = ($user->password !== $hashedpassword); $algorithmchanged = false; } else { diff --git a/lib/tests/moodlelib_test.php b/lib/tests/moodlelib_test.php index 14141aaefcc..3ab20e00f03 100644 --- a/lib/tests/moodlelib_test.php +++ b/lib/tests/moodlelib_test.php @@ -2276,6 +2276,44 @@ class core_moodlelib_testcase extends advanced_testcase { } } + /** + * Testing that if the password is not cached, that it does not update + * the user table and fire event. + */ + public function test_update_internal_user_password_no_cache() { + global $DB; + + $this->resetAfterTest(true); + + $user = $this->getDataGenerator()->create_user(array('auth' => 'cas')); + $this->assertEquals(AUTH_PASSWORD_NOT_CACHED, $user->password); + + // Update the field to see if it was needlessly overwritten. + $DB->set_field('user', 'password', 'doNotOverwrite'); + + update_internal_user_password($user, 'wonkawonka'); + + $this->assertEquals('doNotOverwrite', $DB->get_field('user', 'password', array('id' => $user->id))); + } + + /** + * Test if the user has a password hash, but now their auth method + * says not to cache it. Then it should update. + */ + public function test_update_internal_user_password_update_no_cache() { + global $DB; + + $this->resetAfterTest(true); + + $user = $this->getDataGenerator()->create_user(array('password' => 'test')); + $this->assertNotEquals(AUTH_PASSWORD_NOT_CACHED, $user->password); + $user->auth = 'cas'; // Change to a auth that does not store passwords. + + update_internal_user_password($user, 'wonkawonka'); + + $this->assertEquals(AUTH_PASSWORD_NOT_CACHED, $DB->get_field('user', 'password', array('id' => $user->id))); + } + public function test_fullname() { global $CFG;