moodle/moodle
3
0
Fork 0
mirror of https://github.com/moodle/moodle.git synced 2025-08-09 02:46:40 +02:00
Code Issues Projects Releases Packages Wiki Activity Actions

MDL-43639: Prevent user updated event on every login

Browse source 
If auth plugin prevents local passwords, then user
is updated and event is triggered on every login.
This commit is contained in:
Mark Nielsen 2014-08-27 11:30:04 -07:00
parent fd72531964
commit ae376d3b2f
2 changed files with 39 additions and 1 deletions
Download patch file Download diff file Expand all files Collapse all files

2
lib/moodlelib.php
View file

@ -4706,7 +4706,7 @@ function update_internal_user_password($user, $password) {
$hashedpassword = hash_internal_user_password($password); $hashedpassword = hash_internal_user_password($password);
} }
if ($legacyhash) { if ($legacyhash || $hashedpassword == AUTH_PASSWORD_NOT_CACHED) {
$passwordchanged = ($user->password !== $hashedpassword); $passwordchanged = ($user->password !== $hashedpassword);
$algorithmchanged = false; $algorithmchanged = false;
} else { } else {

38
lib/tests/moodlelib_test.php
View file

@ -2276,6 +2276,44 @@ class core_moodlelib_testcase extends advanced_testcase {
} }
} }
/**
* Testing that if the password is not cached, that it does not update
* the user table and fire event.
*/
public function test_update_internal_user_password_no_cache() {
global $DB;
$this->resetAfterTest(true);
$user = $this->getDataGenerator()->create_user(array('auth' => 'cas'));
$this->assertEquals(AUTH_PASSWORD_NOT_CACHED, $user->password);
// Update the field to see if it was needlessly overwritten.
$DB->set_field('user', 'password', 'doNotOverwrite');
update_internal_user_password($user, 'wonkawonka');
$this->assertEquals('doNotOverwrite', $DB->get_field('user', 'password', array('id' => $user->id)));
}
/**
* Test if the user has a password hash, but now their auth method
* says not to cache it. Then it should update.
*/
public function test_update_internal_user_password_update_no_cache() {
global $DB;
$this->resetAfterTest(true);
$user = $this->getDataGenerator()->create_user(array('password' => 'test'));
$this->assertNotEquals(AUTH_PASSWORD_NOT_CACHED, $user->password);
$user->auth = 'cas'; // Change to a auth that does not store passwords.
update_internal_user_password($user, 'wonkawonka');
$this->assertEquals(AUTH_PASSWORD_NOT_CACHED, $DB->get_field('user', 'password', array('id' => $user->id)));
}
public function test_fullname() { public function test_fullname() {
global $CFG; global $CFG;