From e3d9fc3f5a7f976133cb0d30ce0c6eff4a8ebc6f Mon Sep 17 00:00:00 2001 From: "Eloy Lafuente (stronk7)" Date: Wed, 26 Nov 2014 12:04:31 +0100 Subject: [PATCH] MDL-20365 auth_db: cross-db passfield case and saltedcrypt unit test --- auth/db/auth.php | 5 +++-- auth/db/tests/db_test.php | 7 +++++++ 2 files changed, 10 insertions(+), 2 deletions(-) diff --git a/auth/db/auth.php b/auth/db/auth.php index cef314d0314..e77bc48b54f 100644 --- a/auth/db/auth.php +++ b/auth/db/auth.php @@ -105,7 +105,7 @@ class auth_plugin_db extends auth_plugin_base { $authdb = $this->db_init(); - $rs = $authdb->Execute("SELECT {$this->config->fieldpass} + $rs = $authdb->Execute("SELECT {$this->config->fieldpass} AS userpass FROM {$this->config->table} WHERE {$this->config->fielduser} = '".$this->ext_addslashes($extusername)."'"); if (!$rs) { @@ -119,7 +119,8 @@ class auth_plugin_db extends auth_plugin_base { return false; } - $fromdb = $rs->fields[$this->config->fieldpass]; + $fields = array_change_key_case($rs->fields, CASE_LOWER); + $fromdb = $fields['userpass']; $rs->Close(); $authdb->Close(); diff --git a/auth/db/tests/db_test.php b/auth/db/tests/db_test.php index 3931ea99801..e619df670cf 100644 --- a/auth/db/tests/db_test.php +++ b/auth/db/tests/db_test.php @@ -306,6 +306,13 @@ class auth_db_testcase extends advanced_testcase { $DB->update_record('auth_db_users', $user3); $this->assertTrue($auth->user_login('u3', 'heslo')); + require_once($CFG->libdir.'/password_compat/lib/password.php'); + set_config('passtype', 'saltedcrypt', 'auth/db'); + $auth->config->passtype = 'saltedcrypt'; + $user3->pass = password_hash('heslo', PASSWORD_BCRYPT, array('salt' => 'best_salt_ever_moodle_rocks_dont_tell')); + $DB->update_record('auth_db_users', $user3); + $this->assertTrue($auth->user_login('u3', 'heslo')); + set_config('passtype', 'internal', 'auth/db'); $auth->config->passtype = 'internal'; create_user_record('u3', 'heslo', 'db');