diff options
| author | Matthew Somerville <matthew@mysociety.org> | 2019-11-20 15:00:22 +0000 |
|---|---|---|
| committer | Dave Arter <davea@mysociety.org> | 2019-12-09 12:50:07 +0000 |
| commit | cae638745b1c0777094705032276479dcc1137f4 (patch) | |
| tree | 056e869516b874040eee1507784dd3e899df5cb7 | |
| parent | 4566cdf5e4d28332c57c187d00ffd0dda952dd8a (diff) | |
[TfL] Store password in separate location.
| -rw-r--r-- | perllib/DBIx/Class/FixMyStreet/EncodedColumn.pm | 14 | ||||
| -rw-r--r-- | perllib/FixMyStreet/DB/Result/User.pm | 14 | ||||
| -rw-r--r-- | perllib/FixMyStreet/TestMech.pm | 10 | ||||
| -rw-r--r-- | t/cobrand/tfl.t | 30 |
4 files changed, 60 insertions, 8 deletions
diff --git a/perllib/DBIx/Class/FixMyStreet/EncodedColumn.pm b/perllib/DBIx/Class/FixMyStreet/EncodedColumn.pm index 0d86c7639..3be6e4594 100644 --- a/perllib/DBIx/Class/FixMyStreet/EncodedColumn.pm +++ b/perllib/DBIx/Class/FixMyStreet/EncodedColumn.pm @@ -8,6 +8,20 @@ use base qw/DBIx::Class::EncodedColumn/; # mySociety override to allow direct setting without double encryption sub set_column { my $self = shift; + if ($_[0] eq 'password') { + my $cobrand = $self->result_source->schema->cobrand; + if ($cobrand->moniker eq 'tfl') { + if (defined $_[1]) { + if (defined $_[2]) { + $self->set_extra_metadata(tfl_password => $_[1]); + } else { + my $encoder = $self->_column_encoders->{password}; + $self->set_extra_metadata(tfl_password => $encoder->($_[1])); + } + } + return $self->get_extra_metadata('tfl_password'); + } + } return DBIx::Class::Row::set_column($self, @_) unless defined $_[1] and not defined $_[2]; $self->next::method(@_); } diff --git a/perllib/FixMyStreet/DB/Result/User.pm b/perllib/FixMyStreet/DB/Result/User.pm index 4f46fcfe2..b0a05d0b7 100644 --- a/perllib/FixMyStreet/DB/Result/User.pm +++ b/perllib/FixMyStreet/DB/Result/User.pm @@ -163,10 +163,22 @@ __PACKAGE__->add_columns( encode_column => 1, encode_class => 'Crypt::Eksblowfish::Bcrypt', encode_args => { cost => cost() }, - encode_check_method => 'check_password', + encode_check_method => '_check_password', }, ); +sub check_password { + my $self = shift; + my $cobrand = $self->result_source->schema->cobrand; + if ($cobrand->moniker eq 'tfl') { + my $col_v = $self->get_extra_metadata('tfl_password'); + return unless defined $col_v; + $self->_column_encoders->{password}->($_[0], $col_v) eq $col_v; + } else { + $self->_check_password(@_); + } +} + around password => sub { my ($orig, $self) = (shift, shift); if (@_) { diff --git a/perllib/FixMyStreet/TestMech.pm b/perllib/FixMyStreet/TestMech.pm index e8b08ef19..5c8ae4e28 100644 --- a/perllib/FixMyStreet/TestMech.pm +++ b/perllib/FixMyStreet/TestMech.pm @@ -109,6 +109,8 @@ sub log_in_ok { my $mech = shift; my $username = shift; + $mech->get_ok('/auth'); # Doing this here so schema cobrand set appropriately (for e.g. TfL password setting) + $username = $mech->uniquify_email($username, (caller)[1]); my $user = $mech->create_user_ok($username); @@ -117,7 +119,6 @@ sub log_in_ok { $user->update( { password => 'secret' } ); # log in - $mech->get_ok('/auth'); $mech->submit_form_ok( { with_fields => { username => $username, password_sign_in => 'secret' } }, "sign in using form" ); @@ -125,12 +126,7 @@ sub log_in_ok { # restore the password (if there was one) if ($old_password) { - - # Use store_column and then make_column_dirty to bypass the filters that - # would hash the password, otherwise the password required ito log in - # would be the hash of the previous one. - $user->store_column("password", $old_password); - $user->make_column_dirty("password"); + $user->password($old_password, 1); $user->update(); # Belt and braces, check that the password has been correctly saved. diff --git a/t/cobrand/tfl.t b/t/cobrand/tfl.t index 9df9a3d6c..e37a0192f 100644 --- a/t/cobrand/tfl.t +++ b/t/cobrand/tfl.t @@ -512,6 +512,36 @@ subtest 'Bromley staff cannot access TfL admin' => sub { $mech->log_out_ok; }; +subtest 'Test passwords work appropriately' => sub { + $mech->host('www.fixmystreet.com'); + $mech->get_ok('/auth'); + $user->password('dotcom'); + $user->update; + $mech->submit_form_ok( + { with_fields => { username => $user->email, password_sign_in => 'dotcom' } }, + "sign in using form" ); + $mech->content_contains('Your account'); + $mech->host('tfl.fixmystreet.com'); + $mech->get_ok('/auth'); + $mech->submit_form_ok( + { with_fields => { username => $user->email, password_sign_in => 'dotcom' } }, + "sign in using form" ); + $mech->content_lacks('Your account'); + + $user->password('tfl'); + $user->update; + $mech->submit_form_ok( + { with_fields => { username => $user->email, password_sign_in => 'tfl' } }, + "sign in using form" ); + $mech->content_contains('Your account'); + $mech->host('www.fixmystreet.com'); + $mech->get_ok('/auth'); + $mech->submit_form_ok( + { with_fields => { username => $user->email, password_sign_in => 'tfl' } }, + "sign in using form" ); + $mech->content_lacks('Your account'); +}; + }; FixMyStreet::override_config { |