Changeset 42343 for trunk/tests/phpunit/tests/auth.php
- Timestamp:
- 11/30/2017 11:09:33 PM (7 years ago)
- File:
-
- 1 edited
Legend:
- Unmodified
- Added
- Removed
-
trunk/tests/phpunit/tests/auth.php
r39364 r42343 17 17 18 18 public static function wpSetUpBeforeClass( $factory ) { 19 self::$_user = $factory->user->create_and_get( array( 20 'user_login' => 'password-tests' 21 ) ); 19 self::$_user = $factory->user->create_and_get( 20 array( 21 'user_login' => 'password-tests', 22 ) 23 ); 22 24 23 25 self::$user_id = self::$_user->ID; … … 49 51 $this->assertEquals( false, wp_validate_auth_cookie( $cookie, 'logged_in' ), 'wrong auth scheme' ); 50 52 51 $cookie = wp_generate_auth_cookie( self::$user_id, time() + 3600, 'auth' );52 list($a, $b, $c) = explode( '|', $cookie);53 $cookie = $a . '|' . ($b + 1) . '|' . $c;53 $cookie = wp_generate_auth_cookie( self::$user_id, time() + 3600, 'auth' ); 54 list($a, $b, $c) = explode( '|', $cookie ); 55 $cookie = $a . '|' . ( $b + 1 ) . '|' . $c; 54 56 $this->assertEquals( false, wp_validate_auth_cookie( self::$user_id, 'auth' ), 'altered cookie' ); 55 57 } … … 76 78 ); 77 79 78 foreach ( $passwords_to_test as $password_to_test ) {80 foreach ( $passwords_to_test as $password_to_test ) { 79 81 wp_set_password( $password_to_test, $this->user->ID ); 80 82 $authed_user = wp_authenticate( $this->user->user_login, $password_to_test ); … … 158 160 // A valid nonce needs to be set so the check doesn't die() 159 161 $_REQUEST['_wpnonce'] = wp_create_nonce( -1 ); 160 $result = check_admin_referer();162 $result = check_admin_referer(); 161 163 $this->assertSame( 1, $result ); 162 164 … … 172 174 // A valid nonce needs to be set so the check doesn't die() 173 175 $_REQUEST['_wpnonce'] = wp_create_nonce( -1 ); 174 $result = check_ajax_referer();176 $result = check_ajax_referer(); 175 177 $this->assertSame( 1, $result ); 176 178 … … 231 233 global $wpdb; 232 234 233 $key = wp_generate_password( 20, false ); 234 $wpdb->update( $wpdb->users, array( 235 'user_activation_key' => strtotime( '-1 hour' ) . ':' . self::$wp_hasher->HashPassword( $key ), 236 ), array( 237 'ID' => $this->user->ID, 238 ) ); 235 $key = wp_generate_password( 20, false ); 236 $wpdb->update( 237 $wpdb->users, array( 238 'user_activation_key' => strtotime( '-1 hour' ) . ':' . self::$wp_hasher->HashPassword( $key ), 239 ), array( 240 'ID' => $this->user->ID, 241 ) 242 ); 239 243 240 244 // A valid key should be accepted … … 254 258 // A truncated key should be rejected 255 259 $partial = substr( $key, 0, 10 ); 256 $check = check_password_reset_key( $partial, $this->user->user_login );260 $check = check_password_reset_key( $partial, $this->user->user_login ); 257 261 $this->assertInstanceOf( 'WP_Error', $check ); 258 262 } … … 264 268 global $wpdb; 265 269 266 $key = wp_generate_password( 20, false ); 267 $wpdb->update( $wpdb->users, array( 268 'user_activation_key' => strtotime( '-48 hours' ) . ':' . self::$wp_hasher->HashPassword( $key ), 269 ), array( 270 'ID' => $this->user->ID, 271 ) ); 270 $key = wp_generate_password( 20, false ); 271 $wpdb->update( 272 $wpdb->users, array( 273 'user_activation_key' => strtotime( '-48 hours' ) . ':' . self::$wp_hasher->HashPassword( $key ), 274 ), array( 275 'ID' => $this->user->ID, 276 ) 277 ); 272 278 273 279 // An expired but otherwise valid key should be rejected … … 297 303 // A legacy user_activation_key is one without the `time()` prefix introduced in WordPress 4.3. 298 304 299 $key = wp_generate_password( 20, false ); 300 $wpdb->update( $wpdb->users, array( 301 'user_activation_key' => self::$wp_hasher->HashPassword( $key ), 302 ), array( 303 'ID' => $this->user->ID, 304 ) ); 305 $key = wp_generate_password( 20, false ); 306 $wpdb->update( 307 $wpdb->users, array( 308 'user_activation_key' => self::$wp_hasher->HashPassword( $key ), 309 ), array( 310 'ID' => $this->user->ID, 311 ) 312 ); 305 313 306 314 // A legacy user_activation_key should not be accepted … … 322 330 // A plaintext user_activation_key is one stored before hashing was introduced in WordPress 3.7. 323 331 324 $key = wp_generate_password( 20, false ); 325 $wpdb->update( $wpdb->users, array( 326 'user_activation_key' => $key, 327 ), array( 328 'ID' => $this->user->ID, 329 ) ); 332 $key = wp_generate_password( 20, false ); 333 $wpdb->update( 334 $wpdb->users, array( 335 'user_activation_key' => $key, 336 ), array( 337 'ID' => $this->user->ID, 338 ) 339 ); 330 340 331 341 // A plaintext user_activation_key should not allow an otherwise valid key to be accepted
Note: See TracChangeset
for help on using the changeset viewer.