Skip to content

Commit

Permalink
Use hash to look-up user
Browse files Browse the repository at this point in the history
  • Loading branch information
@dshorthouse
dshorthouse committed Dec 15, 2016
1 parent 78d062a commit 223734a
Show file tree
Hide file tree
Showing 13 changed files with 242 additions and 49 deletions.
32 changes: 18 additions & 14 deletions Tests/SimpleMapprTest.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -47,6 +47,7 @@ public static function setUpBeforeClass()

$users_table = 'CREATE TABLE IF NOT EXISTS `users` (
`uid` bigint(20) unsigned NOT NULL AUTO_INCREMENT,
`hash` varchar(60) NOT NULL,
`identifier` varchar(255) NOT NULL,
`username` varchar(50) DEFAULT NULL,
`displayname` varchar(125) DEFAULT NULL,
Expand All @@ -55,6 +56,7 @@ public static function setUpBeforeClass()
`created` int(11) DEFAULT NULL,
`access` int(11) DEFAULT NULL,
PRIMARY KEY (`uid`),
UNIQUE KEY `idx_users_hash` (`hash`),
KEY `identifier` (`identifier`),
KEY `idx_username` (`username`),
KEY `idx_access` (`access`)
Expand Down Expand Up @@ -98,6 +100,7 @@ public static function setUpBeforeClass()

$user1 = self::$db->queryInsert('users', [
'uid' => 1,
'hash' => password_hash('administrator', PASSWORD_DEFAULT),
'identifier' => 'administrator',
'username' => 'administrator',
'displayname' => 'John Smith',
Expand All @@ -107,6 +110,7 @@ public static function setUpBeforeClass()

$user2 = self::$db->queryInsert('users', [
'uid' => 2,
'hash' => password_hash('user', PASSWORD_DEFAULT),
'identifier' => 'user',
'username' => 'user',
'displayname' => 'Jack Johnson',
Expand Down Expand Up @@ -643,27 +647,27 @@ public function waitOnMap($timeout = 10, $interval = 200)
*/
public function setSession($username = "user", $locale = 'en_US')
{
$user = [
"identifier" => $username,
"username" => $username,
"email" => "nowhere@example.com",
"locale" => $locale
];
if ($username == 'administrator') {
$role = ["role" => "2", "uid" => "1", "displayname" => "John Smith"];
} else {
$role = ["role" => "1", "uid" => "2", "displayname" => "Jack Johnson"];
}
$user = array_merge($user, $role);
$db = Database::getInstance();
$sql = "SELECT * from users u WHERE u.username=:username";
$db->prepare($sql);
$db->bindParam(":username", $username, 'string');
$user = $db->fetchFirstArray();
$user['locale'] = $locale;

$clone = array_merge([], $user);
unset($clone['uid'], $clone['role']);

$cookie = [
"name" => "simplemappr",
"value" => urlencode(json_encode($user)),
"value" => urlencode(json_encode($clone)),
"path" => "/"
];
$this->webDriver->manage()->addCookie($cookie);
$_SESSION["simplemappr"] = $user;
$_SESSION["simplemappr"] = $clone;
$this->webDriver->navigate()->refresh();
$this->waitOnAjax();

return $user;
}

}
5 changes: 2 additions & 3 deletions Tests/functional/MapTest.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -84,12 +84,11 @@ public function testCreateMap()
public function testDeleteMap()
{
parent::setUpPage();
parent::setSession();
$user = parent::setSession();

$cookie = json_decode(urldecode($this->webDriver->manage()->getCookieNamed('simplemappr')['value']));
$title = 'Another Sample Map User';
$mid = parent::$db->queryInsert("maps", [
'uid' => $cookie->uid,
'uid' => $user['uid'],
'title' => $title,
'map' => json_encode(['save' => ['title' => $title]]),
'created' => time()
Expand Down
100 changes: 100 additions & 0 deletions Tests/unit/UtilityTest.php
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,100 @@
<?php

/**
* Unit tests for converting coordinates using static methods in Mappr class
*
* PHP Version 5.5
*
* @author David P. Shorthouse <davidpshorthouse@gmail.com>
* @link http://github.com/dshorthouse/SimpleMappr
* @license Copyright (C) 2013 David P. Shorthouse
*
*/

use PHPUnit\Framework\TestCase;
use SimpleMappr\Utility;

class UtilityTest extends TestCase
{
use SimpleMapprMixin;

/**
* Test that a hex color is properly converted to array of RGB.
*/
public function test_hex()
{
$color = "#FF1177";
$converted = Utility::hex2Rgb($color);
$this->assertEquals([255, 17, 119], $converted);
}

/**
* Test that a filename is cleaned of unrecognized characters.
*/
public function test_filename1()
{
$filename = "My@ New()*? ë [Filename]'";
$cleaned = Utility::cleanFilename($filename, "jpg");
$this->assertEquals("My_New_ë_Filename_.jpg", $cleaned);
}

/**
* Test that a filename is cleaned of unrecognized characters.
*/
public function test_filename2()
{
$filename = "My Map";
$cleaned = Utility::cleanFilename($filename, "jpg");
$this->assertEquals("My_Map.jpg", $cleaned);
}

/**
* Test that a param is loaded.
*/
public function test_loadParam()
{
$req = [
'points' => '45,-120'
];
$this->setRequest($req);
$points = Utility::loadParam('points', '75,100');
$this->assertEquals('45,-120', $points);
}

/**
* Test that a default value for a param is loaded.
*/
public function test_loadParam_default()
{
$req = [
'stuff' => '45,-120'
];
$this->setRequest($req);
$points = Utility::loadParam('points', '75,100');
$this->assertEquals('75,100', $points);
}

/**
* Test that slashes are added to param value.
*/
public function test_loadParam_slashes()
{
$req = [
'stuff' => "here's Some \" Stuff on a \n new line"
];
$this->setRequest($req);
$points = Utility::loadParam('stuff', '');
$this->assertEquals("here\'s Some \\\" Stuff on a \n new line", $points);
}

/**
* Test that empty lines are removed from a value.
*/
public function test_removeEmptyLines()
{
$text = "Here \n is \n\n some \n\n\n stuff";
$cleaned = Utility::removeEmptyLines($text);
$this->assertEquals("Here \n is \n some \n stuff", $cleaned);
}

}
12 changes: 6 additions & 6 deletions composer.lock
View file

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

49 changes: 49 additions & 0 deletions db/migrations/20161215161813_hash_user.php
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,49 @@
<?php

use Phinx\Migration\AbstractMigration;

class HashUser extends AbstractMigration
{
/**
* Change Method.
*
* Write your reversible migrations using this method.
*
* More information on writing migrations is available here:
* http://docs.phinx.org/en/latest/migrations.html#the-abstractmigration-class
*
* The following commands can be used in this method and Phinx will
* automatically reverse them when rolling back:
*
* createTable
* renameTable
* addColumn
* renameColumn
* addIndex
* addForeignKey
*
* Remember to call "create()" or "update()" and NOT "save()" when working
* with the Table class.
*/
public function up()
{
$table = $this->table('users');
$table->addColumn('hash', 'string', array('limit' => 60, 'after' => 'uid'))
->save();

$rows = $this->fetchAll('SELECT * FROM users');
foreach($rows as $row) {
$hash = password_hash($row['identifier'], PASSWORD_DEFAULT);
$this->execute(sprintf("UPDATE users set hash = '%s' WHERE uid = %d", $hash, $row['uid']));
}

$table->addIndex(array('hash'), array('unique' => true, 'name' => 'idx_users_hash'))
->save();
}

public function down()
{
$table = $this->table('users');
$table->removeColumn('hash');
}
}
27 changes: 16 additions & 11 deletions db/sample.db.sql
View file
Original file line number Diff line number Diff line change
@@ -1,8 +1,8 @@
-- MySQL dump 10.13 Distrib 5.6.19, for osx10.9 (x86_64)
-- MySQL dump 10.13 Distrib 5.7.16, for osx10.12 (x86_64)
--
-- Host: localhost Database: simplemappr_development
-- Host: localhost Database: simplemappr
-- ------------------------------------------------------
-- Server version 5.6.19
-- Server version 5.7.16

/*!40101 SET @OLD_CHARACTER_SET_CLIENT=@@CHARACTER_SET_CLIENT */;
/*!40101 SET @OLD_CHARACTER_SET_RESULTS=@@CHARACTER_SET_RESULTS */;
Expand Down Expand Up @@ -31,7 +31,7 @@ CREATE TABLE `citations` (
`first_author_surname` varchar(255) COLLATE utf8_unicode_ci NOT NULL,
PRIMARY KEY (`id`),
KEY `year` (`year`,`first_author_surname`)
) ENGINE=InnoDB AUTO_INCREMENT=73 DEFAULT CHARSET=utf8 COLLATE=utf8_unicode_ci;
) ENGINE=InnoDB AUTO_INCREMENT=244 DEFAULT CHARSET=utf8 COLLATE=utf8_unicode_ci;
/*!40101 SET character_set_client = @saved_cs_client */;

--
Expand All @@ -53,7 +53,7 @@ CREATE TABLE `maps` (
KEY `title` (`title`),
KEY `idx_created` (`created`),
KEY `idx_updated` (`updated`)
) ENGINE=InnoDB AUTO_INCREMENT=2813 DEFAULT CHARSET=utf8;
) ENGINE=InnoDB AUTO_INCREMENT=6515 DEFAULT CHARSET=utf8;
/*!40101 SET character_set_client = @saved_cs_client */;

--
Expand All @@ -65,8 +65,10 @@ DROP TABLE IF EXISTS `migrations`;
/*!40101 SET character_set_client = utf8 */;
CREATE TABLE `migrations` (
`version` bigint(14) NOT NULL,
`migration_name` varchar(100) DEFAULT NULL,
`start_time` timestamp NOT NULL DEFAULT CURRENT_TIMESTAMP ON UPDATE CURRENT_TIMESTAMP,
`end_time` timestamp NOT NULL DEFAULT '0000-00-00 00:00:00'
`end_time` timestamp NOT NULL DEFAULT '1970-01-01 05:00:01',
`breakpoint` tinyint(1) NOT NULL DEFAULT '0'
) ENGINE=InnoDB DEFAULT CHARSET=utf8;
/*!40101 SET character_set_client = @saved_cs_client */;

Expand All @@ -82,8 +84,9 @@ CREATE TABLE `shares` (
`mid` int(11) NOT NULL,
`created` int(11) NOT NULL,
PRIMARY KEY (`sid`),
KEY `mid` (`mid`)
) ENGINE=InnoDB AUTO_INCREMENT=17 DEFAULT CHARSET=utf8;
KEY `mid` (`mid`),
KEY `created` (`created`)
) ENGINE=InnoDB AUTO_INCREMENT=101 DEFAULT CHARSET=utf8;
/*!40101 SET character_set_client = @saved_cs_client */;

--
Expand All @@ -101,7 +104,7 @@ CREATE TABLE `stateprovinces` (
`stateprovince_code` char(2) NOT NULL,
UNIQUE KEY `OBJECTID` (`id`),
KEY `index_on_country` (`country`)
) ENGINE=InnoDB AUTO_INCREMENT=3566 DEFAULT CHARSET=utf8;
) ENGINE=InnoDB AUTO_INCREMENT=4651 DEFAULT CHARSET=utf8;
/*!40101 SET character_set_client = @saved_cs_client */;

--
Expand All @@ -113,6 +116,7 @@ DROP TABLE IF EXISTS `users`;
/*!40101 SET character_set_client = utf8 */;
CREATE TABLE `users` (
`uid` bigint(20) unsigned NOT NULL AUTO_INCREMENT,
`hash` varchar(60) NOT NULL,
`identifier` varchar(255) NOT NULL,
`username` varchar(50) DEFAULT NULL,
`displayname` varchar(125) DEFAULT NULL,
Expand All @@ -121,10 +125,11 @@ CREATE TABLE `users` (
`created` int(11) DEFAULT NULL,
`access` int(11) DEFAULT NULL,
PRIMARY KEY (`uid`),
UNIQUE KEY `idx_users_hash` (`hash`),
KEY `identifier` (`identifier`),
KEY `idx_username` (`username`),
KEY `idx_access` (`access`)
) ENGINE=InnoDB AUTO_INCREMENT=544 DEFAULT CHARSET=utf8;
) ENGINE=InnoDB AUTO_INCREMENT=1150 DEFAULT CHARSET=utf8;
/*!40101 SET character_set_client = @saved_cs_client */;
/*!40103 SET TIME_ZONE=@OLD_TIME_ZONE */;

Expand All @@ -136,4 +141,4 @@ CREATE TABLE `users` (
/*!40101 SET COLLATION_CONNECTION=@OLD_COLLATION_CONNECTION */;
/*!40111 SET SQL_NOTES=@OLD_SQL_NOTES */;

-- Dump completed on 2014-07-09 1:37:06
-- Dump completed on 2016-12-15 13:03:17
6 changes: 5 additions & 1 deletion src/Bootstrap.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -427,7 +427,11 @@ private function _twig($include_page_elements = false)
$locale = Utility::loadParam("locale", "en_US");
$qlocale = "?locale={$locale}";

$twig->addGlobal('session', (isset($_SESSION['simplemappr'])) ? $_SESSION['simplemappr'] : []);
$session = [];
if(isset($_SESSION['simplemappr'])) {
$session = (array)User::getByHash($_SESSION['simplemappr']['hash']);
}
$twig->addGlobal('session', $session);
$twig->addGlobal('locale', $locale);
$twig->addGlobal('qlocale', $qlocale);
$twig->addGlobal('language', Session::$accepted_locales[$locale]['canonical']);
Expand Down
7 changes: 5 additions & 2 deletions src/Header.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -542,8 +542,11 @@ public function getJSVars()
*/
private function _isAdministrator()
{
if (isset($_SESSION['simplemappr']) && User::$roles[$_SESSION['simplemappr']['role']] == 'administrator') {
return true;
if (isset($_SESSION['simplemappr']) && isset($_SESSION['simplemappr']['hash'])) {
$user = User::getByHash($_SESSION['simplemappr']['hash']);
if (User::$roles[$user->role] == 'administrator') {
return true;
}
}
return false;
}
Expand Down
Loading

0 comments on commit 223734a

Please sign in to comment.