From 0d5dc418bcb22a15ed6f86463fc3d5e2fcc972c9 Mon Sep 17 00:00:00 2001 From: Mark Pemberton Date: Thu, 12 May 2011 17:58:05 -0400 Subject: [PATCH] modified loginPrivateKey to only authenticate with privatekey --- src/SemanticScuttle/Service/User.php | 8 ++------ tests/BookmarkTest.php | 2 +- tests/UserTest.php | 14 +++++++------- www/rss.php | 2 +- 4 files changed, 11 insertions(+), 15 deletions(-) diff --git a/src/SemanticScuttle/Service/User.php b/src/SemanticScuttle/Service/User.php index 6651a45..84b48ee 100644 --- a/src/SemanticScuttle/Service/User.php +++ b/src/SemanticScuttle/Service/User.php @@ -585,16 +585,14 @@ class SemanticScuttle_Service_User extends SemanticScuttle_DbService } /** - * Try to authenticate and login a user with - * username and privatekey. + * Try to authenticate via the privatekey * - * @param string $username Name of User * @param string $privatekey Private Key * * @return boolean true if the user could be authenticated, * false if not. */ - public function loginPrivateKey($username, $privatekey) + public function loginPrivateKey($privatekey) { /* Check if private key valid and enabled */ if (!$this->isPrivateKeyValid($privatekey)) { @@ -603,8 +601,6 @@ class SemanticScuttle_Service_User extends SemanticScuttle_DbService $query = 'SELECT '. $this->getFieldName('primary') .' FROM ' . $this->getTableName() .' WHERE ' - . $this->getFieldName('username') .' = "' - . $this->db->sql_escape($username) .'" AND ' . $this->getFieldName('privatekey') .' = "' . $this->db->sql_escape($privatekey) .'"'; diff --git a/tests/BookmarkTest.php b/tests/BookmarkTest.php index 385ca36..23a896e 100644 --- a/tests/BookmarkTest.php +++ b/tests/BookmarkTest.php @@ -1384,7 +1384,7 @@ class BookmarkTest extends TestBase $b2 = $bookmarks['bookmarks'][0]; $this->assertEquals('title', $b2['bTitle']); // there should be no second record - $this->assertEquals(count($bookmarks['bookmarks']),1); + $this->assertEquals(1,count($bookmarks['bookmarks'])); } diff --git a/tests/UserTest.php b/tests/UserTest.php index 0b892cf..b96a2bf 100644 --- a/tests/UserTest.php +++ b/tests/UserTest.php @@ -452,9 +452,9 @@ class UserTest extends TestBase $randKey2 = '-'.$this->us->getNewPrivateKey(); $uid2 = $this->addUser('seconduser', 'passw0RD', $randKey2); - /* test invalid credentials - both invalid login and key */ + /* test invalid private key */ $this->assertFalse( - $this->us->loginPrivateKey('userdoesnot', '02848248084082408240824802408248') + $this->us->loginPrivateKey('02848248084082408240824802408248') ); } @@ -470,7 +470,7 @@ class UserTest extends TestBase /* test valid credentials with private key enabled */ $this->assertTrue( - $this->us->loginPrivateKey('testusername', $randKey) + $this->us->loginPrivateKey($randKey) ); } @@ -486,7 +486,7 @@ class UserTest extends TestBase /* test valid credentials with private key enabled but invalid key */ $this->assertFalse( - $this->us->loginPrivateKey('testusername', '123') + $this->us->loginPrivateKey('123') ); } @@ -507,7 +507,7 @@ class UserTest extends TestBase /* test valid credentials with private key disabled */ $this->assertFalse( - $this->us->loginPrivateKey('seconduser', $randKey2) + $this->us->loginPrivateKey($randKey2) ); } @@ -523,10 +523,10 @@ class UserTest extends TestBase /* test valid credentials with private key disabled and invalid key */ $this->assertFalse( - $this->us->loginPrivateKey('seconduser', '-1') + $this->us->loginPrivateKey('-1') ); $this->assertFalse( - $this->us->loginPrivateKey('seconduser', null) + $this->us->loginPrivateKey(null) ); } diff --git a/www/rss.php b/www/rss.php index f410750..ae32cbd 100644 --- a/www/rss.php +++ b/www/rss.php @@ -86,7 +86,7 @@ if ($user && $user != 'all') { /* if user is not logged in and has valid privatekey */ if (!$userservice->isLoggedOn()) { if ($privatekey != null) { - if ($userservice->loginPrivateKey($user, $privatekey)) { + if ($userservice->loginPrivateKey($privatekey)) { $isTempLogin = true; } else { $tplVars['error'] = sprintf(T_('Failed to Autenticate User with username %s using private key'), $user);