allow unchanged passwords to be reset via sis

fixes #5182 Change-Id: I5c7a6705714b3991048b468ad5961875311f1348 Reviewed-on: https://gerrit.instructure.com/4903 Tested-by: Hudson <hudson@instructure.com> Reviewed-by: Cody Cutrer <cody@instructure.com> Reviewed-by: Jacob Fugal <jacob@instructure.com>
2011-08-02 16:58:55 -06:00 · 2011-08-02 16:58:55 -06:00 · b92427222e
parent b01bc2fc0b
commit b92427222e
2 changed files with 85 additions and 7 deletions
--- a/lib/sis/user_importer.rb
+++ b/lib/sis/user_importer.rb
@ -116,6 +116,7 @@ module SIS
                if !row['password'].blank? && (pseudo.new_record? || pseudo.password_auto_generated)
                  pseudo.password = row['password']
                  pseudo.password_confirmation = row['password']
+                  pseudo.password_auto_generated = true
                end
                pseudo.sis_ssha = row['ssha_password'] if !row['ssha_password'].blank?

--- a/spec/lib/sis_csv_importer_spec.rb
+++ b/spec/lib/sis_csv_importer_spec.rb
@ -18,6 +18,11 @@

 require File.expand_path(File.dirname(__FILE__) + '/../spec_helper.rb')

+def gen_ssha_password(password)
+  salt = ActiveSupport::SecureRandom.random_bytes(10)
+  "{SSHA}" + Base64.encode64(Digest::SHA1.digest(password+salt).unpack('H*').first+salt).gsub(/\s/, '')
+end
+
 describe SIS::SisCsv do
  before do
    account_model
@ -347,7 +352,7 @@ describe SIS::SisCsv do
  
  context "user importing" do
    it "should create new users and update names" do
-      process_csv_data(
+      process_csv_data_cleanly(
        "user_id,login_id,first_name,last_name,email,status",
        "user_1,user1,User,Uno,user@example.com,active"
      )
@ -363,7 +368,7 @@ describe SIS::SisCsv do
      cc = user.communication_channels.first
      cc.path.should eql("user@example.com")
      
-      process_csv_data(
+      process_csv_data_cleanly(
        "user_id,login_id,first_name,last_name,email,status",
        "user_1,user1,User,Uno 2,user@example.com,active"
      )
@ -380,7 +385,7 @@ describe SIS::SisCsv do
      user.name = "My Awesome Name"
      user.save
      
-      process_csv_data(
+      process_csv_data_cleanly(
        "user_id,login_id,first_name,last_name,email,status",
        "user_1,user1,User,Uno 2,user@example.com,active"
      )
@ -390,10 +395,10 @@ describe SIS::SisCsv do
    end

    it "should set passwords and not overwrite current passwords" do
-      process_csv_data(
+      process_csv_data_cleanly(
        "user_id,login_id,password,first_name,last_name,email,status,ssha_password",
        "user_1,user1,badpassword,User,Uno 2,user@example.com,active,",
-        "user_2,user2,,User,Uno 2,user2@example.com,active,{SSHA}Y2FiODZkZDYyNjE3MTA4OTFlOGNiNTZlZTM2MjU2OTFhNzVkZjM0NHNhbHRzYWx0"
+        "user_2,user2,,User,Uno 2,user2@example.com,active,#{gen_ssha_password("password")}"
      )
      user1 = User.find_by_email('user@example.com')
      p = user1.pseudonyms.first
@ -414,10 +419,10 @@ describe SIS::SisCsv do
      p.valid_arbitrary_credentials?('password').should be_false
      p.valid_arbitrary_credentials?('newpassword').should be_true

-      process_csv_data(
+      process_csv_data_cleanly(
        "user_id,login_id,password,first_name,last_name,email,status,ssha_password",
        "user_1,user1,badpassword2,User,Uno 2,user@example.com,active",
-        "user_2,user2,,User,Uno 2,user2@example.com,active,{SSHA}ZDg1ZmJhMjNmZWU0ZmFiMmYzYTJhNTMxNzZiNjcyZWFhMzE0ZTQzMXNhbHR5"
+        "user_2,user2,,User,Uno 2,user2@example.com,active,#{gen_ssha_password("changedpassword")}"
      )
      
      user1.reload
@ -434,6 +439,78 @@ describe SIS::SisCsv do
      p.valid_ssha?('changedpassword').should be_true
    end
    
+    it "should allow setting and resetting of passwords" do
+      User.find_by_email("user1@example.com").should be_nil
+      User.find_by_email("user2@example.com").should be_nil
+
+      process_csv_data_cleanly(
+        "user_id,login_id,password,first_name,last_name,email,status,ssha_password",
+        "user_1,user1,password1,User,Uno,user1@example.com,active,",
+        "user_2,user2,,User,Dos,user2@example.com,active,#{gen_ssha_password("encpass1")}"
+      )
+
+      User.find_by_email('user1@example.com').pseudonyms.first.tap do |p|
+        p.valid_arbitrary_credentials?('password1').should be_true
+        p.valid_arbitrary_credentials?('password2').should be_false
+        p.valid_arbitrary_credentials?('password3').should be_false
+        p.valid_arbitrary_credentials?('password4').should be_false
+      end
+
+      User.find_by_email('user2@example.com').pseudonyms.first.tap do |p|
+        p.valid_arbitrary_credentials?('encpass1').should be_true
+        p.valid_arbitrary_credentials?('encpass2').should be_false
+        p.valid_arbitrary_credentials?('encpass3').should be_false
+        p.valid_arbitrary_credentials?('password4').should be_false
+      end
+
+      process_csv_data_cleanly(
+        "user_id,login_id,password,first_name,last_name,email,status,ssha_password",
+        "user_1,user1,password2,User,Uno,user1@example.com,active,",
+        "user_2,user2,,User,Dos,user2@example.com,active,#{gen_ssha_password("encpass2")}"
+      )
+
+      User.find_by_email('user1@example.com').pseudonyms.first.tap do |p|
+        p.valid_arbitrary_credentials?('password1').should be_false
+        p.valid_arbitrary_credentials?('password2').should be_true
+        p.valid_arbitrary_credentials?('password3').should be_false
+        p.valid_arbitrary_credentials?('password4').should be_false
+
+        p.password_confirmation = p.password = 'password4'
+        p.save
+      end
+
+      User.find_by_email('user2@example.com').pseudonyms.first.tap do |p|
+        p.valid_arbitrary_credentials?('encpass1').should be_false
+        p.valid_arbitrary_credentials?('encpass2').should be_true
+        p.valid_arbitrary_credentials?('encpass3').should be_false
+        p.valid_arbitrary_credentials?('password4').should be_false
+
+        p.password_confirmation = p.password = 'password4'
+        p.save
+      end
+
+      process_csv_data_cleanly(
+        "user_id,login_id,password,first_name,last_name,email,status,ssha_password",
+        "user_1,user1,password3,User,Uno,user1@example.com,active,",
+        "user_2,user2,,User,Dos,user2@example.com,active,#{gen_ssha_password("encpass3")}"
+      )
+
+      User.find_by_email('user1@example.com').pseudonyms.first.tap do |p|
+        p.valid_arbitrary_credentials?('password1').should be_false
+        p.valid_arbitrary_credentials?('password2').should be_false
+        p.valid_arbitrary_credentials?('password3').should be_false
+        p.valid_arbitrary_credentials?('password4').should be_true
+      end
+
+      User.find_by_email('user2@example.com').pseudonyms.first.tap do |p|
+        p.valid_arbitrary_credentials?('encpass1').should be_false
+        p.valid_arbitrary_credentials?('encpass2').should be_false
+        p.valid_arbitrary_credentials?('encpass3').should be_false
+        p.valid_arbitrary_credentials?('password4').should be_true
+      end
+
+    end
+
    it "should warn for duplicate rows" do
      importer = process_csv_data(
        "user_id,login_id,first_name,last_name,email,status",