Issue #2606466 by mikeryan, Wim Leers, phenaproxima, quietone: Migration of...

Issue #2606466 by mikeryan, Wim Leers, phenaproxima, quietone: Migration of uid 1 breaks batch upgrade process

core/modules/migrate/src/Row.php

@@ -222,6 +222,17 @@ public function setDestinationProperty($property, $value) {
     NestedArray::setValue($this->destination, explode(static::PROPERTY_SEPARATOR, $property), $value, TRUE);
   }
 
+  /**
+   * Removes destination property.
+   *
+   * @param string $property
+   *   The name of the destination property.
+   */
+  public function removeDestinationProperty($property) {
+    unset($this->rawDestination[$property]);
+    NestedArray::unsetValue($this->destination, explode(static::PROPERTY_SEPARATOR, $property));
+  }
+
   /**
    * Returns the whole destination array.
    *

core/modules/user/src/Plugin/migrate/destination/EntityUser.php

@@ -90,6 +90,10 @@ public function import(Row $row, array $old_destination_id_values = array()) {
         throw new MigrateException('Password service has been altered by another module, aborting.');
       }
     }
+    // Do not overwrite the root account password.
+    if ($row->getDestinationProperty('uid') == 1) {
+      $row->removeDestinationProperty('pass');
+    }
     $ids = parent::import($row, $old_destination_id_values);
     if ($this->password) {
       $this->password->disableMd5Prefixing();

core/modules/user/src/Tests/Migrate/MigrateUserAdminPassTest.php

+<?php
+
+/**
+ * @file
+ * Contains \Drupal\user\Tests\Migrate\MigrateUserAdminPassTest.
+ */
+
+namespace Drupal\user\Tests\Migrate;
+
+use Drupal\migrate\Entity\Migration;
+use Drupal\migrate\MigrateExecutable;
+use Drupal\migrate\Tests\MigrateTestBase;
+use Drupal\user\Entity\User;
+
+/**
+ * Tests preservation of root account password.
+ *
+ * @group user
+ */
+class MigrateUserAdminPassTest extends MigrateTestBase {
+
+  /**
+   * The passwords as retrieved from the account entities before migration.
+   *
+   * @var array
+   */
+  protected $originalPasswords = [];
+
+  /**
+   * Modules to enable.
+   *
+   * @var string[]
+   */
+  public static $modules = ['user'];
+
+  /**
+   * {@inheritdoc}
+   */
+  protected function setUp() {
+    parent::setUp();
+
+    // Make sure the admin user and a regular user are created.
+    $this->container->get('module_handler')->loadInclude('user', 'install');
+    $this->installEntitySchema('user');
+    user_install();
+    /** @var \Drupal\user\Entity\User $admin_account */
+    $admin_account = User::load(1);
+    $admin_account->setPassword('original');
+    $admin_account->save();
+    $this->originalPasswords[1] = $admin_account->getPassword();
+
+    /** @var \Drupal\user\Entity\User $user_account */
+    $user_account = User::create([
+      'uid' => 2,
+      'name' => 'original_username',
+      'mail' => 'original_email@example.com',
+      'pass' => 'original_password',
+    ]);
+    $user_account->save();
+    $this->originalPasswords[2] = $user_account->getPassword();
+  }
+
+  /**
+   * Tests preserving the admin user's password.
+   */
+  public function testAdminPasswordPreserved() {
+    $user_data_rows = [
+      [
+        'id' => '1',
+        'username' => 'site_admin',
+        'password' => 'new_password',
+        'email' => 'site_admin@example.com',
+      ],
+      [
+        'id' => '2',
+        'username' => 'random_user',
+        'password' => 'random_password',
+        'email' => 'random_user@example.com',
+      ],
+    ];
+    $ids = ['id' => ['type' => 'integer']];
+    $config = [
+      'id' => 'users',
+      'migration_tags' => ['Admin password test'],
+      'source' => [
+        'plugin' => 'embedded_data',
+        'data_rows' => $user_data_rows,
+        'ids' => $ids,
+      ],
+      'process' => [
+        'uid' => 'id',
+        'name' => 'username',
+        'mail' => 'email',
+        'pass' => 'password',
+      ],
+      'destination' => ['plugin' => 'entity:user'],
+    ];
+    $migration = Migration::create($config);
+    $this->executeMigration($migration);
+
+    // Verify that admin username and email were changed, but password was not.
+    /** @var \Drupal\user\Entity\User $admin_account */
+    $admin_account = User::load(1);
+    $this->assertIdentical($admin_account->getUsername(), 'site_admin');
+    $this->assertIdentical($admin_account->getEmail(), 'site_admin@example.com');
+    $this->assertIdentical($admin_account->getPassword(), $this->originalPasswords[1]);
+
+    // Verify that everything changed for the regular user.
+    /** @var \Drupal\user\Entity\User $user_account */
+    $user_account = User::load(2);
+    $this->assertIdentical($user_account->getUsername(), 'random_user');
+    $this->assertIdentical($user_account->getEmail(), 'random_user@example.com');
+    $this->assertNotIdentical($user_account->getPassword(), $this->originalPasswords[2]);
+  }
+
+}

core/modules/user/src/Tests/Migrate/d6/MigrateUserTest.php

@@ -119,8 +119,11 @@ public function testUser() {
       }
 
       // Use the API to check if the password has been salted and re-hashed to
-      // conform the Drupal >= 7.
-      $this->assertTrue(\Drupal::service('password')->check($source->pass_plain, $user->getPassword()));
+      // conform to Drupal >= 7 for non-admin users.
+      if ($user->id() != 1) {
+        $this->assertTrue(\Drupal::service('password')
+          ->check($source->pass_plain, $user->getPassword()));
+      }
     }
     // Rollback the migration and make sure everything is deleted but uid 1.
     (new MigrateExecutable($this->migration, $this))->rollback();