Commit 15da2e8c authored by David_Rothstein's avatar David_Rothstein

Issue #2563751 by borisson_, rocketeerbkw, cilefen, pietmarcus, NikitaJain,...

Issue #2563751 by borisson_, rocketeerbkw, cilefen, pietmarcus, NikitaJain, imanol.eguskiza, pjonckiere: Password field errors on user create/edit/login when password is (literally) 0
parent bc484461
......@@ -3028,7 +3028,7 @@ function form_process_password_confirm($element) {
function password_confirm_validate($element, &$element_state) {
$pass1 = trim($element['pass1']['#value']);
$pass2 = trim($element['pass2']['#value']);
if (!empty($pass1) || !empty($pass2)) {
if (strlen($pass1) > 0 || strlen($pass2) > 0) {
if (strcmp($pass1, $pass2)) {
form_error($element, t('The specified passwords do not match.'));
}
......
......@@ -424,7 +424,7 @@ function user_load_by_name($name) {
function user_save($account, $edit = array(), $category = 'account') {
$transaction = db_transaction();
try {
if (!empty($edit['pass'])) {
if (isset($edit['pass']) && strlen(trim($edit['pass'])) > 0) {
// Allow alternate password hashing schemes.
require_once DRUPAL_ROOT . '/' . variable_get('password_inc', 'includes/password.inc');
$edit['pass'] = user_hash_password(trim($edit['pass']));
......@@ -1232,7 +1232,7 @@ function user_validate_current_pass(&$form, &$form_state) {
// that prevent them from being empty if they are changed.
if ((strlen(trim($form_state['values'][$key])) > 0) && ($form_state['values'][$key] != $account->$key)) {
require_once DRUPAL_ROOT . '/' . variable_get('password_inc', 'includes/password.inc');
$current_pass_failed = empty($form_state['values']['current_pass']) || !user_check_password($form_state['values']['current_pass'], $account);
$current_pass_failed = strlen(trim($form_state['values']['current_pass'])) == 0 || !user_check_password($form_state['values']['current_pass'], $account);
if ($current_pass_failed) {
form_set_error('current_pass', t("Your current password is missing or incorrect; it's required to change the %name.", array('%name' => $name)));
form_set_error($key);
......@@ -2167,7 +2167,7 @@ function user_login_name_validate($form, &$form_state) {
*/
function user_login_authenticate_validate($form, &$form_state) {
$password = trim($form_state['values']['pass']);
if (!empty($form_state['values']['name']) && !empty($password)) {
if (!empty($form_state['values']['name']) && strlen(trim($password)) > 0) {
// Do not allow any login from the current user's IP if the limit has been
// reached. Default is 50 failed attempts allowed in one hour. This is
// independent of the per-user limit to catch attempts from one IP to log
......@@ -2258,7 +2258,7 @@ function user_login_final_validate($form, &$form_state) {
*/
function user_authenticate($name, $password) {
$uid = FALSE;
if (!empty($name) && !empty($password)) {
if (!empty($name) && strlen(trim($password)) > 0) {
$account = user_load_by_name($name);
if ($account) {
// Allow alternate password hashing schemes.
......
......@@ -1877,6 +1877,19 @@ class UserCreateTestCase extends DrupalWebTestCase {
$this->drupalGet('admin/people');
$this->assertText($edit['name'], 'User found in list of users');
}
// Test that the password '0' is considered a password.
$name = $this->randomName();
$edit = array(
'name' => $name,
'mail' => $name . '@example.com',
'pass[pass1]' => 0,
'pass[pass2]' => 0,
'notify' => FALSE,
);
$this->drupalPost('admin/people/create', $edit, t('Create new account'));
$this->assertText(t('Created a new user account for @name. No e-mail has been sent.', array('@name' => $edit['name'])), 'User created with password 0');
$this->assertNoText('Password field is required');
}
}
......@@ -1954,6 +1967,25 @@ class UserEditTestCase extends DrupalWebTestCase {
$this->drupalLogin($user1);
$this->drupalLogout();
}
/**
* Tests setting the password to "0".
*/
public function testUserWith0Password() {
$admin = $this->drupalCreateUser(array('administer users'));
$this->drupalLogin($admin);
// Create a regular user.
$user1 = $this->drupalCreateUser(array());
$edit = array('pass[pass1]' => '0', 'pass[pass2]' => '0');
$this->drupalPost("user/" . $user1->uid . "/edit", $edit, t('Save'));
$this->assertRaw(t("The changes have been saved."));
$this->drupalLogout();
$user1->pass_raw = '0';
$this->drupalLogin($user1);
$this->drupalLogout();
}
}
/**
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment