Skip to:
Content

BuddyPress.org


Ignore:
Timestamp:
07/06/2016 05:00:00 PM (5 years ago)
Author:
imath
Message:

Make sure the password is set to what user chose when signing up with a blog

When signing up, users choose their password and we are hashing them into the meta field of the signups table.
When users activate their accounts, we directly run a query to replace the password automatically generated by WordPress to what the users chose. For the "signup with a blog" case, it appears this is not taking in account because the created users is cached and the xprofile_sync_wp_profile() function is reseting the password to the cached version.
To avoid this, as soon as we run the direct query, we are cleaning the cached object of the created user.

Fixes #7173 (2.6 branch)

File:
1 edited

Legend:

Unmodified
Added
Removed
  • branches/2.6/tests/phpunit/testcases/members/functions.php

    r10800 r10939  
    588588        $this->assertSame( bp_get_signup_page(), wp_registration_url() );
    589589    }
     590
     591    /**
     592     * @group bp_core_activate_signup
     593     */
     594    public function test_bp_core_activate_signup_password() {
     595        global $wpdb;
     596
     597
     598        $signups = array( 'no-blog' =>
     599            array( 'signup_id' => $this->factory->signup->create( array(
     600                    'user_login'     => 'noblog',
     601                    'user_email'     => 'noblog@example.com',
     602                    'activation_key' => 'no-blog',
     603                    'meta' => array(
     604                        'field_1' => 'Foo Bar',
     605                        'password' => 'foobar',
     606                    ),
     607            ) ),
     608                'password' => 'foobar',
     609            ),
     610        );
     611
     612        if ( is_multisite() ) {
     613            $signups['ms-blog'] = array( 'signup_id' => $this->factory->signup->create( array(
     614                    'user_login'     => 'msblog',
     615                    'user_email'     => 'msblog@example.com',
     616                    'domain'         => get_current_site()->domain,
     617                    'path'           => get_current_site()->path . 'ms-blog',
     618                    'title'          => 'Ding Dang',
     619                    'activation_key' => 'ms-blog',
     620                    'meta' => array(
     621                        'field_1'  => 'Ding Dang',
     622                        'password' => 'dingdang',
     623                    ),
     624                ) ),
     625                'password' => 'dingdang',
     626            );
     627        }
     628
     629        // Neutralize db errors
     630        $suppress = $wpdb->suppress_errors();
     631
     632        foreach ( $signups as $key => $data ) {
     633            $u = bp_core_activate_signup( $key );
     634
     635            $this->assertEquals( get_userdata( $u )->user_pass, $data['password'] );
     636        }
     637
     638        $wpdb->suppress_errors( $suppress );
     639    }
    590640}
Note: See TracChangeset for help on using the changeset viewer.