From 26ddd87f3a4039e2d391fe6fc07dff0995d770ac Mon Sep 17 00:00:00 2001
From: Patrick Barroca <pbarroca@afi-sa.fr>
Date: Fri, 24 Nov 2017 16:35:50 +0100
Subject: [PATCH] upgrade all admins to hashed pass

---
 cosmogramme/sql/patch/patch_338.php |  4 ++++
 tests/db/UpgradeDBTest.php          | 19 +++++++++++++++++++
 2 files changed, 23 insertions(+)
 create mode 100644 cosmogramme/sql/patch/patch_338.php

diff --git a/cosmogramme/sql/patch/patch_338.php b/cosmogramme/sql/patch/patch_338.php
new file mode 100644
index 00000000000..827e352bc83
--- /dev/null
+++ b/cosmogramme/sql/patch/patch_338.php
@@ -0,0 +1,4 @@
+<?php
+
+foreach(Class_Users::findAllBy(['where' => 'role_level > 2']) as $user)
+  $user->save();
diff --git a/tests/db/UpgradeDBTest.php b/tests/db/UpgradeDBTest.php
index 83773d7f258..5dcef8ae354 100644
--- a/tests/db/UpgradeDBTest.php
+++ b/tests/db/UpgradeDBTest.php
@@ -1774,3 +1774,22 @@ class UpgradeDB_337_Test extends UpgradeDBTestCase {
     $this->assertColumn('multimedia_device', 'note');
   }
 }
+
+
+
+class UpgradeDB_338_Test extends UpgradeDBTestCase {
+  public function prepare() {
+    try {
+      $this->query('update bib_admin_users set password="pass" where id_user=1');
+    } catch(Exception $e) {}
+  }
+
+
+  /** @test */
+  public function adminPasswordShouldBeHashed() {
+    $datas = $this->query('select password from bib_admin_users where id_user=1')
+                  ->fetch();
+
+    $this->assertEquals('$2y$', substr($datas['password'], 0, 4));
+  }
+}
-- 
GitLab