update changelog; try and improve tests

CHANGELOG.TXT

@@ -6,6 +6,11 @@
 #
 # Further details on the project are available at https://github.com/postfixadmin/postfixadmin
 
+Version 3.3.3 - 2021/01/14
+-------------------------------------------------
+   - Improve error handling around login (require non-empty password; cope with pacrypt() throwing an exception; see https://github.com/postfixadmin/postfixadmin/issues/420)
+   - Improve setup.php (show error messages in admin creation form, fix unable to create admin - see https://github.com/postfixadmin/postfixadmin/issues/418)
+
 Version 3.3.2 - 2021/01/13
 -------------------------------------------------
    - Add in the ability to specify a hash prefix with php_crypt password format, useful for Dovecot replacement. ( https://github.com/postfixadmin/postfixadmin/issues/344 )

model/PFAHandler.php

@@ -560,7 +560,7 @@ public function save() : bool {
                     break;
                 case 'pass':
                     $val = (string) $val;
-                    $db_values[$key] = pacrypt($val);
+                    $db_values[$key] = pacrypt($val); // throws Exception
                     break;
                 case 'b64p':
                     $db_values[$key] = base64_encode($val);

tests/LoginTest.php

@@ -2,8 +2,12 @@
 
 class LoginTest extends \PHPUnit\Framework\TestCase {
     public function setUp(): void {
+        global $CONF;
+
         $this->cleanUp();
 
+        $CONF['pacrypt'] = 'md5'; // crap
+
         db_execute("INSERT INTO domain(`domain`, description, transport) values ('example.com', 'test', 'foo')", [], true);
 
         db_execute(
@@ -40,6 +44,32 @@ public function testInvalidUsers() {
     }
 
 
+    public function testEmptyStringWithDovecot() {
+        global $CONF;
+
+        if (!file_exists('/usr/bin/doveadm')) {
+            $this->markTestSkipped("/usr/bin/doveadm doesn't exist.");
+        }
+
+        $CONF['encrypt'] = 'dovecot:sha512';
+
+
+        db_execute(
+            "UPDATE mailbox SET password = :password WHERE username = :username",
+            [
+                'username' => 'test@example.com',
+                'password' => '{SHA512}ClAmHr0aOQ/tK/Mm8mc8FFWCpjQtUjIElz0CGTN/gWFqgGmwElh89WNfaSXxtWw2AjDBmyc1AO4BPgMGAb8kJQ==', // pacrypt('foobar'),
+            ]
+        );
+
+        $l = new Login('mailbox');
+        $this->assertFalse($l->login('test@example.com', ''));
+
+        $this->assertTrue($l->login('test@example.com', 'foobar'));
+
+        $this->assertFalse($l->login('test@fails.com', 'foobar'));
+    }
+
     public function testValidLogin() {
         $login = new Login('mailbox');
 

tests/PacryptTest.php

@@ -11,7 +11,6 @@ public function testMd5Crypt() {
     }
 
     public function testCrypt() {
-
         // E_NOTICE if we pass in '' for the salt
         $hash = _pacrypt_crypt('test', 'sa');
 
@@ -55,7 +54,8 @@ public function testAuthlib() {
                 'md5' => 'CY9rzUYh03PK3k6DJie09g==',
                 // crypt requires salt ...
                 'SHA' => 'qUqP5cyxm6YcTAhz05Hph5gvu9M='
-            ] as $flavour => $hash) {
+            ] as $flavour => $hash
+        ) {
             $CONF['authlib_default_flavour'] = $flavour;
 
             $stored = "{" . $flavour . "}$hash";
@@ -80,6 +80,13 @@ public function testPacryptDovecot() {
         $this->assertEquals($expected_hash, _pacrypt_dovecot('test', ''));
 
         $this->assertEquals($expected_hash, _pacrypt_dovecot('test', $expected_hash));
+
+        // This should also work.
+        $sha512 = '{SHA512}ClAmHr0aOQ/tK/Mm8mc8FFWCpjQtUjIElz0CGTN/gWFqgGmwElh89WNfaSXxtWw2AjDBmyc1AO4BPgMGAb8kJQ=='; // foobar
+        $this->assertEquals($sha512, _pacrypt_dovecot('foobar', $sha512));
+
+        $sha512 = '{SHA512}ClAmHr0aOQ/tK/Mm8mc8FFWCpjQtUjIElz0CGTN/gWFqgGmwElh89WNfaSXxtWw2AjDBmyc1AO4BPgMGAb8kJQ=='; // foobar
+        $this->assertNotEquals($sha512, _pacrypt_dovecot('foobarbaz', $sha512));
     }
 
     public function testPhpCrypt() {