xaizek / rocketgit (License: AGPLv3+) (since 2018-12-09)
Light and fast Git hosting solution suitable to serve both as a hub or as a personal code storage with its tickets, pull requests, API and much more.
Clone URLs: https://code.reversed.top/user/xaizek/rocketgit ssh://rocketgit@code.reversed.top/user/xaizek/rocketgit
v0.0 v0.1 v0.10 v0.11 v0.12 v0.13 v0.14 v0.15 v0.17 v0.18 v0.19 v0.2 v0.20 v0.21 v0.22 v0.23 v0.24 v0.25 v0.27 v0.28 v0.29 v0.31 v0.32 v0.33 v0.34 v0.35 v0.36 v0.38 v0.39 v0.40 v0.41 v0.42 v0.43 v0.44 v0.45 v0.46 v0.47 v0.48 v0.49 v0.50 v0.51 v0.52 v0.53 v0.54 v0.55 v0.56 v0.57 v0.58 v0.60 v0.61 v0.62 v0.63 v0.64 v0.65 v0.66 v0.67 v0.68 v0.69 v0.70 local master
<root> / tests / http_forgot.php (60369fba6fc144d10fc9de876f1f9ee4f5bded3d) (3,395B) (mode 100644) [raw]
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139 140 
<?php
//
// Will test the forgot password feature
//

error_reporting(E_ALL | E_STRICT);
ini_set("track_errors", "On");

$rg_cache_debug = TRUE;
$test_normal = TRUE;

$INC = dirname(__FILE__) . "/../inc";
require_once(dirname(__FILE__) . "/config.php");
require_once($INC . "/init.inc.php");
require_once($INC . "/util.inc.php");
require_once("helpers.inc.php");
require_once("http.inc.php");

rg_log_set_file("http_forgot.log");

require_once("common.php");

$_testns = 'http_forgot';


$rg_user_max_len = 60;

prepare_http();
rg_test_create_user($db, $rg_ui);


rg_log('');
rg_log_enter('Loading forgot_send form...');
$data = array(); $headers = array();
$r = do_req($test_url . '/op/forgot_send', $data, $headers);
if ($r === FALSE) {
	rg_log("Cannot load forgot pass page!");
	exit(1);
}
rg_log('Posting the forgot_send form...');
$data = array(
	'email' => $rg_ui['email'],
	'doit' => 1
	);
$headers = array();
$r = do_req($test_url . '/op/forgot_send', $data, $headers);
if (!strstr($r['body'], 'your inbox and follow the instructions')) {
	rg_log_ml('r: ' . print_r($r, TRUE));
	rg_log("Cannot post forgot pass form!");
	exit(1);
}
$sql = 'SELECT token FROM forgot_pass WHERE uid = ' . $rg_ui['uid'];
$res = rg_sql_query($db, $sql);
$rows = rg_sql_num_rows($res);
if ($rows > 0)
	$row = rg_sql_fetch_array($res);
rg_sql_free_result($res);
if ($rows != 1) {
	rg_log("Seems the token is not in the database or there are multiple"
		. " ones (rows=" . $rows . ")!");
	exit(1);
}
$db_token = $row['token'];
rg_log_exit();


rg_log('');
rg_log_enter('Loading token from mail...');
$k = 'DEBUG::0::mail::mail/user/forgot/recover';
$c = test_wait_cache($k);
if (!isset($c['body'])) {
	rg_log_ml(print_r($c, TRUE));
	rg_log('No body in c var!');
	exit(1);
}
$s = strstr($c['body'], '/op/forgot_link/');
if ($s === FALSE) {
	rg_log_ml(print_r($c['body'], TRUE));
	rg_log('No link in body!');
	exit(1);
}

$s = substr($s, 16, 20);
if (strcmp($db_token, $s) != 0) {
	rg_log('db token != mail token! [' . $db_token . '] != [' . $s . ']');
	exit(1);
}

// we add junk because I've seen cases when some junk was appended
$s .= 'junk';

rg_log('Loading the forgot link form...');
$data = array(); $headers = array();
$r = do_req($test_url . '/op/forgot_link/' . $s, $data, $headers);
if ($r === FALSE) {
	rg_log("Cannot load forgot_link page!");
	exit(1);
}

rg_log('Posting the forgot link form...');
$pass = rg_id(10);
$data = array(
	'forgot_token' => $s,
	'pass1' => $pass,
	'pass2' => $pass,
	'lock_ip' => 1,
	'doit' => 1
	);
$headers = array();
$r = do_req($test_url . '/op/forgot_link', $data, $headers);
if (!strstr($r['body'], 'Home page of user')) {
	rg_log_ml('r: ' . print_r($r, TRUE));
	rg_log('Cannot post forgot link form'
		. ' ("Home page of user" string not found)!');
	exit(1);
}
$sql = 'SELECT salt, pass FROM users WHERE uid = ' . $rg_ui['uid'];
$res = rg_sql_query($db, $sql);
$rows = rg_sql_num_rows($res);
if ($rows > 0)
	$row = rg_sql_fetch_array($res);
rg_sql_free_result($res);
if ($rows != 1) {
	rg_log('Seems the password was not changed!');
	exit(1);
}
$good_pass = rg_user_pass($row['salt'], $pass);
if (strcmp($good_pass, $row['pass']) != 0) {
	rg_log_ml('row: ' . print_r($row, TRUE));
	rg_log('passwords are not the same pass=[' . $pass . ']!');
	exit(1);
}
rg_log_exit();

// TODO: make sure that the entry from forgot_pass is gone


rg_prof_log();
rg_log("OK!");
?>
Hints
Before first commit, do not forget to setup your git environment:
git config --global user.name "your_name_here"
git config --global user.email "your@email_here"

Clone this repository using HTTP(S):
git clone https://code.reversed.top/user/xaizek/rocketgit

Clone this repository using ssh (do not forget to upload a key first):
git clone ssh://rocketgit@code.reversed.top/user/xaizek/rocketgit

You are allowed to anonymously push to this repository.
This means that your pushed commits will automatically be transformed into a pull request:
... clone the repository ...
... make some changes and some commits ...
git push origin master