Testing login listener with password rehash tips

Posted 1 month ago by ThePoet444

I figure it's time I start to learn testing. With that in mind, I've went and stumped myself. I have a listener that catches for the auth attempting event. Basically, if the user is logging in, it checks the DB for the old hashing pattern and just uses the credentials to rehash into the proper bcrypt (or whatever newer hashing) laravel has. This works, as I can test actually logging in. However, on some very rare occasions, and for reasons I can't track down, sometimes it stores the password as plain text. This is very very very bad. So.. testing is required. I'm going to go back and rewatch all the testing videos I can find on here, but having a starting point would be helpful.

Questions I have are:

What keywords should I be searching for so I can learn to test listeners and password changes in the DB? What types of things should I be aware of when writing tests for this? What fringe test cases would you recommend I test for?

Thanks everyone!

For reference, here is my listener:

AuthAttemptListener.php

public function handle(Attempting $event)
    {
        $user = User::where('password', crypt(stripslashes($event->credentials['password']), 'secret_phrase'))->first();

        if ($user) {
            $user->password = Hash::make($event->credentials['password']);
            $user->save();
        }
    }

Please sign in or create an account to participate in this conversation.