PMCORE-1296

tests/unit/workflow/engine/methods/users/UsersAjaxTest.php

@@ -3,6 +3,7 @@
 namespace Tests\unit\workflow\engine\methods\users;
 
 use ProcessMaker\Model\Configuration;
+use ProcessMaker\Model\RbacUsersRoles;
 use ProcessMaker\Model\User;
 use RBAC;
 use Tests\TestCase;
@@ -58,15 +59,100 @@ class UsersAjaxTest extends TestCase
         //Clean the output buffer and turn off output buffering
         ob_end_clean();
 
-        //Decode the JSON string
+        //Removing the BOM (Byte Order Mark)
-        $res = json_decode($outputBuffer);
+        if (0 === strpos(bin2hex($outputBuffer), 'efbbbf')) {
+            //Decode the JSON string
+            $res = json_decode(substr($outputBuffer, 3));
+        } else {
+            //Decode the JSON string
+            $res = json_decode($outputBuffer);
+        }
 
         //Assert the call was success
         $this->assertTrue($res->success);
         //Assert the result corresponds to the user logged
         $this->assertEquals($usrUid, $res->user->USR_UID);
         //Assert the default menu is set
-        $this->assertEquals('PM_EDIT_USER_PROFILE_DEFAULT_MAIN_MENU_OPTIONS',
+        $this->assertEquals(
-            $res->permission->PREF_DEFAULT_MENUSELECTED);
+            'PM_EDIT_USER_PROFILE_DEFAULT_MAIN_MENU_OPTIONS',
+            $res->permission->PREF_DEFAULT_MENUSELECTED
+        );
     }
-}
+
+    /**
+     * Tests the user ajax file with the userData action
+     * @test
+     */
+    public function it_tests_the_user_ajax_file_with_save_personal_info_action()
+    {
+        //Declare the global variable
+        global $RBAC;
+        //Creates the user factory
+        $user2 = factory(User::class)->create(
+            [
+                'USR_ROLE' => 'PROCESSMAKER_ADMIN',
+                'USR_EMAIL' => 'test@processmaker.com'
+            ]
+        );
+        $usrUid = $user2['USR_UID'];
+        //Creates the configuration factory
+        factory(Configuration::class)->create([
+            'CFG_UID' => 'USER_PREFERENCES',
+            'OBJ_UID' => '',
+            'CFG_VALUE' => 'a:3:{s:12:"DEFAULT_LANG";s:0:"";s:12:"DEFAULT_MENU";s:8:"PM_SETUP";s:18:"DEFAULT_CASES_MENU";s:0:"";}',
+            'PRO_UID' => '',
+            'USR_UID' => $usrUid,
+            'APP_UID' => '',
+        ]);
+
+        //Creates the UsersRoles factory
+        factory(RbacUsersRoles::class)->create(
+            [
+                'USR_UID' => $usrUid,
+                'ROL_UID' => '00000000000000000000000000000002'
+            ]
+        );
+
+        //Sets the needed variables
+        $_SESSION['USER_LOGGED'] = $usrUid;
+        $_POST['action'] = 'savePersonalInfo';
+        $_POST['USR_UID'] = $usrUid;
+        $_POST['USR_EMAIL'] = "andrea.Adamczyk@processmaker.com";
+        $_POST['_token'] = 'b8sbHBMAcdwZ40W1Epf2A5leyJq3mArcnTjoToXU';
+        $_SESSION['USR_CSRF_TOKEN'] = 'b8sbHBMAcdwZ40W1Epf2A5leyJq3mArcnTjoToXU';
+        $_FILES['USR_PHOTO'] = ['name' => '', 'type' => '', 'tmp_name' => '', 'error' => 4, 'size' => 0];
+        $RBAC = RBAC::getSingleton(PATH_DATA, session_id());
+        $RBAC->initRBAC();
+        $RBAC->loadUserRolePermission('PROCESSMAKER', $_SESSION['USER_LOGGED']);
+
+        //Turn on output buffering
+        ob_start();
+
+        //Call the tested file
+        require PATH_TRUNK . 'workflow/engine/methods/users/usersAjax.php';
+
+        //Return the contents of the output buffer
+        $outputBuffer = ob_get_contents();
+
+        //Clean the output buffer and turn off output buffering
+        ob_end_clean();
+
+        //Removing the BOM (Byte Order Mark)
+        if (0 === strpos(bin2hex($outputBuffer), 'efbbbf')) {
+            //Decode the JSON string
+            $res = json_decode(substr($outputBuffer, 3));
+        } else {
+            //Decode the JSON string
+            $res = json_decode($outputBuffer);
+        }
+
+        //It asserts the result is success
+        $this->assertTrue($res->success);
+
+        //Get the edited user
+        $resUser = User::where('USR_UID', '=', $usrUid)->get();
+
+        //It asserts the user's email has been converted to lowercase
+        $this->assertEquals($resUser[0]->USR_EMAIL, strtolower($_POST['USR_EMAIL']));
+    }
+}

workflow/engine/methods/login/retrivePassword.php

@@ -8,6 +8,7 @@ global $RBAC;
 $rbacUser = new RbacUsers();
 $user = new Users();
 $data['USR_USERNAME'] = strip_tags($data['USR_USERNAME']);
+$data['USR_EMAIL'] = strtolower($data['USR_EMAIL']);
 $userData = $rbacUser->getByUsername($data['USR_USERNAME']);
 $userExists = $userData === false ? false : true;
 
@@ -102,4 +103,3 @@ if ($userExists === true && $userData['USR_EMAIL'] != '' && $userData['USR_EMAIL
     G::SendTemporalMessage($msg, "warning", 'string');
     G::header('location: forgotPassword');
 }
-

workflow/engine/methods/users/usersAjax.php

@@ -5,6 +5,7 @@ use ProcessMaker\BusinessModel\User as BmUser;
 // Sanitizing the values sent in the global variables
 $filter = new InputFilter();
 $_POST = $filter->xssFilterHard($_POST);
+
 if (isset($_SESSION['USER_LOGGED'])) {
     $_SESSION['USER_LOGGED'] = $filter->xssFilterHard($_SESSION['USER_LOGGED']);
 }
@@ -145,6 +146,10 @@ try {
                 $permissionsToSaveData = $user->getPermissionsForEdit();
                 $form = $user->checkPermissionForEdit($_SESSION['USER_LOGGED'], $permissionsToSaveData, $form);
 
+                if (!empty($form["USR_EMAIL"])) {
+                    $form["USR_EMAIL"] = strtolower($form["USR_EMAIL"]);
+                }
+                    
                 switch ($_POST['action']) {
                     case 'saveUser':
                         if (!$user->checkPermission($_SESSION['USER_LOGGED'], 'PM_USERS')) {