[#9320] - Update Random Compat Library
- Closed
- 7 Mar 2016
- Medium
- Build: staging
- # 9320
- Diff
- joomla:random_compat
- Success Human Test Results: 2 Successful 0 Failed. Details
User tests: Successful: Unsuccessful:
Pull Request for Issue #9157 .
Summary of Changes
Updates the random compat library through composer. The random_compat library has the random_bytes() backport which is used in the installer to generate the site's secret and to generate random passwords for users
Testing Instructions
Download the full branch from https://github.com/joomla/joomla-cms/archive/random_compat.zip and ensure that you can still install the CMS correctly. Check in your configuration.php file that a random string has been generated for your sites secret key (generating the secret key is where this library is used).
Creating a new user without specifying a password should cause a random password to be generated. Ensure that for a few different users the password generated is different each time.
| Status | New | ⇒ | Pending |
joomla-cms-bot
- | Labels |
Added:
?
?
?
|
||
| Milestone |
Added: |
||
Commit 201fefd1f7a469414fd3333bf7b7a84faa9d1929 looks like authentic random_compat 1.2.1, so 
Thankyou!
I have tested this item 
successfully on 201fefd
Followed test instructions and worked as it should.
This comment was created with the J!Tracker Application at issues.joomla.org/joomla-cms/9320.
I have tested this item successfully on 201fefd
I have tested this. All of the users had the same beginning of their password, but the rest was different. I don't see that as an issue but I don't really see the point in this patch so perhaps that information helps.
Would it be more useful if there was a system message informing us of the password that was created?
The secret key was generated, although this has always been the case so I don't know if that was any different.
Tested on Siteground. Generated 3 users. George, you have me in Glip if you have questions.
This comment was created with the J!Tracker Application at issues.joomla.org/joomla-cms/9320.
I have tested this. All of the users had the same beginning of their password, but the rest was different.
That's expected. The $2y$10$ prefix comes from the password hashing mechanism and isn't related to testing this patch.
The secret key was generated, although this has always been the case so I don't know if that was any different.
That's a good test. During the 3.5 beta releases Joomla's random number generator was changed to use a native PHP 7 function which is backported to PHP 5 through this library, so the test mechanism to validate updates to this library on PHP 5 installations is that it still generates random values without error, one of which is the secret key which is generated during installation.
| Status | Pending | ⇒ | Ready to Commit |
| Labels | |||
| Labels |
Added:
?
|
||
| Labels | |||
| Category | ⇒ | External Library |
mine is 5.6.18
| Status | Ready to Commit | ⇒ | Closed |
| Closed_Date | 0000-00-00 00:00:00 | ⇒ | 2016-03-07 15:08:16 |
| Closed_By | ⇒ | wilsonge |
| Labels |
Removed:
?
|
||
| Labels |
Removed:
?
|
||
@mbabker @paragonie-scott could you just give this a code review once over please :) Thanks