View source
<?php
namespace Drupal\Tests\Core\Password;
use Drupal\Core\Password\PhpassHashedPassword;
use Drupal\Core\Password\PasswordInterface;
use Drupal\Tests\UnitTestCase;
class PasswordHashingTest extends UnitTestCase {
protected $user;
protected $password;
protected $md5HashedPassword;
protected $hashedPassword;
protected $passwordHasher;
protected function setUp() {
parent::setUp();
$this->password = $this
->randomMachineName();
$this->passwordHasher = new PhpassHashedPassword(1);
$this->hashedPassword = $this->passwordHasher
->hash($this->password);
$this->md5HashedPassword = 'U' . $this->passwordHasher
->hash(md5($this->password));
}
public function testWithinBounds() {
$hasher = new FakePhpassHashedPassword();
$this
->assertEquals(PhpassHashedPassword::MIN_HASH_COUNT, $hasher
->enforceLog2Boundaries(1), "Min hash count enforced");
$this
->assertEquals(PhpassHashedPassword::MAX_HASH_COUNT, $hasher
->enforceLog2Boundaries(100), "Max hash count enforced");
}
public function testPasswordNeedsUpdate() {
$this
->assertTrue($this->passwordHasher
->needsRehash($this->md5HashedPassword), 'Upgraded md5 password hash needs a new hash.');
}
public function testPasswordHashing() {
$this
->assertSame(PhpassHashedPassword::MIN_HASH_COUNT, $this->passwordHasher
->getCountLog2($this->hashedPassword), 'Hashed password has the minimum number of log2 iterations.');
$this
->assertNotEquals($this->hashedPassword, $this->md5HashedPassword, 'Password hashes not the same.');
$this
->assertTrue($this->passwordHasher
->check($this->password, $this->md5HashedPassword), 'Password check succeeds.');
$this
->assertTrue($this->passwordHasher
->check($this->password, $this->hashedPassword), 'Password check succeeds.');
$this
->assertFalse($this->passwordHasher
->needsRehash($this->hashedPassword), 'Does not need a new hash.');
}
public function testPasswordRehashing() {
$password_hasher = new PhpassHashedPassword(PhpassHashedPassword::MIN_HASH_COUNT + 1);
$this
->assertTrue($password_hasher
->needsRehash($this->hashedPassword), 'Needs a new hash after incrementing the log2 count.');
$rehashed_password = $password_hasher
->hash($this->password);
$this
->assertSame(PhpassHashedPassword::MIN_HASH_COUNT + 1, $password_hasher
->getCountLog2($rehashed_password), 'Re-hashed password has the correct number of log2 iterations.');
$this
->assertNotEquals($rehashed_password, $this->hashedPassword, 'Password hash changed again.');
$this
->assertFalse($password_hasher
->needsRehash($rehashed_password), 'Re-hashed password does not need a new hash.');
$this
->assertTrue($password_hasher
->check($this->password, $rehashed_password), 'Password check succeeds with re-hashed password.');
$this
->assertTrue($this->passwordHasher
->check($this->password, $rehashed_password), 'Password check succeeds with re-hashed password with original hasher.');
}
public function testLongPassword($password, $allowed) {
$hashed_password = $this->passwordHasher
->hash($password);
if ($allowed) {
$this
->assertNotFalse($hashed_password);
}
else {
$this
->assertFalse($hashed_password);
}
}
public function providerLongPasswords() {
$passwords['allowed'] = [
str_repeat('x', PasswordInterface::PASSWORD_MAX_LENGTH),
TRUE,
];
$passwords['too_long'] = [
str_repeat('x', PasswordInterface::PASSWORD_MAX_LENGTH + 1),
FALSE,
];
$len = floor(PasswordInterface::PASSWORD_MAX_LENGTH / 3);
$diff = PasswordInterface::PASSWORD_MAX_LENGTH % 3;
$passwords['utf8'] = [
str_repeat('€', $len),
TRUE,
];
$passwords['ut8_extended'] = [
$passwords['utf8'][0] . str_repeat('x', $diff),
TRUE,
];
$passwords['utf8_too_long'] = [
str_repeat('€', $len + 1),
FALSE,
];
return $passwords;
}
}
class FakePhpassHashedPassword extends PhpassHashedPassword {
public function __construct() {
}
public function enforceLog2Boundaries($count_log2) {
return parent::enforceLog2Boundaries($count_log2);
}
}