2 namespace TYPO3\CMS\Saltedpasswords\Tests\Unit\Salt;
36 $this->objectInstance = $this->getMock(\TYPO3\CMS\Saltedpasswords\Salt\PhpassSalt::class, array(
'dummy'));
44 $hasCorrectBaseClass = get_class($this->objectInstance) === \TYPO3\CMS\Saltedpasswords\Salt\PhpassSalt::class;
46 if (!$hasCorrectBaseClass &&
false != get_parent_class($this->objectInstance)) {
47 $hasCorrectBaseClass = is_subclass_of($this->objectInstance, \TYPO3\CMS\Saltedpasswords\Salt\PhpassSalt::class);
49 $this->assertTrue($hasCorrectBaseClass);
57 $this->assertTrue($this->objectInstance->getSaltLength() > 0);
66 $this->assertNull($this->objectInstance->getHashedPassword($password));
75 $this->assertNotNull($this->objectInstance->getHashedPassword($password));
83 $password =
'password';
84 $saltedHashPassword = $this->objectInstance->getHashedPassword($password);
85 $this->assertTrue($this->objectInstance->isValidSaltedPW($saltedHashPassword));
93 $password =
'password';
95 $randomBytes = \TYPO3\CMS\Core\Utility\GeneralUtility::generateRandomBytes($this->objectInstance->getSaltLength());
96 $salt = $this->objectInstance->base64Encode($randomBytes, $this->objectInstance->getSaltLength());
97 $this->assertTrue($this->objectInstance->isValidSalt($salt));
98 $saltedHashPassword = $this->objectInstance->getHashedPassword($password, $salt);
99 $this->assertTrue($this->objectInstance->isValidSaltedPW($saltedHashPassword));
107 $password =
'password';
108 $minHashCount = $this->objectInstance->getMinHashCount();
109 $this->objectInstance->setHashCount($minHashCount);
110 $saltedHashPassword = $this->objectInstance->getHashedPassword($password);
111 $this->assertTrue($this->objectInstance->isValidSaltedPW($saltedHashPassword));
113 $this->objectInstance->setHashCount(null);
126 $password =
'aEjOtY';
127 $saltedHashPassword = $this->objectInstance->getHashedPassword($password);
128 $this->assertTrue($this->objectInstance->checkPassword($password, $saltedHashPassword));
142 $saltedHashPassword = $this->objectInstance->getHashedPassword($password);
143 $this->assertTrue($this->objectInstance->checkPassword($password, $saltedHashPassword));
156 $password =
' !"#$%&\'()*+,-./:;<=>?@[\\]^_`{|}~';
157 $saltedHashPassword = $this->objectInstance->getHashedPassword($password);
158 $this->assertTrue($this->objectInstance->checkPassword($password, $saltedHashPassword));
172 for ($i = 160; $i <= 191; $i++) {
173 $password .= chr($i);
175 $password .= chr(215) . chr(247);
176 $saltedHashPassword = $this->objectInstance->getHashedPassword($password);
177 $this->assertTrue($this->objectInstance->checkPassword($password, $saltedHashPassword));
191 for ($i = 192; $i <= 214; $i++) {
192 $password .= chr($i);
194 for ($i = 216; $i <= 246; $i++) {
195 $password .= chr($i);
197 for ($i = 248; $i <= 255; $i++) {
198 $password .= chr($i);
200 $saltedHashPassword = $this->objectInstance->getHashedPassword($password);
201 $this->assertTrue($this->objectInstance->checkPassword($password, $saltedHashPassword));
209 $password =
'password';
210 $password1 = $password .
'INVALID';
211 $saltedHashPassword = $this->objectInstance->getHashedPassword($password);
212 $this->assertFalse($this->objectInstance->checkPassword($password1, $saltedHashPassword));
221 $criticalPwLength = 0;
223 $saltedHashPasswordCurrent = $salt = $this->objectInstance->getHashedPassword($pad);
224 for ($i = 0; $i <= 128; $i += 8) {
225 $password = str_repeat($pad, max($i, 1));
226 $saltedHashPasswordPrevious = $saltedHashPasswordCurrent;
227 $saltedHashPasswordCurrent = $this->objectInstance->getHashedPassword($password, $salt);
228 if ($i > 0 && $saltedHashPasswordPrevious === $saltedHashPasswordCurrent) {
229 $criticalPwLength = $i;
233 $this->assertTrue($criticalPwLength == 0 || $criticalPwLength > 32,
'Duplicates of hashed passwords with plaintext password of length ' . $criticalPwLength .
'+.');
241 $minHashCount = $this->objectInstance->getMinHashCount();
242 $this->objectInstance->setMinHashCount($minHashCount - 1);
243 $this->assertTrue($this->objectInstance->getMinHashCount() < $minHashCount);
244 $this->objectInstance->setMinHashCount($minHashCount + 1);
245 $this->assertTrue($this->objectInstance->getMinHashCount() > $minHashCount);
253 $maxHashCount = $this->objectInstance->getMaxHashCount();
254 $this->objectInstance->setMaxHashCount($maxHashCount + 1);
255 $this->assertTrue($this->objectInstance->getMaxHashCount() > $maxHashCount);
256 $this->objectInstance->setMaxHashCount($maxHashCount - 1);
257 $this->assertTrue($this->objectInstance->getMaxHashCount() < $maxHashCount);
265 $hashCount = $this->objectInstance->getHashCount();
266 $this->objectInstance->setMaxHashCount($hashCount + 1);
267 $this->objectInstance->setHashCount($hashCount + 1);
268 $this->assertTrue($this->objectInstance->getHashCount() > $hashCount);
269 $this->objectInstance->setMinHashCount($hashCount - 1);
270 $this->objectInstance->setHashCount($hashCount - 1);
271 $this->assertTrue($this->objectInstance->getHashCount() < $hashCount);
273 $this->objectInstance->setHashCount(null);
281 $password =
'password';
282 $saltedHashPassword = $this->objectInstance->getHashedPassword($password);
283 $this->assertFalse($this->objectInstance->isHashUpdateNeeded($saltedHashPassword));
291 $password =
'password';
292 $saltedHashPassword = $this->objectInstance->getHashedPassword($password);
293 $increasedHashCount = $this->objectInstance->getHashCount() + 1;
294 $this->objectInstance->setMaxHashCount($increasedHashCount);
295 $this->objectInstance->setHashCount($increasedHashCount);
296 $this->assertTrue($this->objectInstance->isHashUpdateNeeded($saltedHashPassword));
298 $this->objectInstance->setHashCount(null);
306 $password =
'password';
307 $saltedHashPassword = $this->objectInstance->getHashedPassword($password);
308 $decreasedHashCount = $this->objectInstance->getHashCount() - 1;
309 $this->objectInstance->setMinHashCount($decreasedHashCount);
310 $this->objectInstance->setHashCount($decreasedHashCount);
311 $this->assertFalse($this->objectInstance->isHashUpdateNeeded($saltedHashPassword));
313 $this->objectInstance->setHashCount(null);