diff options
| author | Marc Alexander <admin@m-a-styles.de> | 2013-06-16 23:55:33 +0200 |
|---|---|---|
| committer | Marc Alexander <admin@m-a-styles.de> | 2013-09-14 13:53:08 +0200 |
| commit | 4b81b93d102b1657ab59cbc98cfa5c1d66d94304 (patch) | |
| tree | d43eeb13ae2c45623e6a80551c0f8e18bc0784f2 | |
| parent | 7ddf004489879aa0cc21fcd69225ab78ef472d50 (diff) | |
| download | forums-4b81b93d102b1657ab59cbc98cfa5c1d66d94304.tar forums-4b81b93d102b1657ab59cbc98cfa5c1d66d94304.tar.gz forums-4b81b93d102b1657ab59cbc98cfa5c1d66d94304.tar.bz2 forums-4b81b93d102b1657ab59cbc98cfa5c1d66d94304.tar.xz forums-4b81b93d102b1657ab59cbc98cfa5c1d66d94304.zip | |
[feature/passwords] Make sure hash has the required length
Also added tests to make sure that crypto drivers are enforcing the hash
length.
PHPBB3-11610
| -rw-r--r-- | phpBB/includes/crypto/driver/bcrypt.php | 4 | ||||
| -rw-r--r-- | tests/crypto/manager_test.php | 16 |
2 files changed, 17 insertions, 3 deletions
diff --git a/phpBB/includes/crypto/driver/bcrypt.php b/phpBB/includes/crypto/driver/bcrypt.php index d98bf8c940..c6334d1779 100644 --- a/phpBB/includes/crypto/driver/bcrypt.php +++ b/phpBB/includes/crypto/driver/bcrypt.php @@ -53,6 +53,10 @@ class phpbb_crypto_driver_bcrypt extends phpbb_crypto_driver_base } $hash = crypt($password, $salt); + if (strlen($hash) < 60) + { + return false; + } return $hash; } diff --git a/tests/crypto/manager_test.php b/tests/crypto/manager_test.php index a6172c52b1..36ea277602 100644 --- a/tests/crypto/manager_test.php +++ b/tests/crypto/manager_test.php @@ -16,6 +16,8 @@ require_once dirname(__FILE__) . '/../../phpBB/includes/crypto/driver/helper.php class phpbb_crypto_manager_test extends PHPUnit_Framework_TestCase { + protected $crypto_drivers; + public function setUp() { global $phpbb_root_path, $phpEx; @@ -26,14 +28,14 @@ class phpbb_crypto_manager_test extends PHPUnit_Framework_TestCase // Prepare dependencies for manager and driver $config = new phpbb_config(array()); - $crypto_drivers = array( + $this->crypto_drivers = array( 'crypto.driver.bcrypt' => new phpbb_crypto_driver_bcrypt($config), 'crypto.driver.bcrypt_2y' => new phpbb_crypto_driver_bcrypt_2y($config), 'crypto.driver.salted_md5' => new phpbb_crypto_driver_salted_md5($config), 'crypto.driver.phpass' => new phpbb_crypto_driver_phpass($config), ); - foreach ($crypto_drivers as $key => $driver) + foreach ($this->crypto_drivers as $key => $driver) { $this->phpbb_container->set($key, $driver); } @@ -42,7 +44,7 @@ class phpbb_crypto_manager_test extends PHPUnit_Framework_TestCase $config['allow_avatar_' . get_class($this->avatar_barfoo)] = false; */ // Set up avatar manager - $this->manager = new phpbb_crypto_manager($config, $this->phpbb_container, $crypto_drivers); + $this->manager = new phpbb_crypto_manager($config, $this->phpbb_container, $this->crypto_drivers); } public function hash_password_data() @@ -115,4 +117,12 @@ class phpbb_crypto_manager_test extends PHPUnit_Framework_TestCase $test_word = str_shuffle($test_word); } } + + public function test_hash_password_length() + { + foreach ($this->crypto_drivers as $driver) + { + $this->assertEquals(false, $driver->hash('foobar', 'foobar')); + } + } } |