diff options
| -rw-r--r-- | phpBB/phpbb/passwords/driver/salted_md5.php | 16 | ||||
| -rw-r--r-- | tests/passwords/manager_test.php | 21 |
2 files changed, 24 insertions, 13 deletions
diff --git a/phpBB/phpbb/passwords/driver/salted_md5.php b/phpBB/phpbb/passwords/driver/salted_md5.php index 23ae25c0c9..c44da540a6 100644 --- a/phpBB/phpbb/passwords/driver/salted_md5.php +++ b/phpBB/phpbb/passwords/driver/salted_md5.php @@ -41,7 +41,13 @@ class salted_md5 extends \phpbb\passwords\driver\base { if (($settings = $this->get_hash_settings($setting)) === false) { - return false; + // Return md5 of password if settings do not + // comply with our standards. This will only + // happen if pre-determined settings are + // directly passed to the driver. The manager + // will not do this. Same as the old hashing + // implementatio in phpBB 3.0 + return md5($password); } } else @@ -59,13 +65,7 @@ class salted_md5 extends \phpbb\passwords\driver\base $output = $settings['full']; $output .= $this->helper->hash_encode64($hash, 16); - if (strlen($output) == 34) - { - return $output; - } - - // Should we really just return the md5 of the password? O.o - return md5($password); + return $output; } /** diff --git a/tests/passwords/manager_test.php b/tests/passwords/manager_test.php index 568c53be3f..77955bd464 100644 --- a/tests/passwords/manager_test.php +++ b/tests/passwords/manager_test.php @@ -149,17 +149,28 @@ class phpbb_passwords_manager_test extends PHPUnit_Framework_TestCase $this->assertEquals($expected, $this->manager->check($password, $hash)); } - public function test_hash_password_length() + public function data_hash_password_length() { - foreach ($this->passwords_drivers as $driver) - { - $this->assertEquals(false, $driver->hash('foobar', 'foobar')); - } + return array( + array('passwords.driver.bcrypt', false), + array('passwords.driver.bcrypt_2y', false), + array('passwords.driver.salted_md5', '3858f62230ac3c915f300c664312c63f'), + array('passwords.driver.phpass', '3858f62230ac3c915f300c664312c63f'), + ); + } + + /** + * @dataProvider data_hash_password_length + */ + public function test_hash_password_length($driver, $expected) + { + $this->assertEquals($expected, $this->passwords_drivers[$driver]->hash('foobar', 'foobar')); } public function test_hash_password_8bit_bcrypt() { $this->assertEquals(false, $this->manager->hash('foobarš¯„˛', 'passwords.driver.bcrypt')); + $this->assertNotEquals(false, $this->manager->hash('foobarš¯„˛', 'passwords.driver.bcrypt_2y')); } public function test_combined_hash_data() |