aboutsummaryrefslogtreecommitdiffstats
path: root/tests/passwords
diff options
context:
space:
mode:
Diffstat (limited to 'tests/passwords')
-rw-r--r--tests/passwords/drivers_test.php416
-rw-r--r--tests/passwords/manager_test.php347
2 files changed, 763 insertions, 0 deletions
diff --git a/tests/passwords/drivers_test.php b/tests/passwords/drivers_test.php
new file mode 100644
index 0000000000..5f9fd523c9
--- /dev/null
+++ b/tests/passwords/drivers_test.php
@@ -0,0 +1,416 @@
+<?php
+/**
+*
+* This file is part of the phpBB Forum Software package.
+*
+* @copyright (c) phpBB Limited <https://www.phpbb.com>
+* @license GNU General Public License, version 2 (GPL-2.0)
+*
+* For full copyright and license information, please see
+* the docs/CREDITS.txt file.
+*
+*/
+
+class phpbb_passwords_helper_test extends \phpbb_test_case
+{
+ public function setUp()
+ {
+ // Prepare dependencies for drivers
+ $config = new \phpbb\config\config(array());
+ $request = new phpbb_mock_request(array(), array(), array(), array(), array('password' => 'fööbar'));
+ $this->driver_helper = new \phpbb\passwords\driver\helper($config);
+ $phpbb_root_path = dirname(__FILE__) . '/../../phpBB/';
+ $php_ext = 'php';
+
+ $this->passwords_drivers = array(
+ 'passwords.driver.bcrypt_2y' => new \phpbb\passwords\driver\bcrypt_2y($config, $this->driver_helper),
+ 'passwords.driver.bcrypt' => new \phpbb\passwords\driver\bcrypt($config, $this->driver_helper),
+ 'passwords.driver.salted_md5' => new \phpbb\passwords\driver\salted_md5($config, $this->driver_helper),
+ 'passwords.driver.phpass' => new \phpbb\passwords\driver\phpass($config, $this->driver_helper),
+ 'passwords.driver.sha1_smf' => new \phpbb\passwords\driver\sha1_smf($config, $this->driver_helper),
+ 'passwords.driver.sha1_wcf1' => new \phpbb\passwords\driver\sha1_wcf1($config, $this->driver_helper),
+ 'passwords.driver.convert_password'=> new \phpbb\passwords\driver\convert_password($config, $this->driver_helper),
+ 'passwords.driver.sha1' => new \phpbb\passwords\driver\sha1($config, $this->driver_helper),
+ 'passwords.driver.md5_mybb' => new \phpbb\passwords\driver\md5_mybb($config, $this->driver_helper),
+ 'passwords.driver.md5_vb' => new \phpbb\passwords\driver\md5_vb($config, $this->driver_helper),
+ 'passwords.driver.sha_xf1' => new \phpbb\passwords\driver\sha_xf1($config, $this->driver_helper),
+ );
+ $this->passwords_drivers['passwords.driver.md5_phpbb2'] = new \phpbb\passwords\driver\md5_phpbb2($request, $this->passwords_drivers['passwords.driver.salted_md5'], $this->driver_helper, $phpbb_root_path, $php_ext);
+ $this->passwords_drivers['passwords.driver.bcrypt_wcf2'] = new \phpbb\passwords\driver\bcrypt_wcf2($this->passwords_drivers['passwords.driver.bcrypt'], $this->driver_helper);
+ }
+
+ public function data_helper_encode64()
+ {
+ return array(
+ array('foobar', 6, 'axqPW3aQ'),
+ array('foobar', 7, 'axqPW3aQ..'),
+ array('foobar', 5, 'axqPW34'),
+ );
+ }
+
+ /**
+ * @dataProvider data_helper_encode64
+ */
+ public function test_helper_encode64($input, $length, $output)
+ {
+ $return = $this->driver_helper->hash_encode64($input, $length);
+ $this->assertSame($output, $return);
+ }
+
+ public function data_get_random_salt()
+ {
+ return array(
+ array(24, false),
+ array(24, '/dev/foobar'),
+ );
+ }
+
+ /**
+ * @dataProvider data_get_random_salt
+ */
+ public function test_get_random_salt($length, $rand_seed)
+ {
+ $rand_string = (empty($rand_seed)) ? $this->driver_helper->get_random_salt($length) : $this->driver_helper->get_random_salt($length, $rand_seed);
+ $start = microtime(true);
+
+ // Run each test for max. 1 second
+ while ((microtime(true) - $start) < 1)
+ {
+ $urandom_string = (empty($rand_seed)) ? $this->driver_helper->get_random_salt($length) : $this->driver_helper->get_random_salt($length, $rand_seed);
+ $this->assertSame($length, strlen($urandom_string));
+ $this->assertNotSame($rand_string, $urandom_string);
+ }
+ }
+
+ public function test_get_hash_settings_salted_md5()
+ {
+ $settings = $this->passwords_drivers['passwords.driver.salted_md5']->get_hash_settings('$H$9isfrtKXWqrz8PvztXlL3.daw4U0zI1');
+ $this->assertEquals(array(
+ 'count' => pow(2, 11),
+ 'salt' => 'isfrtKXW',
+ 'full' => '$H$9isfrtKXW',
+ ),
+ $settings
+ );
+ $this->assertEquals(false, $this->passwords_drivers['passwords.driver.salted_md5']->get_hash_settings(false));
+ }
+
+ public function data_hash_sha1_smf()
+ {
+ return array(
+ array(false, 'test', array()),
+ array(false, 'test', ''),
+ array('6f9e2a1899e1f15708fd2e554103480eb53e8b57', 'foobar', array('login_name' => 'test')),
+ );
+ }
+
+ /**
+ * @dataProvider data_hash_sha1_smf
+ */
+ public function test_hash_sha1_smf($expected, $password, $user_row)
+ {
+ $this->assertSame($expected, $this->passwords_drivers['passwords.driver.sha1_smf']->hash($password, $user_row));
+ }
+
+ public function data_get_settings()
+ {
+ return array(
+ array(false, '6f9e2a1899e1f15708fd2e554103480eb53e8b57', 'passwords.driver.sha1_smf'),
+ );
+ }
+
+ /**
+ * @dataProvider data_get_settings
+ */
+ public function test_get_settings_only($expected, $hash, $driver)
+ {
+ $this->assertSame($expected, $this->passwords_drivers[$driver]->get_settings_only($hash));
+ }
+
+ public function data_md5_phpbb2_check()
+ {
+ return array(
+ array(false, 'foobar', 'ae2fc75e20ee25d4520766788fbc96ae'),
+ array(false, 'foobar', 'ae2fc75e20ee25d4520766788fbc96aeddsf'),
+ array(false, 'fööbar', 'ae2fc75e20ee25d4520766788fbc96ae'),
+ array(true, 'fööbar', 'ae2fc75e20ee25d4520766788fbc96ae', utf8_decode('fööbar')),
+ array(true, 'fööbar', '$H$966CepJh9RC3hFIm7aKywR6jEn0kpA0', utf8_decode('fööbar')),
+ array(true, 'fööbar', '$H$9rNjgwETtmc8befO8JL1xFMrrMw8MC.', $this->utf8_to_cp1252(utf8_decode('fööbar'))),
+ array(true, 'fööbar', '$H$9rNjgwETtmc8befO8JL1xFMrrMw8MC.', $this->utf8_to_cp1252('fööbar')),
+ );
+ }
+
+ /**
+ * @dataProvider data_md5_phpbb2_check
+ */
+ public function test_md5_phpbb2_check($expected, $password, $hash, $request_password = false)
+ {
+ if (!$request_password)
+ {
+ unset($_REQUEST['password']);
+ }
+ else
+ {
+ $_REQUEST['password'] = $request_password;
+ }
+ $this->assertSame($expected, $this->passwords_drivers['passwords.driver.md5_phpbb2']->check($password, $hash));
+ }
+
+ public function test_md5_phpbb2_hash()
+ {
+ $this->assertSame(false, $this->passwords_drivers['passwords.driver.md5_phpbb2']->hash('foobar'));
+ }
+
+ public function test_convert_password_driver()
+ {
+ $this->assertSame(false, $this->passwords_drivers['passwords.driver.convert_password']->hash('foobar'));
+ }
+
+ public function test_sha1_driver()
+ {
+ $this->assertSame(false, $this->passwords_drivers['passwords.driver.sha1']->hash('foobar'));
+ }
+
+ public function data_md5_mybb_check()
+ {
+ return array(
+ array(false, 'foobar', '083d11daea8675b1b4b502c7e55f8dbd'),
+ array(false, 'foobar', '083d11daea8675b1b4b502c7e55f8dbd', array('user_passwd_salt' => 'ae2fc75e')),
+ array(true, 'foobar', 'b86ee7e24008bfd2890dcfab1ed31333', array('user_passwd_salt' => 'yeOtfFO6')),
+ );
+ }
+
+ /**
+ * @dataProvider data_md5_mybb_check
+ */
+ public function test_md5_mybb_check($expected, $password, $hash, $user_row = array())
+ {
+ $this->assertSame($expected, $this->passwords_drivers['passwords.driver.md5_mybb']->check($password, $hash, $user_row));
+ }
+
+ public function test_md5_mybb_driver()
+ {
+ $this->assertSame(false, $this->passwords_drivers['passwords.driver.md5_mybb']->hash('foobar'));
+ }
+
+ public function data_md5_vb_check()
+ {
+ return array(
+ array(false, 'foobar', '083d11daea8675b1b4b502c7e55f8dbd'),
+ array(false, 'foobar', 'b86ee7e24008bfd2890dcfab1ed31333', array('user_passwd_salt' => 'yeOtfFO6')),
+ array(true, 'foobar', 'b452c54c44c588fc095d2d000935c470', array('user_passwd_salt' => '9^F')),
+ array(true, 'foobar', 'f23a8241bd115d270c703213e3ef7f52', array('user_passwd_salt' => 'iaU*U%`CBl;/e~>D%do2m@Xf/,KZB0')),
+ array(false, 'nope', 'f23a8241bd115d270c703213e3ef7f52', array('user_passwd_salt' => 'iaU*U%`CBl;/e~>D%do2m@Xf/,KZB0')),
+ );
+ }
+
+ /**
+ * @dataProvider data_md5_vb_check
+ */
+ public function test_md5_vb_check($expected, $password, $hash, $user_row = array())
+ {
+ $this->assertSame($expected, $this->passwords_drivers['passwords.driver.md5_vb']->check($password, $hash, $user_row));
+ }
+
+ public function test_md5_vb_driver()
+ {
+ $this->assertSame(false, $this->passwords_drivers['passwords.driver.md5_vb']->hash('foobar'));
+ }
+
+ public function data_sha1_wcf1_check()
+ {
+ return array(
+ array(false, 'foobar', 'fc46b9d9386167ce365ea3b891bf5dc31ddcd3ff'),
+ array(false, 'foobar', 'fc46b9d9386167ce365ea3b891bf5dc31ddcd3ff', array('user_passwd_salt' => 'yeOtfFO6')),
+ array(true, 'foobar', 'fc46b9d9386167ce365ea3b891bf5dc31ddcd3ff', array('user_passwd_salt' => '1a783e478d63f6422783a868db667aed3a857840')),
+ );
+ }
+
+ /**
+ * @dataProvider data_sha1_wcf1_check
+ */
+ public function test_sha1_wcf1_check($expected, $password, $hash, $user_row = array())
+ {
+ $this->assertSame($expected, $this->passwords_drivers['passwords.driver.sha1_wcf1']->check($password, $hash, $user_row));
+ }
+
+ public function test_sha1_wcf1_driver()
+ {
+ $this->assertSame(false, $this->passwords_drivers['passwords.driver.sha1_wcf1']->hash('foobar'));
+ }
+
+ public function data_bcrypt_wcf2_check()
+ {
+ return array(
+ array(false, 'foobar', 'fc46b9d9386167ce365ea3b891bf5dc31ddcd3ff'),
+ array(true, 'foobar', '$2a$08$p8h14U0jsEiVb1Luy.s8oOTXSQ0hVWUXpcNGBoCezeYNXrQyCKHfi'),
+ array(false, 'foobar', ''),
+ );
+ }
+
+ /**
+ * @dataProvider data_bcrypt_wcf2_check
+ */
+ public function test_bcrypt_wcf2_check($expected, $password, $hash)
+ {
+ $this->assertSame($expected, $this->passwords_drivers['passwords.driver.bcrypt_wcf2']->check($password, $hash));
+ }
+
+ public function test_bcrypt_wcf2_driver()
+ {
+ $this->assertSame(false, $this->passwords_drivers['passwords.driver.bcrypt_wcf2']->hash('foobar'));
+ }
+
+ public function data_sha_xf1_check()
+ {
+ return array(
+ array(false, 'foobar', 'fc46b9d9386167ce365ea3b891bf5dc31ddcd3ff'),
+ array(false, 'foobar', 'fc46b9d9386167ce365ea3b891bf5dc31ddcd3ff', array('user_passwd_salt' => 'yeOtfFO6')),
+ array(true, 'foobar', '7f65d2fa8a826d232f8134772252f8b1aaef8594b1edcabd9ab65e5b0f236ff0', array('user_passwd_salt' => '15b6c02cedbd727f563dcca607a89b085287b448966f19c0cc78cae263b1e38c')),
+ array(true, 'foobar', '69962ae2079420573a3948cc4dedbabd35680051', array('user_passwd_salt' => '15b6c02cedbd727f563dcca607a89b085287b448966f19c0cc78cae263b1e38c')),
+ );
+ }
+
+ /**
+ * @dataProvider data_sha_xf1_check
+ */
+ public function test_sha_xf1_check($expected, $password, $hash, $user_row = array())
+ {
+ $this->assertSame($expected, $this->passwords_drivers['passwords.driver.sha_xf1']->check($password, $hash, $user_row));
+ }
+
+ public function test_sha_xf1_driver()
+ {
+ $this->assertSame(false, $this->passwords_drivers['passwords.driver.sha_xf1']->hash('foobar'));
+ }
+
+ protected function utf8_to_cp1252($string)
+ {
+ static $transform = array(
+ "\xE2\x82\xAC" => "\x80",
+ "\xE2\x80\x9A" => "\x82",
+ "\xC6\x92" => "\x83",
+ "\xE2\x80\x9E" => "\x84",
+ "\xE2\x80\xA6" => "\x85",
+ "\xE2\x80\xA0" => "\x86",
+ "\xE2\x80\xA1" => "\x87",
+ "\xCB\x86" => "\x88",
+ "\xE2\x80\xB0" => "\x89",
+ "\xC5\xA0" => "\x8A",
+ "\xE2\x80\xB9" => "\x8B",
+ "\xC5\x92" => "\x8C",
+ "\xC5\xBD" => "\x8E",
+ "\xE2\x80\x98" => "\x91",
+ "\xE2\x80\x99" => "\x92",
+ "\xE2\x80\x9C" => "\x93",
+ "\xE2\x80\x9D" => "\x94",
+ "\xE2\x80\xA2" => "\x95",
+ "\xE2\x80\x93" => "\x96",
+ "\xE2\x80\x94" => "\x97",
+ "\xCB\x9C" => "\x98",
+ "\xE2\x84\xA2" => "\x99",
+ "\xC5\xA1" => "\x9A",
+ "\xE2\x80\xBA" => "\x9B",
+ "\xC5\x93" => "\x9C",
+ "\xC5\xBE" => "\x9E",
+ "\xC5\xB8" => "\x9F",
+ "\xC2\xA0" => "\xA0",
+ "\xC2\xA1" => "\xA1",
+ "\xC2\xA2" => "\xA2",
+ "\xC2\xA3" => "\xA3",
+ "\xC2\xA4" => "\xA4",
+ "\xC2\xA5" => "\xA5",
+ "\xC2\xA6" => "\xA6",
+ "\xC2\xA7" => "\xA7",
+ "\xC2\xA8" => "\xA8",
+ "\xC2\xA9" => "\xA9",
+ "\xC2\xAA" => "\xAA",
+ "\xC2\xAB" => "\xAB",
+ "\xC2\xAC" => "\xAC",
+ "\xC2\xAD" => "\xAD",
+ "\xC2\xAE" => "\xAE",
+ "\xC2\xAF" => "\xAF",
+ "\xC2\xB0" => "\xB0",
+ "\xC2\xB1" => "\xB1",
+ "\xC2\xB2" => "\xB2",
+ "\xC2\xB3" => "\xB3",
+ "\xC2\xB4" => "\xB4",
+ "\xC2\xB5" => "\xB5",
+ "\xC2\xB6" => "\xB6",
+ "\xC2\xB7" => "\xB7",
+ "\xC2\xB8" => "\xB8",
+ "\xC2\xB9" => "\xB9",
+ "\xC2\xBA" => "\xBA",
+ "\xC2\xBB" => "\xBB",
+ "\xC2\xBC" => "\xBC",
+ "\xC2\xBD" => "\xBD",
+ "\xC2\xBE" => "\xBE",
+ "\xC2\xBF" => "\xBF",
+ "\xC3\x80" => "\xC0",
+ "\xC3\x81" => "\xC1",
+ "\xC3\x82" => "\xC2",
+ "\xC3\x83" => "\xC3",
+ "\xC3\x84" => "\xC4",
+ "\xC3\x85" => "\xC5",
+ "\xC3\x86" => "\xC6",
+ "\xC3\x87" => "\xC7",
+ "\xC3\x88" => "\xC8",
+ "\xC3\x89" => "\xC9",
+ "\xC3\x8A" => "\xCA",
+ "\xC3\x8B" => "\xCB",
+ "\xC3\x8C" => "\xCC",
+ "\xC3\x8D" => "\xCD",
+ "\xC3\x8E" => "\xCE",
+ "\xC3\x8F" => "\xCF",
+ "\xC3\x90" => "\xD0",
+ "\xC3\x91" => "\xD1",
+ "\xC3\x92" => "\xD2",
+ "\xC3\x93" => "\xD3",
+ "\xC3\x94" => "\xD4",
+ "\xC3\x95" => "\xD5",
+ "\xC3\x96" => "\xD6",
+ "\xC3\x97" => "\xD7",
+ "\xC3\x98" => "\xD8",
+ "\xC3\x99" => "\xD9",
+ "\xC3\x9A" => "\xDA",
+ "\xC3\x9B" => "\xDB",
+ "\xC3\x9C" => "\xDC",
+ "\xC3\x9D" => "\xDD",
+ "\xC3\x9E" => "\xDE",
+ "\xC3\x9F" => "\xDF",
+ "\xC3\xA0" => "\xE0",
+ "\xC3\xA1" => "\xE1",
+ "\xC3\xA2" => "\xE2",
+ "\xC3\xA3" => "\xE3",
+ "\xC3\xA4" => "\xE4",
+ "\xC3\xA5" => "\xE5",
+ "\xC3\xA6" => "\xE6",
+ "\xC3\xA7" => "\xE7",
+ "\xC3\xA8" => "\xE8",
+ "\xC3\xA9" => "\xE9",
+ "\xC3\xAA" => "\xEA",
+ "\xC3\xAB" => "\xEB",
+ "\xC3\xAC" => "\xEC",
+ "\xC3\xAD" => "\xED",
+ "\xC3\xAE" => "\xEE",
+ "\xC3\xAF" => "\xEF",
+ "\xC3\xB0" => "\xF0",
+ "\xC3\xB1" => "\xF1",
+ "\xC3\xB2" => "\xF2",
+ "\xC3\xB3" => "\xF3",
+ "\xC3\xB4" => "\xF4",
+ "\xC3\xB5" => "\xF5",
+ "\xC3\xB6" => "\xF6",
+ "\xC3\xB7" => "\xF7",
+ "\xC3\xB8" => "\xF8",
+ "\xC3\xB9" => "\xF9",
+ "\xC3\xBA" => "\xFA",
+ "\xC3\xBB" => "\xFB",
+ "\xC3\xBC" => "\xFC",
+ "\xC3\xBD" => "\xFD",
+ "\xC3\xBE" => "\xFE",
+ "\xC3\xBF" => "\xFF"
+ );
+ return strtr($string, $transform);
+ }
+}
diff --git a/tests/passwords/manager_test.php b/tests/passwords/manager_test.php
new file mode 100644
index 0000000000..333834ee07
--- /dev/null
+++ b/tests/passwords/manager_test.php
@@ -0,0 +1,347 @@
+<?php
+/**
+*
+* This file is part of the phpBB Forum Software package.
+*
+* @copyright (c) phpBB Limited <https://www.phpbb.com>
+* @license GNU General Public License, version 2 (GPL-2.0)
+*
+* For full copyright and license information, please see
+* the docs/CREDITS.txt file.
+*
+*/
+
+class phpbb_passwords_manager_test extends \phpbb_test_case
+{
+ protected $passwords_drivers;
+
+ protected $pw_characters = '0123456789abcdefghijklmnopqrstuvwyzABCDEFGHIJKLMNOPQRSTUVXYZ.,_!?/\\';
+
+ protected $default_pw = 'foobar';
+
+ public function setUp()
+ {
+ // Prepare dependencies for manager and driver
+ $config = new \phpbb\config\config(array());
+ $this->driver_helper = new \phpbb\passwords\driver\helper($config);
+ $request = new phpbb_mock_request(array(), array(), array(), array(), array('password' => 'töst'));
+ $phpbb_root_path = dirname(__FILE__) . '/../../phpBB/';
+ $php_ext = 'php';
+
+ $this->passwords_drivers = array(
+ 'passwords.driver.bcrypt_2y' => new \phpbb\passwords\driver\bcrypt_2y($config, $this->driver_helper),
+ 'passwords.driver.bcrypt' => new \phpbb\passwords\driver\bcrypt($config, $this->driver_helper),
+ 'passwords.driver.salted_md5' => new \phpbb\passwords\driver\salted_md5($config, $this->driver_helper),
+ 'passwords.driver.phpass' => new \phpbb\passwords\driver\phpass($config, $this->driver_helper),
+ 'passwords.driver.convert_password' => new \phpbb\passwords\driver\convert_password($config, $this->driver_helper),
+ 'passwords.driver.sha1_smf' => new \phpbb\passwords\driver\sha1_smf($config, $this->driver_helper),
+ 'passwords.driver.sha1' => new \phpbb\passwords\driver\sha1($config, $this->driver_helper),
+ 'passwords.driver.sha1_wcf1' => new \phpbb\passwords\driver\sha1_wcf1($config, $this->driver_helper),
+ 'passwords.driver.md5_mybb' => new \phpbb\passwords\driver\md5_mybb($config, $this->driver_helper),
+ 'passwords.driver.md5_vb' => new \phpbb\passwords\driver\md5_vb($config, $this->driver_helper),
+ 'passwords.driver.sha_xf1' => new \phpbb\passwords\driver\sha_xf1($config, $this->driver_helper),
+ );
+ $this->passwords_drivers['passwords.driver.md5_phpbb2'] = new \phpbb\passwords\driver\md5_phpbb2($request, $this->passwords_drivers['passwords.driver.salted_md5'], $this->driver_helper, $phpbb_root_path, $php_ext);
+ $this->passwords_drivers['passwords.driver.bcrypt_wcf2'] = new \phpbb\passwords\driver\bcrypt_wcf2($this->passwords_drivers['passwords.driver.bcrypt'], $this->driver_helper);
+
+ $this->helper = new \phpbb\passwords\helper;
+ // Set up passwords manager
+ $this->manager = new \phpbb\passwords\manager($config, $this->passwords_drivers, $this->helper, array_keys($this->passwords_drivers));
+ }
+
+ public function hash_password_data()
+ {
+ if (version_compare(PHP_VERSION, '5.3.7', '<'))
+ {
+ return array(
+ array('', '2a', 60),
+ array('passwords.driver.bcrypt_2y', '2a', 60),
+ array('passwords.driver.bcrypt', '2a', 60),
+ array('passwords.driver.salted_md5', 'H', 34),
+ array('passwords.driver.foobar', '', false),
+ );
+ }
+ else
+ {
+ return array(
+ array('', '2y', 60),
+ array('passwords.driver.bcrypt_2y', '2y', 60),
+ array('passwords.driver.bcrypt', '2a', 60),
+ array('passwords.driver.salted_md5', 'H', 34),
+ array('passwords.driver.foobar', '', false),
+ );
+ }
+ }
+
+ /**
+ * @dataProvider hash_password_data
+ */
+ public function test_hash_password($type, $prefix, $length)
+ {
+ $password = $this->default_pw;
+
+ if (!$length)
+ {
+ $this->assertEquals(false, $hash = $this->manager->hash($password, $type));
+ return;
+ }
+ $time = microtime(true);
+
+ // Limit each test to 1 second
+ while ((microtime(true) - $time) < 1)
+ {
+ $hash = $this->manager->hash($password, $type);
+ preg_match('#^\$([a-zA-Z0-9\\\]*?)\$#', $hash, $match);
+ $this->assertEquals($prefix, $match[1]);
+ $this->assertEquals($length, strlen($hash));
+ $password .= $this->pw_characters[mt_rand(0, 66)];
+ }
+ }
+
+ public function check_password_data()
+ {
+ if (version_compare(PHP_VERSION, '5.3.7', '<'))
+ {
+ return array(
+ array('passwords.driver.bcrypt'),
+ array('passwords.driver.salted_md5'),
+ array('passwords.driver.phpass'),
+ );
+ }
+ else
+ {
+ return array(
+ array('passwords.driver.bcrypt_2y'),
+ array('passwords.driver.bcrypt'),
+ array('passwords.driver.salted_md5'),
+ array('passwords.driver.phpass'),
+ );
+ }
+ }
+
+ /**
+ * @dataProvider check_password_data
+ */
+ public function test_check_password($hash_type)
+ {
+ $password = $this->default_pw;
+ $time = microtime(true);
+ // Limit each test to 1 second
+ while ((microtime(true) - $time) < 1)
+ {
+ $hash = $this->manager->hash($password, $hash_type);
+ $this->assertEquals(true, $this->manager->check($password, $hash));
+ $password .= $this->pw_characters[mt_rand(0, 66)];
+ $this->assertEquals(false, $this->manager->check($password, $hash));
+ }
+
+ // Check if convert_flag is correctly set
+ $default_type = (version_compare(PHP_VERSION, '5.3.7', '<')) ? 'passwords.driver.bcrypt' : 'passwords.driver.bcrypt_2y';
+ $this->assertEquals(($hash_type !== $default_type), $this->manager->convert_flag);
+ }
+
+
+ public function check_hash_exceptions_data()
+ {
+ return array(
+ array('3858f62230ac3c915f300c664312c63f', true),
+ array('$CP$3858f62230ac3c915f300c664312c63f', true), // md5_phpbb2
+ array('$CP$3858f62230ac3c915f300c', false),
+ array('$S$b57a939fa4f2c04413a4eea9734a0903647b7adb93181295', false),
+ array('$2a\S$kkkkaakdkdiej39023903204j2k3490234jk234j02349', false),
+ array('$H$kklk938d023k//k3023', false),
+ array('$H$3PtYMgXb39lrIWkgoxYLWtRkZtY3AY/', false),
+ array('$2a$kwiweorurlaeirw', false),
+ array('6f9e2a1899e1f15708fd2e554103480eb53e8b57', false),
+ array('6f9e2a1899e1f15708fd2e554103480eb53e8b57', false, 'foobar', array('login_name' => 'test')),
+ array('$CP$6f9e2a1899e1f15708fd2e554103480eb53e8b57', true, 'foobar', array('login_name' => 'test')), // sha1_smf
+ array('6f9e2a1899', false, 'foobar', array('login_name' => 'test')),
+ array('ae2fc75e20ee25d4520766788fbc96ae', false, 'fööbar'),
+ array('$CP$ae2fc75e20ee25d4520766788fbc96ae', false, 'fööbar'),
+ array('$CP$ae2fc75e20ee25d4520766788fbc96ae', true, utf8_decode('fööbar')), // md5_phpbb2
+ array('b86ee7e24008bfd2890dcfab1ed31333', false, 'foobar', array('user_passwd_salt' => 'yeOtfFO6')),
+ array('$CP$b86ee7e24008bfd2890dcfab1ed31333', true, 'foobar', array('user_passwd_salt' => 'yeOtfFO6')), // md5_mybb
+ array('$CP$b452c54c44c588fc095d2d000935c470', true, 'foobar', array('user_passwd_salt' => '9^F')), // md5_vb
+ array('$CP$f23a8241bd115d270c703213e3ef7f52', true, 'foobar', array('user_passwd_salt' => 'iaU*U%`CBl;/e~>D%do2m@Xf/,KZB0')), // md5_vb
+ array('$CP$fc46b9d9386167ce365ea3b891bf5dc31ddcd3ff', true, 'foobar', array('user_passwd_salt' => '1a783e478d63f6422783a868db667aed3a857840')), // sha_wcf1
+ array('$2a$08$p8h14U0jsEiVb1Luy.s8oOTXSQ0hVWUXpcNGBoCezeYNXrQyCKHfi', false),
+ array('$CP$$2a$08$p8h14U0jsEiVb1Luy.s8oOTXSQ0hVWUXpcNGBoCezeYNXrQyCKHfi', true), // bcrypt_wcf2
+ array('$CP$7f65d2fa8a826d232f8134772252f8b1aaef8594b1edcabd9ab65e5b0f236ff0', true, 'foobar', array('user_passwd_salt' => '15b6c02cedbd727f563dcca607a89b085287b448966f19c0cc78cae263b1e38c')), // sha_xf1
+ array('$CP$69962ae2079420573a3948cc4dedbabd35680051', true, 'foobar', array('user_passwd_salt' => '15b6c02cedbd727f563dcca607a89b085287b448966f19c0cc78cae263b1e38c')), // sha_xf1
+ );
+ }
+
+ /**
+ * @dataProvider check_hash_exceptions_data
+ */
+ public function test_check_hash_exceptions($hash, $expected, $password = 'foobar', $user_row = array())
+ {
+ $this->assertEquals($expected, $this->manager->check($password, $hash, $user_row));
+ }
+
+ public function data_hash_password_length()
+ {
+ return array(
+ array('passwords.driver.bcrypt', false),
+ array('passwords.driver.bcrypt_2y', false),
+ array('passwords.driver.salted_md5', '3858f62230ac3c915f300c664312c63f'),
+ array('passwords.driver.phpass', '3858f62230ac3c915f300c664312c63f'),
+ );
+ }
+
+ /**
+ * @dataProvider data_hash_password_length
+ */
+ public function test_hash_password_length($driver, $expected)
+ {
+ $this->assertEquals($expected, $this->passwords_drivers[$driver]->hash('foobar', 'foobar'));
+ }
+
+ public function test_hash_password_8bit_bcrypt()
+ {
+ $this->assertEquals(false, $this->manager->hash('foobar𝄞', 'passwords.driver.bcrypt'));
+ if (version_compare(PHP_VERSION, '5.3.7', '<'))
+ {
+ $this->assertEquals(false, $this->manager->hash('foobar𝄞', 'passwords.driver.bcrypt_2y'));
+ }
+ else
+ {
+ $this->assertNotEquals(false, $this->manager->hash('foobar𝄞', 'passwords.driver.bcrypt_2y'));
+ }
+ }
+
+ public function combined_hash_data()
+ {
+ if (version_compare(PHP_VERSION, '5.3.7', '<'))
+ {
+ return array(
+ array(
+ 'passwords.driver.salted_md5',
+ array('passwords.driver.bcrypt'),
+ ),
+ array(
+ 'passwords.driver.phpass',
+ array('passwords.driver.salted_md5'),
+ ),
+ array(
+ 'passwords.driver.salted_md5',
+ array('passwords.driver.phpass', 'passwords.driver.bcrypt'),
+ ),
+ array(
+ 'passwords.driver.salted_md5',
+ array('passwords.driver.salted_md5'),
+ false,
+ ),
+ array(
+ '$H$',
+ array('$2a$'),
+ ),
+ );
+ }
+ else
+ {
+ return array(
+ array(
+ 'passwords.driver.salted_md5',
+ array('passwords.driver.bcrypt_2y'),
+ ),
+ array(
+ 'passwords.driver.salted_md5',
+ array('passwords.driver.bcrypt'),
+ ),
+ array(
+ 'passwords.driver.phpass',
+ array('passwords.driver.salted_md5'),
+ ),
+ array(
+ 'passwords.driver.salted_md5',
+ array('passwords.driver.bcrypt_2y', 'passwords.driver.bcrypt'),
+ ),
+ array(
+ 'passwords.driver.salted_md5',
+ array('passwords.driver.salted_md5'),
+ false,
+ ),
+ array(
+ 'passwords.driver.bcrypt_2y',
+ array('passwords.driver.salted_md4'),
+ false,
+ ),
+ array(
+ '$H$',
+ array('$2y$'),
+ ),
+ );
+ }
+ }
+
+ /**
+ * @dataProvider combined_hash_data
+ */
+ public function test_combined_hash_password($first_type, $second_type, $expected = true)
+ {
+ $password = $this->default_pw;
+ $time = microtime(true);
+ // Limit each test to 1 second
+ while ((microtime(true) - $time) < 1)
+ {
+ $hash = $this->manager->hash($password, $first_type);
+ $combined_hash = $this->manager->hash($hash, $second_type);
+ $this->assertEquals($expected, $this->manager->check($password, $combined_hash));
+ $password .= $this->pw_characters[mt_rand(0, 66)];
+ $this->assertEquals(false, $this->manager->check($password, $combined_hash));
+
+ // If we are expecting the check to fail then there is
+ // no need to run this more than once
+ if (!$expected)
+ {
+ break;
+ }
+ }
+ }
+
+ public function test_unique_id()
+ {
+ $time = microtime(true);
+ $first_id = $this->driver_helper->unique_id();
+ // Limit test to 1 second
+ while ((microtime(true) - $time) < 1)
+ {
+ $this->assertNotSame($first_id, $this->driver_helper->unique_id());
+ }
+ }
+
+ public function test_check_hash_with_large_input()
+ {
+ // 16 MB password, should be rejected quite fast
+ $start_time = time();
+ $this->assertFalse($this->manager->check(str_repeat('a', 1024 * 1024 * 16), '$H$9isfrtKXWqrz8PvztXlL3.daw4U0zI1'));
+ $this->assertLessThanOrEqual(5, time() - $start_time);
+ }
+
+ public function test_hash_password_with_large_input()
+ {
+ // 16 MB password, should be rejected quite fast
+ $start_time = time();
+ $this->assertFalse($this->manager->hash(str_repeat('a', 1024 * 1024 * 16)));
+ $this->assertLessThanOrEqual(5, time() - $start_time);
+ }
+
+ public function data_test_string_compare()
+ {
+ return array(
+ array('foo', 'bar', false),
+ array(1, '1', false),
+ array('one', 'one', true),
+ array('foobar', 'foobaf', false),
+ );
+ }
+
+ /**
+ * @dataProvider data_test_string_compare
+ */
+ public function test_string_compare($a, $b, $expected)
+ {
+ $this->assertSame($expected, $this->driver_helper->string_compare($a, $b));
+ }
+}
generated by cgit v1.2.1 (git 2.21.0) at 2025-08-01 02:18:30 +0000