aboutsummaryrefslogtreecommitdiffstats
path: root/tests
diff options
context:
space:
mode:
Diffstat (limited to 'tests')
-rw-r--r--tests/auth/provider_apache_test.php18
-rw-r--r--tests/auth/provider_db_test.php19
-rw-r--r--tests/passwords/manager_test.php249
-rw-r--r--tests/security/hash_test.php27
-rw-r--r--tests/test_framework/phpbb_functional_test_case.php33
5 files changed, 343 insertions, 3 deletions
diff --git a/tests/auth/provider_apache_test.php b/tests/auth/provider_apache_test.php
index e135a1f002..8f65e8ad39 100644
--- a/tests/auth/provider_apache_test.php
+++ b/tests/auth/provider_apache_test.php
@@ -25,8 +25,24 @@ class phpbb_auth_provider_apache_test extends phpbb_database_test_case
$config = new \phpbb\config\config(array());
$this->request = $this->getMock('\phpbb\request\request');
$this->user = $this->getMock('\phpbb\user');
+ $driver_helper = new \phpbb\passwords\driver\helper($config);
+ $passwords_drivers = array(
+ 'passwords.driver.bcrypt' => new \phpbb\passwords\driver\bcrypt($config, $driver_helper),
+ 'passwords.driver.bcrypt_2y' => new \phpbb\passwords\driver\bcrypt_2y($config, $driver_helper),
+ 'passwords.driver.salted_md5' => new \phpbb\passwords\driver\salted_md5($config, $driver_helper),
+ 'passwords.driver.phpass' => new \phpbb\passwords\driver\phpass($config, $driver_helper),
+ );
+
+ foreach ($passwords_drivers as $key => $driver)
+ {
+ $driver->set_name($key);
+ }
+
+ $passwords_helper = new \phpbb\passwords\helper;
+ // Set up passwords manager
+ $passwords_manager = new \phpbb\passwords\manager($config, $passwords_drivers, $passwords_helper, 'passwords.driver.bcrypt_2y');
- $this->provider = new \phpbb\auth\provider\apache($db, $config, $this->request, $this->user, $phpbb_root_path, $phpEx);
+ $this->provider = new \phpbb\auth\provider\apache($db, $config, $passwords_manager, $this->request, $this->user, $phpbb_root_path, $phpEx);
}
public function getDataSet()
diff --git a/tests/auth/provider_db_test.php b/tests/auth/provider_db_test.php
index 140a28cd3d..b979ab34c5 100644
--- a/tests/auth/provider_db_test.php
+++ b/tests/auth/provider_db_test.php
@@ -28,7 +28,24 @@ class phpbb_auth_provider_db_test extends phpbb_database_test_case
));
$request = $this->getMock('\phpbb\request\request');
$user = $this->getMock('\phpbb\user');
- $provider = new \phpbb\auth\provider\db($db, $config, $request, $user, $phpbb_root_path, $phpEx);
+ $driver_helper = new \phpbb\passwords\driver\helper($config);
+ $passwords_drivers = array(
+ 'passwords.driver.bcrypt' => new \phpbb\passwords\driver\bcrypt($config, $driver_helper),
+ 'passwords.driver.bcrypt_2y' => new \phpbb\passwords\driver\bcrypt_2y($config, $driver_helper),
+ 'passwords.driver.salted_md5' => new \phpbb\passwords\driver\salted_md5($config, $driver_helper),
+ 'passwords.driver.phpass' => new \phpbb\passwords\driver\phpass($config, $driver_helper),
+ );
+
+ foreach ($passwords_drivers as $key => $driver)
+ {
+ $driver->set_name($key);
+ }
+
+ $passwords_helper = new \phpbb\passwords\helper;
+ // Set up passwords manager
+ $passwords_manager = new \phpbb\passwords\manager($config, $passwords_drivers, $passwords_helper, 'passwords.driver.bcrypt_2y');
+
+ $provider = new \phpbb\auth\provider\db($db, $config, $passwords_manager, $request, $user, $phpbb_root_path, $phpEx);
$expected = array(
'status' => LOGIN_SUCCESS,
diff --git a/tests/passwords/manager_test.php b/tests/passwords/manager_test.php
new file mode 100644
index 0000000000..a8dbabf74f
--- /dev/null
+++ b/tests/passwords/manager_test.php
@@ -0,0 +1,249 @@
+<?php
+/**
+*
+* @package testing
+* @copyright (c) 2013 phpBB Group
+* @license http://opensource.org/licenses/gpl-2.0.php GNU General Public License v2
+*
+*/
+
+require_once dirname(__FILE__) . '/../mock/container_builder.php';
+
+class phpbb_passwords_manager_test extends PHPUnit_Framework_TestCase
+{
+ protected $passwords_drivers;
+
+ protected $pw_characters = '0123456789abcdefghijklmnopqrstuvwyzABCDEFGHIJKLMNOPQRSTUVXYZ.,_!?/\\';
+
+ protected $default_pw = 'foobar';
+
+ public function setUp()
+ {
+ global $phpbb_root_path, $phpEx;
+
+ // Mock phpbb_container
+ $this->phpbb_container = new phpbb_mock_container_builder;
+
+ // Prepare dependencies for manager and driver
+ $config = new \phpbb\config\config(array());
+ $driver_helper = new \phpbb\passwords\driver\helper($config);
+
+ $this->passwords_drivers = array(
+ 'passwords.driver.bcrypt' => new \phpbb\passwords\driver\bcrypt($config, $driver_helper),
+ 'passwords.driver.bcrypt_2y' => new \phpbb\passwords\driver\bcrypt_2y($config, $driver_helper),
+ 'passwords.driver.salted_md5' => new \phpbb\passwords\driver\salted_md5($config, $driver_helper),
+ 'passwords.driver.phpass' => new \phpbb\passwords\driver\phpass($config, $driver_helper),
+ );
+
+ foreach ($this->passwords_drivers as $key => $driver)
+ {
+ $driver->set_name($key);
+ $this->phpbb_container->set($key, $driver);
+ }
+
+ $this->helper = new \phpbb\passwords\helper;
+ // Set up passwords manager
+ $this->manager = new \phpbb\passwords\manager($config, $this->passwords_drivers, $this->helper, 'passwords.driver.bcrypt_2y');
+ }
+
+ public function hash_password_data()
+ {
+ if (version_compare(PHP_VERSION, '5.3.7', '<'))
+ {
+ return array(
+ array('', '2a', 60),
+ array('passwords.driver.bcrypt_2y', '2a', 60),
+ array('passwords.driver.bcrypt', '2a', 60),
+ array('passwords.driver.salted_md5', 'H', 34),
+ array('passwords.driver.foobar', '', false),
+ );
+ }
+ else
+ {
+ return array(
+ array('', '2y', 60),
+ array('passwords.driver.bcrypt_2y', '2y', 60),
+ array('passwords.driver.bcrypt', '2a', 60),
+ array('passwords.driver.salted_md5', 'H', 34),
+ array('passwords.driver.foobar', '', false),
+ );
+ }
+ }
+
+ /**
+ * @dataProvider hash_password_data
+ */
+ public function test_hash_password($type, $prefix, $length)
+ {
+ $password = $this->default_pw;
+
+ if (!$length)
+ {
+ $this->assertEquals(false, $hash = $this->manager->hash($password, $type));
+ return;
+ }
+ $time = microtime(true);
+
+ // Limit each test to 1 second
+ while ((microtime(true) - $time) < 1)
+ {
+ $hash = $this->manager->hash($password, $type);
+ preg_match('#^\$([a-zA-Z0-9\\\]*?)\$#', $hash, $match);
+ $this->assertEquals($prefix, $match[1]);
+ $this->assertEquals($length, strlen($hash));
+ $password .= $this->pw_characters[mt_rand(0, 66)];
+ }
+ }
+
+ public function check_password_data()
+ {
+ if (version_compare(PHP_VERSION, '5.3.7', '<'))
+ {
+ return array(
+ array('passwords.driver.bcrypt'),
+ array('passwords.driver.salted_md5'),
+ array('passwords.driver.phpass'),
+ );
+ }
+ else
+ {
+ return array(
+ array('passwords.driver.bcrypt_2y'),
+ array('passwords.driver.bcrypt'),
+ array('passwords.driver.salted_md5'),
+ array('passwords.driver.phpass'),
+ );
+ }
+ }
+
+ /**
+ * @dataProvider check_password_data
+ */
+ public function test_check_password($hash_type)
+ {
+ $password = $this->default_pw;
+ $time = microtime(true);
+ // Limit each test to 1 second
+ while ((microtime(true) - $time) < 1)
+ {
+ $hash = $this->manager->hash($password, $hash_type);
+ $this->assertEquals(true, $this->manager->check($password, $hash));
+ $password .= $this->pw_characters[mt_rand(0, 66)];
+ $this->assertEquals(false, $this->manager->check($password, $hash));
+ }
+
+ // Check if convert_flag is correctly set
+ $this->assertEquals(($hash_type !== 'passwords.driver.bcrypt_2y'), $this->manager->convert_flag);
+ }
+
+
+ public function check_hash_exceptions_data()
+ {
+ return array(
+ array('foobar', '3858f62230ac3c915f300c664312c63f', true),
+ array('foobar', '$S$b57a939fa4f2c04413a4eea9734a0903647b7adb93181295', false),
+ array('foobar', '$2a\S$kkkkaakdkdiej39023903204j2k3490234jk234j02349', false),
+ array('foobar', '$H$kklk938d023k//k3023', false),
+ array('foobar', '$H$3PtYMgXb39lrIWkgoxYLWtRkZtY3AY/', false),
+ array('foobar', '$2a$kwiweorurlaeirw', false),
+ );
+ }
+
+ /**
+ * @dataProvider check_hash_exceptions_data
+ */
+ public function test_check_hash_exceptions($password, $hash, $expected)
+ {
+ $this->assertEquals($expected, $this->manager->check($password, $hash));
+ }
+
+ public function test_hash_password_length()
+ {
+ foreach ($this->passwords_drivers as $driver)
+ {
+ $this->assertEquals(false, $driver->hash('foobar', 'foobar'));
+ }
+ }
+
+ public function test_hash_password_8bit_bcrypt()
+ {
+ $this->assertEquals(false, $this->manager->hash('foobarš¯„˛', 'passwords.driver.bcrypt'));
+ }
+
+ public function test_combined_hash_data()
+ {
+ if (version_compare(PHP_VERSION, '5.3.7', '<'))
+ {
+ return array(
+ array(
+ 'passwords.driver.salted_md5',
+ array('passwords.driver.bcrypt'),
+ ),
+ array(
+ 'passwords.driver.phpass',
+ array('passwords.driver.salted_md5'),
+ ),
+ array(
+ 'passwords.driver.salted_md5',
+ array('passwords.driver.phpass', 'passwords.driver.bcrypt'),
+ ),
+ array(
+ 'passwords.driver.salted_md5',
+ array('passwords.driver.salted_md5'),
+ false,
+ ),
+ );
+ }
+ else
+ {
+ return array(
+ array(
+ 'passwords.driver.salted_md5',
+ array('passwords.driver.bcrypt_2y'),
+ ),
+ array(
+ 'passwords.driver.salted_md5',
+ array('passwords.driver.bcrypt'),
+ ),
+ array(
+ 'passwords.driver.phpass',
+ array('passwords.driver.salted_md5'),
+ ),
+ array(
+ 'passwords.driver.salted_md5',
+ array('passwords.driver.bcrypt_2y', 'passwords.driver.bcrypt'),
+ ),
+ array(
+ 'passwords.driver.salted_md5',
+ array('passwords.driver.salted_md5'),
+ false,
+ ),
+ );
+ }
+ }
+
+ /**
+ * @dataProvider test_combined_hash_data
+ */
+ public function test_combined_hash_password($first_type, $second_type, $expected = true)
+ {
+ $password = $this->default_pw;
+ $time = microtime(true);
+ // Limit each test to 1 second
+ while ((microtime(true) - $time) < 1)
+ {
+ $hash = $this->manager->hash($password, $first_type);
+ $combined_hash = $this->manager->hash($hash, $second_type);
+ $this->assertEquals($expected, $this->manager->check($password, $combined_hash));
+ $password .= $this->pw_characters[mt_rand(0, 66)];
+ $this->assertEquals(false, $this->manager->check($password, $combined_hash));
+
+ // If we are expecting the check to fail then there is
+ // no need to run this more than once
+ if (!$expected)
+ {
+ break;
+ }
+ }
+ }
+}
diff --git a/tests/security/hash_test.php b/tests/security/hash_test.php
index e226365ef3..f7d2c0dad8 100644
--- a/tests/security/hash_test.php
+++ b/tests/security/hash_test.php
@@ -13,6 +13,33 @@ class phpbb_security_hash_test extends phpbb_test_case
{
public function test_check_hash_with_phpass()
{
+ global $phpbb_container;
+
+ $config = new \phpbb\config\config(array());
+ $phpbb_container = $this->getMock('Symfony\Component\DependencyInjection\ContainerInterface');
+ $driver_helper = new \phpbb\passwords\driver\helper($config);
+ $passwords_drivers = array(
+ 'passwords.driver.bcrypt' => new \phpbb\passwords\driver\bcrypt($config, $driver_helper),
+ 'passwords.driver.bcrypt_2y' => new \phpbb\passwords\driver\bcrypt_2y($config, $driver_helper),
+ 'passwords.driver.salted_md5' => new \phpbb\passwords\driver\salted_md5($config, $driver_helper),
+ 'passwords.driver.phpass' => new \phpbb\passwords\driver\phpass($config, $driver_helper),
+ );
+
+ foreach ($passwords_drivers as $key => $driver)
+ {
+ $driver->set_name($key);
+ }
+
+ $passwords_helper = new \phpbb\passwords\helper;
+ // Set up passwords manager
+ $passwords_manager = new \phpbb\passwords\manager($config, $passwords_drivers, $passwords_helper, 'passwords.driver.bcrypt_2y');
+
+ $phpbb_container
+ ->expects($this->any())
+ ->method('get')
+ ->with('passwords.manager')
+ ->will($this->returnValue($passwords_manager));
+
$this->assertTrue(phpbb_check_hash('test', '$H$9isfrtKXWqrz8PvztXlL3.daw4U0zI1'));
$this->assertTrue(phpbb_check_hash('test', '$P$9isfrtKXWqrz8PvztXlL3.daw4U0zI1'));
$this->assertFalse(phpbb_check_hash('foo', '$H$9isfrtKXWqrz8PvztXlL3.daw4U0zI1'));
diff --git a/tests/test_framework/phpbb_functional_test_case.php b/tests/test_framework/phpbb_functional_test_case.php
index a0d186e0f2..f5e2e2c77d 100644
--- a/tests/test_framework/phpbb_functional_test_case.php
+++ b/tests/test_framework/phpbb_functional_test_case.php
@@ -503,6 +503,7 @@ class phpbb_functional_test_case extends phpbb_test_case
set_config(null, null, null, $config);
set_config_count(null, null, null, $config);
$phpbb_dispatcher = new phpbb_mock_event_dispatcher();
+ $passwords_manager = $this->get_passwords_manager();
$user_row = array(
'username' => $username,
@@ -512,7 +513,7 @@ class phpbb_functional_test_case extends phpbb_test_case
'user_lang' => 'en',
'user_timezone' => 0,
'user_dateformat' => '',
- 'user_password' => phpbb_hash($username . $username),
+ 'user_password' => $passwords_manager->hash($username . $username),
);
return user_add($user_row);
}
@@ -989,4 +990,34 @@ class phpbb_functional_test_case extends phpbb_test_case
}
return null;
}
+
+ /**
+ * Return a passwords manager instance
+ *
+ * @return phpbb\passwords\manager
+ */
+ public function get_passwords_manager()
+ {
+ // Prepare dependencies for manager and driver
+ $config = new \phpbb\config\config(array());
+ $driver_helper = new \phpbb\passwords\driver\helper($config);
+
+ $passwords_drivers = array(
+ 'passwords.driver.bcrypt' => new \phpbb\passwords\driver\bcrypt($config, $driver_helper),
+ 'passwords.driver.bcrypt_2y' => new \phpbb\passwords\driver\bcrypt_2y($config, $driver_helper),
+ 'passwords.driver.salted_md5' => new \phpbb\passwords\driver\salted_md5($config, $driver_helper),
+ 'passwords.driver.phpass' => new \phpbb\passwords\driver\phpass($config, $driver_helper),
+ );
+
+ foreach ($passwords_drivers as $key => $driver)
+ {
+ $driver->set_name($key);
+ }
+
+ $passwords_helper = new \phpbb\passwords\helper;
+ // Set up passwords manager
+ $manager = new \phpbb\passwords\manager($config, $passwords_drivers, $passwords_helper, 'passwords.driver.bcrypt_2y');
+
+ return $manager;
+ }
}
generated by cgit v1.2.1 (git 2.21.0) at 2025-10-23 05:40:23 +0000