diff options
| -rw-r--r-- | phpBB/includes/functions_user.php | 26 | ||||
| -rw-r--r-- | tests/regex/password_complexity_test.php | 81 |
2 files changed, 93 insertions, 14 deletions
diff --git a/phpBB/includes/functions_user.php b/phpBB/includes/functions_user.php index e8db807154..81d06344af 100644 --- a/phpBB/includes/functions_user.php +++ b/phpBB/includes/functions_user.php @@ -1605,8 +1605,9 @@ function validate_password($password) { global $config, $db, $user; - if (!$password) + if ($password === '' || $config['pass_complex'] === 'PASS_TYPE_ANY') { + // Password empty or no password complexity required. return false; } @@ -1617,7 +1618,6 @@ function validate_password($password) { $upp = '\p{Lu}'; $low = '\p{Ll}'; - $let = '\p{L}'; $num = '\p{N}'; $sym = '[^\p{Lu}\p{Ll}\p{N}]'; $pcre = true; @@ -1627,7 +1627,6 @@ function validate_password($password) mb_regex_encoding('UTF-8'); $upp = '[[:upper:]]'; $low = '[[:lower:]]'; - $let = '[[:lower:][:upper:]]'; $num = '[[:digit:]]'; $sym = '[^[:upper:][:lower:][:digit:]]'; $mbstring = true; @@ -1636,7 +1635,6 @@ function validate_password($password) { $upp = '[A-Z]'; $low = '[a-z]'; - $let = '[a-zA-Z]'; $num = '[0-9]'; $sym = '[^A-Za-z0-9]'; $pcre = true; @@ -1646,22 +1644,22 @@ function validate_password($password) switch ($config['pass_complex']) { - case 'PASS_TYPE_CASE': - $chars[] = $low; - $chars[] = $upp; - break; + // No break statements below ... + // We require strong passwords in case pass_complex is not set or is invalid + default: + + // Require mixed case letters, numbers and symbols + case 'PASS_TYPE_SYMBOL': + $chars[] = $sym; + // Require mixed case letters and numbers case 'PASS_TYPE_ALPHA': - $chars[] = $let; $chars[] = $num; - break; - case 'PASS_TYPE_SYMBOL': + // Require mixed case letters + case 'PASS_TYPE_CASE': $chars[] = $low; $chars[] = $upp; - $chars[] = $num; - $chars[] = $sym; - break; } if ($pcre) diff --git a/tests/regex/password_complexity_test.php b/tests/regex/password_complexity_test.php new file mode 100644 index 0000000000..21e8d12a0a --- /dev/null +++ b/tests/regex/password_complexity_test.php @@ -0,0 +1,81 @@ +<?php +/** +* +* @package testing +* @copyright (c) 2010 phpBB Group +* @license http://opensource.org/licenses/gpl-license.php GNU Public License +* +*/ + +require_once dirname(__FILE__) . '/../../phpBB/includes/functions_user.php'; + +class phpbb_password_complexity_test extends phpbb_test_case +{ + public function password_complexity_test_data_positive() + { + return array( + array('12345', 'PASS_TYPE_ANY'), + array('qwerty', 'PASS_TYPE_ANY'), + array('QWERTY', 'PASS_TYPE_ANY'), + array('QwerTY', 'PASS_TYPE_ANY'), + array('q$erty', 'PASS_TYPE_ANY'), + array('qW$rty', 'PASS_TYPE_ANY'), + + array('QwerTY', 'PASS_TYPE_CASE'), + array('QwerTY123', 'PASS_TYPE_ALPHA'), + array('QwerTY123$&', 'PASS_TYPE_SYMBOL'), + + array('', 'PASS_TYPE_ANY'), + ); + } + + public function password_complexity_test_data_negative() + { + return array( + array('qwerty', 'PASS_TYPE_CASE'), + array('QWERTY', 'PASS_TYPE_CASE'), + array('123456', 'PASS_TYPE_CASE'), + array('#$&', 'PASS_TYPE_CASE'), + array('QTY123$', 'PASS_TYPE_CASE'), + + array('qwerty', 'PASS_TYPE_ALPHA'), + array('QWERTY', 'PASS_TYPE_ALPHA'), + array('123456', 'PASS_TYPE_ALPHA'), + array('QwertY', 'PASS_TYPE_ALPHA'), + array('qwerty123', 'PASS_TYPE_ALPHA'), + array('QWERTY123', 'PASS_TYPE_ALPHA'), + array('#$&', 'PASS_TYPE_ALPHA'), + array('QTY123$', 'PASS_TYPE_ALPHA'), + + array('qwerty', 'PASS_TYPE_SYMBOL'), + array('QWERTY', 'PASS_TYPE_SYMBOL'), + array('123456', 'PASS_TYPE_SYMBOL'), + array('QwertY', 'PASS_TYPE_SYMBOL'), + array('qwerty123', 'PASS_TYPE_SYMBOL'), + array('QWERTY123', 'PASS_TYPE_SYMBOL'), + array('#$&', 'PASS_TYPE_SYMBOL'), + array('qwerty123$', 'PASS_TYPE_SYMBOL'), + array('QWERTY123$', 'PASS_TYPE_SYMBOL'), + ); + } + + /** + * @dataProvider password_complexity_test_data_positive + */ + public function test_password_complexity_positive($password, $mode) + { + global $config; + $config['pass_complex'] = $mode; + $this->assertFalse(validate_password($password)); + } + + /** + * @dataProvider password_complexity_test_data_negative + */ + public function test_password_complexity_negative($password, $mode) + { + global $config; + $config['pass_complex'] = $mode; + $this->assertEquals('INVALID_CHARS', validate_password($password)); + } +} |