‪TYPO3CMS  10.4
BcryptPasswordHashTest.php
Go to the documentation of this file.
1 <?php
2 
3 declare(strict_types=1);
4 
5 /*
6  * This file is part of the TYPO3 CMS project.
7  *
8  * It is free software; you can redistribute it and/or modify it under
9  * the terms of the GNU General Public License, either version 2
10  * of the License, or any later version.
11  *
12  * For the full copyright and license information, please read the
13  * LICENSE.txt file that was distributed with this source code.
14  *
15  * The TYPO3 project - inspiring people to share!
16  */
17 
18 namespace ‪TYPO3\CMS\Core\Tests\Unit\Crypto\PasswordHashing;
19 
20 use ‪TYPO3\CMS\Core\Crypto\PasswordHashing\BcryptPasswordHash;
21 use TYPO3\TestingFramework\Core\Unit\UnitTestCase;
22 
26 class ‪BcryptPasswordHashTest extends UnitTestCase
27 {
31  protected ‪$subject;
32 
36  protected function ‪setUp(): void
37  {
38  parent::setUp();
39  // Set a low cost to speed up tests
40  $options = [
41  'cost' => 10,
42  ];
43  $this->subject = new ‪BcryptPasswordHash($options);
44  }
45 
49  public function ‪constructorThrowsExceptionIfMemoryCostIsTooLow()
50  {
51  $this->expectException(\InvalidArgumentException::class);
52  $this->expectExceptionCode(1533902002);
53  new ‪BcryptPasswordHash(['cost' => 9]);
54  }
55 
59  public function ‪constructorThrowsExceptionIfMemoryCostIsTooHigh()
60  {
61  $this->expectException(\InvalidArgumentException::class);
62  $this->expectExceptionCode(1533902002);
63  new ‪BcryptPasswordHash(['cost' => 32]);
64  }
65 
69  public function ‪getHashedPasswordReturnsNullOnEmptyPassword()
70  {
71  self::assertNull($this->subject->getHashedPassword(''));
72  }
73 
77  public function ‪getHashedPasswordReturnsString()
78  {
79  $hash = $this->subject->getHashedPassword('password');
80  self::assertNotNull($hash);
81  self::assertTrue(is_string($hash));
82  }
83 
87  public function ‪isValidSaltedPwValidatesHastCreatedByGetHashedPassword()
88  {
89  $hash = $this->subject->getHashedPassword('password');
90  self::assertTrue($this->subject->isValidSaltedPW($hash));
91  }
92 
98  public function ‪checkPasswordReturnsTrueForHashedPasswordWithValidAlphaCharClassPassword()
99  {
100  $password = 'aEjOtY';
101  $hash = $this->subject->getHashedPassword($password);
102  self::assertTrue($this->subject->checkPassword($password, $hash));
103  }
104 
110  public function ‪checkPasswordReturnsTrueForHashedPasswordWithValidNumericCharClassPassword()
111  {
112  $password = '01369';
113  $hash = $this->subject->getHashedPassword($password);
114  self::assertTrue($this->subject->checkPassword($password, $hash));
115  }
116 
122  public function ‪checkPasswordReturnsTrueForHashedPasswordWithValidAsciiSpecialCharClassPassword()
123  {
124  $password = ' !"#$%&\'()*+,-./:;<=>?@[\\]^_`{|}~';
125  $hash = $this->subject->getHashedPassword($password);
126  self::assertTrue($this->subject->checkPassword($password, $hash));
127  }
128 
134  public function ‪checkPasswordReturnsTrueForHashedPasswordWithValidLatin1SpecialCharClassPassword()
135  {
136  $password = '';
137  for ($i = 160; $i <= 191; $i++) {
138  $password .= chr($i);
139  }
140  $password .= chr(215) . chr(247);
141  $hash = $this->subject->getHashedPassword($password);
142  self::assertTrue($this->subject->checkPassword($password, $hash));
143  }
144 
150  public function ‪checkPasswordReturnsTrueForHashedPasswordWithValidLatin1UmlautCharClassPassword()
151  {
152  $password = '';
153  for ($i = 192; $i <= 255; $i++) {
154  if ($i === 215 || $i === 247) {
155  // skip multiplication sign (×) and obelus (÷)
156  continue;
157  }
158  $password .= chr($i);
159  }
160  $hash = $this->subject->getHashedPassword($password);
161  self::assertTrue($this->subject->checkPassword($password, $hash));
162  }
163 
167  public function ‪checkPasswordReturnsTrueForHashedPasswordWithNonValidPassword()
168  {
169  $password = 'password';
170  $password1 = $password . 'INVALID';
171  $hash = $this->subject->getHashedPassword($password);
172  self::assertFalse($this->subject->checkPassword($password1, $hash));
173  }
174 
178  public function ‪isHashUpdateNeededReturnsFalseForJustGeneratedHash()
179  {
180  $hash = $this->subject->getHashedPassword('password');
181  self::assertFalse($this->subject->isHashUpdateNeeded($hash));
182  }
183 
187  public function ‪isHashUpdateNeededReturnsTrueForHashGeneratedWithOldOptions()
188  {
189  ‪$subject = new ‪BcryptPasswordHash(['cost' => 10]);
190  $hash = ‪$subject->‪getHashedPassword('password');
191  ‪$subject = new ‪BcryptPasswordHash(['cost' => 11]);
192  self::assertTrue(‪$subject->‪isHashUpdateNeeded($hash));
193  }
194 
200  public function ‪getHashedPasswordDoesNotTruncateOnNul()
201  {
202  $password1 = 'pass' . "\x00" . 'word';
203  $password2 = 'pass' . "\x00" . 'phrase';
204  $hash = $this->subject->getHashedPassword($password1);
205  self::assertFalse($this->subject->checkPassword($password2, $hash));
206  }
207 
213  public function ‪getHashedPasswordDoesNotTruncateAfter72Chars()
214  {
215  $prefix = str_repeat('a', 72);
216  $password1 = $prefix . 'one';
217  $password2 = $prefix . 'two';
218  $hash = $this->subject->getHashedPassword($password1);
219  self::assertFalse($this->subject->checkPassword($password2, $hash));
220  }
221 }
‪TYPO3\CMS\Core\Tests\Unit\Crypto\PasswordHashing\BcryptPasswordHashTest\checkPasswordReturnsTrueForHashedPasswordWithValidLatin1UmlautCharClassPassword
‪checkPasswordReturnsTrueForHashedPasswordWithValidLatin1UmlautCharClassPassword()
Definition: BcryptPasswordHashTest.php:149
‪TYPO3\CMS\Core\Crypto\PasswordHashing\BcryptPasswordHash\isHashUpdateNeeded
‪bool isHashUpdateNeeded(string $passString)
Definition: BcryptPasswordHash.php:142
‪TYPO3\CMS\Core\Tests\Unit\Crypto\PasswordHashing\BcryptPasswordHashTest\isHashUpdateNeededReturnsFalseForJustGeneratedHash
‪isHashUpdateNeededReturnsFalseForJustGeneratedHash()
Definition: BcryptPasswordHashTest.php:177
‪TYPO3\CMS\Core\Tests\Unit\Crypto\PasswordHashing\BcryptPasswordHashTest\checkPasswordReturnsTrueForHashedPasswordWithValidAlphaCharClassPassword
‪checkPasswordReturnsTrueForHashedPasswordWithValidAlphaCharClassPassword()
Definition: BcryptPasswordHashTest.php:97
‪TYPO3\CMS\Core\Crypto\PasswordHashing\BcryptPasswordHash
Definition: BcryptPasswordHash.php:32
‪TYPO3\CMS\Core\Tests\Unit\Crypto\PasswordHashing\BcryptPasswordHashTest\isValidSaltedPwValidatesHastCreatedByGetHashedPassword
‪isValidSaltedPwValidatesHastCreatedByGetHashedPassword()
Definition: BcryptPasswordHashTest.php:86
‪TYPO3\CMS\Core\Tests\Unit\Crypto\PasswordHashing\BcryptPasswordHashTest\getHashedPasswordDoesNotTruncateAfter72Chars
‪getHashedPasswordDoesNotTruncateAfter72Chars()
Definition: BcryptPasswordHashTest.php:212
‪TYPO3\CMS\Core\Tests\Unit\Crypto\PasswordHashing\BcryptPasswordHashTest\setUp
‪setUp()
Definition: BcryptPasswordHashTest.php:35
‪TYPO3\CMS\Core\Tests\Unit\Crypto\PasswordHashing\BcryptPasswordHashTest\getHashedPasswordReturnsNullOnEmptyPassword
‪getHashedPasswordReturnsNullOnEmptyPassword()
Definition: BcryptPasswordHashTest.php:68
‪TYPO3\CMS\Core\Tests\Unit\Crypto\PasswordHashing\BcryptPasswordHashTest\constructorThrowsExceptionIfMemoryCostIsTooLow
‪constructorThrowsExceptionIfMemoryCostIsTooLow()
Definition: BcryptPasswordHashTest.php:48
‪TYPO3\CMS\Core\Tests\Unit\Crypto\PasswordHashing\BcryptPasswordHashTest\getHashedPasswordDoesNotTruncateOnNul
‪getHashedPasswordDoesNotTruncateOnNul()
Definition: BcryptPasswordHashTest.php:199
‪TYPO3\CMS\Core\Crypto\PasswordHashing\BcryptPasswordHash\getHashedPassword
‪string getHashedPassword(string $password)
Definition: BcryptPasswordHash.php:102
‪TYPO3\CMS\Core\Tests\Unit\Crypto\PasswordHashing\BcryptPasswordHashTest\checkPasswordReturnsTrueForHashedPasswordWithValidAsciiSpecialCharClassPassword
‪checkPasswordReturnsTrueForHashedPasswordWithValidAsciiSpecialCharClassPassword()
Definition: BcryptPasswordHashTest.php:121
‪TYPO3\CMS\Core\Tests\Unit\Crypto\PasswordHashing\BcryptPasswordHashTest\constructorThrowsExceptionIfMemoryCostIsTooHigh
‪constructorThrowsExceptionIfMemoryCostIsTooHigh()
Definition: BcryptPasswordHashTest.php:58
‪TYPO3\CMS\Core\Tests\Unit\Crypto\PasswordHashing\BcryptPasswordHashTest
Definition: BcryptPasswordHashTest.php:27
‪TYPO3\CMS\Core\Tests\Unit\Crypto\PasswordHashing\BcryptPasswordHashTest\checkPasswordReturnsTrueForHashedPasswordWithNonValidPassword
‪checkPasswordReturnsTrueForHashedPasswordWithNonValidPassword()
Definition: BcryptPasswordHashTest.php:166
‪TYPO3\CMS\Core\Tests\Unit\Crypto\PasswordHashing\BcryptPasswordHashTest\getHashedPasswordReturnsString
‪getHashedPasswordReturnsString()
Definition: BcryptPasswordHashTest.php:76
‪TYPO3\CMS\Core\Tests\Unit\Crypto\PasswordHashing\BcryptPasswordHashTest\isHashUpdateNeededReturnsTrueForHashGeneratedWithOldOptions
‪isHashUpdateNeededReturnsTrueForHashGeneratedWithOldOptions()
Definition: BcryptPasswordHashTest.php:186
‪TYPO3\CMS\Core\Tests\Unit\Crypto\PasswordHashing\BcryptPasswordHashTest\$subject
‪BcryptPasswordHash $subject
Definition: BcryptPasswordHashTest.php:30
‪TYPO3\CMS\Core\Tests\Unit\Crypto\PasswordHashing\BcryptPasswordHashTest\checkPasswordReturnsTrueForHashedPasswordWithValidLatin1SpecialCharClassPassword
‪checkPasswordReturnsTrueForHashedPasswordWithValidLatin1SpecialCharClassPassword()
Definition: BcryptPasswordHashTest.php:133
‪TYPO3\CMS\Core\Tests\Unit\Crypto\PasswordHashing\BcryptPasswordHashTest\checkPasswordReturnsTrueForHashedPasswordWithValidNumericCharClassPassword
‪checkPasswordReturnsTrueForHashedPasswordWithValidNumericCharClassPassword()
Definition: BcryptPasswordHashTest.php:109
‪TYPO3\CMS\Core\Tests\Unit\Crypto\PasswordHashing
Definition: Argon2idPasswordHashTest.php:18