‪TYPO3CMS  11.5
BcryptPasswordHashTest.php
Go to the documentation of this file.
1 <?php
2 
3 declare(strict_types=1);
4 
5 /*
6  * This file is part of the TYPO3 CMS project.
7  *
8  * It is free software; you can redistribute it and/or modify it under
9  * the terms of the GNU General Public License, either version 2
10  * of the License, or any later version.
11  *
12  * For the full copyright and license information, please read the
13  * LICENSE.txt file that was distributed with this source code.
14  *
15  * The TYPO3 project - inspiring people to share!
16  */
17 
18 namespace ‪TYPO3\CMS\Core\Tests\Unit\Crypto\PasswordHashing;
19 
20 use ‪TYPO3\CMS\Core\Crypto\PasswordHashing\BcryptPasswordHash;
21 use TYPO3\TestingFramework\Core\Unit\UnitTestCase;
22 
26 class ‪BcryptPasswordHashTest extends UnitTestCase
27 {
28  protected ?‪BcryptPasswordHash ‪$subject;
29 
33  protected function ‪setUp(): void
34  {
35  parent::setUp();
36  // Set a low cost to speed up tests
37  $options = [
38  'cost' => 10,
39  ];
40  $this->subject = new ‪BcryptPasswordHash($options);
41  }
42 
46  public function ‪constructorThrowsExceptionIfMemoryCostIsTooLow(): void
47  {
48  $this->expectException(\InvalidArgumentException::class);
49  $this->expectExceptionCode(1533902002);
50  new ‪BcryptPasswordHash(['cost' => 9]);
51  }
52 
56  public function ‪constructorThrowsExceptionIfMemoryCostIsTooHigh(): void
57  {
58  $this->expectException(\InvalidArgumentException::class);
59  $this->expectExceptionCode(1533902002);
60  new ‪BcryptPasswordHash(['cost' => 32]);
61  }
62 
66  public function ‪getHashedPasswordReturnsNullOnEmptyPassword(): void
67  {
68  self::assertNull($this->subject->getHashedPassword(''));
69  }
70 
74  public function ‪getHashedPasswordReturnsString(): void
75  {
76  $hash = $this->subject->getHashedPassword('password');
77  self::assertNotNull($hash);
78  self::assertIsString($hash);
79  }
80 
84  public function ‪isValidSaltedPwValidatesHastCreatedByGetHashedPassword(): void
85  {
86  $hash = $this->subject->getHashedPassword('password');
87  self::assertTrue($this->subject->isValidSaltedPW($hash));
88  }
89 
95  public function ‪checkPasswordReturnsTrueForHashedPasswordWithValidAlphaCharClassPassword(): void
96  {
97  $password = 'aEjOtY';
98  $hash = $this->subject->getHashedPassword($password);
99  self::assertTrue($this->subject->checkPassword($password, $hash));
100  }
101 
107  public function ‪checkPasswordReturnsTrueForHashedPasswordWithValidNumericCharClassPassword(): void
108  {
109  $password = '01369';
110  $hash = $this->subject->getHashedPassword($password);
111  self::assertTrue($this->subject->checkPassword($password, $hash));
112  }
113 
119  public function ‪checkPasswordReturnsTrueForHashedPasswordWithValidAsciiSpecialCharClassPassword(): void
120  {
121  $password = ' !"#$%&\'()*+,-./:;<=>?@[\\]^_`{|}~';
122  $hash = $this->subject->getHashedPassword($password);
123  self::assertTrue($this->subject->checkPassword($password, $hash));
124  }
125 
131  public function ‪checkPasswordReturnsTrueForHashedPasswordWithValidLatin1SpecialCharClassPassword(): void
132  {
133  $password = '';
134  for ($i = 160; $i <= 191; $i++) {
135  $password .= chr($i);
136  }
137  $password .= chr(215) . chr(247);
138  $hash = $this->subject->getHashedPassword($password);
139  self::assertTrue($this->subject->checkPassword($password, $hash));
140  }
141 
147  public function ‪checkPasswordReturnsTrueForHashedPasswordWithValidLatin1UmlautCharClassPassword(): void
148  {
149  $password = '';
150  for ($i = 192; $i <= 255; $i++) {
151  if ($i === 215 || $i === 247) {
152  // skip multiplication sign (×) and obelus (÷)
153  continue;
154  }
155  $password .= chr($i);
156  }
157  $hash = $this->subject->getHashedPassword($password);
158  self::assertTrue($this->subject->checkPassword($password, $hash));
159  }
160 
164  public function ‪checkPasswordReturnsTrueForHashedPasswordWithNonValidPassword(): void
165  {
166  $password = 'password';
167  $password1 = $password . 'INVALID';
168  $hash = $this->subject->getHashedPassword($password);
169  self::assertFalse($this->subject->checkPassword($password1, $hash));
170  }
171 
175  public function ‪isHashUpdateNeededReturnsFalseForJustGeneratedHash(): void
176  {
177  $hash = $this->subject->getHashedPassword('password');
178  self::assertFalse($this->subject->isHashUpdateNeeded($hash));
179  }
180 
184  public function ‪isHashUpdateNeededReturnsTrueForHashGeneratedWithOldOptions(): void
185  {
186  ‪$subject = new ‪BcryptPasswordHash(['cost' => 10]);
187  $hash = ‪$subject->‪getHashedPassword('password');
188  ‪$subject = new ‪BcryptPasswordHash(['cost' => 11]);
189  self::assertTrue(‪$subject->‪isHashUpdateNeeded($hash));
190  }
191 
197  public function ‪getHashedPasswordDoesNotTruncateOnNul(): void
198  {
199  $password1 = 'pass' . "\x00" . 'word';
200  $password2 = 'pass' . "\x00" . 'phrase';
201  $hash = $this->subject->getHashedPassword($password1);
202  self::assertFalse($this->subject->checkPassword($password2, $hash));
203  }
204 
210  public function ‪getHashedPasswordDoesNotTruncateAfter72Chars(): void
211  {
212  $prefix = str_repeat('a', 72);
213  $password1 = $prefix . 'one';
214  $password2 = $prefix . 'two';
215  $hash = $this->subject->getHashedPassword($password1);
216  self::assertFalse($this->subject->checkPassword($password2, $hash));
217  }
218 }
‪TYPO3\CMS\Core\Tests\Unit\Crypto\PasswordHashing\BcryptPasswordHashTest\checkPasswordReturnsTrueForHashedPasswordWithValidLatin1UmlautCharClassPassword
‪checkPasswordReturnsTrueForHashedPasswordWithValidLatin1UmlautCharClassPassword()
Definition: BcryptPasswordHashTest.php:147
‪TYPO3\CMS\Core\Crypto\PasswordHashing\BcryptPasswordHash\isHashUpdateNeeded
‪bool isHashUpdateNeeded(string $passString)
Definition: BcryptPasswordHash.php:141
‪TYPO3\CMS\Core\Tests\Unit\Crypto\PasswordHashing\BcryptPasswordHashTest\isHashUpdateNeededReturnsFalseForJustGeneratedHash
‪isHashUpdateNeededReturnsFalseForJustGeneratedHash()
Definition: BcryptPasswordHashTest.php:175
‪TYPO3\CMS\Core\Tests\Unit\Crypto\PasswordHashing\BcryptPasswordHashTest\checkPasswordReturnsTrueForHashedPasswordWithValidAlphaCharClassPassword
‪checkPasswordReturnsTrueForHashedPasswordWithValidAlphaCharClassPassword()
Definition: BcryptPasswordHashTest.php:95
‪TYPO3\CMS\Core\Crypto\PasswordHashing\BcryptPasswordHash
Definition: BcryptPasswordHash.php:32
‪TYPO3\CMS\Core\Tests\Unit\Crypto\PasswordHashing\BcryptPasswordHashTest\isValidSaltedPwValidatesHastCreatedByGetHashedPassword
‪isValidSaltedPwValidatesHastCreatedByGetHashedPassword()
Definition: BcryptPasswordHashTest.php:84
‪TYPO3\CMS\Core\Tests\Unit\Crypto\PasswordHashing\BcryptPasswordHashTest\getHashedPasswordDoesNotTruncateAfter72Chars
‪getHashedPasswordDoesNotTruncateAfter72Chars()
Definition: BcryptPasswordHashTest.php:210
‪TYPO3\CMS\Core\Tests\Unit\Crypto\PasswordHashing\BcryptPasswordHashTest\setUp
‪setUp()
Definition: BcryptPasswordHashTest.php:33
‪TYPO3\CMS\Core\Tests\Unit\Crypto\PasswordHashing\BcryptPasswordHashTest\getHashedPasswordReturnsNullOnEmptyPassword
‪getHashedPasswordReturnsNullOnEmptyPassword()
Definition: BcryptPasswordHashTest.php:66
‪TYPO3\CMS\Core\Tests\Unit\Crypto\PasswordHashing\BcryptPasswordHashTest\constructorThrowsExceptionIfMemoryCostIsTooLow
‪constructorThrowsExceptionIfMemoryCostIsTooLow()
Definition: BcryptPasswordHashTest.php:46
‪TYPO3\CMS\Core\Tests\Unit\Crypto\PasswordHashing\BcryptPasswordHashTest\getHashedPasswordDoesNotTruncateOnNul
‪getHashedPasswordDoesNotTruncateOnNul()
Definition: BcryptPasswordHashTest.php:197
‪TYPO3\CMS\Core\Crypto\PasswordHashing\BcryptPasswordHash\getHashedPassword
‪string getHashedPassword(string $password)
Definition: BcryptPasswordHash.php:101
‪TYPO3\CMS\Core\Tests\Unit\Crypto\PasswordHashing\BcryptPasswordHashTest\checkPasswordReturnsTrueForHashedPasswordWithValidAsciiSpecialCharClassPassword
‪checkPasswordReturnsTrueForHashedPasswordWithValidAsciiSpecialCharClassPassword()
Definition: BcryptPasswordHashTest.php:119
‪TYPO3\CMS\Core\Tests\Unit\Crypto\PasswordHashing\BcryptPasswordHashTest\constructorThrowsExceptionIfMemoryCostIsTooHigh
‪constructorThrowsExceptionIfMemoryCostIsTooHigh()
Definition: BcryptPasswordHashTest.php:56
‪TYPO3\CMS\Core\Tests\Unit\Crypto\PasswordHashing\BcryptPasswordHashTest
Definition: BcryptPasswordHashTest.php:27
‪TYPO3\CMS\Core\Tests\Unit\Crypto\PasswordHashing\BcryptPasswordHashTest\checkPasswordReturnsTrueForHashedPasswordWithNonValidPassword
‪checkPasswordReturnsTrueForHashedPasswordWithNonValidPassword()
Definition: BcryptPasswordHashTest.php:164
‪TYPO3\CMS\Core\Tests\Unit\Crypto\PasswordHashing\BcryptPasswordHashTest\getHashedPasswordReturnsString
‪getHashedPasswordReturnsString()
Definition: BcryptPasswordHashTest.php:74
‪TYPO3\CMS\Core\Tests\Unit\Crypto\PasswordHashing\BcryptPasswordHashTest\isHashUpdateNeededReturnsTrueForHashGeneratedWithOldOptions
‪isHashUpdateNeededReturnsTrueForHashGeneratedWithOldOptions()
Definition: BcryptPasswordHashTest.php:184
‪TYPO3\CMS\Core\Tests\Unit\Crypto\PasswordHashing\BcryptPasswordHashTest\$subject
‪BcryptPasswordHash $subject
Definition: BcryptPasswordHashTest.php:28
‪TYPO3\CMS\Core\Tests\Unit\Crypto\PasswordHashing\BcryptPasswordHashTest\checkPasswordReturnsTrueForHashedPasswordWithValidLatin1SpecialCharClassPassword
‪checkPasswordReturnsTrueForHashedPasswordWithValidLatin1SpecialCharClassPassword()
Definition: BcryptPasswordHashTest.php:131
‪TYPO3\CMS\Core\Tests\Unit\Crypto\PasswordHashing\BcryptPasswordHashTest\checkPasswordReturnsTrueForHashedPasswordWithValidNumericCharClassPassword
‪checkPasswordReturnsTrueForHashedPasswordWithValidNumericCharClassPassword()
Definition: BcryptPasswordHashTest.php:107
‪TYPO3\CMS\Core\Tests\Unit\Crypto\PasswordHashing
Definition: Argon2idPasswordHashTest.php:18