9.5/_pbkdf2_pasword_hash_test_8php_source.html

<?php

declare(strict_types = 1);

namespace ‪TYPO3\CMS\Core\Tests\Unit\Crypto\PasswordHashing;


/*

 * This file is part of the TYPO3 CMS project.

 *

 * It is free software; you can redistribute it and/or modify it under

 * the terms of the GNU General Public License, either version 2

 * of the License, or any later version.

 *

 * For the full copyright and license information, please read the

 * LICENSE.txt file that was distributed with this source code.

 *

 * The TYPO3 project - inspiring people to share!

 */


use ‪TYPO3\CMS\Core\Crypto\PasswordHashing\Pbkdf2PasswordHash;

use TYPO3\TestingFramework\Core\Unit\UnitTestCase;


class ‪Pbkdf2PaswordHashTest extends UnitTestCase

{

    public function ‪constructorThrowsExceptionIfHashCountIsTooLow()

    {

        $this->expectException(\InvalidArgumentException::class);

        $this->expectExceptionCode(1533903544);

        new ‪Pbkdf2PasswordHash(['hash_count' => 999]);

    }


    public function ‪constructorThrowsExceptionIfHashCountIsTooHigh()

    {

        $this->expectException(\InvalidArgumentException::class);

        $this->expectExceptionCode(1533903544);

        new ‪Pbkdf2PasswordHash(['hash_count' => 10000001]);

    }


    public function ‪getHashedPasswordReturnsNullWithEmptyPassword()

    {

        $password = '';

        $subject = new ‪Pbkdf2PasswordHash(['hash_count' => 1000]);

        $this->assertNull($subject->getHashedPassword($password));

    }


    public function ‪getHashedPasswordReturnsNotNullWithNullPassword()

    {

        $password = 'a';

        $subject = new ‪Pbkdf2PasswordHash(['hash_count' => 1000]);

        $this->assertNotNull($subject->getHashedPassword($password));

    }


    public function ‪getHashedPasswordValidates()

    {

        $password = 'password';

        $subject = new ‪Pbkdf2PasswordHash(['hash_count' => 1000]);

        $saltedHashPassword = $subject->getHashedPassword($password);

        $this->assertTrue($subject->isValidSaltedPW($saltedHashPassword));

    }


    public function ‪checkPasswordReturnsTrueWithValidAlphaCharClassPasswordAndFixedHash()

    {

        $password = 'password';

        $saltedHashPassword = '$pbkdf2-sha256$1000$woPhT0yoWm3AXJXSjuxJ3w$iZ6EvTulMqXlzr0NO8z5EyrklFcJk5Uw2Fqje68FfaQ';

        $subject = new ‪Pbkdf2PasswordHash(['hash_count' => 1000]);

        $this->assertTrue($subject->checkPassword($password, $saltedHashPassword));

    }


    public function ‪checkPasswordReturnsFalseWithBrokenHash()

    {

        $password = 'password';

        $saltedHashPassword = '$pbkdf2-sha256$1000$woPhT0yoWm3AXJXSjuxJ3w$iZ6EvTulMqXlzr0NO8z5EyrklFcJk5Uw2Fqje68Ffa';

        $subject = new ‪Pbkdf2PasswordHash(['hash_count' => 1000]);

        $this->assertFalse($subject->checkPassword($password, $saltedHashPassword));

    }


    public function ‪checkPasswordReturnsTrueWithValidAlphaCharClassPassword()

    {

        $password = 'aEjOtY';

        $subject = new ‪Pbkdf2PasswordHash(['hash_count' => 1000]);

        $saltedHashPassword = $subject->getHashedPassword($password);

        $this->assertTrue($subject->checkPassword($password, $saltedHashPassword));

    }


    public function ‪checkPasswordReturnsTrueWithValidNumericCharClassPassword()

    {

        $password = '01369';

        $subject = new ‪Pbkdf2PasswordHash(['hash_count' => 1000]);

        $saltedHashPassword = $subject->getHashedPassword($password);

        $this->assertTrue($subject->checkPassword($password, $saltedHashPassword));

    }


    public function ‪checkPasswordReturnsTrueWithValidAsciiSpecialCharClassPassword()

    {

        $password = ' !"#$%&\'()*+,-./:;<=>?@[\\]^_`{|}~';

        $subject = new ‪Pbkdf2PasswordHash(['hash_count' => 1000]);

        $saltedHashPassword = $subject->getHashedPassword($password);

        $this->assertTrue($subject->checkPassword($password, $saltedHashPassword));

    }


    public function ‪checkPasswordReturnsTrueWithValidLatin1SpecialCharClassPassword()

    {

        $password = '';

        for ($i = 160; $i <= 191; $i++) {

            $password .= chr($i);

        }

        $password .= chr(215) . chr(247);

        $subject = new ‪Pbkdf2PasswordHash(['hash_count' => 1000]);

        $saltedHashPassword = $subject->getHashedPassword($password);

        $this->assertTrue($subject->checkPassword($password, $saltedHashPassword));

    }


    public function ‪checkPasswordReturnsTrueWithValidLatin1UmlautCharClassPassword()

    {

        $password = '';

        for ($i = 192; $i <= 214; $i++) {

            $password .= chr($i);

        }

        for ($i = 216; $i <= 246; $i++) {

            $password .= chr($i);

        }

        for ($i = 248; $i <= 255; $i++) {

            $password .= chr($i);

        }

        $subject = new ‪Pbkdf2PasswordHash(['hash_count' => 1000]);

        $saltedHashPassword = $subject->getHashedPassword($password);

        $this->assertTrue($subject->checkPassword($password, $saltedHashPassword));

    }


    public function ‪checkPasswordReturnsFalseWithNonValidPassword()

    {

        $password = 'password';

        $password1 = $password . 'INVALID';

        $subject = new ‪Pbkdf2PasswordHash(['hash_count' => 1000]);

        $saltedHashPassword = $subject->getHashedPassword($password);

        $this->assertFalse($subject->checkPassword($password1, $saltedHashPassword));

    }


    public function ‪isHashUpdateNeededReturnsFalseForValidSaltedPassword()

    {

        $password = 'password';

        $subject = new ‪Pbkdf2PasswordHash(['hash_count' => 1000]);

        $saltedHashPassword = $subject->getHashedPassword($password);

        $this->assertFalse($subject->isHashUpdateNeeded($saltedHashPassword));

    }


    public function ‪isHashUpdateNeededReturnsTrueWithChangedHashCount()

    {

        $subject = new ‪Pbkdf2PasswordHash(['hash_count' => 1000]);

        $saltedHashPassword = $subject->getHashedPassword('password');

        $subject = new ‪Pbkdf2PasswordHash(['hash_count' => 1001]);

        $this->assertTrue($subject->isHashUpdateNeeded($saltedHashPassword));

    }


    public function ‪checkPasswordIsCompatibleWithPythonPasslibHashes()

    {

        $passlibSaltedHash= '$pbkdf2-sha256$6400$.6UI/S.nXIk8jcbdHx3Fhg$98jZicV16ODfEsEZeYPGHU3kbrUrvUEXOPimVSQDD44';

        $subject = new ‪Pbkdf2PasswordHash(['hash_count' => 1000]);

        $this->assertTrue($subject->checkPassword('password', $passlibSaltedHash));

    }

}