‪TYPO3CMS  9.5
PhpassPasswordHashTest.php
Go to the documentation of this file.
1 <?php
2 declare(strict_types = 1);
3 namespace ‪TYPO3\CMS\Core\Tests\UnitDeprecated\Crypto\PasswordHashing;
4 
5 /*
6  * This file is part of the TYPO3 CMS project.
7  *
8  * It is free software; you can redistribute it and/or modify it under
9  * the terms of the GNU General Public License, either version 2
10  * of the License, or any later version.
11  *
12  * For the full copyright and license information, please read the
13  * LICENSE.txt file that was distributed with this source code.
14  *
15  * The TYPO3 project - inspiring people to share!
16  */
17 
18 use ‪TYPO3\CMS\Core\Crypto\PasswordHashing\PhpassPasswordHash;
19 use ‪TYPO3\CMS\Core\Crypto\Random;
20 use TYPO3\TestingFramework\Core\Unit\UnitTestCase;
21 
25 class ‪PhpassPasswordHashTest extends UnitTestCase
26 {
32  protected ‪$objectInstance;
33 
37  protected function ‪setUp()
38  {
39  $this->objectInstance = $this->getMockBuilder(PhpassPasswordHash::class)
40  ->setMethods(['dummy'])
41  ->getMock();
42  }
43 
47  public function ‪nonZeroSaltLength()
48  {
49  $this->assertTrue($this->objectInstance->getSaltLength() > 0);
50  }
51 
55  public function ‪createdSaltedHashOfProperStructureForCustomSaltWithoutSetting()
56  {
57  $password = 'password';
58  // custom salt without setting
59  $randomBytes = (new ‪Random())->generateRandomBytes($this->objectInstance->getSaltLength());
60  $salt = $this->objectInstance->base64Encode($randomBytes, $this->objectInstance->getSaltLength());
61  $this->assertTrue($this->objectInstance->isValidSalt($salt));
62  $saltedHashPassword = $this->objectInstance->getHashedPassword($password, $salt);
63  $this->assertTrue($this->objectInstance->isValidSaltedPW($saltedHashPassword));
64  }
65 
69  public function ‪createdSaltedHashOfProperStructureForMinimumHashCount()
70  {
71  $password = 'password';
72  $minHashCount = $this->objectInstance->getMinHashCount();
73  $this->objectInstance->setHashCount($minHashCount);
74  $saltedHashPassword = $this->objectInstance->getHashedPassword($password);
75  $this->assertTrue($this->objectInstance->isValidSaltedPW($saltedHashPassword));
76  // reset hashcount
77  $this->objectInstance->setHashCount(null);
78  }
79 
83  public function ‪passwordVariationsResultInDifferentHashes()
84  {
85  $pad = 'a';
86  $criticalPwLength = 0;
87  // We're using a constant salt.
88  $saltedHashPasswordCurrent = $salt = $this->objectInstance->getHashedPassword($pad);
89  for ($i = 0; $i <= 128; $i += 8) {
90  $password = str_repeat($pad, max($i, 1));
91  $saltedHashPasswordPrevious = $saltedHashPasswordCurrent;
92  $saltedHashPasswordCurrent = $this->objectInstance->getHashedPassword($password, $salt);
93  if ($i > 0 && $saltedHashPasswordPrevious === $saltedHashPasswordCurrent) {
94  $criticalPwLength = $i;
95  break;
96  }
97  }
98  $this->assertTrue($criticalPwLength == 0 || $criticalPwLength > 32, 'Duplicates of hashed passwords with plaintext password of length ' . $criticalPwLength . '+.');
99  }
100 
104  public function ‪modifiedHashCount()
105  {
106  $hashCount = $this->objectInstance->getHashCount();
107  $this->objectInstance->setMaxHashCount($hashCount + 1);
108  $this->objectInstance->setHashCount($hashCount + 1);
109  $this->assertTrue($this->objectInstance->getHashCount() > $hashCount);
110  $this->objectInstance->setMinHashCount($hashCount - 1);
111  $this->objectInstance->setHashCount($hashCount - 1);
112  $this->assertTrue($this->objectInstance->getHashCount() < $hashCount);
113  // reset hashcount
114  $this->objectInstance->setHashCount(null);
115  }
116 
120  public function ‪updateNecessityForIncreasedHashcount()
121  {
122  $password = 'password';
123  $saltedHashPassword = $this->objectInstance->getHashedPassword($password);
124  $increasedHashCount = $this->objectInstance->getHashCount() + 1;
125  $this->objectInstance->setMaxHashCount($increasedHashCount);
126  $this->objectInstance->setHashCount($increasedHashCount);
127  $this->assertTrue($this->objectInstance->isHashUpdateNeeded($saltedHashPassword));
128  // reset hashcount
129  $this->objectInstance->setHashCount(null);
130  }
131 
135  public function ‪updateNecessityForDecreasedHashcount()
136  {
137  $password = 'password';
138  $saltedHashPassword = $this->objectInstance->getHashedPassword($password);
139  $decreasedHashCount = $this->objectInstance->getHashCount() - 1;
140  $this->objectInstance->setMinHashCount($decreasedHashCount);
141  $this->objectInstance->setHashCount($decreasedHashCount);
142  $this->assertFalse($this->objectInstance->isHashUpdateNeeded($saltedHashPassword));
143  // reset hashcount
144  $this->objectInstance->setHashCount(null);
145  }
146 }
‪TYPO3\CMS\Core\Tests\UnitDeprecated\Crypto\PasswordHashing\PhpassPasswordHashTest\nonZeroSaltLength
‪nonZeroSaltLength()
Definition: PhpassPasswordHashTest.php:46
‪TYPO3\CMS\Core\Tests\UnitDeprecated\Crypto\PasswordHashing\PhpassPasswordHashTest\modifiedHashCount
‪modifiedHashCount()
Definition: PhpassPasswordHashTest.php:103
‪TYPO3\CMS\Core\Tests\UnitDeprecated\Crypto\PasswordHashing\PhpassPasswordHashTest\updateNecessityForDecreasedHashcount
‪updateNecessityForDecreasedHashcount()
Definition: PhpassPasswordHashTest.php:134
‪TYPO3\CMS\Core\Tests\UnitDeprecated\Crypto\PasswordHashing\PhpassPasswordHashTest\updateNecessityForIncreasedHashcount
‪updateNecessityForIncreasedHashcount()
Definition: PhpassPasswordHashTest.php:119
‪TYPO3\CMS\Core\Tests\UnitDeprecated\Crypto\PasswordHashing
Definition: Argon2iPasswordHashTest.php:3
‪TYPO3\CMS\Core\Tests\UnitDeprecated\Crypto\PasswordHashing\PhpassPasswordHashTest\createdSaltedHashOfProperStructureForMinimumHashCount
‪createdSaltedHashOfProperStructureForMinimumHashCount()
Definition: PhpassPasswordHashTest.php:68
‪TYPO3\CMS\Core\Tests\UnitDeprecated\Crypto\PasswordHashing\PhpassPasswordHashTest\setUp
‪setUp()
Definition: PhpassPasswordHashTest.php:36
‪TYPO3\CMS\Core\Crypto\PasswordHashing\PhpassPasswordHash
Definition: PhpassPasswordHash.php:34
‪TYPO3\CMS\Core\Tests\UnitDeprecated\Crypto\PasswordHashing\PhpassPasswordHashTest\createdSaltedHashOfProperStructureForCustomSaltWithoutSetting
‪createdSaltedHashOfProperStructureForCustomSaltWithoutSetting()
Definition: PhpassPasswordHashTest.php:54
‪TYPO3\CMS\Core\Tests\UnitDeprecated\Crypto\PasswordHashing\PhpassPasswordHashTest
Definition: PhpassPasswordHashTest.php:26
‪TYPO3\CMS\Core\Crypto\Random
Definition: Random.php:22
‪TYPO3\CMS\Core\Tests\UnitDeprecated\Crypto\PasswordHashing\PhpassPasswordHashTest\passwordVariationsResultInDifferentHashes
‪passwordVariationsResultInDifferentHashes()
Definition: PhpassPasswordHashTest.php:82
‪TYPO3\CMS\Core\Tests\UnitDeprecated\Crypto\PasswordHashing\PhpassPasswordHashTest\$objectInstance
‪PhpassPasswordHash $objectInstance
Definition: PhpassPasswordHashTest.php:31