TYPO3 CMS  TYPO3_6-2
Md5SaltTest.php
Go to the documentation of this file.
1 <?php
3 
23 
29  protected $objectInstance = NULL;
30 
36  public function setUp() {
37  $this->objectInstance = $this->getMock('TYPO3\\CMS\\Saltedpasswords\\Salt\\Md5Salt', array('dummy'));
38  }
39 
45  protected function getWarningWhenMethodUnavailable() {
46  $warningMsg = '';
47  if (!CRYPT_MD5) {
48  $warningMsg = 'MD5 is not supported on your platform. ' . 'Then, some of the md5 tests will fail.';
49  }
50  return $warningMsg;
51  }
52 
56  public function hasCorrectBaseClass() {
57  $hasCorrectBaseClass = get_class($this->objectInstance) === 'TYPO3\\CMS\\Saltedpasswords\\Salt\\Md5Salt';
58  // XCLASS ?
59  if (!$hasCorrectBaseClass && FALSE != get_parent_class($this->objectInstance)) {
60  $hasCorrectBaseClass = is_subclass_of($this->objectInstance, 'TYPO3\\CMS\\Saltedpasswords\\Salt\\Md5Salt');
61  }
62  $this->assertTrue($hasCorrectBaseClass);
63  }
64 
68  public function nonZeroSaltLength() {
69  $this->assertTrue($this->objectInstance->getSaltLength() > 0);
70  }
71 
76  $password = '';
77  $this->assertNull($this->objectInstance->getHashedPassword($password));
78  }
79 
84  $password = 'a';
85  $this->assertNotNull($this->objectInstance->getHashedPassword($password), $this->getWarningWhenMethodUnavailable());
86  }
87 
92  $password = 'password';
93  $saltedHashPassword = $this->objectInstance->getHashedPassword($password);
94  $this->assertTrue($this->objectInstance->isValidSaltedPW($saltedHashPassword), $this->getWarningWhenMethodUnavailable());
95  }
96 
101  $password = 'password';
102  // custom salt without setting
103  $randomBytes = \TYPO3\CMS\Core\Utility\GeneralUtility::generateRandomBytes($this->objectInstance->getSaltLength());
104  $salt = $this->objectInstance->base64Encode($randomBytes, $this->objectInstance->getSaltLength());
105  $this->assertTrue($this->objectInstance->isValidSalt($salt), $this->getWarningWhenMethodUnavailable());
106  $saltedHashPassword = $this->objectInstance->getHashedPassword($password, $salt);
107  $this->assertTrue($this->objectInstance->isValidSaltedPW($saltedHashPassword), $this->getWarningWhenMethodUnavailable());
108  }
109 
119  $password = 'aEjOtY';
120  $saltedHashPassword = $this->objectInstance->getHashedPassword($password);
121  $this->assertTrue($this->objectInstance->checkPassword($password, $saltedHashPassword), $this->getWarningWhenMethodUnavailable());
122  }
123 
133  $password = '01369';
134  $saltedHashPassword = $this->objectInstance->getHashedPassword($password);
135  $this->assertTrue($this->objectInstance->checkPassword($password, $saltedHashPassword), $this->getWarningWhenMethodUnavailable());
136  }
137 
147  $password = ' !"#$%&\'()*+,-./:;<=>?@[\\]^_`{|}~';
148  $saltedHashPassword = $this->objectInstance->getHashedPassword($password);
149  $this->assertTrue($this->objectInstance->checkPassword($password, $saltedHashPassword), $this->getWarningWhenMethodUnavailable());
150  }
151 
161  $password = '';
162  for ($i = 160; $i <= 191; $i++) {
163  $password .= chr($i);
164  }
165  $password .= chr(215) . chr(247);
166  $saltedHashPassword = $this->objectInstance->getHashedPassword($password);
167  $this->assertTrue($this->objectInstance->checkPassword($password, $saltedHashPassword), $this->getWarningWhenMethodUnavailable());
168  }
169 
179  $password = '';
180  for ($i = 192; $i <= 214; $i++) {
181  $password .= chr($i);
182  }
183  for ($i = 216; $i <= 246; $i++) {
184  $password .= chr($i);
185  }
186  for ($i = 248; $i <= 255; $i++) {
187  $password .= chr($i);
188  }
189  $saltedHashPassword = $this->objectInstance->getHashedPassword($password);
190  $this->assertTrue($this->objectInstance->checkPassword($password, $saltedHashPassword), $this->getWarningWhenMethodUnavailable());
191  }
192 
197  $password = 'password';
198  $password1 = $password . 'INVALID';
199  $saltedHashPassword = $this->objectInstance->getHashedPassword($password);
200  $this->assertFalse($this->objectInstance->checkPassword($password1, $saltedHashPassword), $this->getWarningWhenMethodUnavailable());
201  }
202 
207  $pad = 'a';
208  $criticalPwLength = 0;
209  // We're using a constant salt.
210  $saltedHashPasswordCurrent = $salt = $this->objectInstance->getHashedPassword($pad);
211  for ($i = 0; $i <= 128; $i += 8) {
212  $password = str_repeat($pad, max($i, 1));
213  $saltedHashPasswordPrevious = $saltedHashPasswordCurrent;
214  $saltedHashPasswordCurrent = $this->objectInstance->getHashedPassword($password, $salt);
215  if ($i > 0 && $saltedHashPasswordPrevious === $saltedHashPasswordCurrent) {
216  $criticalPwLength = $i;
217  break;
218  }
219  }
220  $this->assertTrue($criticalPwLength == 0 || $criticalPwLength > 32, $this->getWarningWhenMethodUnavailable() . 'Duplicates of hashed passwords with plaintext password of length ' . $criticalPwLength . '+.');
221  }
222 
226  public function noUpdateNecessityForMd5() {
227  $password = 'password';
228  $saltedHashPassword = $this->objectInstance->getHashedPassword($password);
229  $this->assertFalse($this->objectInstance->isHashUpdateNeeded($saltedHashPassword));
230  }
231 
232 }
static generateRandomBytes($bytesToReturn)