BlowfishSaltTest.php

Go to the documentation of this file.

<?php
namespace TYPO3\CMS\Saltedpasswords\Tests\Unit\Salt;

/*
 * This file is part of the TYPO3 CMS project.
 *
 * It is free software; you can redistribute it and/or modify it under
 * the terms of the GNU General Public License, either version 2
 * of the License, or any later version.
 *
 * For the full copyright and license information, please read the
 * LICENSE.txt file that was distributed with this source code.
 *
 * The TYPO3 project - inspiring people to share!
 */

use TYPO3\CMS\Core\Crypto\Random;

class BlowfishSaltTest extends \TYPO3\TestingFramework\Core\Unit\UnitTestCase
{
    protected $objectInstance = null;

    protected function setUp()
    {
        $this->objectInstance = $this->getMockBuilder(\TYPO3\CMS\Saltedpasswords\Salt\BlowfishSalt::class)
            ->setMethods(['dummy'])
            ->getMock();
    }

    protected function skipTestIfBlowfishIsNotAvailable()
    {
        if (!CRYPT_BLOWFISH) {
            $this->markTestSkipped('Blowfish is not supported on your platform.');
        }
    }

    public function hasCorrectBaseClass()
    {
        $hasCorrectBaseClass = get_class($this->objectInstance) === \TYPO3\CMS\Saltedpasswords\Salt\BlowfishSalt::class;
        // XCLASS ?
        if (!$hasCorrectBaseClass && false != get_parent_class($this->objectInstance)) {
            $hasCorrectBaseClass = is_subclass_of($this->objectInstance, \TYPO3\CMS\Saltedpasswords\Salt\BlowfishSalt::class);
        }
        $this->assertTrue($hasCorrectBaseClass);
    }

    public function nonZeroSaltLength()
    {
        $this->assertTrue($this->objectInstance->getSaltLength() > 0);
    }

    public function emptyPasswordResultsInNullSaltedPassword()
    {
        $password = '';
        $this->assertNull($this->objectInstance->getHashedPassword($password));
    }

    public function nonEmptyPasswordResultsInNonNullSaltedPassword()
    {
        $this->skipTestIfBlowfishIsNotAvailable();
        $password = 'a';
        $this->assertNotNull($this->objectInstance->getHashedPassword($password));
    }

    public function createdSaltedHashOfProperStructure()
    {
        $this->skipTestIfBlowfishIsNotAvailable();
        $password = 'password';
        $saltedHashPassword = $this->objectInstance->getHashedPassword($password);
        $this->assertTrue($this->objectInstance->isValidSaltedPW($saltedHashPassword));
    }

    public function createdSaltedHashOfProperStructureForCustomSaltWithoutSetting()
    {
        $this->skipTestIfBlowfishIsNotAvailable();
        $password = 'password';
        // custom salt without setting
        $randomBytes = (new Random())->generateRandomBytes($this->objectInstance->getSaltLength());
        $salt = $this->objectInstance->base64Encode($randomBytes, $this->objectInstance->getSaltLength());
        $this->assertTrue($this->objectInstance->isValidSalt($salt));
        $saltedHashPassword = $this->objectInstance->getHashedPassword($password, $salt);
        $this->assertTrue($this->objectInstance->isValidSaltedPW($saltedHashPassword));
    }

    public function createdSaltedHashOfProperStructureForMinimumHashCount()
    {
        $this->skipTestIfBlowfishIsNotAvailable();
        $password = 'password';
        $minHashCount = $this->objectInstance->getMinHashCount();
        $this->objectInstance->setHashCount($minHashCount);
        $saltedHashPassword = $this->objectInstance->getHashedPassword($password);
        $this->assertTrue($this->objectInstance->isValidSaltedPW($saltedHashPassword));
        // reset hashcount
        $this->objectInstance->setHashCount(null);
    }

    public function authenticationWithValidAlphaCharClassPasswordAndFixedHash()
    {
        $password = 'password';
        $saltedHashPassword = '$2a$07$Rvtl6CyMhR8GZGhHypjwOuydeN0nKFAlgo1LmmGrLowtIrtkov5Na';
        $this->assertTrue($this->objectInstance->checkPassword($password, $saltedHashPassword));
    }

    public function authenticationFailsWithBrokenHash()
    {
        $password = 'password';
        $saltedHashPassword = '$2a$07$Rvtl6CyMhR8GZGhHypjwOuydeN0nKFAlgo1LmmGrLowtIrtkov5N';
        $this->assertFalse($this->objectInstance->checkPassword($password, $saltedHashPassword));
    }

    public function authenticationWithValidAlphaCharClassPassword()
    {
        $this->skipTestIfBlowfishIsNotAvailable();
        $password = 'aEjOtY';
        $saltedHashPassword = $this->objectInstance->getHashedPassword($password);
        $this->assertTrue($this->objectInstance->checkPassword($password, $saltedHashPassword));
    }

    public function authenticationWithValidNumericCharClassPassword()
    {
        $this->skipTestIfBlowfishIsNotAvailable();
        $password = '01369';
        $saltedHashPassword = $this->objectInstance->getHashedPassword($password);
        $this->assertTrue($this->objectInstance->checkPassword($password, $saltedHashPassword));
    }

    public function authenticationWithValidAsciiSpecialCharClassPassword()
    {
        $this->skipTestIfBlowfishIsNotAvailable();
        $password = ' !"#$%&\'()*+,-./:;<=>?@[\\]^_`{|}~';
        $saltedHashPassword = $this->objectInstance->getHashedPassword($password);
        $this->assertTrue($this->objectInstance->checkPassword($password, $saltedHashPassword));
    }

    public function authenticationWithValidLatin1SpecialCharClassPassword()
    {
        $this->skipTestIfBlowfishIsNotAvailable();
        $password = '';
        for ($i = 160; $i <= 191; $i++) {
            $password .= chr($i);
        }
        $password .= chr(215) . chr(247);
        $saltedHashPassword = $this->objectInstance->getHashedPassword($password);
        $this->assertTrue($this->objectInstance->checkPassword($password, $saltedHashPassword));
    }

    public function authenticationWithValidLatin1UmlautCharClassPassword()
    {
        $this->skipTestIfBlowfishIsNotAvailable();
        $password = '';
        for ($i = 192; $i <= 214; $i++) {
            $password .= chr($i);
        }
        for ($i = 216; $i <= 246; $i++) {
            $password .= chr($i);
        }
        for ($i = 248; $i <= 255; $i++) {
            $password .= chr($i);
        }
        $saltedHashPassword = $this->objectInstance->getHashedPassword($password);
        $this->assertTrue($this->objectInstance->checkPassword($password, $saltedHashPassword));
    }

    public function authenticationWithNonValidPassword()
    {
        $this->skipTestIfBlowfishIsNotAvailable();
        $password = 'password';
        $password1 = $password . 'INVALID';
        $saltedHashPassword = $this->objectInstance->getHashedPassword($password);
        $this->assertFalse($this->objectInstance->checkPassword($password1, $saltedHashPassword));
    }

    public function passwordVariationsResultInDifferentHashes()
    {
        $this->skipTestIfBlowfishIsNotAvailable();
        $pad = 'a';
        $criticalPwLength = 0;
        // We're using a constant salt.
        $saltedHashPasswordCurrent = $salt = $this->objectInstance->getHashedPassword($pad);
        for ($i = 0; $i <= 128; $i += 8) {
            $password = str_repeat($pad, max($i, 1));
            $saltedHashPasswordPrevious = $saltedHashPasswordCurrent;
            $saltedHashPasswordCurrent = $this->objectInstance->getHashedPassword($password, $salt);
            if ($i > 0 && $saltedHashPasswordPrevious === $saltedHashPasswordCurrent) {
                $criticalPwLength = $i;
                break;
            }
        }
        $this->assertTrue($criticalPwLength == 0 || $criticalPwLength > 32, 'Duplicates of hashed passwords with plaintext password of length ' . $criticalPwLength . '+.');
    }

    public function modifiedMinHashCount()
    {
        $minHashCount = $this->objectInstance->getMinHashCount();
        $this->objectInstance->setMinHashCount($minHashCount - 1);
        $this->assertTrue($this->objectInstance->getMinHashCount() < $minHashCount);
        $this->objectInstance->setMinHashCount($minHashCount + 1);
        $this->assertTrue($this->objectInstance->getMinHashCount() > $minHashCount);
    }

    public function modifiedMaxHashCount()
    {
        $maxHashCount = $this->objectInstance->getMaxHashCount();
        $this->objectInstance->setMaxHashCount($maxHashCount + 1);
        $this->assertTrue($this->objectInstance->getMaxHashCount() > $maxHashCount);
        $this->objectInstance->setMaxHashCount($maxHashCount - 1);
        $this->assertTrue($this->objectInstance->getMaxHashCount() < $maxHashCount);
    }

    public function modifiedHashCount()
    {
        $hashCount = $this->objectInstance->getHashCount();
        $this->objectInstance->setMaxHashCount($hashCount + 1);
        $this->objectInstance->setHashCount($hashCount + 1);
        $this->assertTrue($this->objectInstance->getHashCount() > $hashCount);
        $this->objectInstance->setMinHashCount($hashCount - 1);
        $this->objectInstance->setHashCount($hashCount - 1);
        $this->assertTrue($this->objectInstance->getHashCount() < $hashCount);
        // reset hashcount
        $this->objectInstance->setHashCount(null);
    }

    public function updateNecessityForValidSaltedPassword()
    {
        $this->skipTestIfBlowfishIsNotAvailable();
        $password = 'password';
        $saltedHashPassword = $this->objectInstance->getHashedPassword($password);
        $this->assertFalse($this->objectInstance->isHashUpdateNeeded($saltedHashPassword));
    }

    public function updateNecessityForIncreasedHashcount()
    {
        $password = 'password';
        $saltedHashPassword = $this->objectInstance->getHashedPassword($password);
        $increasedHashCount = $this->objectInstance->getHashCount() + 1;
        $this->objectInstance->setMaxHashCount($increasedHashCount);
        $this->objectInstance->setHashCount($increasedHashCount);
        $this->assertTrue($this->objectInstance->isHashUpdateNeeded($saltedHashPassword));
        // reset hashcount
        $this->objectInstance->setHashCount(null);
    }

    public function updateNecessityForDecreasedHashcount()
    {
        $this->skipTestIfBlowfishIsNotAvailable();
        $password = 'password';
        $saltedHashPassword = $this->objectInstance->getHashedPassword($password);
        $decreasedHashCount = $this->objectInstance->getHashCount() - 1;
        $this->objectInstance->setMinHashCount($decreasedHashCount);
        $this->objectInstance->setHashCount($decreasedHashCount);
        $this->assertFalse($this->objectInstance->isHashUpdateNeeded($saltedHashPassword));
        // reset hashcount
        $this->objectInstance->setHashCount(null);
    }
}