‪TYPO3CMS  ‪main
BcryptPasswordHashTest.php
Go to the documentation of this file.
1 <?php
2 
3 declare(strict_types=1);
4 
5 /*
6  * This file is part of the TYPO3 CMS project.
7  *
8  * It is free software; you can redistribute it and/or modify it under
9  * the terms of the GNU General Public License, either version 2
10  * of the License, or any later version.
11  *
12  * For the full copyright and license information, please read the
13  * LICENSE.txt file that was distributed with this source code.
14  *
15  * The TYPO3 project - inspiring people to share!
16  */
17 
19 
20 use PHPUnit\Framework\Attributes\Test;
22 use TYPO3\TestingFramework\Core\Unit\UnitTestCase;
23 
24 final class ‪BcryptPasswordHashTest extends UnitTestCase
25 {
27 
31  protected function ‪setUp(): void
32  {
33  parent::setUp();
34  // Set a low cost to speed up tests
35  $options = [
36  'cost' => 10,
37  ];
38  $this->subject = new ‪BcryptPasswordHash($options);
39  }
40 
41  #[Test]
43  {
44  $this->expectException(\InvalidArgumentException::class);
45  $this->expectExceptionCode(1533902002);
46  new ‪BcryptPasswordHash(['cost' => 9]);
47  }
48 
49  #[Test]
51  {
52  $this->expectException(\InvalidArgumentException::class);
53  $this->expectExceptionCode(1533902002);
54  new ‪BcryptPasswordHash(['cost' => 32]);
55  }
56 
57  #[Test]
59  {
60  self::assertNull($this->subject->getHashedPassword(''));
61  }
62 
63  #[Test]
64  public function ‪getHashedPasswordReturnsString(): void
65  {
66  $hash = $this->subject->getHashedPassword('password');
67  self::assertNotNull($hash);
68  self::assertIsString($hash);
69  }
70 
71  #[Test]
73  {
74  $hash = $this->subject->getHashedPassword('password');
75  self::assertTrue($this->subject->isValidSaltedPW($hash));
76  }
77 
81  #[Test]
83  {
84  $password = 'aEjOtY';
85  $hash = $this->subject->getHashedPassword($password);
86  self::assertTrue($this->subject->checkPassword($password, $hash));
87  }
88 
92  #[Test]
94  {
95  $password = '01369';
96  $hash = $this->subject->getHashedPassword($password);
97  self::assertTrue($this->subject->checkPassword($password, $hash));
98  }
99 
103  #[Test]
105  {
106  $password = ' !"#$%&\'()*+,-./:;<=>?@[\\]^_`{|}~';
107  $hash = $this->subject->getHashedPassword($password);
108  self::assertTrue($this->subject->checkPassword($password, $hash));
109  }
110 
114  #[Test]
116  {
117  $password = '';
118  for ($i = 160; $i <= 191; $i++) {
119  $password .= chr($i);
120  }
121  $password .= chr(215) . chr(247);
122  $hash = $this->subject->getHashedPassword($password);
123  self::assertTrue($this->subject->checkPassword($password, $hash));
124  }
125 
129  #[Test]
131  {
132  $password = '';
133  for ($i = 192; $i <= 255; $i++) {
134  if ($i === 215 || $i === 247) {
135  // skip multiplication sign (×) and obelus (÷)
136  continue;
137  }
138  $password .= chr($i);
139  }
140  $hash = $this->subject->getHashedPassword($password);
141  self::assertTrue($this->subject->checkPassword($password, $hash));
142  }
143 
144  #[Test]
146  {
147  $password = 'password';
148  $password1 = $password . 'INVALID';
149  $hash = $this->subject->getHashedPassword($password);
150  self::assertFalse($this->subject->checkPassword($password1, $hash));
151  }
152 
153  #[Test]
155  {
156  $hash = $this->subject->getHashedPassword('password');
157  self::assertFalse($this->subject->isHashUpdateNeeded($hash));
158  }
159 
160  #[Test]
162  {
163  ‪$subject = new ‪BcryptPasswordHash(['cost' => 10]);
164  $hash = ‪$subject->‪getHashedPassword('password');
165  ‪$subject = new ‪BcryptPasswordHash(['cost' => 11]);
166  self::assertTrue(‪$subject->‪isHashUpdateNeeded($hash));
167  }
168 
172  #[Test]
174  {
175  $password1 = 'pass' . "\x00" . 'word';
176  $password2 = 'pass' . "\x00" . 'phrase';
177  $hash = $this->subject->getHashedPassword($password1);
178  self::assertFalse($this->subject->checkPassword($password2, $hash));
179  }
180 
184  #[Test]
186  {
187  $prefix = str_repeat('a', 72);
188  $password1 = $prefix . 'one';
189  $password2 = $prefix . 'two';
190  $hash = $this->subject->getHashedPassword($password1);
191  self::assertFalse($this->subject->checkPassword($password2, $hash));
192  }
193 }
‪TYPO3\CMS\Core\Tests\Unit\Crypto\PasswordHashing\BcryptPasswordHashTest\checkPasswordReturnsTrueForHashedPasswordWithValidLatin1UmlautCharClassPassword
‪checkPasswordReturnsTrueForHashedPasswordWithValidLatin1UmlautCharClassPassword()
Definition: BcryptPasswordHashTest.php:130
‪TYPO3\CMS\Core\Crypto\PasswordHashing\BcryptPasswordHash\isHashUpdateNeeded
‪bool isHashUpdateNeeded(string $passString)
Definition: BcryptPasswordHash.php:128
‪TYPO3\CMS\Core\Tests\Unit\Crypto\PasswordHashing\BcryptPasswordHashTest\isHashUpdateNeededReturnsFalseForJustGeneratedHash
‪isHashUpdateNeededReturnsFalseForJustGeneratedHash()
Definition: BcryptPasswordHashTest.php:154
‪TYPO3\CMS\Core\Tests\Unit\Crypto\PasswordHashing\BcryptPasswordHashTest\checkPasswordReturnsTrueForHashedPasswordWithValidAlphaCharClassPassword
‪checkPasswordReturnsTrueForHashedPasswordWithValidAlphaCharClassPassword()
Definition: BcryptPasswordHashTest.php:82
‪TYPO3\CMS\Core\Crypto\PasswordHashing\BcryptPasswordHash
Definition: BcryptPasswordHash.php:32
‪TYPO3\CMS\Core\Tests\Unit\Crypto\PasswordHashing\BcryptPasswordHashTest\isValidSaltedPwValidatesHastCreatedByGetHashedPassword
‪isValidSaltedPwValidatesHastCreatedByGetHashedPassword()
Definition: BcryptPasswordHashTest.php:72
‪TYPO3\CMS\Core\Tests\Unit\Crypto\PasswordHashing\BcryptPasswordHashTest\getHashedPasswordDoesNotTruncateAfter72Chars
‪getHashedPasswordDoesNotTruncateAfter72Chars()
Definition: BcryptPasswordHashTest.php:185
‪TYPO3\CMS\Core\Crypto\PasswordHashing\BcryptPasswordHash\getHashedPassword
‪getHashedPassword(string $password)
Definition: BcryptPasswordHash.php:88
‪TYPO3\CMS\Core\Tests\Unit\Crypto\PasswordHashing\BcryptPasswordHashTest\setUp
‪setUp()
Definition: BcryptPasswordHashTest.php:31
‪TYPO3\CMS\Core\Tests\Unit\Crypto\PasswordHashing\BcryptPasswordHashTest\getHashedPasswordReturnsNullOnEmptyPassword
‪getHashedPasswordReturnsNullOnEmptyPassword()
Definition: BcryptPasswordHashTest.php:58
‪TYPO3\CMS\Core\Tests\Unit\Crypto\PasswordHashing\BcryptPasswordHashTest\constructorThrowsExceptionIfMemoryCostIsTooLow
‪constructorThrowsExceptionIfMemoryCostIsTooLow()
Definition: BcryptPasswordHashTest.php:42
‪TYPO3\CMS\Core\Tests\Unit\Crypto\PasswordHashing\BcryptPasswordHashTest\getHashedPasswordDoesNotTruncateOnNul
‪getHashedPasswordDoesNotTruncateOnNul()
Definition: BcryptPasswordHashTest.php:173
‪TYPO3\CMS\Core\Tests\Unit\Crypto\PasswordHashing\BcryptPasswordHashTest\checkPasswordReturnsTrueForHashedPasswordWithValidAsciiSpecialCharClassPassword
‪checkPasswordReturnsTrueForHashedPasswordWithValidAsciiSpecialCharClassPassword()
Definition: BcryptPasswordHashTest.php:104
‪TYPO3\CMS\Core\Tests\Unit\Crypto\PasswordHashing\BcryptPasswordHashTest\constructorThrowsExceptionIfMemoryCostIsTooHigh
‪constructorThrowsExceptionIfMemoryCostIsTooHigh()
Definition: BcryptPasswordHashTest.php:50
‪TYPO3\CMS\Core\Tests\Unit\Crypto\PasswordHashing\BcryptPasswordHashTest
Definition: BcryptPasswordHashTest.php:25
‪TYPO3\CMS\Core\Tests\Unit\Crypto\PasswordHashing\BcryptPasswordHashTest\checkPasswordReturnsTrueForHashedPasswordWithNonValidPassword
‪checkPasswordReturnsTrueForHashedPasswordWithNonValidPassword()
Definition: BcryptPasswordHashTest.php:145
‪TYPO3\CMS\Core\Tests\Unit\Crypto\PasswordHashing\BcryptPasswordHashTest\getHashedPasswordReturnsString
‪getHashedPasswordReturnsString()
Definition: BcryptPasswordHashTest.php:64
‪TYPO3\CMS\Core\Tests\Unit\Crypto\PasswordHashing\BcryptPasswordHashTest\isHashUpdateNeededReturnsTrueForHashGeneratedWithOldOptions
‪isHashUpdateNeededReturnsTrueForHashGeneratedWithOldOptions()
Definition: BcryptPasswordHashTest.php:161
‪TYPO3\CMS\Core\Tests\Unit\Crypto\PasswordHashing\BcryptPasswordHashTest\$subject
‪BcryptPasswordHash $subject
Definition: BcryptPasswordHashTest.php:26
‪TYPO3\CMS\Core\Tests\Unit\Crypto\PasswordHashing\BcryptPasswordHashTest\checkPasswordReturnsTrueForHashedPasswordWithValidLatin1SpecialCharClassPassword
‪checkPasswordReturnsTrueForHashedPasswordWithValidLatin1SpecialCharClassPassword()
Definition: BcryptPasswordHashTest.php:115
‪TYPO3\CMS\Core\Tests\Unit\Crypto\PasswordHashing\BcryptPasswordHashTest\checkPasswordReturnsTrueForHashedPasswordWithValidNumericCharClassPassword
‪checkPasswordReturnsTrueForHashedPasswordWithValidNumericCharClassPassword()
Definition: BcryptPasswordHashTest.php:93
‪TYPO3\CMS\Core\Tests\Unit\Crypto\PasswordHashing
Definition: Argon2idPasswordHashTest.php:18