‪TYPO3CMS  ‪main
BlowfishPasswordHashTest.php
Go to the documentation of this file.
1 <?php
2 
3 declare(strict_types=1);
4 
5 /*
6  * This file is part of the TYPO3 CMS project.
7  *
8  * It is free software; you can redistribute it and/or modify it under
9  * the terms of the GNU General Public License, either version 2
10  * of the License, or any later version.
11  *
12  * For the full copyright and license information, please read the
13  * LICENSE.txt file that was distributed with this source code.
14  *
15  * The TYPO3 project - inspiring people to share!
16  */
17 
18 namespace ‪TYPO3\CMS\Core\Tests\Unit\Crypto\PasswordHashing;
19 
20 use PHPUnit\Framework\Attributes\Test;
21 use ‪TYPO3\CMS\Core\Crypto\PasswordHashing\BlowfishPasswordHash;
22 use TYPO3\TestingFramework\Core\Unit\UnitTestCase;
23 
24 final class ‪BlowfishPasswordHashTest extends UnitTestCase
25 {
26  #[Test]
27  public function ‪constructorThrowsExceptionIfHashCountIsTooLow(): void
28  {
29  $this->expectException(\InvalidArgumentException::class);
30  $this->expectExceptionCode(1533903545);
31  new ‪BlowfishPasswordHash(['hash_count' => 3]);
32  }
33 
34  #[Test]
35  public function ‪constructorThrowsExceptionIfHashCountIsTooHigh(): void
36  {
37  $this->expectException(\InvalidArgumentException::class);
38  $this->expectExceptionCode(1533903545);
39  new ‪BlowfishPasswordHash(['hash_count' => 18]);
40  }
41 
42  #[Test]
43  public function ‪getHashedPasswordWithEmptyPasswordResultsInNullSaltedPassword(): void
44  {
45  $password = '';
46  self::assertNull((new ‪BlowfishPasswordHash(['hash_count' => 4]))->getHashedPassword($password));
47  }
48 
49  #[Test]
50  public function ‪getHashedPasswordWithNonEmptyPasswordResultsInNonNullSaltedPassword(): void
51  {
52  $password = 'a';
53  self::assertNotNull((new ‪BlowfishPasswordHash(['hash_count' => 4]))->getHashedPassword($password));
54  }
55 
56  #[Test]
57  public function ‪getHashedPasswordValidates(): void
58  {
59  $password = 'password';
60  $subject = new ‪BlowfishPasswordHash(['hash_count' => 4]);
61  $saltedHashPassword = $subject->getHashedPassword($password);
62  self::assertTrue($subject->isValidSaltedPW($saltedHashPassword));
63  }
64 
71  #[Test]
72  public function ‪checkPasswordReturnsTrueWithValidAlphaCharClassPasswordAndFixedHash(): void
73  {
74  $password = 'password';
75  $saltedHashPassword = '$2a$07$Rvtl6CyMhR8GZGhHypjwOuydeN0nKFAlgo1LmmGrLowtIrtkov5Na';
76  self::assertTrue((new ‪BlowfishPasswordHash(['hash_count' => 4]))->checkPassword($password, $saltedHashPassword));
77  }
78 
82  #[Test]
83  public function ‪checkPasswordReturnsFalseFailsWithBrokenHash(): void
84  {
85  $password = 'password';
86  $saltedHashPassword = '$2a$07$Rvtl6CyMhR8GZGhHypjwOuydeN0nKFAlgo1LmmGrLowtIrtkov5N';
87  self::assertFalse((new ‪BlowfishPasswordHash(['hash_count' => 4]))->checkPassword($password, $saltedHashPassword));
88  }
89 
96  #[Test]
97  public function ‪checkPasswordReturnsTrueWithValidAlphaCharClassPassword(): void
98  {
99  $password = 'aEjOtY';
100  $subject = new ‪BlowfishPasswordHash(['hash_count' => 4]);
101  $saltedHashPassword = $subject->getHashedPassword($password);
102  self::assertTrue($subject->checkPassword($password, $saltedHashPassword));
103  }
104 
111  #[Test]
112  public function ‪checkPasswordReturnsTrueWithValidNumericCharClassPassword(): void
113  {
114  $password = '01369';
115  $subject = new ‪BlowfishPasswordHash(['hash_count' => 4]);
116  $saltedHashPassword = $subject->getHashedPassword($password);
117  self::assertTrue($subject->checkPassword($password, $saltedHashPassword));
118  }
119 
126  #[Test]
127  public function ‪checkPasswordReturnsTrueWithValidAsciiSpecialCharClassPassword(): void
128  {
129  $password = ' !"#$%&\'()*+,-./:;<=>?@[\\]^_`{|}~';
130  $subject = new ‪BlowfishPasswordHash(['hash_count' => 4]);
131  $saltedHashPassword = $subject->getHashedPassword($password);
132  self::assertTrue($subject->checkPassword($password, $saltedHashPassword));
133  }
134 
141  #[Test]
142  public function ‪checkPasswordReturnsTrueWithValidLatin1SpecialCharClassPassword(): void
143  {
144  $password = '';
145  for ($i = 160; $i <= 191; $i++) {
146  $password .= chr($i);
147  }
148  $password .= chr(215) . chr(247);
149  $subject = new ‪BlowfishPasswordHash(['hash_count' => 4]);
150  $saltedHashPassword = $subject->getHashedPassword($password);
151  self::assertTrue($subject->checkPassword($password, $saltedHashPassword));
152  }
153 
160  #[Test]
161  public function ‪checkPasswordReturnsReturnsTrueWithValidLatin1UmlautCharClassPassword(): void
162  {
163  $password = '';
164  for ($i = 192; $i <= 214; $i++) {
165  $password .= chr($i);
166  }
167  for ($i = 216; $i <= 246; $i++) {
168  $password .= chr($i);
169  }
170  for ($i = 248; $i <= 255; $i++) {
171  $password .= chr($i);
172  }
173  $subject = new ‪BlowfishPasswordHash(['hash_count' => 4]);
174  $saltedHashPassword = $subject->getHashedPassword($password);
175  self::assertTrue($subject->checkPassword($password, $saltedHashPassword));
176  }
177 
178  #[Test]
179  public function ‪checkPasswordReturnsFalseWithNonValidPassword(): void
180  {
181  $password = 'password';
182  $password1 = $password . 'INVALID';
183  $subject = new ‪BlowfishPasswordHash(['hash_count' => 4]);
184  $saltedHashPassword = $subject->getHashedPassword($password);
185  self::assertFalse($subject->checkPassword($password1, $saltedHashPassword));
186  }
187 
188  #[Test]
189  public function ‪isHashUpdateNeededReturnsFalseForValidSaltedPassword(): void
190  {
191  $password = 'password';
192  $subject = new ‪BlowfishPasswordHash(['hash_count' => 4]);
193  $saltedHashPassword = $subject->getHashedPassword($password);
194  self::assertFalse($subject->isHashUpdateNeeded($saltedHashPassword));
195  }
196 
197  #[Test]
198  public function ‪isHashUpdateNeededReturnsTrueForHashGeneratedWithOldOptions(): void
199  {
200  $subject = new ‪BlowfishPasswordHash(['hash_count' => 4]);
201  $hash = $subject->getHashedPassword('password');
202  $subject = new ‪BlowfishPasswordHash(['hash_count' => 5]);
203  self::assertTrue($subject->isHashUpdateNeeded($hash));
204  }
205 }
‪TYPO3\CMS\Core\Tests\Unit\Crypto\PasswordHashing\BlowfishPasswordHashTest\checkPasswordReturnsFalseWithNonValidPassword
‪checkPasswordReturnsFalseWithNonValidPassword()
Definition: BlowfishPasswordHashTest.php:179
‪TYPO3\CMS\Core\Tests\Unit\Crypto\PasswordHashing\BlowfishPasswordHashTest\checkPasswordReturnsTrueWithValidLatin1SpecialCharClassPassword
‪checkPasswordReturnsTrueWithValidLatin1SpecialCharClassPassword()
Definition: BlowfishPasswordHashTest.php:142
‪TYPO3\CMS\Core\Tests\Unit\Crypto\PasswordHashing\BlowfishPasswordHashTest\isHashUpdateNeededReturnsFalseForValidSaltedPassword
‪isHashUpdateNeededReturnsFalseForValidSaltedPassword()
Definition: BlowfishPasswordHashTest.php:189
‪TYPO3\CMS\Core\Tests\Unit\Crypto\PasswordHashing\BlowfishPasswordHashTest\getHashedPasswordValidates
‪getHashedPasswordValidates()
Definition: BlowfishPasswordHashTest.php:57
‪TYPO3\CMS\Core\Tests\Unit\Crypto\PasswordHashing\BlowfishPasswordHashTest\checkPasswordReturnsTrueWithValidAlphaCharClassPasswordAndFixedHash
‪checkPasswordReturnsTrueWithValidAlphaCharClassPasswordAndFixedHash()
Definition: BlowfishPasswordHashTest.php:72
‪TYPO3\CMS\Core\Tests\Unit\Crypto\PasswordHashing\BlowfishPasswordHashTest\checkPasswordReturnsTrueWithValidAlphaCharClassPassword
‪checkPasswordReturnsTrueWithValidAlphaCharClassPassword()
Definition: BlowfishPasswordHashTest.php:97
‪TYPO3\CMS\Core\Tests\Unit\Crypto\PasswordHashing\BlowfishPasswordHashTest\checkPasswordReturnsTrueWithValidNumericCharClassPassword
‪checkPasswordReturnsTrueWithValidNumericCharClassPassword()
Definition: BlowfishPasswordHashTest.php:112
‪TYPO3\CMS\Core\Tests\Unit\Crypto\PasswordHashing\BlowfishPasswordHashTest\getHashedPasswordWithNonEmptyPasswordResultsInNonNullSaltedPassword
‪getHashedPasswordWithNonEmptyPasswordResultsInNonNullSaltedPassword()
Definition: BlowfishPasswordHashTest.php:50
‪TYPO3\CMS\Core\Crypto\PasswordHashing\BlowfishPasswordHash
Definition: BlowfishPasswordHash.php:31
‪TYPO3\CMS\Core\Tests\Unit\Crypto\PasswordHashing\BlowfishPasswordHashTest
Definition: BlowfishPasswordHashTest.php:25
‪TYPO3\CMS\Core\Tests\Unit\Crypto\PasswordHashing\BlowfishPasswordHashTest\checkPasswordReturnsFalseFailsWithBrokenHash
‪checkPasswordReturnsFalseFailsWithBrokenHash()
Definition: BlowfishPasswordHashTest.php:83
‪TYPO3\CMS\Core\Tests\Unit\Crypto\PasswordHashing\BlowfishPasswordHashTest\constructorThrowsExceptionIfHashCountIsTooHigh
‪constructorThrowsExceptionIfHashCountIsTooHigh()
Definition: BlowfishPasswordHashTest.php:35
‪TYPO3\CMS\Core\Tests\Unit\Crypto\PasswordHashing\BlowfishPasswordHashTest\checkPasswordReturnsReturnsTrueWithValidLatin1UmlautCharClassPassword
‪checkPasswordReturnsReturnsTrueWithValidLatin1UmlautCharClassPassword()
Definition: BlowfishPasswordHashTest.php:161
‪TYPO3\CMS\Core\Tests\Unit\Crypto\PasswordHashing\BlowfishPasswordHashTest\checkPasswordReturnsTrueWithValidAsciiSpecialCharClassPassword
‪checkPasswordReturnsTrueWithValidAsciiSpecialCharClassPassword()
Definition: BlowfishPasswordHashTest.php:127
‪TYPO3\CMS\Core\Tests\Unit\Crypto\PasswordHashing\BlowfishPasswordHashTest\constructorThrowsExceptionIfHashCountIsTooLow
‪constructorThrowsExceptionIfHashCountIsTooLow()
Definition: BlowfishPasswordHashTest.php:27
‪TYPO3\CMS\Core\Tests\Unit\Crypto\PasswordHashing\BlowfishPasswordHashTest\getHashedPasswordWithEmptyPasswordResultsInNullSaltedPassword
‪getHashedPasswordWithEmptyPasswordResultsInNullSaltedPassword()
Definition: BlowfishPasswordHashTest.php:43
‪TYPO3\CMS\Core\Tests\Unit\Crypto\PasswordHashing
Definition: Argon2idPasswordHashTest.php:18
‪TYPO3\CMS\Core\Tests\Unit\Crypto\PasswordHashing\BlowfishPasswordHashTest\isHashUpdateNeededReturnsTrueForHashGeneratedWithOldOptions
‪isHashUpdateNeededReturnsTrueForHashGeneratedWithOldOptions()
Definition: BlowfishPasswordHashTest.php:198