PageRenderTime 29ms CodeModel.GetById 15ms RepoModel.GetById 1ms app.codeStats 0ms

/tests/php/Security/PasswordEncryptorTest.php

http://github.com/silverstripe/sapphire
PHP | 168 lines | 131 code | 24 blank | 13 comment | 5 complexity | db1b5e1ab7e2fa86cf9fcf492e1f38e9 MD5 | raw file
Possible License(s): BSD-3-Clause, MIT, CC-BY-3.0, GPL-2.0, AGPL-1.0, LGPL-2.1 
    

  1. <?php
    2. 

  2. 

  3. namespace SilverStripe\Security\Tests;
    4. 

  4. 

  5. use SilverStripe\Security\PasswordEncryptor_Blowfish;
    6. 

  6. use SilverStripe\Security\PasswordEncryptor;
    7. 

  7. use SilverStripe\Core\Config\Config;
    8. 

  8. use SilverStripe\Dev\SapphireTest;
    9. 

  9. use SilverStripe\Security\PasswordEncryptor_LegacyPHPHash;
    10. 

  10. use SilverStripe\Security\PasswordEncryptor_PHPHash;
    11. 

  11. use SilverStripe\Security\Tests\PasswordEncryptorTest\TestEncryptor;
    12. 

  12. 

  13. class PasswordEncryptorTest extends SapphireTest
    14. 

  14. {
    15. 

  15.     protected function tearDown()
    16. 

  16.     {
    17. 

  17.         parent::tearDown();
    18. 

  18.         PasswordEncryptor_Blowfish::set_cost(10);
    19. 

  19.     }
    20. 

  20. 

  21.     public function testCreateForCode()
    22. 

  22.     {
    23. 

  23.         Config::modify()->merge(
    24. 

  24.             PasswordEncryptor::class,
    25. 

  25.             'encryptors',
    26. 

  26.             ['test' => [TestEncryptor::class => null]]
    27. 

  27.         );
    28. 

  28.         $e = PasswordEncryptor::create_for_algorithm('test');
    29. 

  29.         $this->assertInstanceOf(TestEncryptor::class, $e);
    30. 

  30.     }
    31. 

  31. 

  32.     /**
    33. 

  33.      * @expectedException \SilverStripe\Security\PasswordEncryptor_NotFoundException
    34. 

  34.      */
    35. 

  35.     public function testCreateForCodeNotFound()
    36. 

  36.     {
    37. 

  37.         PasswordEncryptor::create_for_algorithm('unknown');
    38. 

  38.     }
    39. 

  39. 

  40.     public function testRegister()
    41. 

  41.     {
    42. 

  42.         Config::modify()->merge(
    43. 

  43.             PasswordEncryptor::class,
    44. 

  44.             'encryptors',
    45. 

  45.             ['test' => [TestEncryptor::class => null]]
    46. 

  46.         );
    47. 

  47.         $encryptors = PasswordEncryptor::get_encryptors();
    48. 

  48.         $this->assertContains('test', array_keys($encryptors));
    49. 

  49.         $encryptor = $encryptors['test'];
    50. 

  50.         $this->assertContains(TestEncryptor::class, key($encryptor));
    51. 

  51.     }
    52. 

  52. 

  53.     public function testEncryptorPHPHashWithArguments()
    54. 

  54.     {
    55. 

  55.         Config::modify()->merge(
    56. 

  56.             PasswordEncryptor::class,
    57. 

  57.             'encryptors',
    58. 

  58.             ['test_md5' => [PasswordEncryptor_PHPHash::class=>'md5']]
    59. 

  59.         );
    60. 

  60.         /** @var PasswordEncryptor_PHPHash $e */
    61. 

  61.         $e = PasswordEncryptor::create_for_algorithm('test_md5');
    62. 

  62.         $this->assertEquals('md5', $e->getAlgorithm());
    63. 

  63.     }
    64. 

  64. 

  65.     public function testEncryptorPHPHash()
    66. 

  66.     {
    67. 

  67.         Config::modify()->merge(
    68. 

  68.             PasswordEncryptor::class,
    69. 

  69.             'encryptors',
    70. 

  70.             ['test_sha1' => [PasswordEncryptor_PHPHash::class => 'sha1']]
    71. 

  71.         );
    72. 

  72.         $e = PasswordEncryptor::create_for_algorithm('test_sha1');
    73. 

  73.         $password = 'mypassword';
    74. 

  74.         $salt = 'mysalt';
    75. 

  75.         $this->assertEquals(
    76. 

  76.             hash('sha1', $password . $salt),
    77. 

  77.             $e->encrypt($password, $salt)
    78. 

  78.         );
    79. 

  79.     }
    80. 

  80. 

  81.     public function testEncryptorBlowfish()
    82. 

  82.     {
    83. 

  83.         Config::modify()->merge(
    84. 

  84.             PasswordEncryptor::class,
    85. 

  85.             'encryptors',
    86. 

  86.             ['test_blowfish' => [PasswordEncryptor_Blowfish::class => '']]
    87. 

  87.         );
    88. 

  88.         /** @var PasswordEncryptor_Blowfish $e */
    89. 

  89.         $e = PasswordEncryptor::create_for_algorithm('test_blowfish');
    90. 

  90. 

  91.         $password = 'mypassword';
    92. 

  92. 

  93.         $salt = $e->salt($password);
    94. 

  94.         $modSalt = substr($salt, 0, 3) . str_shuffle(substr($salt, 3, strlen($salt)));
    95. 

  95. 

  96.         $this->assertTrue(
    97. 

  97.             $e->checkAEncryptionLevel() == 'y' || $e->checkAEncryptionLevel() == 'x'
    98. 

  98.             || $e->checkAEncryptionLevel() == 'a'
    99. 

  99.         );
    100. 

  100.         $this->assertTrue($e->check($e->encrypt($password, $salt), "mypassword", $salt));
    101. 

  101.         $this->assertFalse($e->check($e->encrypt($password, $salt), "anotherpw", $salt));
    102. 

  102.         $this->assertFalse($e->check($e->encrypt($password, $salt), "mypassword", $modSalt));
    103. 

  103. 

  104.         PasswordEncryptor_Blowfish::set_cost(1);
    105. 

  105.         $salt = $e->salt($password);
    106. 

  106.         $modSalt = substr($salt, 0, 3) . str_shuffle(substr($salt, 3, strlen($salt)));
    107. 

  107. 

  108.         $this->assertNotEquals(1, PasswordEncryptor_Blowfish::get_cost());
    109. 

  109.         $this->assertEquals(4, PasswordEncryptor_Blowfish::get_cost());
    110. 

  110. 

  111.         $this->assertTrue($e->check($e->encrypt($password, $salt), "mypassword", $salt));
    112. 

  112.         $this->assertFalse($e->check($e->encrypt($password, $salt), "anotherpw", $salt));
    113. 

  113.         $this->assertFalse($e->check($e->encrypt($password, $salt), "mypassword", $modSalt));
    114. 

  114. 

  115.         PasswordEncryptor_Blowfish::set_cost(11);
    116. 

  116.         $salt = $e->salt($password);
    117. 

  117.         $modSalt = substr($salt, 0, 3) . str_shuffle(substr($salt, 3, strlen($salt)));
    118. 

  118. 

  119.         $this->assertEquals(11, PasswordEncryptor_Blowfish::get_cost());
    120. 

  120. 

  121.         $this->assertTrue($e->check($e->encrypt($password, $salt), "mypassword", $salt));
    122. 

  122.         $this->assertFalse($e->check($e->encrypt($password, $salt), "anotherpw", $salt));
    123. 

  123.         $this->assertFalse($e->check($e->encrypt($password, $salt), "mypassword", $modSalt));
    124. 

  124. 

  125. 

  126.         PasswordEncryptor_Blowfish::set_cost(35);
    127. 

  127. 

  128.         $this->assertNotEquals(35, PasswordEncryptor_Blowfish::get_cost());
    129. 

  129.         $this->assertEquals(31, PasswordEncryptor_Blowfish::get_cost());
    130. 

  130. 

  131.         //Don't actually test this one. It takes too long. 31 takes too long to process
    132. 

  132.     }
    133. 

  133. 

  134.     public function testEncryptorPHPHashCheck()
    135. 

  135.     {
    136. 

  136.         Config::modify()->merge(
    137. 

  137.             PasswordEncryptor::class,
    138. 

  138.             'encryptors',
    139. 

  139.             ['test_sha1' => [PasswordEncryptor_PHPHash::class => 'sha1']]
    140. 

  140.         );
    141. 

  141.         $e = PasswordEncryptor::create_for_algorithm('test_sha1');
    142. 

  142.         $this->assertTrue($e->check(sha1('mypassword'), 'mypassword'));
    143. 

  143.         $this->assertFalse($e->check(sha1('mypassword'), 'mywrongpassword'));
    144. 

  144.     }
    145. 

  145. 

  146.     /**
    147. 

  147.      * See http://open.silverstripe.org/ticket/3004
    148. 

  148.      *
    149. 

  149.      * Handy command for reproducing via CLI on different architectures:
    150. 

  150.      *  php -r "echo(base_convert(sha1('mypassword'), 16, 36));"
    151. 

  151.      */
    152. 

  152.     public function testEncryptorLegacyPHPHashCheck()
    153. 

  153.     {
    154. 

  154.         Config::modify()->merge(
    155. 

  155.             PasswordEncryptor::class,
    156. 

  156.             'encryptors',
    157. 

  157.             ['test_sha1legacy' => [PasswordEncryptor_LegacyPHPHash::class => 'sha1']]
    158. 

  158.         );
    159. 

  159.         $e = PasswordEncryptor::create_for_algorithm('test_sha1legacy');
    160. 

  160.         // precomputed hashes for 'mypassword' from different architectures
    161. 

  161.         $amdHash = 'h1fj0a6m4o6k0sosks88oo08ko4gc4s';
    162. 

  162.         $intelHash = 'h1fj0a6m4o0g04ocg00o4kwoc4wowws';
    163. 

  163.         $wrongHash = 'h1fjxxxxxxxxxxxxxxxxxxxxxxxxxxx';
    164. 

  164.         $this->assertTrue($e->check($amdHash, "mypassword"));
    165. 

  165.         $this->assertTrue($e->check($intelHash, "mypassword"));
    166. 

  166.         $this->assertFalse($e->check($wrongHash, "mypassword"));
    167. 

  167.     }
    168. 

  168. }
    169. 

  169.