2009-11-06 03:23:21 +01:00
|
|
|
<?php
|
2016-06-23 01:37:22 +02:00
|
|
|
|
2016-10-14 03:30:05 +02:00
|
|
|
namespace SilverStripe\Security\Tests;
|
|
|
|
|
|
|
|
|
2016-06-23 01:37:22 +02:00
|
|
|
use SilverStripe\Security\PasswordEncryptor_Blowfish;
|
|
|
|
use SilverStripe\Security\PasswordEncryptor;
|
2016-08-19 00:51:35 +02:00
|
|
|
use SilverStripe\Core\Config\Config;
|
|
|
|
use SilverStripe\Dev\SapphireTest;
|
2016-10-14 03:30:05 +02:00
|
|
|
use SilverStripe\Security\PasswordEncryptor_LegacyPHPHash;
|
|
|
|
use SilverStripe\Security\PasswordEncryptor_PHPHash;
|
|
|
|
use SilverStripe\Security\Tests\PasswordEncryptorTest\TestEncryptor;
|
2016-06-23 01:37:22 +02:00
|
|
|
|
2009-11-06 03:23:21 +01:00
|
|
|
class PasswordEncryptorTest extends SapphireTest {
|
2012-04-07 04:59:55 +02:00
|
|
|
|
|
|
|
/**
|
|
|
|
*
|
|
|
|
* @var Config
|
|
|
|
*/
|
|
|
|
private $config = null;
|
|
|
|
|
|
|
|
public function setUp() {
|
|
|
|
parent::setUp();
|
|
|
|
$this->config = clone(Config::inst());
|
|
|
|
}
|
|
|
|
|
|
|
|
public function tearDown() {
|
|
|
|
parent::tearDown();
|
|
|
|
Config::set_instance($this->config);
|
2012-06-15 03:47:38 +02:00
|
|
|
PasswordEncryptor_Blowfish::set_cost(10);
|
2012-04-07 04:59:55 +02:00
|
|
|
}
|
|
|
|
|
2012-09-19 12:07:39 +02:00
|
|
|
public function testCreateForCode() {
|
2016-06-23 01:37:22 +02:00
|
|
|
Config::inst()->update(
|
2016-10-14 03:30:05 +02:00
|
|
|
PasswordEncryptor::class,
|
2016-06-23 01:37:22 +02:00
|
|
|
'encryptors',
|
2016-10-14 03:30:05 +02:00
|
|
|
['test' => [TestEncryptor::class => null]]
|
2016-06-23 01:37:22 +02:00
|
|
|
);
|
2009-11-06 03:23:21 +01:00
|
|
|
$e = PasswordEncryptor::create_for_algorithm('test');
|
2016-10-14 03:30:05 +02:00
|
|
|
$this->assertInstanceOf(TestEncryptor::class, $e );
|
2009-11-06 03:23:21 +01:00
|
|
|
}
|
2014-08-15 08:53:05 +02:00
|
|
|
|
2009-11-06 03:23:21 +01:00
|
|
|
/**
|
2016-10-14 03:30:05 +02:00
|
|
|
* @expectedException \SilverStripe\Security\PasswordEncryptor_NotFoundException
|
2009-11-06 03:23:21 +01:00
|
|
|
*/
|
2012-09-19 12:07:39 +02:00
|
|
|
public function testCreateForCodeNotFound() {
|
2009-11-06 03:23:21 +01:00
|
|
|
PasswordEncryptor::create_for_algorithm('unknown');
|
|
|
|
}
|
2014-08-15 08:53:05 +02:00
|
|
|
|
2012-09-19 12:07:39 +02:00
|
|
|
public function testRegister() {
|
2016-06-23 01:37:22 +02:00
|
|
|
Config::inst()->update(
|
2016-10-14 03:30:05 +02:00
|
|
|
PasswordEncryptor::class,
|
2016-06-23 01:37:22 +02:00
|
|
|
'encryptors',
|
2016-10-14 03:30:05 +02:00
|
|
|
array('test' => array(TestEncryptor::class => null))
|
2016-06-23 01:37:22 +02:00
|
|
|
);
|
2012-04-07 04:59:55 +02:00
|
|
|
$encryptors = PasswordEncryptor::get_encryptors();
|
|
|
|
$this->assertContains('test', array_keys($encryptors));
|
|
|
|
$encryptor = $encryptors['test'];
|
2016-10-14 03:30:05 +02:00
|
|
|
$this->assertContains(TestEncryptor::class, key($encryptor));
|
2009-11-06 03:23:21 +01:00
|
|
|
}
|
2014-08-15 08:53:05 +02:00
|
|
|
|
2012-09-19 12:07:39 +02:00
|
|
|
public function testUnregister() {
|
2016-06-23 01:37:22 +02:00
|
|
|
Config::inst()->update(
|
2016-10-14 03:30:05 +02:00
|
|
|
PasswordEncryptor::class,
|
2016-06-23 01:37:22 +02:00
|
|
|
'encryptors',
|
2016-10-14 03:30:05 +02:00
|
|
|
array('test' => array(TestEncryptor::class => null))
|
2016-06-23 01:37:22 +02:00
|
|
|
);
|
2016-10-14 03:30:05 +02:00
|
|
|
Config::inst()->remove(PasswordEncryptor::class, 'encryptors', 'test');
|
2009-11-06 03:23:21 +01:00
|
|
|
$this->assertNotContains('test', array_keys(PasswordEncryptor::get_encryptors()));
|
|
|
|
}
|
2014-08-15 08:53:05 +02:00
|
|
|
|
2012-09-19 12:07:39 +02:00
|
|
|
public function testEncryptorPHPHashWithArguments() {
|
2016-06-23 01:37:22 +02:00
|
|
|
Config::inst()->update(
|
2016-10-14 03:30:05 +02:00
|
|
|
PasswordEncryptor::class,
|
2016-06-23 01:37:22 +02:00
|
|
|
'encryptors',
|
2016-10-14 03:30:05 +02:00
|
|
|
['test_md5' => [PasswordEncryptor_PHPHash::class=>'md5']]
|
2016-06-23 01:37:22 +02:00
|
|
|
);
|
2009-11-06 03:23:21 +01:00
|
|
|
$e = PasswordEncryptor::create_for_algorithm('test_md5');
|
|
|
|
$this->assertEquals('md5', $e->getAlgorithm());
|
|
|
|
}
|
2014-08-15 08:53:05 +02:00
|
|
|
|
2012-09-19 12:07:39 +02:00
|
|
|
public function testEncryptorPHPHash() {
|
2016-06-23 01:37:22 +02:00
|
|
|
Config::inst()->update(
|
2016-10-14 03:30:05 +02:00
|
|
|
PasswordEncryptor::class,
|
2016-06-23 01:37:22 +02:00
|
|
|
'encryptors',
|
2016-10-14 03:30:05 +02:00
|
|
|
['test_sha1' => [PasswordEncryptor_PHPHash::class => 'sha1']]
|
2016-06-23 01:37:22 +02:00
|
|
|
);
|
2009-11-06 03:23:21 +01:00
|
|
|
$e = PasswordEncryptor::create_for_algorithm('test_sha1');
|
|
|
|
$password = 'mypassword';
|
|
|
|
$salt = 'mysalt';
|
|
|
|
$this->assertEquals(
|
2014-08-15 08:53:05 +02:00
|
|
|
hash('sha1', $password . $salt),
|
2009-11-06 03:23:21 +01:00
|
|
|
$e->encrypt($password, $salt)
|
|
|
|
);
|
|
|
|
}
|
2012-05-02 03:51:29 +02:00
|
|
|
|
2012-09-19 12:07:39 +02:00
|
|
|
public function testEncryptorBlowfish() {
|
2016-06-23 01:37:22 +02:00
|
|
|
Config::inst()->update(
|
2016-10-14 03:30:05 +02:00
|
|
|
PasswordEncryptor::class,
|
2016-06-23 01:37:22 +02:00
|
|
|
'encryptors',
|
2016-10-14 03:30:05 +02:00
|
|
|
['test_blowfish' => [PasswordEncryptor_Blowfish::class => '']]
|
2016-06-23 01:37:22 +02:00
|
|
|
);
|
2012-05-02 03:51:29 +02:00
|
|
|
$e = PasswordEncryptor::create_for_algorithm('test_blowfish');
|
2014-08-15 08:53:05 +02:00
|
|
|
|
2012-05-02 03:51:29 +02:00
|
|
|
$password = 'mypassword';
|
2012-06-14 05:04:01 +02:00
|
|
|
|
|
|
|
$salt = $e->salt($password);
|
|
|
|
$modSalt = substr($salt, 0, 3) . str_shuffle(substr($salt, 3, strlen($salt)));
|
2012-05-07 05:04:09 +02:00
|
|
|
|
2014-08-15 08:53:05 +02:00
|
|
|
$this->assertTrue($e->checkAEncryptionLevel() == 'y' || $e->checkAEncryptionLevel() == 'x'
|
2012-09-26 23:34:00 +02:00
|
|
|
|| $e->checkAEncryptionLevel() == 'a');
|
2012-05-07 05:04:09 +02:00
|
|
|
$this->assertTrue($e->check($e->encrypt($password, $salt), "mypassword", $salt));
|
|
|
|
$this->assertFalse($e->check($e->encrypt($password, $salt), "anotherpw", $salt));
|
2012-06-14 05:04:01 +02:00
|
|
|
$this->assertFalse($e->check($e->encrypt($password, $salt), "mypassword", $modSalt));
|
|
|
|
|
|
|
|
PasswordEncryptor_Blowfish::set_cost(1);
|
|
|
|
$salt = $e->salt($password);
|
|
|
|
$modSalt = substr($salt, 0, 3) . str_shuffle(substr($salt, 3, strlen($salt)));
|
|
|
|
|
|
|
|
$this->assertNotEquals(1, PasswordEncryptor_Blowfish::get_cost());
|
|
|
|
$this->assertEquals(4, PasswordEncryptor_Blowfish::get_cost());
|
|
|
|
|
|
|
|
$this->assertTrue($e->check($e->encrypt($password, $salt), "mypassword", $salt));
|
|
|
|
$this->assertFalse($e->check($e->encrypt($password, $salt), "anotherpw", $salt));
|
|
|
|
$this->assertFalse($e->check($e->encrypt($password, $salt), "mypassword", $modSalt));
|
|
|
|
|
2012-06-15 03:47:38 +02:00
|
|
|
PasswordEncryptor_Blowfish::set_cost(11);
|
2012-06-14 05:04:01 +02:00
|
|
|
$salt = $e->salt($password);
|
|
|
|
$modSalt = substr($salt, 0, 3) . str_shuffle(substr($salt, 3, strlen($salt)));
|
|
|
|
|
2012-06-15 03:47:38 +02:00
|
|
|
$this->assertEquals(11, PasswordEncryptor_Blowfish::get_cost());
|
2014-08-15 08:53:05 +02:00
|
|
|
|
2012-06-14 05:04:01 +02:00
|
|
|
$this->assertTrue($e->check($e->encrypt($password, $salt), "mypassword", $salt));
|
|
|
|
$this->assertFalse($e->check($e->encrypt($password, $salt), "anotherpw", $salt));
|
|
|
|
$this->assertFalse($e->check($e->encrypt($password, $salt), "mypassword", $modSalt));
|
|
|
|
|
|
|
|
|
|
|
|
PasswordEncryptor_Blowfish::set_cost(35);
|
|
|
|
|
|
|
|
$this->assertNotEquals(35, PasswordEncryptor_Blowfish::get_cost());
|
|
|
|
$this->assertEquals(31, PasswordEncryptor_Blowfish::get_cost());
|
|
|
|
|
|
|
|
//Don't actually test this one. It takes too long. 31 takes too long to process
|
2012-05-02 03:51:29 +02:00
|
|
|
}
|
2014-08-15 08:53:05 +02:00
|
|
|
|
2012-09-19 12:07:39 +02:00
|
|
|
public function testEncryptorPHPHashCheck() {
|
2016-06-23 01:37:22 +02:00
|
|
|
Config::inst()->update(
|
2016-10-14 03:30:05 +02:00
|
|
|
PasswordEncryptor::class,
|
2016-06-23 01:37:22 +02:00
|
|
|
'encryptors',
|
2016-10-14 03:30:05 +02:00
|
|
|
['test_sha1' => [PasswordEncryptor_PHPHash::class => 'sha1']]
|
2016-06-23 01:37:22 +02:00
|
|
|
);
|
2009-11-06 03:23:21 +01:00
|
|
|
$e = PasswordEncryptor::create_for_algorithm('test_sha1');
|
2012-05-07 05:03:53 +02:00
|
|
|
$this->assertTrue($e->check(sha1('mypassword'), 'mypassword'));
|
|
|
|
$this->assertFalse($e->check(sha1('mypassword'), 'mywrongpassword'));
|
2009-11-06 03:23:21 +01:00
|
|
|
}
|
2014-08-15 08:53:05 +02:00
|
|
|
|
2009-11-06 03:23:21 +01:00
|
|
|
/**
|
|
|
|
* See http://open.silverstripe.org/ticket/3004
|
2014-08-15 08:53:05 +02:00
|
|
|
*
|
2009-11-06 03:23:21 +01:00
|
|
|
* Handy command for reproducing via CLI on different architectures:
|
|
|
|
* php -r "echo(base_convert(sha1('mypassword'), 16, 36));"
|
|
|
|
*/
|
2012-09-19 12:07:39 +02:00
|
|
|
public function testEncryptorLegacyPHPHashCheck() {
|
2016-06-23 01:37:22 +02:00
|
|
|
Config::inst()->update(
|
2016-10-14 03:30:05 +02:00
|
|
|
PasswordEncryptor::class,
|
2016-06-23 01:37:22 +02:00
|
|
|
'encryptors',
|
2016-10-14 03:30:05 +02:00
|
|
|
['test_sha1legacy' => [PasswordEncryptor_LegacyPHPHash::class => 'sha1']]
|
2016-06-23 01:37:22 +02:00
|
|
|
);
|
2009-11-06 03:23:21 +01:00
|
|
|
$e = PasswordEncryptor::create_for_algorithm('test_sha1legacy');
|
|
|
|
// precomputed hashes for 'mypassword' from different architectures
|
|
|
|
$amdHash = 'h1fj0a6m4o6k0sosks88oo08ko4gc4s';
|
|
|
|
$intelHash = 'h1fj0a6m4o0g04ocg00o4kwoc4wowws';
|
|
|
|
$wrongHash = 'h1fjxxxxxxxxxxxxxxxxxxxxxxxxxxx';
|
2012-05-07 05:03:53 +02:00
|
|
|
$this->assertTrue($e->check($amdHash, "mypassword"));
|
|
|
|
$this->assertTrue($e->check($intelHash, "mypassword"));
|
|
|
|
$this->assertFalse($e->check($wrongHash, "mypassword"));
|
2009-11-06 03:23:21 +01:00
|
|
|
}
|
|
|
|
}
|