silverstripe-framework/tests/security/PasswordEncryptorTest.php

181 lines
6.1 KiB
PHP
Raw Normal View History

<?php
2016-06-23 01:37:22 +02:00
use SilverStripe\Security\PasswordEncryptor_Blowfish;
use SilverStripe\Security\PasswordEncryptor;
class PasswordEncryptorTest extends SapphireTest {
/**
*
* @var Config
*/
private $config = null;
public function setUp() {
parent::setUp();
$this->config = clone(Config::inst());
}
public function tearDown() {
parent::tearDown();
Config::set_instance($this->config);
PasswordEncryptor_Blowfish::set_cost(10);
}
public function testCreateForCode() {
2016-06-23 01:37:22 +02:00
Config::inst()->update(
'SilverStripe\\Security\\PasswordEncryptor',
'encryptors',
['test' => ['PasswordEncryptorTest_TestEncryptor' => null]]
);
$e = PasswordEncryptor::create_for_algorithm('test');
$this->assertInstanceOf('PasswordEncryptorTest_TestEncryptor', $e );
}
2014-08-15 08:53:05 +02:00
/**
2016-06-23 01:37:22 +02:00
* @expectedException SilverStripe\Security\PasswordEncryptor_NotFoundException
*/
public function testCreateForCodeNotFound() {
PasswordEncryptor::create_for_algorithm('unknown');
}
2014-08-15 08:53:05 +02:00
public function testRegister() {
2016-06-23 01:37:22 +02:00
Config::inst()->update(
'SilverStripe\\Security\\PasswordEncryptor',
'encryptors',
array('test' => array('PasswordEncryptorTest_TestEncryptor' => null))
);
$encryptors = PasswordEncryptor::get_encryptors();
$this->assertContains('test', array_keys($encryptors));
$encryptor = $encryptors['test'];
$this->assertContains('PasswordEncryptorTest_TestEncryptor', key($encryptor));
}
2014-08-15 08:53:05 +02:00
public function testUnregister() {
2016-06-23 01:37:22 +02:00
Config::inst()->update(
'SilverStripe\\Security\\PasswordEncryptor',
'encryptors',
array('test' => array('PasswordEncryptorTest_TestEncryptor' => null))
);
Config::inst()->remove('SilverStripe\\Security\\PasswordEncryptor', 'encryptors', 'test');
$this->assertNotContains('test', array_keys(PasswordEncryptor::get_encryptors()));
}
2014-08-15 08:53:05 +02:00
public function testEncryptorPHPHashWithArguments() {
2016-06-23 01:37:22 +02:00
Config::inst()->update(
'SilverStripe\\Security\\PasswordEncryptor',
'encryptors',
['test_md5' => ['SilverStripe\\Security\\PasswordEncryptor_PHPHash'=>'md5']]
);
$e = PasswordEncryptor::create_for_algorithm('test_md5');
$this->assertEquals('md5', $e->getAlgorithm());
}
2014-08-15 08:53:05 +02:00
public function testEncryptorPHPHash() {
2016-06-23 01:37:22 +02:00
Config::inst()->update(
'SilverStripe\\Security\\PasswordEncryptor',
'encryptors',
['test_sha1' => ['SilverStripe\\Security\\PasswordEncryptor_PHPHash' => 'sha1']]
);
$e = PasswordEncryptor::create_for_algorithm('test_sha1');
$password = 'mypassword';
$salt = 'mysalt';
$this->assertEquals(
2014-08-15 08:53:05 +02:00
hash('sha1', $password . $salt),
$e->encrypt($password, $salt)
);
}
public function testEncryptorBlowfish() {
2016-06-23 01:37:22 +02:00
Config::inst()->update(
'SilverStripe\\Security\\PasswordEncryptor',
'encryptors',
['test_blowfish' => ['SilverStripe\\Security\\PasswordEncryptor_Blowfish' => '']]
);
$e = PasswordEncryptor::create_for_algorithm('test_blowfish');
2014-08-15 08:53:05 +02:00
$password = 'mypassword';
$salt = $e->salt($password);
$modSalt = substr($salt, 0, 3) . str_shuffle(substr($salt, 3, strlen($salt)));
2014-08-15 08:53:05 +02:00
$this->assertTrue($e->checkAEncryptionLevel() == 'y' || $e->checkAEncryptionLevel() == 'x'
|| $e->checkAEncryptionLevel() == 'a');
$this->assertTrue($e->check($e->encrypt($password, $salt), "mypassword", $salt));
$this->assertFalse($e->check($e->encrypt($password, $salt), "anotherpw", $salt));
$this->assertFalse($e->check($e->encrypt($password, $salt), "mypassword", $modSalt));
PasswordEncryptor_Blowfish::set_cost(1);
$salt = $e->salt($password);
$modSalt = substr($salt, 0, 3) . str_shuffle(substr($salt, 3, strlen($salt)));
$this->assertNotEquals(1, PasswordEncryptor_Blowfish::get_cost());
$this->assertEquals(4, PasswordEncryptor_Blowfish::get_cost());
$this->assertTrue($e->check($e->encrypt($password, $salt), "mypassword", $salt));
$this->assertFalse($e->check($e->encrypt($password, $salt), "anotherpw", $salt));
$this->assertFalse($e->check($e->encrypt($password, $salt), "mypassword", $modSalt));
PasswordEncryptor_Blowfish::set_cost(11);
$salt = $e->salt($password);
$modSalt = substr($salt, 0, 3) . str_shuffle(substr($salt, 3, strlen($salt)));
$this->assertEquals(11, PasswordEncryptor_Blowfish::get_cost());
2014-08-15 08:53:05 +02:00
$this->assertTrue($e->check($e->encrypt($password, $salt), "mypassword", $salt));
$this->assertFalse($e->check($e->encrypt($password, $salt), "anotherpw", $salt));
$this->assertFalse($e->check($e->encrypt($password, $salt), "mypassword", $modSalt));
PasswordEncryptor_Blowfish::set_cost(35);
$this->assertNotEquals(35, PasswordEncryptor_Blowfish::get_cost());
$this->assertEquals(31, PasswordEncryptor_Blowfish::get_cost());
//Don't actually test this one. It takes too long. 31 takes too long to process
}
2014-08-15 08:53:05 +02:00
public function testEncryptorPHPHashCheck() {
2016-06-23 01:37:22 +02:00
Config::inst()->update(
'SilverStripe\\Security\\PasswordEncryptor',
'encryptors',
['test_sha1' => ['SilverStripe\\Security\\PasswordEncryptor_PHPHash' => 'sha1']]
);
$e = PasswordEncryptor::create_for_algorithm('test_sha1');
$this->assertTrue($e->check(sha1('mypassword'), 'mypassword'));
$this->assertFalse($e->check(sha1('mypassword'), 'mywrongpassword'));
}
2014-08-15 08:53:05 +02:00
/**
* See http://open.silverstripe.org/ticket/3004
2014-08-15 08:53:05 +02:00
*
* Handy command for reproducing via CLI on different architectures:
* php -r "echo(base_convert(sha1('mypassword'), 16, 36));"
*/
public function testEncryptorLegacyPHPHashCheck() {
2016-06-23 01:37:22 +02:00
Config::inst()->update(
'SilverStripe\\Security\\PasswordEncryptor',
'encryptors',
['test_sha1legacy' => ['SilverStripe\\Security\\PasswordEncryptor_LegacyPHPHash' => 'sha1']]
);
$e = PasswordEncryptor::create_for_algorithm('test_sha1legacy');
// precomputed hashes for 'mypassword' from different architectures
$amdHash = 'h1fj0a6m4o6k0sosks88oo08ko4gc4s';
$intelHash = 'h1fj0a6m4o0g04ocg00o4kwoc4wowws';
$wrongHash = 'h1fjxxxxxxxxxxxxxxxxxxxxxxxxxxx';
$this->assertTrue($e->check($amdHash, "mypassword"));
$this->assertTrue($e->check($intelHash, "mypassword"));
$this->assertFalse($e->check($wrongHash, "mypassword"));
}
}
class PasswordEncryptorTest_TestEncryptor extends PasswordEncryptor implements TestOnly {
public function encrypt($password, $salt = null, $member = null) {
return 'password';
}
2014-08-15 08:53:05 +02:00
public function salt($password, $member = null) {
return 'salt';
}
}