tonyair/silverstripe-framework
1
0
Fork 0
mirror of https://github.com/silverstripe/silverstripe-framework synced 2024-09-30 21:29:23 +02:00
Code Issues Projects Releases Wiki Activity

MINOR: Don't leave cost=31 blowfish setting dormant in code, causing timeouts.

Browse Source
This commit is contained in:
Sam Minnee 2012-06-15 13:47:38 +12:00
parent a1e7c1f9bf
commit 09e821efc3
1 changed files with 4 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

11
tests/security/PasswordEncryptorTest.php
View File

@ -15,6 +15,7 @@ class PasswordEncryptorTest extends SapphireTest {
public function tearDown() { public function tearDown() {
parent::tearDown(); parent::tearDown();
Config::set_instance($this->config); Config::set_instance($this->config);
PasswordEncryptor_Blowfish::set_cost(10);
} }
function testCreateForCode() { function testCreateForCode() {
@ -86,12 +87,12 @@ class PasswordEncryptorTest extends SapphireTest {
$this->assertFalse($e->check($e->encrypt($password, $salt), "anotherpw", $salt)); $this->assertFalse($e->check($e->encrypt($password, $salt), "anotherpw", $salt));
$this->assertFalse($e->check($e->encrypt($password, $salt), "mypassword", $modSalt)); $this->assertFalse($e->check($e->encrypt($password, $salt), "mypassword", $modSalt));
PasswordEncryptor_Blowfish::set_cost(15); PasswordEncryptor_Blowfish::set_cost(11);
$salt = $e->salt($password); $salt = $e->salt($password);
$modSalt = substr($salt, 0, 3) . str_shuffle(substr($salt, 3, strlen($salt))); $modSalt = substr($salt, 0, 3) . str_shuffle(substr($salt, 3, strlen($salt)));
$this->assertEquals(15, PasswordEncryptor_Blowfish::get_cost()); $this->assertEquals(11, PasswordEncryptor_Blowfish::get_cost());
$this->assertTrue($e->check($e->encrypt($password, $salt), "mypassword", $salt)); $this->assertTrue($e->check($e->encrypt($password, $salt), "mypassword", $salt));
$this->assertFalse($e->check($e->encrypt($password, $salt), "anotherpw", $salt)); $this->assertFalse($e->check($e->encrypt($password, $salt), "anotherpw", $salt));
$this->assertFalse($e->check($e->encrypt($password, $salt), "mypassword", $modSalt)); $this->assertFalse($e->check($e->encrypt($password, $salt), "mypassword", $modSalt));
@ -103,10 +104,6 @@ class PasswordEncryptorTest extends SapphireTest {
$this->assertEquals(31, PasswordEncryptor_Blowfish::get_cost()); $this->assertEquals(31, PasswordEncryptor_Blowfish::get_cost());
//Don't actually test this one. It takes too long. 31 takes too long to process //Don't actually test this one. It takes too long. 31 takes too long to process
// $salt = $e->salt($password);
// $this->assertTrue($e->check($e->encrypt($password, $salt), "mypassword", $salt));
// $this->assertFalse($e->check($e->encrypt($password, $salt), "anotherpw", $salt));
} }
function testEncryptorPHPHashCheck() { function testEncryptorPHPHashCheck() {