[ Index ]

PHP Cross Reference of DokuWiki

title

Body

[close]

/_test/tests/inc/ -> auth_password.test.php (source)

   1  <?php
   2  
   3  class auth_password_test extends DokuWikiTest {
   4  
   5      /**
   6       *  precomputed hashes
   7       *
   8       * for the password foo$method, using abcdefgh12345678912345678912345678 as salt
   9       *
  10       * @return array
  11       */
  12      public function hashes() {
  13  
  14          $passes = array(
  15              array('smd5', '$1$abcdefgh$SYbjm2AEvSoHG7Xapi8so.'),
  16              array('apr1', '$apr1$abcdefgh$C/GzYTF4kOVByYLEoD5X4.'),
  17              array('md5', '8fa22d62408e5351553acdd91c6b7003'),
  18              array('sha1', 'b456d3b0efd105d613744ffd549514ecafcfc7e1'),
  19              array('ssha', '{SSHA}QMHG+uC7bHNYKkmoLbNsNI38/dJhYmNk'),
  20              array('lsmd5', '{SMD5}HGbkPrkWgy9KgcRGWlrsUWFiY2RlZmdo'),
  21              array('crypt', 'ablvoGr1hvZ5k'),
  22              array('mysql', '4a1fa3780bd6fd55'),
  23              array('my411', '*E5929347E25F82E19E4EBE92F1DC6B6E7C2DBD29'),
  24              array('kmd5', 'a579299436d7969791189acadd86fcb716'),
  25              array('djangomd5', 'md5$abcde$d0fdddeda8cd92725d2b54148ac09158'),
  26              array('djangosha1', 'sha1$abcde$c8e65a7f0acc9158843048a53dcc5a6bc4d17678'),
  27  
  28          );
  29  
  30          if(defined('CRYPT_SHA512') && CRYPT_SHA512 == 1) {
  31              // Check SHA512 only if available in this PHP
  32              $passes[] = array('sha512', '$6$abcdefgh12345678$J9.zOcgx0lotwZdcz0uulA3IVQMinZvFZVjA5vapRLVAAqtay23XD4xeeUxQ3B4JvDWYFBIxVWW1tOYlHX13k1');
  33          }
  34          if(function_exists('hash_pbkdf2')) {
  35              if(in_array('sha256', hash_algos())) {
  36                  $passes[] = array('djangopbkdf2_sha256', 'pbkdf2_sha256$24000$abcdefgh1234$R23OyZJ0nGHLG6MvPNfEkV5AOz3jUY5zthByPXs2gn0=');
  37              }
  38              if(in_array('sha1', hash_algos())) {
  39                  $passes[] = array('djangopbkdf2_sha1', 'pbkdf2_sha1$24000$abcdefgh1234$pOliX4vV1hgOv7lFNURIHHx41HI=');
  40              }
  41          }
  42          return $passes;
  43      }
  44  
  45      /**
  46       * @dataProvider hashes
  47       * @param $method
  48       * @param $hash
  49       */
  50      function test_cryptPassword($method, $hash) {
  51          $this->assertEquals(
  52              $hash,
  53              auth_cryptPassword('foo' . $method, $method, 'abcdefgh12345678912345678912345678')
  54          );
  55      }
  56  
  57      /**
  58       * @dataProvider hashes
  59       * @param $method
  60       * @param $hash
  61       */
  62      function test_verifyPassword($method, $hash) {
  63          $this->assertTrue(auth_verifyPassword('foo' . $method, $hash));
  64          $this->assertFalse(auth_verifyPassword('bar' . $method, $hash));
  65      }
  66  
  67      /**
  68       * @dataProvider hashes
  69       * @param $method
  70       * @param $hash
  71       */
  72      function test_verifySelf($method, $hash) {
  73          $hash = auth_cryptPassword('foo' . $method, $method);
  74          $this->assertTrue(auth_verifyPassword('foo' . $method, $hash));
  75      }
  76  
  77      function test_bcrypt_self() {
  78          $hash = auth_cryptPassword('foobcrypt', 'bcrypt');
  79          $this->assertTrue(auth_verifyPassword('foobcrypt', $hash));
  80      }
  81  
  82      function test_verifyPassword_fixedbcrypt() {
  83          $this->assertTrue(auth_verifyPassword('foobcrypt', '$2a$12$uTWercxbq4sjp2xAzv3we.ZOxk51m5V/Bv5bp2H27oVFJl5neFQoC'));
  84      }
  85  
  86      function test_verifyPassword_nohash() {
  87          $this->assertTrue(auth_verifyPassword('foo', '$1$$n1rTiFE0nRifwV/43bVon/'));
  88      }
  89  
  90      function test_verifyPassword_fixedpmd5() {
  91          $this->assertTrue(auth_verifyPassword('test12345', '$P$9IQRaTwmfeRo7ud9Fh4E2PdI0S3r.L0'));
  92          $this->assertTrue(auth_verifyPassword('test12345', '$H$9IQRaTwmfeRo7ud9Fh4E2PdI0S3r.L0'));
  93      }
  94  
  95      function test_veryPassword_mediawiki() {
  96          $this->assertTrue(auth_verifyPassword('password', ':B:838c83e1:e4ab7024509eef084cdabd03d8b2972c'));
  97      }
  98  
  99      /**
 100       * pmd5 checking should throw an exception when a hash with a too high
 101       * iteration count is passed
 102       */
 103      function test_verifyPassword_pmd5Exception() {
 104          $except = false;
 105          try {
 106              auth_verifyPassword('foopmd5', '$H$abcdefgh1ZbJodHxmeXVAhEzTG7IAp.');
 107          } catch(Exception $e) {
 108              $except = true;
 109          }
 110          $this->assertTrue($except);
 111      }
 112  
 113      /**
 114       * issue #2629, support PHP's crypt() format (with rounds=0 parameter)
 115       */
 116      function test_verifyPassword_sha512_crypt() {
 117          if(defined('CRYPT_SHA512') && CRYPT_SHA512 == 1) {
 118              $this->assertTrue(auth_verifyPassword('Qwerty123', '$6$rounds=3000$9in6UciYPFG6ydsJ$YBjypQ7XoRqvJoX1a2.spSysSVHcdreVXi1Xh5SyOxo2yNSxDjlUCun2YXrwk9.YP6vmRvCWrhp0fbPgSOT7..'));
 119          } else {
 120              $this->markTestSkipped('SHA512 not available in this PHP environment');
 121          }
 122      }
 123  
 124  }