5 * Contains \Drupal\Tests\Core\Password\PasswordHashingTest.
8 namespace Drupal\Tests\Core\Password;
10 use Drupal\Core\Password\PhpassHashedPassword;
11 use Drupal\Core\Password\PasswordInterface;
12 use Drupal\Tests\UnitTestCase;
15 * Unit tests for password hashing API.
17 * @coversDefaultClass \Drupal\Core\Password\PhpassHashedPassword
20 class PasswordHashingTest extends UnitTestCase {
23 * The user for testing.
25 * @var \PHPUnit_Framework_MockObject_MockObject|\Drupal\user\UserInterface
41 protected $md5HashedPassword;
44 * The hashed password.
48 protected $hashedPassword;
51 * The password hasher under test.
53 * @var \Drupal\Core\Password\PhpassHashedPassword
55 protected $passwordHasher;
60 protected function setUp() {
62 $this->password = $this->randomMachineName();
63 $this->passwordHasher = new PhpassHashedPassword(1);
64 $this->hashedPassword = $this->passwordHasher->hash($this->password);
65 $this->md5HashedPassword = 'U' . $this->passwordHasher->hash(md5($this->password));
69 * Tests the hash count boundaries are enforced.
71 * @covers ::enforceLog2Boundaries
73 public function testWithinBounds() {
74 $hasher = new FakePhpassHashedPassword();
75 $this->assertEquals(PhpassHashedPassword::MIN_HASH_COUNT, $hasher->enforceLog2Boundaries(1), "Min hash count enforced");
76 $this->assertEquals(PhpassHashedPassword::MAX_HASH_COUNT, $hasher->enforceLog2Boundaries(100), "Max hash count enforced");
81 * Test a password needs update.
83 * @covers ::needsRehash
85 public function testPasswordNeedsUpdate() {
86 // The md5 password should be flagged as needing an update.
87 $this->assertTrue($this->passwordHasher->needsRehash($this->md5HashedPassword), 'Upgraded md5 password hash needs a new hash.');
91 * Test password hashing.
94 * @covers ::getCountLog2
96 * @covers ::needsRehash
98 public function testPasswordHashing() {
99 $this->assertSame(PhpassHashedPassword::MIN_HASH_COUNT, $this->passwordHasher->getCountLog2($this->hashedPassword), 'Hashed password has the minimum number of log2 iterations.');
100 $this->assertNotEquals($this->hashedPassword, $this->md5HashedPassword, 'Password hashes not the same.');
101 $this->assertTrue($this->passwordHasher->check($this->password, $this->md5HashedPassword), 'Password check succeeds.');
102 $this->assertTrue($this->passwordHasher->check($this->password, $this->hashedPassword), 'Password check succeeds.');
103 // Since the log2 setting hasn't changed and the user has a valid password,
104 // userNeedsNewHash() should return FALSE.
105 $this->assertFalse($this->passwordHasher->needsRehash($this->hashedPassword), 'Does not need a new hash.');
109 * Tests password rehashing.
112 * @covers ::getCountLog2
114 * @covers ::needsRehash
116 public function testPasswordRehashing() {
117 // Increment the log2 iteration to MIN + 1.
118 $password_hasher = new PhpassHashedPassword(PhpassHashedPassword::MIN_HASH_COUNT + 1);
119 $this->assertTrue($password_hasher->needsRehash($this->hashedPassword), 'Needs a new hash after incrementing the log2 count.');
120 // Re-hash the password.
121 $rehashed_password = $password_hasher->hash($this->password);
122 $this->assertSame(PhpassHashedPassword::MIN_HASH_COUNT + 1, $password_hasher->getCountLog2($rehashed_password), 'Re-hashed password has the correct number of log2 iterations.');
123 $this->assertNotEquals($rehashed_password, $this->hashedPassword, 'Password hash changed again.');
125 // Now the hash should be OK.
126 $this->assertFalse($password_hasher->needsRehash($rehashed_password), 'Re-hashed password does not need a new hash.');
127 $this->assertTrue($password_hasher->check($this->password, $rehashed_password), 'Password check succeeds with re-hashed password.');
128 $this->assertTrue($this->passwordHasher->check($this->password, $rehashed_password), 'Password check succeeds with re-hashed password with original hasher.');
132 * Verifies that passwords longer than 512 bytes are not hashed.
136 * @dataProvider providerLongPasswords
138 public function testLongPassword($password, $allowed) {
140 $hashed_password = $this->passwordHasher->hash($password);
143 $this->assertNotFalse($hashed_password);
146 $this->assertFalse($hashed_password);
151 * Provides the test matrix for testLongPassword().
153 public function providerLongPasswords() {
154 // '512 byte long password is allowed.'
155 $passwords['allowed'] = [str_repeat('x', PasswordInterface::PASSWORD_MAX_LENGTH), TRUE];
156 // 513 byte long password is not allowed.
157 $passwords['too_long'] = [str_repeat('x', PasswordInterface::PASSWORD_MAX_LENGTH + 1), FALSE];
159 // Check a string of 3-byte UTF-8 characters, 510 byte long password is
161 $len = floor(PasswordInterface::PASSWORD_MAX_LENGTH / 3);
162 $diff = PasswordInterface::PASSWORD_MAX_LENGTH % 3;
163 $passwords['utf8'] = [str_repeat('€', $len), TRUE];
164 // 512 byte long password is allowed.
165 $passwords['ut8_extended'] = [$passwords['utf8'][0] . str_repeat('x', $diff), TRUE];
167 // Check a string of 3-byte UTF-8 characters, 513 byte long password is
169 $passwords['utf8_too_long'] = [str_repeat('€', $len + 1), FALSE];
176 * A fake class for tests.
178 class FakePhpassHashedPassword extends PhpassHashedPassword {
180 public function __construct() {
185 * Exposes this method as public for tests.
187 public function enforceLog2Boundaries($count_log2) {
188 return parent::enforceLog2Boundaries($count_log2);