2 namespace TYPO3\CMS\Saltedpasswords\Tests\Unit\Salt
;
5 * This file is part of the TYPO3 CMS project.
7 * It is free software; you can redistribute it and/or modify it under
8 * the terms of the GNU General Public License, either version 2
9 * of the License, or any later version.
11 * For the full copyright and license information, please read the
12 * LICENSE.txt file that was distributed with this source code.
14 * The TYPO3 project - inspiring people to share!
17 use TYPO3\CMS\Core\Crypto\Random
;
18 use TYPO3\CMS\Core\Utility\GeneralUtility
;
21 * Testcases for Md5Salt
23 class Md5SaltTest
extends \TYPO3\CMS\Core\Tests\UnitTestCase
26 * Keeps instance of object to test.
28 * @var \TYPO3\CMS\Saltedpasswords\Salt\Md5Salt
30 protected $objectInstance = null;
33 * Sets up the fixtures for this testcase.
37 protected function setUp()
39 $this->objectInstance
= $this->getMockBuilder(\TYPO3\CMS\Saltedpasswords\Salt\Md5Salt
::class)
40 ->setMethods(array('dummy'))
45 * Prepares a message to be shown when a salted hashing is not supported.
47 * @return string Empty string if salted hashing method is available, otherwise an according warning
49 protected function getWarningWhenMethodUnavailable()
53 $warningMsg = 'MD5 is not supported on your platform. ' . 'Then, some of the md5 tests will fail.';
61 public function hasCorrectBaseClass()
63 $hasCorrectBaseClass = get_class($this->objectInstance
) === \TYPO3\CMS\Saltedpasswords\Salt\Md5Salt
::class;
65 if (!$hasCorrectBaseClass && false != get_parent_class($this->objectInstance
)) {
66 $hasCorrectBaseClass = is_subclass_of($this->objectInstance
, \TYPO3\CMS\Saltedpasswords\Salt\Md5Salt
::class);
68 $this->assertTrue($hasCorrectBaseClass);
74 public function nonZeroSaltLength()
76 $this->assertTrue($this->objectInstance
->getSaltLength() > 0);
82 public function emptyPasswordResultsInNullSaltedPassword()
85 $this->assertNull($this->objectInstance
->getHashedPassword($password));
91 public function nonEmptyPasswordResultsInNonNullSaltedPassword()
94 $this->assertNotNull($this->objectInstance
->getHashedPassword($password), $this->getWarningWhenMethodUnavailable());
100 public function createdSaltedHashOfProperStructure()
102 $password = 'password';
103 $saltedHashPassword = $this->objectInstance
->getHashedPassword($password);
104 $this->assertTrue($this->objectInstance
->isValidSaltedPW($saltedHashPassword), $this->getWarningWhenMethodUnavailable());
110 public function createdSaltedHashOfProperStructureForCustomSaltWithoutSetting()
112 $password = 'password';
113 // custom salt without setting
114 $randomBytes = GeneralUtility
::makeInstance(Random
::class)->generateRandomBytes($this->objectInstance
->getSaltLength());
115 $salt = $this->objectInstance
->base64Encode($randomBytes, $this->objectInstance
->getSaltLength());
116 $this->assertTrue($this->objectInstance
->isValidSalt($salt), $this->getWarningWhenMethodUnavailable());
117 $saltedHashPassword = $this->objectInstance
->getHashedPassword($password, $salt);
118 $this->assertTrue($this->objectInstance
->isValidSaltedPW($saltedHashPassword), $this->getWarningWhenMethodUnavailable());
122 * Tests authentication procedure with alphabet characters.
124 * Checks if a "plain-text password" is every time mapped to the
125 * same "salted password hash" when using the same salt.
129 public function authenticationWithValidAlphaCharClassPassword()
131 $password = 'aEjOtY';
132 $saltedHashPassword = $this->objectInstance
->getHashedPassword($password);
133 $this->assertTrue($this->objectInstance
->checkPassword($password, $saltedHashPassword), $this->getWarningWhenMethodUnavailable());
137 * Tests authentication procedure with numeric characters.
139 * Checks if a "plain-text password" is every time mapped to the
140 * same "salted password hash" when using the same salt.
144 public function authenticationWithValidNumericCharClassPassword()
147 $saltedHashPassword = $this->objectInstance
->getHashedPassword($password);
148 $this->assertTrue($this->objectInstance
->checkPassword($password, $saltedHashPassword), $this->getWarningWhenMethodUnavailable());
152 * Tests authentication procedure with US-ASCII special characters.
154 * Checks if a "plain-text password" is every time mapped to the
155 * same "salted password hash" when using the same salt.
159 public function authenticationWithValidAsciiSpecialCharClassPassword()
161 $password = ' !"#$%&\'()*+,-./:;<=>?@[\\]^_`{|}~';
162 $saltedHashPassword = $this->objectInstance
->getHashedPassword($password);
163 $this->assertTrue($this->objectInstance
->checkPassword($password, $saltedHashPassword), $this->getWarningWhenMethodUnavailable());
167 * Tests authentication procedure with latin1 special characters.
169 * Checks if a "plain-text password" is every time mapped to the
170 * same "salted password hash" when using the same salt.
174 public function authenticationWithValidLatin1SpecialCharClassPassword()
177 for ($i = 160; $i <= 191; $i++
) {
178 $password .= chr($i);
180 $password .= chr(215) . chr(247);
181 $saltedHashPassword = $this->objectInstance
->getHashedPassword($password);
182 $this->assertTrue($this->objectInstance
->checkPassword($password, $saltedHashPassword), $this->getWarningWhenMethodUnavailable());
186 * Tests authentication procedure with latin1 umlauts.
188 * Checks if a "plain-text password" is every time mapped to the
189 * same "salted password hash" when using the same salt.
193 public function authenticationWithValidLatin1UmlautCharClassPassword()
196 for ($i = 192; $i <= 214; $i++
) {
197 $password .= chr($i);
199 for ($i = 216; $i <= 246; $i++
) {
200 $password .= chr($i);
202 for ($i = 248; $i <= 255; $i++
) {
203 $password .= chr($i);
205 $saltedHashPassword = $this->objectInstance
->getHashedPassword($password);
206 $this->assertTrue($this->objectInstance
->checkPassword($password, $saltedHashPassword), $this->getWarningWhenMethodUnavailable());
212 public function authenticationWithNonValidPassword()
214 $password = 'password';
215 $password1 = $password . 'INVALID';
216 $saltedHashPassword = $this->objectInstance
->getHashedPassword($password);
217 $this->assertFalse($this->objectInstance
->checkPassword($password1, $saltedHashPassword), $this->getWarningWhenMethodUnavailable());
223 public function passwordVariationsResultInDifferentHashes()
226 $criticalPwLength = 0;
227 // We're using a constant salt.
228 $saltedHashPasswordCurrent = $salt = $this->objectInstance
->getHashedPassword($pad);
229 for ($i = 0; $i <= 128; $i +
= 8) {
230 $password = str_repeat($pad, max($i, 1));
231 $saltedHashPasswordPrevious = $saltedHashPasswordCurrent;
232 $saltedHashPasswordCurrent = $this->objectInstance
->getHashedPassword($password, $salt);
233 if ($i > 0 && $saltedHashPasswordPrevious === $saltedHashPasswordCurrent) {
234 $criticalPwLength = $i;
238 $this->assertTrue($criticalPwLength == 0 ||
$criticalPwLength > 32, $this->getWarningWhenMethodUnavailable() . 'Duplicates of hashed passwords with plaintext password of length ' . $criticalPwLength . '+.');
244 public function noUpdateNecessityForMd5()
246 $password = 'password';
247 $saltedHashPassword = $this->objectInstance
->getHashedPassword($password);
248 $this->assertFalse($this->objectInstance
->isHashUpdateNeeded($saltedHashPassword));