[BUGFIX] Added space after template icon
[Packages/TYPO3.CMS.git] / typo3 / sysext / saltedpasswords / Tests / Unit / Salt / PhpassSaltTest.php
1 <?php
2 namespace TYPO3\CMS\Saltedpasswords\Tests\Unit\Salt;
3
4 /*
5 * This file is part of the TYPO3 CMS project.
6 *
7 * It is free software; you can redistribute it and/or modify it under
8 * the terms of the GNU General Public License, either version 2
9 * of the License, or any later version.
10 *
11 * For the full copyright and license information, please read the
12 * LICENSE.txt file that was distributed with this source code.
13 *
14 * The TYPO3 project - inspiring people to share!
15 */
16
17 use TYPO3\CMS\Core\Crypto\Random;
18 use TYPO3\CMS\Core\Utility\GeneralUtility;
19
20 /**
21 * Testcase for PhpassSalt
22 */
23 class PhpassSaltTest extends \TYPO3\CMS\Core\Tests\UnitTestCase
24 {
25 /**
26 * Keeps instance of object to test.
27 *
28 * @var \TYPO3\CMS\Saltedpasswords\Salt\PhpassSalt
29 */
30 protected $objectInstance = null;
31
32 /**
33 * Sets up the fixtures for this testcase.
34 *
35 * @return void
36 */
37 protected function setUp()
38 {
39 $this->objectInstance = $this->getMockBuilder(\TYPO3\CMS\Saltedpasswords\Salt\PhpassSalt::class)
40 ->setMethods(array('dummy'))
41 ->getMock();
42 }
43
44 /**
45 * @test
46 */
47 public function hasCorrectBaseClass()
48 {
49 $hasCorrectBaseClass = get_class($this->objectInstance) === \TYPO3\CMS\Saltedpasswords\Salt\PhpassSalt::class;
50 // XCLASS ?
51 if (!$hasCorrectBaseClass && false != get_parent_class($this->objectInstance)) {
52 $hasCorrectBaseClass = is_subclass_of($this->objectInstance, \TYPO3\CMS\Saltedpasswords\Salt\PhpassSalt::class);
53 }
54 $this->assertTrue($hasCorrectBaseClass);
55 }
56
57 /**
58 * @test
59 */
60 public function nonZeroSaltLength()
61 {
62 $this->assertTrue($this->objectInstance->getSaltLength() > 0);
63 }
64
65 /**
66 * @test
67 */
68 public function emptyPasswordResultsInNullSaltedPassword()
69 {
70 $password = '';
71 $this->assertNull($this->objectInstance->getHashedPassword($password));
72 }
73
74 /**
75 * @test
76 */
77 public function nonEmptyPasswordResultsInNonNullSaltedPassword()
78 {
79 $password = 'a';
80 $this->assertNotNull($this->objectInstance->getHashedPassword($password));
81 }
82
83 /**
84 * @test
85 */
86 public function createdSaltedHashOfProperStructure()
87 {
88 $password = 'password';
89 $saltedHashPassword = $this->objectInstance->getHashedPassword($password);
90 $this->assertTrue($this->objectInstance->isValidSaltedPW($saltedHashPassword));
91 }
92
93 /**
94 * @test
95 */
96 public function createdSaltedHashOfProperStructureForCustomSaltWithoutSetting()
97 {
98 $password = 'password';
99 // custom salt without setting
100 $randomBytes = GeneralUtility::makeInstance(Random::class)->generateRandomBytes($this->objectInstance->getSaltLength());
101 $salt = $this->objectInstance->base64Encode($randomBytes, $this->objectInstance->getSaltLength());
102 $this->assertTrue($this->objectInstance->isValidSalt($salt));
103 $saltedHashPassword = $this->objectInstance->getHashedPassword($password, $salt);
104 $this->assertTrue($this->objectInstance->isValidSaltedPW($saltedHashPassword));
105 }
106
107 /**
108 * @test
109 */
110 public function createdSaltedHashOfProperStructureForMinimumHashCount()
111 {
112 $password = 'password';
113 $minHashCount = $this->objectInstance->getMinHashCount();
114 $this->objectInstance->setHashCount($minHashCount);
115 $saltedHashPassword = $this->objectInstance->getHashedPassword($password);
116 $this->assertTrue($this->objectInstance->isValidSaltedPW($saltedHashPassword));
117 // reset hashcount
118 $this->objectInstance->setHashCount(null);
119 }
120
121 /**
122 * Tests authentication procedure with alphabet characters.
123 *
124 * Checks if a "plain-text password" is every time mapped to the
125 * same "salted password hash" when using the same salt.
126 *
127 * @test
128 */
129 public function authenticationWithValidAlphaCharClassPassword()
130 {
131 $password = 'aEjOtY';
132 $saltedHashPassword = $this->objectInstance->getHashedPassword($password);
133 $this->assertTrue($this->objectInstance->checkPassword($password, $saltedHashPassword));
134 }
135
136 /**
137 * Tests authentication procedure with numeric characters.
138 *
139 * Checks if a "plain-text password" is every time mapped to the
140 * same "salted password hash" when using the same salt.
141 *
142 * @test
143 */
144 public function authenticationWithValidNumericCharClassPassword()
145 {
146 $password = '01369';
147 $saltedHashPassword = $this->objectInstance->getHashedPassword($password);
148 $this->assertTrue($this->objectInstance->checkPassword($password, $saltedHashPassword));
149 }
150
151 /**
152 * Tests authentication procedure with US-ASCII special characters.
153 *
154 * Checks if a "plain-text password" is every time mapped to the
155 * same "salted password hash" when using the same salt.
156 *
157 * @test
158 */
159 public function authenticationWithValidAsciiSpecialCharClassPassword()
160 {
161 $password = ' !"#$%&\'()*+,-./:;<=>?@[\\]^_`{|}~';
162 $saltedHashPassword = $this->objectInstance->getHashedPassword($password);
163 $this->assertTrue($this->objectInstance->checkPassword($password, $saltedHashPassword));
164 }
165
166 /**
167 * Tests authentication procedure with latin1 special characters.
168 *
169 * Checks if a "plain-text password" is every time mapped to the
170 * same "salted password hash" when using the same salt.
171 *
172 * @test
173 */
174 public function authenticationWithValidLatin1SpecialCharClassPassword()
175 {
176 $password = '';
177 for ($i = 160; $i <= 191; $i++) {
178 $password .= chr($i);
179 }
180 $password .= chr(215) . chr(247);
181 $saltedHashPassword = $this->objectInstance->getHashedPassword($password);
182 $this->assertTrue($this->objectInstance->checkPassword($password, $saltedHashPassword));
183 }
184
185 /**
186 * Tests authentication procedure with latin1 umlauts.
187 *
188 * Checks if a "plain-text password" is every time mapped to the
189 * same "salted password hash" when using the same salt.
190 *
191 * @test
192 */
193 public function authenticationWithValidLatin1UmlautCharClassPassword()
194 {
195 $password = '';
196 for ($i = 192; $i <= 214; $i++) {
197 $password .= chr($i);
198 }
199 for ($i = 216; $i <= 246; $i++) {
200 $password .= chr($i);
201 }
202 for ($i = 248; $i <= 255; $i++) {
203 $password .= chr($i);
204 }
205 $saltedHashPassword = $this->objectInstance->getHashedPassword($password);
206 $this->assertTrue($this->objectInstance->checkPassword($password, $saltedHashPassword));
207 }
208
209 /**
210 * @test
211 */
212 public function authenticationWithNonValidPassword()
213 {
214 $password = 'password';
215 $password1 = $password . 'INVALID';
216 $saltedHashPassword = $this->objectInstance->getHashedPassword($password);
217 $this->assertFalse($this->objectInstance->checkPassword($password1, $saltedHashPassword));
218 }
219
220 /**
221 * @test
222 */
223 public function passwordVariationsResultInDifferentHashes()
224 {
225 $pad = 'a';
226 $criticalPwLength = 0;
227 // We're using a constant salt.
228 $saltedHashPasswordCurrent = $salt = $this->objectInstance->getHashedPassword($pad);
229 for ($i = 0; $i <= 128; $i += 8) {
230 $password = str_repeat($pad, max($i, 1));
231 $saltedHashPasswordPrevious = $saltedHashPasswordCurrent;
232 $saltedHashPasswordCurrent = $this->objectInstance->getHashedPassword($password, $salt);
233 if ($i > 0 && $saltedHashPasswordPrevious === $saltedHashPasswordCurrent) {
234 $criticalPwLength = $i;
235 break;
236 }
237 }
238 $this->assertTrue($criticalPwLength == 0 || $criticalPwLength > 32, 'Duplicates of hashed passwords with plaintext password of length ' . $criticalPwLength . '+.');
239 }
240
241 /**
242 * @test
243 */
244 public function modifiedMinHashCount()
245 {
246 $minHashCount = $this->objectInstance->getMinHashCount();
247 $this->objectInstance->setMinHashCount($minHashCount - 1);
248 $this->assertTrue($this->objectInstance->getMinHashCount() < $minHashCount);
249 $this->objectInstance->setMinHashCount($minHashCount + 1);
250 $this->assertTrue($this->objectInstance->getMinHashCount() > $minHashCount);
251 }
252
253 /**
254 * @test
255 */
256 public function modifiedMaxHashCount()
257 {
258 $maxHashCount = $this->objectInstance->getMaxHashCount();
259 $this->objectInstance->setMaxHashCount($maxHashCount + 1);
260 $this->assertTrue($this->objectInstance->getMaxHashCount() > $maxHashCount);
261 $this->objectInstance->setMaxHashCount($maxHashCount - 1);
262 $this->assertTrue($this->objectInstance->getMaxHashCount() < $maxHashCount);
263 }
264
265 /**
266 * @test
267 */
268 public function modifiedHashCount()
269 {
270 $hashCount = $this->objectInstance->getHashCount();
271 $this->objectInstance->setMaxHashCount($hashCount + 1);
272 $this->objectInstance->setHashCount($hashCount + 1);
273 $this->assertTrue($this->objectInstance->getHashCount() > $hashCount);
274 $this->objectInstance->setMinHashCount($hashCount - 1);
275 $this->objectInstance->setHashCount($hashCount - 1);
276 $this->assertTrue($this->objectInstance->getHashCount() < $hashCount);
277 // reset hashcount
278 $this->objectInstance->setHashCount(null);
279 }
280
281 /**
282 * @test
283 */
284 public function updateNecessityForValidSaltedPassword()
285 {
286 $password = 'password';
287 $saltedHashPassword = $this->objectInstance->getHashedPassword($password);
288 $this->assertFalse($this->objectInstance->isHashUpdateNeeded($saltedHashPassword));
289 }
290
291 /**
292 * @test
293 */
294 public function updateNecessityForIncreasedHashcount()
295 {
296 $password = 'password';
297 $saltedHashPassword = $this->objectInstance->getHashedPassword($password);
298 $increasedHashCount = $this->objectInstance->getHashCount() + 1;
299 $this->objectInstance->setMaxHashCount($increasedHashCount);
300 $this->objectInstance->setHashCount($increasedHashCount);
301 $this->assertTrue($this->objectInstance->isHashUpdateNeeded($saltedHashPassword));
302 // reset hashcount
303 $this->objectInstance->setHashCount(null);
304 }
305
306 /**
307 * @test
308 */
309 public function updateNecessityForDecreasedHashcount()
310 {
311 $password = 'password';
312 $saltedHashPassword = $this->objectInstance->getHashedPassword($password);
313 $decreasedHashCount = $this->objectInstance->getHashCount() - 1;
314 $this->objectInstance->setMinHashCount($decreasedHashCount);
315 $this->objectInstance->setHashCount($decreasedHashCount);
316 $this->assertFalse($this->objectInstance->isHashUpdateNeeded($saltedHashPassword));
317 // reset hashcount
318 $this->objectInstance->setHashCount(null);
319 }
320 }