[TASK] Use new instead of makeInstance in unit tests
[Packages/TYPO3.CMS.git] / typo3 / sysext / saltedpasswords / Tests / Unit / Salt / Pbkdf2SaltTest.php
1 <?php
2 namespace TYPO3\CMS\Saltedpasswords\Tests\Unit\Salt;
3
4 /*
5 * This file is part of the TYPO3 CMS project.
6 *
7 * It is free software; you can redistribute it and/or modify it under
8 * the terms of the GNU General Public License, either version 2
9 * of the License, or any later version.
10 *
11 * For the full copyright and license information, please read the
12 * LICENSE.txt file that was distributed with this source code.
13 *
14 * The TYPO3 project - inspiring people to share!
15 */
16
17 use TYPO3\CMS\Core\Crypto\Random;
18 use TYPO3\CMS\Saltedpasswords\Salt\Pbkdf2Salt;
19
20 /**
21 * Testcase for Pbkdf2Salt
22 */
23 class Pbkdf2SaltTest extends \TYPO3\CMS\Core\Tests\UnitTestCase
24 {
25 /**
26 * Keeps instance of object to test.
27 *
28 * @var Pbkdf2Salt
29 */
30 protected $objectInstance = null;
31
32 /**
33 * Sets up the fixtures for this testcase.
34 *
35 * @return void
36 */
37 protected function setUp()
38 {
39 $this->objectInstance = $this->getMockBuilder(Pbkdf2Salt::class)
40 ->setMethods(array('dummy'))
41 ->getMock();
42 // Speed up the tests by reducing the iteration count
43 $this->objectInstance->setHashCount(1000);
44 }
45
46 /**
47 * @test
48 */
49 public function hasCorrectBaseClass()
50 {
51 $hasCorrectBaseClass = get_class($this->objectInstance) === Pbkdf2Salt::class;
52 // XCLASS ?
53 if (!$hasCorrectBaseClass && false != get_parent_class($this->objectInstance)) {
54 $hasCorrectBaseClass = is_subclass_of($this->objectInstance, Pbkdf2Salt::class);
55 }
56 $this->assertTrue($hasCorrectBaseClass);
57 }
58
59 /**
60 * @test
61 */
62 public function nonZeroSaltLength()
63 {
64 $this->assertTrue($this->objectInstance->getSaltLength() > 0);
65 }
66
67 /**
68 * @test
69 */
70 public function emptyPasswordResultsInNullSaltedPassword()
71 {
72 $password = '';
73 $this->assertNull($this->objectInstance->getHashedPassword($password));
74 }
75
76 /**
77 * @test
78 */
79 public function nonEmptyPasswordResultsInNonNullSaltedPassword()
80 {
81 $password = 'a';
82 $this->assertNotNull($this->objectInstance->getHashedPassword($password));
83 }
84
85 /**
86 * @test
87 */
88 public function createdSaltedHashOfProperStructure()
89 {
90 $password = 'password';
91 $saltedHashPassword = $this->objectInstance->getHashedPassword($password);
92 $this->assertTrue($this->objectInstance->isValidSaltedPW($saltedHashPassword));
93 }
94
95 /**
96 * @test
97 */
98 public function createdSaltedHashOfProperStructureForCustomSaltWithoutSetting()
99 {
100 $password = 'password';
101 // custom salt without setting
102 $randomBytes = (new Random())->generateRandomBytes($this->objectInstance->getSaltLength());
103 $salt = $this->objectInstance->base64Encode($randomBytes, $this->objectInstance->getSaltLength());
104 $this->assertTrue($this->objectInstance->isValidSalt($salt));
105 $saltedHashPassword = $this->objectInstance->getHashedPassword($password, $salt);
106 $this->assertTrue($this->objectInstance->isValidSaltedPW($saltedHashPassword));
107 }
108
109 /**
110 * @test
111 */
112 public function createdSaltedHashOfProperStructureForMinimumHashCount()
113 {
114 $password = 'password';
115 $minHashCount = $this->objectInstance->getMinHashCount();
116 $this->objectInstance->setHashCount($minHashCount);
117 $saltedHashPassword = $this->objectInstance->getHashedPassword($password);
118 $this->assertTrue($this->objectInstance->isValidSaltedPW($saltedHashPassword));
119 // reset hashcount
120 $this->objectInstance->setHashCount(null);
121 }
122
123 /**
124 * Tests authentication procedure with alphabet characters.
125 *
126 * Checks if a "plain-text password" is every time mapped to the
127 * same "salted password hash" when using the same salt.
128 *
129 * @test
130 */
131 public function authenticationWithValidAlphaCharClassPassword()
132 {
133 $password = 'aEjOtY';
134 $saltedHashPassword = $this->objectInstance->getHashedPassword($password);
135 $this->assertTrue($this->objectInstance->checkPassword($password, $saltedHashPassword));
136 }
137
138 /**
139 * Tests authentication procedure with numeric characters.
140 *
141 * Checks if a "plain-text password" is every time mapped to the
142 * same "salted password hash" when using the same salt.
143 *
144 * @test
145 */
146 public function authenticationWithValidNumericCharClassPassword()
147 {
148 $password = '01369';
149 $saltedHashPassword = $this->objectInstance->getHashedPassword($password);
150 $this->assertTrue($this->objectInstance->checkPassword($password, $saltedHashPassword));
151 }
152
153 /**
154 * Tests authentication procedure with US-ASCII special characters.
155 *
156 * Checks if a "plain-text password" is every time mapped to the
157 * same "salted password hash" when using the same salt.
158 *
159 * @test
160 */
161 public function authenticationWithValidAsciiSpecialCharClassPassword()
162 {
163 $password = ' !"#$%&\'()*+,-./:;<=>?@[\\]^_`{|}~';
164 $saltedHashPassword = $this->objectInstance->getHashedPassword($password);
165 $this->assertTrue($this->objectInstance->checkPassword($password, $saltedHashPassword));
166 }
167
168 /**
169 * Tests authentication procedure with latin1 special characters.
170 *
171 * Checks if a "plain-text password" is every time mapped to the
172 * same "salted password hash" when using the same salt.
173 *
174 * @test
175 */
176 public function authenticationWithValidLatin1SpecialCharClassPassword()
177 {
178 $password = '';
179 for ($i = 160; $i <= 191; $i++) {
180 $password .= chr($i);
181 }
182 $password .= chr(215) . chr(247);
183 $saltedHashPassword = $this->objectInstance->getHashedPassword($password);
184 $this->assertTrue($this->objectInstance->checkPassword($password, $saltedHashPassword));
185 }
186
187 /**
188 * Tests authentication procedure with latin1 umlauts.
189 *
190 * Checks if a "plain-text password" is every time mapped to the
191 * same "salted password hash" when using the same salt.
192 *
193 * @test
194 */
195 public function authenticationWithValidLatin1UmlautCharClassPassword()
196 {
197 $password = '';
198 for ($i = 192; $i <= 214; $i++) {
199 $password .= chr($i);
200 }
201 for ($i = 216; $i <= 246; $i++) {
202 $password .= chr($i);
203 }
204 for ($i = 248; $i <= 255; $i++) {
205 $password .= chr($i);
206 }
207 $saltedHashPassword = $this->objectInstance->getHashedPassword($password);
208 $this->assertTrue($this->objectInstance->checkPassword($password, $saltedHashPassword));
209 }
210
211 /**
212 * @test
213 */
214 public function authenticationWithNonValidPassword()
215 {
216 $password = 'password';
217 $password1 = $password . 'INVALID';
218 $saltedHashPassword = $this->objectInstance->getHashedPassword($password);
219 $this->assertFalse($this->objectInstance->checkPassword($password1, $saltedHashPassword));
220 }
221
222 /**
223 * @test
224 */
225 public function passwordVariationsResultInDifferentHashes()
226 {
227 $pad = 'a';
228 $criticalPwLength = 0;
229 // We're using a constant salt.
230 $saltedHashPasswordCurrent = $salt = $this->objectInstance->getHashedPassword($pad);
231 for ($i = 0; $i <= 128; $i += 8) {
232 $password = str_repeat($pad, max($i, 1));
233 $saltedHashPasswordPrevious = $saltedHashPasswordCurrent;
234 $saltedHashPasswordCurrent = $this->objectInstance->getHashedPassword($password, $salt);
235 if ($i > 0 && $saltedHashPasswordPrevious === $saltedHashPasswordCurrent) {
236 $criticalPwLength = $i;
237 break;
238 }
239 }
240 $this->assertTrue($criticalPwLength == 0 || $criticalPwLength > 32, 'Duplicates of hashed passwords with plaintext password of length ' . $criticalPwLength . '+.');
241 }
242
243 /**
244 * @test
245 */
246 public function modifiedMinHashCount()
247 {
248 $minHashCount = $this->objectInstance->getMinHashCount();
249 $this->objectInstance->setMinHashCount($minHashCount - 1);
250 $this->assertTrue($this->objectInstance->getMinHashCount() < $minHashCount);
251 $this->objectInstance->setMinHashCount($minHashCount + 1);
252 $this->assertTrue($this->objectInstance->getMinHashCount() > $minHashCount);
253 }
254
255 /**
256 * @test
257 */
258 public function modifiedMaxHashCount()
259 {
260 $maxHashCount = $this->objectInstance->getMaxHashCount();
261 $this->objectInstance->setMaxHashCount($maxHashCount + 1);
262 $this->assertTrue($this->objectInstance->getMaxHashCount() > $maxHashCount);
263 $this->objectInstance->setMaxHashCount($maxHashCount - 1);
264 $this->assertTrue($this->objectInstance->getMaxHashCount() < $maxHashCount);
265 }
266
267 /**
268 * @test
269 */
270 public function modifiedHashCount()
271 {
272 $hashCount = $this->objectInstance->getHashCount();
273 $this->objectInstance->setMaxHashCount($hashCount + 1);
274 $this->objectInstance->setHashCount($hashCount + 1);
275 $this->assertTrue($this->objectInstance->getHashCount() > $hashCount);
276 $this->objectInstance->setMinHashCount($hashCount - 1);
277 $this->objectInstance->setHashCount($hashCount - 1);
278 $this->assertTrue($this->objectInstance->getHashCount() < $hashCount);
279 // reset hashcount
280 $this->objectInstance->setHashCount(null);
281 }
282
283 /**
284 * @test
285 */
286 public function updateNecessityForValidSaltedPassword()
287 {
288 $password = 'password';
289 $saltedHashPassword = $this->objectInstance->getHashedPassword($password);
290 $this->assertFalse($this->objectInstance->isHashUpdateNeeded($saltedHashPassword));
291 }
292
293 /**
294 * @test
295 */
296 public function updateNecessityForIncreasedHashcount()
297 {
298 $password = 'password';
299 $saltedHashPassword = $this->objectInstance->getHashedPassword($password);
300 $increasedHashCount = $this->objectInstance->getHashCount() + 1;
301 $this->objectInstance->setMaxHashCount($increasedHashCount);
302 $this->objectInstance->setHashCount($increasedHashCount);
303 $this->assertTrue($this->objectInstance->isHashUpdateNeeded($saltedHashPassword));
304 // reset hashcount
305 $this->objectInstance->setHashCount(null);
306 }
307
308 /**
309 * @test
310 */
311 public function updateNecessityForDecreasedHashcount()
312 {
313 $password = 'password';
314 $saltedHashPassword = $this->objectInstance->getHashedPassword($password);
315 $decreasedHashCount = $this->objectInstance->getHashCount() - 1;
316 $this->objectInstance->setMinHashCount($decreasedHashCount);
317 $this->objectInstance->setHashCount($decreasedHashCount);
318 $this->assertFalse($this->objectInstance->isHashUpdateNeeded($saltedHashPassword));
319 // reset hashcount
320 $this->objectInstance->setHashCount(null);
321 }
322
323 /**
324 * @test
325 */
326 public function isCompatibleWithPythonPasslibHashes()
327 {
328 $this->objectInstance->setMinHashCount(1000);
329 $passlibSaltedHash= '$pbkdf2-sha256$6400$.6UI/S.nXIk8jcbdHx3Fhg$98jZicV16ODfEsEZeYPGHU3kbrUrvUEXOPimVSQDD44';
330 $saltedHashPassword = $this->objectInstance->getHashedPassword('password', $passlibSaltedHash);
331
332 $this->assertSame($passlibSaltedHash, $saltedHashPassword);
333 }
334 }