e43a50ac5c5bbcc3e783518699a7d736f923634c
[Packages/TYPO3.CMS.git] / typo3 / sysext / saltedpasswords / Tests / Unit / Salts / PhpassSaltTest.php
1 <?php
2 namespace TYPO3\CMS\Saltedpasswords\Tests\Unit\Salts;
3
4 /***************************************************************
5 * Copyright notice
6 *
7 * (c) 2009-2011 Marcus Krause <marcus#exp2009@t3sec.info>
8 * All rights reserved
9 *
10 * This script is part of the TYPO3 project. The TYPO3 project is
11 * free software; you can redistribute it and/or modify
12 * it under the terms of the GNU General Public License as published by
13 * the Free Software Foundation; either version 2 of the License, or
14 * (at your option) any later version.
15 *
16 * The GNU General Public License can be found at
17 * http://www.gnu.org/copyleft/gpl.html.
18 * A copy is found in the textfile GPL.txt and important notices to the license
19 * from the author is found in LICENSE.txt distributed with these scripts.
20 *
21 *
22 * This script is distributed in the hope that it will be useful,
23 * but WITHOUT ANY WARRANTY; without even the implied warranty of
24 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
25 * GNU General Public License for more details.
26 *
27 * This copyright notice MUST APPEAR in all copies of the script!
28 ***************************************************************/
29 /**
30 * Contains testcases for "tx_saltedpasswords_salts_phpass"
31 * that provides PHPass salted hashing.
32 */
33 /**
34 * Testcases for class tx_saltedpasswords_salts_phpass.
35 *
36 * @author Marcus Krause <marcus#exp2009@t3sec.info>
37 * @package TYPO3
38 * @subpackage tx_saltedpasswords
39 */
40 class PhpassSaltTest extends \tx_phpunit_testcase {
41
42 /**
43 * Keeps instance of object to test.
44 *
45 * @var \TYPO3\CMS\Saltedpasswords\Salt\PhpassSalt
46 */
47 protected $objectInstance = NULL;
48
49 /**
50 * Sets up the fixtures for this testcase.
51 *
52 * @return void
53 */
54 public function setUp() {
55 $this->objectInstance = \TYPO3\CMS\Core\Utility\GeneralUtility::makeInstance('TYPO3\\CMS\\Saltedpasswords\\Salt\\PhpassSalt');
56 }
57
58 /**
59 * Tears down objects and settings created in this testcase.
60 *
61 * @return void
62 */
63 public function tearDown() {
64 unset($this->objectInstance);
65 }
66
67 /**
68 * @test
69 */
70 public function hasCorrectBaseClass() {
71 $hasCorrectBaseClass = 0 === strcmp('TYPO3\\CMS\\Saltedpasswords\\Salt\\PhpassSalt', get_class($this->objectInstance)) ? TRUE : FALSE;
72 // XCLASS ?
73 if (!$hasCorrectBaseClass && FALSE != get_parent_class($this->objectInstance)) {
74 $hasCorrectBaseClass = is_subclass_of($this->objectInstance, 'TYPO3\\CMS\\Saltedpasswords\\Salt\\PhpassSalt');
75 }
76 $this->assertTrue($hasCorrectBaseClass);
77 }
78
79 /**
80 * @test
81 */
82 public function nonZeroSaltLength() {
83 $this->assertTrue($this->objectInstance->getSaltLength() > 0);
84 }
85
86 /**
87 * @test
88 */
89 public function emptyPasswordResultsInNullSaltedPassword() {
90 $password = '';
91 $this->assertNull($this->objectInstance->getHashedPassword($password));
92 }
93
94 /**
95 * @test
96 */
97 public function nonEmptyPasswordResultsInNonNullSaltedPassword() {
98 $password = 'a';
99 $this->assertNotNull($this->objectInstance->getHashedPassword($password));
100 }
101
102 /**
103 * @test
104 */
105 public function createdSaltedHashOfProperStructure() {
106 $password = 'password';
107 $saltedHashPassword = $this->objectInstance->getHashedPassword($password);
108 $this->assertTrue($this->objectInstance->isValidSaltedPW($saltedHashPassword));
109 }
110
111 /**
112 * @test
113 */
114 public function createdSaltedHashOfProperStructureForCustomSaltWithoutSetting() {
115 $password = 'password';
116 // custom salt without setting
117 $randomBytes = \TYPO3\CMS\Core\Utility\GeneralUtility::generateRandomBytes($this->objectInstance->getSaltLength());
118 $salt = $this->objectInstance->base64Encode($randomBytes, $this->objectInstance->getSaltLength());
119 $this->assertTrue($this->objectInstance->isValidSalt($salt));
120 $saltedHashPassword = $this->objectInstance->getHashedPassword($password, $salt);
121 $this->assertTrue($this->objectInstance->isValidSaltedPW($saltedHashPassword));
122 }
123
124 /**
125 * @test
126 */
127 public function createdSaltedHashOfProperStructureForMaximumHashCount() {
128 $password = 'password';
129 $maxHashCount = $this->objectInstance->getMaxHashCount();
130 $this->objectInstance->setHashCount($maxHashCount);
131 $saltedHashPassword = $this->objectInstance->getHashedPassword($password);
132 $this->assertTrue($this->objectInstance->isValidSaltedPW($saltedHashPassword));
133 // reset hashcount
134 $this->objectInstance->setHashCount(NULL);
135 }
136
137 /**
138 * @test
139 */
140 public function createdSaltedHashOfProperStructureForMinimumHashCount() {
141 $password = 'password';
142 $minHashCount = $this->objectInstance->getMinHashCount();
143 $this->objectInstance->setHashCount($minHashCount);
144 $saltedHashPassword = $this->objectInstance->getHashedPassword($password);
145 $this->assertTrue($this->objectInstance->isValidSaltedPW($saltedHashPassword));
146 // reset hashcount
147 $this->objectInstance->setHashCount(NULL);
148 }
149
150 /**
151 * Tests authentication procedure with alphabet characters.
152 *
153 * Checks if a "plain-text password" is everytime mapped to the
154 * same "salted password hash" when using the same salt.
155 *
156 * @test
157 */
158 public function authenticationWithValidAlphaCharClassPassword() {
159 $password = 'aEjOtY';
160 $saltedHashPassword = $this->objectInstance->getHashedPassword($password);
161 $this->assertTrue($this->objectInstance->checkPassword($password, $saltedHashPassword));
162 }
163
164 /**
165 * Tests authentication procedure with numeric characters.
166 *
167 * Checks if a "plain-text password" is everytime mapped to the
168 * same "salted password hash" when using the same salt.
169 *
170 * @test
171 */
172 public function authenticationWithValidNumericCharClassPassword() {
173 $password = '01369';
174 $saltedHashPassword = $this->objectInstance->getHashedPassword($password);
175 $this->assertTrue($this->objectInstance->checkPassword($password, $saltedHashPassword));
176 }
177
178 /**
179 * Tests authentication procedure with US-ASCII special characters.
180 *
181 * Checks if a "plain-text password" is everytime mapped to the
182 * same "salted password hash" when using the same salt.
183 *
184 * @test
185 */
186 public function authenticationWithValidAsciiSpecialCharClassPassword() {
187 $password = ' !"#$%&\'()*+,-./:;<=>?@[\\]^_`{|}~';
188 $saltedHashPassword = $this->objectInstance->getHashedPassword($password);
189 $this->assertTrue($this->objectInstance->checkPassword($password, $saltedHashPassword));
190 }
191
192 /**
193 * Tests authentication procedure with latin1 special characters.
194 *
195 * Checks if a "plain-text password" is everytime mapped to the
196 * same "salted password hash" when using the same salt.
197 *
198 * @test
199 */
200 public function authenticationWithValidLatin1SpecialCharClassPassword() {
201 $password = '';
202 for ($i = 160; $i <= 191; $i++) {
203 $password .= chr($i);
204 }
205 $password .= chr(215) . chr(247);
206 $saltedHashPassword = $this->objectInstance->getHashedPassword($password);
207 $this->assertTrue($this->objectInstance->checkPassword($password, $saltedHashPassword));
208 }
209
210 /**
211 * Tests authentication procedure with latin1 umlauts.
212 *
213 * Checks if a "plain-text password" is everytime mapped to the
214 * same "salted password hash" when using the same salt.
215 *
216 * @test
217 */
218 public function authenticationWithValidLatin1UmlautCharClassPassword() {
219 $password = '';
220 for ($i = 192; $i <= 214; $i++) {
221 $password .= chr($i);
222 }
223 for ($i = 216; $i <= 246; $i++) {
224 $password .= chr($i);
225 }
226 for ($i = 248; $i <= 255; $i++) {
227 $password .= chr($i);
228 }
229 $saltedHashPassword = $this->objectInstance->getHashedPassword($password);
230 $this->assertTrue($this->objectInstance->checkPassword($password, $saltedHashPassword));
231 }
232
233 /**
234 * @test
235 */
236 public function authenticationWithNonValidPassword() {
237 $password = 'password';
238 $password1 = $password . 'INVALID';
239 $saltedHashPassword = $this->objectInstance->getHashedPassword($password);
240 $this->assertFalse($this->objectInstance->checkPassword($password1, $saltedHashPassword));
241 }
242
243 /**
244 * @test
245 */
246 public function passwordVariationsResultInDifferentHashes() {
247 $pad = 'a';
248 $password = '';
249 $criticalPwLength = 0;
250 // We're using a constant salt.
251 $saltedHashPasswordPrevious = ($saltedHashPasswordCurrent = ($salt = $this->objectInstance->getHashedPassword($pad)));
252 for ($i = 0; $i <= 128; $i += 8) {
253 $password = str_repeat($pad, max($i, 1));
254 $saltedHashPasswordPrevious = $saltedHashPasswordCurrent;
255 $saltedHashPasswordCurrent = $this->objectInstance->getHashedPassword($password, $salt);
256 if ($i > 0 && 0 == strcmp($saltedHashPasswordPrevious, $saltedHashPasswordCurrent)) {
257 $criticalPwLength = $i;
258 break;
259 }
260 }
261 $this->assertTrue($criticalPwLength == 0 || $criticalPwLength > 32, 'Duplicates of hashed passwords with plaintext password of length ' . $criticalPwLength . '+.');
262 }
263
264 /**
265 * @test
266 */
267 public function modifiedMinHashCount() {
268 $minHashCount = $this->objectInstance->getMinHashCount();
269 $this->objectInstance->setMinHashCount($minHashCount - 1);
270 $this->assertTrue($this->objectInstance->getMinHashCount() < $minHashCount);
271 $this->objectInstance->setMinHashCount($minHashCount + 1);
272 $this->assertTrue($this->objectInstance->getMinHashCount() > $minHashCount);
273 }
274
275 /**
276 * @test
277 */
278 public function modifiedMaxHashCount() {
279 $maxHashCount = $this->objectInstance->getMaxHashCount();
280 $this->objectInstance->setMaxHashCount($maxHashCount + 1);
281 $this->assertTrue($this->objectInstance->getMaxHashCount() > $maxHashCount);
282 $this->objectInstance->setMaxHashCount($maxHashCount - 1);
283 $this->assertTrue($this->objectInstance->getMaxHashCount() < $maxHashCount);
284 }
285
286 /**
287 * @test
288 */
289 public function modifiedHashCount() {
290 $hashCount = $this->objectInstance->getHashCount();
291 $this->objectInstance->setMaxHashCount($hashCount + 1);
292 $this->objectInstance->setHashCount($hashCount + 1);
293 $this->assertTrue($this->objectInstance->getHashCount() > $hashCount);
294 $this->objectInstance->setMinHashCount($hashCount - 1);
295 $this->objectInstance->setHashCount($hashCount - 1);
296 $this->assertTrue($this->objectInstance->getHashCount() < $hashCount);
297 // reset hashcount
298 $this->objectInstance->setHashCount(NULL);
299 }
300
301 /**
302 * @test
303 */
304 public function updateNecessityForValidSaltedPassword() {
305 $password = 'password';
306 $saltedHashPassword = $this->objectInstance->getHashedPassword($password);
307 $this->assertFalse($this->objectInstance->isHashUpdateNeeded($saltedHashPassword));
308 }
309
310 /**
311 * @test
312 */
313 public function updateNecessityForIncreasedHashcount() {
314 $password = 'password';
315 $saltedHashPassword = $this->objectInstance->getHashedPassword($password);
316 $increasedHashCount = $this->objectInstance->getHashCount() + 1;
317 $this->objectInstance->setMaxHashCount($increasedHashCount);
318 $this->objectInstance->setHashCount($increasedHashCount);
319 $this->assertTrue($this->objectInstance->isHashUpdateNeeded($saltedHashPassword));
320 // reset hashcount
321 $this->objectInstance->setHashCount(NULL);
322 }
323
324 /**
325 * @test
326 */
327 public function updateNecessityForDecreasedHashcount() {
328 $password = 'password';
329 $saltedHashPassword = $this->objectInstance->getHashedPassword($password);
330 $decreasedHashCount = $this->objectInstance->getHashCount() - 1;
331 $this->objectInstance->setMinHashCount($decreasedHashCount);
332 $this->objectInstance->setHashCount($decreasedHashCount);
333 $this->assertFalse($this->objectInstance->isHashUpdateNeeded($saltedHashPassword));
334 // reset hashcount
335 $this->objectInstance->setHashCount(NULL);
336 }
337
338 }
339
340
341 ?>