[TASK] EXT:saltedpasswords tests
authorChristian Kuhn <lolli@schwarzbu.ch>
Wed, 19 Sep 2012 20:09:41 +0000 (22:09 +0200)
committerChristian Kuhn <lolli@schwarzbu.ch>
Wed, 19 Sep 2012 20:18:29 +0000 (22:18 +0200)
* Minor cleanups and fix for a broken globals backup
* Activate for travis

Change-Id: I0bac617fcff4100dd31bf7ca1ad0aa552a7a4d37
Resolves: #41081
Releases: 6.0
Reviewed-on: http://review.typo3.org/14742
Reviewed-by: Christian Kuhn
Tested-by: Christian Kuhn
typo3/sysext/core/Build/UnitTests.xml
typo3/sysext/core/Migrations/Code/ClassAliasMap201208221700.php
typo3/sysext/saltedpasswords/Tests/Unit/Salt/BlowfishSaltTest.php [new file with mode: 0644]
typo3/sysext/saltedpasswords/Tests/Unit/Salt/Md5SaltTest.php [new file with mode: 0644]
typo3/sysext/saltedpasswords/Tests/Unit/Salt/PhpassSaltTest.php [new file with mode: 0644]
typo3/sysext/saltedpasswords/Tests/Unit/Salt/SaltFactoryTest.php [new file with mode: 0644]
typo3/sysext/saltedpasswords/Tests/Unit/Salts/BlowfishSaltTest.php [deleted file]
typo3/sysext/saltedpasswords/Tests/Unit/Salts/Md5SaltTest.php [deleted file]
typo3/sysext/saltedpasswords/Tests/Unit/Salts/PhpassSaltTest.php [deleted file]
typo3/sysext/saltedpasswords/Tests/Unit/Salts/SaltFactoryTest.php [deleted file]
typo3/sysext/saltedpasswords/Tests/Unit/Utility/SaltedPasswordsUtilityTest.php

index cade77f..b342e06 100644 (file)
@@ -52,6 +52,9 @@
                <testsuite name="EXT:lang tests">
                        <directory>../../../../typo3/sysext/lang/Tests/Unit/</directory>
                </testsuite>
+               <testsuite name="EXT:saltedpasswords tests">
+                       <directory>../../../../typo3/sysext/saltedpasswords/Tests/Unit/</directory>
+               </testsuite>
                <testsuite name="EXT:scheduler tests">
                        <directory>../../../../typo3/sysext/scheduler/Tests/Unit/</directory>
                </testsuite>
index 6c72dd7..9679e32 100644 (file)
@@ -1557,11 +1557,6 @@ return array(
        'tx_saltedpasswords_sv1' => 'TYPO3\\CMS\\Saltedpasswords\\SaltedPasswordService',
        'tx_saltedpasswords_Tasks_BulkUpdate_AdditionalFieldProvider' => 'TYPO3\\CMS\\Saltedpasswords\\Task\\BulkUpdateFieldProvider',
        'tx_saltedpasswords_Tasks_BulkUpdate' => 'TYPO3\\CMS\\Saltedpasswords\\Task\\BulkUpdateTask',
-       'tx_saltedpasswords_salts_blowfishTest' => 'TYPO3\\CMS\\Saltedpasswords\\Tests\\Unit\\Salts\\BlowfishSaltTest',
-       'tx_saltedpasswords_salts_md5Test' => 'TYPO3\\CMS\\Saltedpasswords\\Tests\\Unit\\Salts\\Md5SaltTest',
-       'tx_saltedpasswords_salts_phpassTest' => 'TYPO3\\CMS\\Saltedpasswords\\Tests\\Unit\\Salts\\PhpassSaltTest',
-       'tx_saltedpasswords_salts_factoryTest' => 'TYPO3\\CMS\\Saltedpasswords\\Tests\\Unit\\Salts\\SaltFactoryTest',
-       'tx_saltedpasswords_divTest' => 'TYPO3\\CMS\\Saltedpasswords\\Tests\\Unit\\Utility\\SaltedPasswordsUtilityTest',
        'tx_saltedpasswords_emconfhelper' => 'TYPO3\\CMS\\Saltedpasswords\\Utility\\ExtensionManagerConfigurationUtility',
        'tx_saltedpasswords_div' => 'TYPO3\\CMS\\Saltedpasswords\\Utility\\SaltedPasswordsUtility',
        'tx_scheduler_AdditionalFieldProvider' => 'TYPO3\\CMS\\Scheduler\\AdditionalFieldProviderInterface',
diff --git a/typo3/sysext/saltedpasswords/Tests/Unit/Salt/BlowfishSaltTest.php b/typo3/sysext/saltedpasswords/Tests/Unit/Salt/BlowfishSaltTest.php
new file mode 100644 (file)
index 0000000..4dd826f
--- /dev/null
@@ -0,0 +1,363 @@
+<?php
+namespace TYPO3\CMS\Saltedpasswords\Tests\Unit\Salt;
+
+/***************************************************************
+ *  Copyright notice
+ *
+ *  (c) 2009-2011 Marcus Krause <marcus#exp2009@t3sec.info>
+ *  All rights reserved
+ *
+ *  This script is part of the TYPO3 project. The TYPO3 project is
+ *  free software; you can redistribute it and/or modify
+ *  it under the terms of the GNU General Public License as published by
+ *  the Free Software Foundation; either version 2 of the License, or
+ *  (at your option) any later version.
+ *
+ *  The GNU General Public License can be found at
+ *  http://www.gnu.org/copyleft/gpl.html.
+ *  A copy is found in the textfile GPL.txt and important notices to the license
+ *  from the author is found in LICENSE.txt distributed with these scripts.
+ *
+ *
+ *  This script is distributed in the hope that it will be useful,
+ *  but WITHOUT ANY WARRANTY; without even the implied warranty of
+ *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ *  GNU General Public License for more details.
+ *
+ *  This copyright notice MUST APPEAR in all copies of the script!
+ ***************************************************************/
+
+/**
+ * Testcase for BlowfishSalt
+ *
+ * @author Marcus Krause <marcus#exp2009@t3sec.info>
+ * @package TYPO3
+ * @subpackage tx_saltedpasswords
+ */
+class BlowfishSaltTest extends \tx_phpunit_testcase {
+
+       /**
+        * Keeps instance of object to test.
+        *
+        * @var \TYPO3\CMS\Saltedpasswords\Salt\BlowfishSalt
+        */
+       protected $objectInstance = NULL;
+
+       /**
+        * Sets up the fixtures for this testcase.
+        *
+        * @return void
+        */
+       public function setUp() {
+               $this->objectInstance = $this->getMock('TYPO3\\CMS\\Saltedpasswords\\Salt\\BlowfishSalt', array('dummy'));
+       }
+
+       /**
+        * Tears down objects and settings created in this testcase.
+        *
+        * @return void
+        */
+       public function tearDown() {
+               unset($this->objectInstance);
+       }
+
+       /**
+        * Marks tests as skipped if the blowfish method is not available.
+        *
+        * @return void
+        */
+       protected function skipTestIfBlowfishIsNotAvailable() {
+               if (!CRYPT_BLOWFISH) {
+                       $this->markTestSkipped('Blowfish is not supported on your platform.');
+               }
+       }
+
+       /**
+        * @test
+        */
+       public function hasCorrectBaseClass() {
+               $hasCorrectBaseClass = 0 === strcmp('TYPO3\\CMS\\Saltedpasswords\\Salt\\BlowfishSalt', get_class($this->objectInstance)) ? TRUE : FALSE;
+               // XCLASS ?
+               if (!$hasCorrectBaseClass && FALSE != get_parent_class($this->objectInstance)) {
+                       $hasCorrectBaseClass = is_subclass_of($this->objectInstance, 'TYPO3\\CMS\\Saltedpasswords\\Salt\\BlowfishSalt');
+               }
+               $this->assertTrue($hasCorrectBaseClass);
+       }
+
+       /**
+        * @test
+        */
+       public function nonZeroSaltLength() {
+               $this->assertTrue($this->objectInstance->getSaltLength() > 0);
+       }
+
+       /**
+        * @test
+        */
+       public function emptyPasswordResultsInNullSaltedPassword() {
+               $password = '';
+               $this->assertNull($this->objectInstance->getHashedPassword($password));
+       }
+
+       /**
+        * @test
+        */
+       public function nonEmptyPasswordResultsInNonNullSaltedPassword() {
+               $this->skipTestIfBlowfishIsNotAvailable();
+               $password = 'a';
+               $this->assertNotNull($this->objectInstance->getHashedPassword($password));
+       }
+
+       /**
+        * @test
+        */
+       public function createdSaltedHashOfProperStructure() {
+               $this->skipTestIfBlowfishIsNotAvailable();
+               $password = 'password';
+               $saltedHashPassword = $this->objectInstance->getHashedPassword($password);
+               $this->assertTrue($this->objectInstance->isValidSaltedPW($saltedHashPassword));
+       }
+
+       /**
+        * @test
+        */
+       public function createdSaltedHashOfProperStructureForCustomSaltWithoutSetting() {
+               $this->skipTestIfBlowfishIsNotAvailable();
+               $password = 'password';
+               // custom salt without setting
+               $randomBytes = \TYPO3\CMS\Core\Utility\GeneralUtility::generateRandomBytes($this->objectInstance->getSaltLength());
+               $salt = $this->objectInstance->base64Encode($randomBytes, $this->objectInstance->getSaltLength());
+               $this->assertTrue($this->objectInstance->isValidSalt($salt));
+               $saltedHashPassword = $this->objectInstance->getHashedPassword($password, $salt);
+               $this->assertTrue($this->objectInstance->isValidSaltedPW($saltedHashPassword));
+       }
+
+       /**
+        * @test
+        */
+       public function createdSaltedHashOfProperStructureForMaximumHashCount() {
+               $this->skipTestIfBlowfishIsNotAvailable();
+               $password = 'password';
+               $maxHashCount = $this->objectInstance->getMaxHashCount();
+               $this->objectInstance->setHashCount($maxHashCount);
+               $saltedHashPassword = $this->objectInstance->getHashedPassword($password);
+               $this->assertTrue($this->objectInstance->isValidSaltedPW($saltedHashPassword));
+               // reset hashcount
+               $this->objectInstance->setHashCount(NULL);
+       }
+
+       /**
+        * @test
+        */
+       public function createdSaltedHashOfProperStructureForMinimumHashCount() {
+               $this->skipTestIfBlowfishIsNotAvailable();
+               $password = 'password';
+               $minHashCount = $this->objectInstance->getMinHashCount();
+               $this->objectInstance->setHashCount($minHashCount);
+               $saltedHashPassword = $this->objectInstance->getHashedPassword($password);
+               $this->assertTrue($this->objectInstance->isValidSaltedPW($saltedHashPassword));
+               // reset hashcount
+               $this->objectInstance->setHashCount(NULL);
+       }
+
+       /**
+        * Tests authentication procedure with alphabet characters.
+        *
+        * Checks if a "plain-text password" is everytime mapped to the
+        * same "salted password hash" when using the same salt.
+        *
+        * @test
+        */
+       public function authenticationWithValidAlphaCharClassPassword() {
+               $this->skipTestIfBlowfishIsNotAvailable();
+               $password = 'aEjOtY';
+               $saltedHashPassword = $this->objectInstance->getHashedPassword($password);
+               $this->assertTrue($this->objectInstance->checkPassword($password, $saltedHashPassword));
+       }
+
+       /**
+        * Tests authentication procedure with numeric characters.
+        *
+        * Checks if a "plain-text password" is everytime mapped to the
+        * same "salted password hash" when using the same salt.
+        *
+        * @test
+        */
+       public function authenticationWithValidNumericCharClassPassword() {
+               $this->skipTestIfBlowfishIsNotAvailable();
+               $password = '01369';
+               $saltedHashPassword = $this->objectInstance->getHashedPassword($password);
+               $this->assertTrue($this->objectInstance->checkPassword($password, $saltedHashPassword));
+       }
+
+       /**
+        * Tests authentication procedure with US-ASCII special characters.
+        *
+        * Checks if a "plain-text password" is everytime mapped to the
+        * same "salted password hash" when using the same salt.
+        *
+        * @test
+        */
+       public function authenticationWithValidAsciiSpecialCharClassPassword() {
+               $this->skipTestIfBlowfishIsNotAvailable();
+               $password = ' !"#$%&\'()*+,-./:;<=>?@[\\]^_`{|}~';
+               $saltedHashPassword = $this->objectInstance->getHashedPassword($password);
+               $this->assertTrue($this->objectInstance->checkPassword($password, $saltedHashPassword));
+       }
+
+       /**
+        * Tests authentication procedure with latin1 special characters.
+        *
+        * Checks if a "plain-text password" is everytime mapped to the
+        * same "salted password hash" when using the same salt.
+        *
+        * @test
+        */
+       public function authenticationWithValidLatin1SpecialCharClassPassword() {
+               $this->skipTestIfBlowfishIsNotAvailable();
+               $password = '';
+               for ($i = 160; $i <= 191; $i++) {
+                       $password .= chr($i);
+               }
+               $password .= chr(215) . chr(247);
+               $saltedHashPassword = $this->objectInstance->getHashedPassword($password);
+               $this->assertTrue($this->objectInstance->checkPassword($password, $saltedHashPassword));
+       }
+
+       /**
+        * Tests authentication procedure with latin1 umlauts.
+        *
+        * Checks if a "plain-text password" is everytime mapped to the
+        * same "salted password hash" when using the same salt.
+        *
+        * @test
+        */
+       public function authenticationWithValidLatin1UmlautCharClassPassword() {
+               $this->skipTestIfBlowfishIsNotAvailable();
+               $password = '';
+               for ($i = 192; $i <= 214; $i++) {
+                       $password .= chr($i);
+               }
+               for ($i = 216; $i <= 246; $i++) {
+                       $password .= chr($i);
+               }
+               for ($i = 248; $i <= 255; $i++) {
+                       $password .= chr($i);
+               }
+               $saltedHashPassword = $this->objectInstance->getHashedPassword($password);
+               $this->assertTrue($this->objectInstance->checkPassword($password, $saltedHashPassword));
+       }
+
+       /**
+        * @test
+        */
+       public function authenticationWithNonValidPassword() {
+               $this->skipTestIfBlowfishIsNotAvailable();
+               $password = 'password';
+               $password1 = $password . 'INVALID';
+               $saltedHashPassword = $this->objectInstance->getHashedPassword($password);
+               $this->assertFalse($this->objectInstance->checkPassword($password1, $saltedHashPassword));
+       }
+
+       /**
+        * @test
+        */
+       public function passwordVariationsResultInDifferentHashes() {
+               $this->skipTestIfBlowfishIsNotAvailable();
+               $pad = 'a';
+               $password = '';
+               $criticalPwLength = 0;
+               // We're using a constant salt.
+               $saltedHashPasswordCurrent = $salt = $this->objectInstance->getHashedPassword($pad);
+               for ($i = 0; $i <= 128; $i += 8) {
+                       $password = str_repeat($pad, max($i, 1));
+                       $saltedHashPasswordPrevious = $saltedHashPasswordCurrent;
+                       $saltedHashPasswordCurrent = $this->objectInstance->getHashedPassword($password, $salt);
+                       if ($i > 0 && 0 == strcmp($saltedHashPasswordPrevious, $saltedHashPasswordCurrent)) {
+                               $criticalPwLength = $i;
+                               break;
+                       }
+               }
+               $this->assertTrue($criticalPwLength == 0 || $criticalPwLength > 32, 'Duplicates of hashed passwords with plaintext password of length ' . $criticalPwLength . '+.');
+       }
+
+       /**
+        * @test
+        */
+       public function modifiedMinHashCount() {
+               $minHashCount = $this->objectInstance->getMinHashCount();
+               $this->objectInstance->setMinHashCount($minHashCount - 1);
+               $this->assertTrue($this->objectInstance->getMinHashCount() < $minHashCount);
+               $this->objectInstance->setMinHashCount($minHashCount + 1);
+               $this->assertTrue($this->objectInstance->getMinHashCount() > $minHashCount);
+       }
+
+       /**
+        * @test
+        */
+       public function modifiedMaxHashCount() {
+               $maxHashCount = $this->objectInstance->getMaxHashCount();
+               $this->objectInstance->setMaxHashCount($maxHashCount + 1);
+               $this->assertTrue($this->objectInstance->getMaxHashCount() > $maxHashCount);
+               $this->objectInstance->setMaxHashCount($maxHashCount - 1);
+               $this->assertTrue($this->objectInstance->getMaxHashCount() < $maxHashCount);
+       }
+
+       /**
+        * @test
+        */
+       public function modifiedHashCount() {
+               $hashCount = $this->objectInstance->getHashCount();
+               $this->objectInstance->setMaxHashCount($hashCount + 1);
+               $this->objectInstance->setHashCount($hashCount + 1);
+               $this->assertTrue($this->objectInstance->getHashCount() > $hashCount);
+               $this->objectInstance->setMinHashCount($hashCount - 1);
+               $this->objectInstance->setHashCount($hashCount - 1);
+               $this->assertTrue($this->objectInstance->getHashCount() < $hashCount);
+               // reset hashcount
+               $this->objectInstance->setHashCount(NULL);
+       }
+
+       /**
+        * @test
+        */
+       public function updateNecessityForValidSaltedPassword() {
+               $this->skipTestIfBlowfishIsNotAvailable();
+               $password = 'password';
+               $saltedHashPassword = $this->objectInstance->getHashedPassword($password);
+               $this->assertFalse($this->objectInstance->isHashUpdateNeeded($saltedHashPassword));
+       }
+
+       /**
+        * @test
+        */
+       public function updateNecessityForIncreasedHashcount() {
+               $password = 'password';
+               $saltedHashPassword = $this->objectInstance->getHashedPassword($password);
+               $increasedHashCount = $this->objectInstance->getHashCount() + 1;
+               $this->objectInstance->setMaxHashCount($increasedHashCount);
+               $this->objectInstance->setHashCount($increasedHashCount);
+               $this->assertTrue($this->objectInstance->isHashUpdateNeeded($saltedHashPassword));
+               // reset hashcount
+               $this->objectInstance->setHashCount(NULL);
+       }
+
+       /**
+        * @test
+        */
+       public function updateNecessityForDecreasedHashcount() {
+               $this->skipTestIfBlowfishIsNotAvailable();
+               $password = 'password';
+               $saltedHashPassword = $this->objectInstance->getHashedPassword($password);
+               $decreasedHashCount = $this->objectInstance->getHashCount() - 1;
+               $this->objectInstance->setMinHashCount($decreasedHashCount);
+               $this->objectInstance->setHashCount($decreasedHashCount);
+               $this->assertFalse($this->objectInstance->isHashUpdateNeeded($saltedHashPassword));
+               // reset hashcount
+               $this->objectInstance->setHashCount(NULL);
+       }
+
+}
+
+
+?>
\ No newline at end of file
diff --git a/typo3/sysext/saltedpasswords/Tests/Unit/Salt/Md5SaltTest.php b/typo3/sysext/saltedpasswords/Tests/Unit/Salt/Md5SaltTest.php
new file mode 100644 (file)
index 0000000..dbc08e5
--- /dev/null
@@ -0,0 +1,259 @@
+<?php
+namespace TYPO3\CMS\Saltedpasswords\Tests\Unit\Salt;
+
+/***************************************************************
+ *  Copyright notice
+ *
+ *  (c) 2009-2011 Marcus Krause <marcus#exp2009@t3sec.info>
+ *  All rights reserved
+ *
+ *  This script is part of the TYPO3 project. The TYPO3 project is
+ *  free software; you can redistribute it and/or modify
+ *  it under the terms of the GNU General Public License as published by
+ *  the Free Software Foundation; either version 2 of the License, or
+ *  (at your option) any later version.
+ *
+ *  The GNU General Public License can be found at
+ *  http://www.gnu.org/copyleft/gpl.html.
+ *  A copy is found in the textfile GPL.txt and important notices to the license
+ *  from the author is found in LICENSE.txt distributed with these scripts.
+ *
+ *
+ *  This script is distributed in the hope that it will be useful,
+ *  but WITHOUT ANY WARRANTY; without even the implied warranty of
+ *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ *  GNU General Public License for more details.
+ *
+ *  This copyright notice MUST APPEAR in all copies of the script!
+ ***************************************************************/
+
+/**
+ * Testcases for Md5Salt
+ *
+ * @author Marcus Krause <marcus#exp2009@t3sec.info>
+ * @package TYPO3
+ * @subpackage tx_saltedpasswords
+ */
+class Md5SaltTest extends \tx_phpunit_testcase {
+
+       /**
+        * Keeps instance of object to test.
+        *
+        * @var \TYPO3\CMS\Saltedpasswords\Salt\Md5Salt
+        */
+       protected $objectInstance = NULL;
+
+       /**
+        * Sets up the fixtures for this testcase.
+        *
+        * @return void
+        */
+       public function setUp() {
+               $this->objectInstance = $this->getMock('TYPO3\\CMS\\Saltedpasswords\\Salt\\Md5Salt', array('dummy'));
+       }
+
+       /**
+        * Tears down objects and settings created in this testcase.
+        *
+        * @return void
+        */
+       public function tearDown() {
+               $this->objectInstance = NULL;
+       }
+
+       /**
+        * Prepares a message to be shown when a salted hashing is not supported.
+        *
+        * @return string Empty string if salted hashing method is available, otherwise an according warning
+        */
+       protected function getWarningWhenMethodUnavailable() {
+               $warningMsg = '';
+               if (!CRYPT_MD5) {
+                       $warningMsg = 'MD5 is not supported on your platform. ' . 'Then, some of the md5 tests will fail.';
+               }
+               return $warningMsg;
+       }
+
+       /**
+        * @test
+        */
+       public function hasCorrectBaseClass() {
+               $hasCorrectBaseClass = 0 === strcmp('TYPO3\\CMS\\Saltedpasswords\\Salt\\Md5Salt', get_class($this->objectInstance)) ? TRUE : FALSE;
+               // XCLASS ?
+               if (!$hasCorrectBaseClass && FALSE != get_parent_class($this->objectInstance)) {
+                       $hasCorrectBaseClass = is_subclass_of($this->objectInstance, 'TYPO3\\CMS\\Saltedpasswords\\Salt\\Md5Salt');
+               }
+               $this->assertTrue($hasCorrectBaseClass);
+       }
+
+       /**
+        * @test
+        */
+       public function nonZeroSaltLength() {
+               $this->assertTrue($this->objectInstance->getSaltLength() > 0);
+       }
+
+       /**
+        * @test
+        */
+       public function emptyPasswordResultsInNullSaltedPassword() {
+               $password = '';
+               $this->assertNull($this->objectInstance->getHashedPassword($password));
+       }
+
+       /**
+        * @test
+        */
+       public function nonEmptyPasswordResultsInNonNullSaltedPassword() {
+               $password = 'a';
+               $this->assertNotNull($this->objectInstance->getHashedPassword($password), $this->getWarningWhenMethodUnavailable());
+       }
+
+       /**
+        * @test
+        */
+       public function createdSaltedHashOfProperStructure() {
+               $password = 'password';
+               $saltedHashPassword = $this->objectInstance->getHashedPassword($password);
+               $this->assertTrue($this->objectInstance->isValidSaltedPW($saltedHashPassword), $this->getWarningWhenMethodUnavailable());
+       }
+
+       /**
+        * @test
+        */
+       public function createdSaltedHashOfProperStructureForCustomSaltWithoutSetting() {
+               $password = 'password';
+               // custom salt without setting
+               $randomBytes = \TYPO3\CMS\Core\Utility\GeneralUtility::generateRandomBytes($this->objectInstance->getSaltLength());
+               $salt = $this->objectInstance->base64Encode($randomBytes, $this->objectInstance->getSaltLength());
+               $this->assertTrue($this->objectInstance->isValidSalt($salt), $this->getWarningWhenMethodUnavailable());
+               $saltedHashPassword = $this->objectInstance->getHashedPassword($password, $salt);
+               $this->assertTrue($this->objectInstance->isValidSaltedPW($saltedHashPassword), $this->getWarningWhenMethodUnavailable());
+       }
+
+       /**
+        * Tests authentication procedure with alphabet characters.
+        *
+        * Checks if a "plain-text password" is everytime mapped to the
+        * same "salted password hash" when using the same salt.
+        *
+        * @test
+        */
+       public function authenticationWithValidAlphaCharClassPassword() {
+               $password = 'aEjOtY';
+               $saltedHashPassword = $this->objectInstance->getHashedPassword($password);
+               $this->assertTrue($this->objectInstance->checkPassword($password, $saltedHashPassword), $this->getWarningWhenMethodUnavailable());
+       }
+
+       /**
+        * Tests authentication procedure with numeric characters.
+        *
+        * Checks if a "plain-text password" is everytime mapped to the
+        * same "salted password hash" when using the same salt.
+        *
+        * @test
+        */
+       public function authenticationWithValidNumericCharClassPassword() {
+               $password = '01369';
+               $saltedHashPassword = $this->objectInstance->getHashedPassword($password);
+               $this->assertTrue($this->objectInstance->checkPassword($password, $saltedHashPassword), $this->getWarningWhenMethodUnavailable());
+       }
+
+       /**
+        * Tests authentication procedure with US-ASCII special characters.
+        *
+        * Checks if a "plain-text password" is everytime mapped to the
+        * same "salted password hash" when using the same salt.
+        *
+        * @test
+        */
+       public function authenticationWithValidAsciiSpecialCharClassPassword() {
+               $password = ' !"#$%&\'()*+,-./:;<=>?@[\\]^_`{|}~';
+               $saltedHashPassword = $this->objectInstance->getHashedPassword($password);
+               $this->assertTrue($this->objectInstance->checkPassword($password, $saltedHashPassword), $this->getWarningWhenMethodUnavailable());
+       }
+
+       /**
+        * Tests authentication procedure with latin1 special characters.
+        *
+        * Checks if a "plain-text password" is everytime mapped to the
+        * same "salted password hash" when using the same salt.
+        *
+        * @test
+        */
+       public function authenticationWithValidLatin1SpecialCharClassPassword() {
+               $password = '';
+               for ($i = 160; $i <= 191; $i++) {
+                       $password .= chr($i);
+               }
+               $password .= chr(215) . chr(247);
+               $saltedHashPassword = $this->objectInstance->getHashedPassword($password);
+               $this->assertTrue($this->objectInstance->checkPassword($password, $saltedHashPassword), $this->getWarningWhenMethodUnavailable());
+       }
+
+       /**
+        * Tests authentication procedure with latin1 umlauts.
+        *
+        * Checks if a "plain-text password" is everytime mapped to the
+        * same "salted password hash" when using the same salt.
+        *
+        * @test
+        */
+       public function authenticationWithValidLatin1UmlautCharClassPassword() {
+               $password = '';
+               for ($i = 192; $i <= 214; $i++) {
+                       $password .= chr($i);
+               }
+               for ($i = 216; $i <= 246; $i++) {
+                       $password .= chr($i);
+               }
+               for ($i = 248; $i <= 255; $i++) {
+                       $password .= chr($i);
+               }
+               $saltedHashPassword = $this->objectInstance->getHashedPassword($password);
+               $this->assertTrue($this->objectInstance->checkPassword($password, $saltedHashPassword), $this->getWarningWhenMethodUnavailable());
+       }
+
+       /**
+        * @test
+        */
+       public function authenticationWithNonValidPassword() {
+               $password = 'password';
+               $password1 = $password . 'INVALID';
+               $saltedHashPassword = $this->objectInstance->getHashedPassword($password);
+               $this->assertFalse($this->objectInstance->checkPassword($password1, $saltedHashPassword), $this->getWarningWhenMethodUnavailable());
+       }
+
+       /**
+        * @test
+        */
+       public function passwordVariationsResultInDifferentHashes() {
+               $pad = 'a';
+               $criticalPwLength = 0;
+               // We're using a constant salt.
+               $saltedHashPasswordCurrent = $salt = $this->objectInstance->getHashedPassword($pad);
+               for ($i = 0; $i <= 128; $i += 8) {
+                       $password = str_repeat($pad, max($i, 1));
+                       $saltedHashPasswordPrevious = $saltedHashPasswordCurrent;
+                       $saltedHashPasswordCurrent = $this->objectInstance->getHashedPassword($password, $salt);
+                       if ($i > 0 && 0 == strcmp($saltedHashPasswordPrevious, $saltedHashPasswordCurrent)) {
+                               $criticalPwLength = $i;
+                               break;
+                       }
+               }
+               $this->assertTrue($criticalPwLength == 0 || $criticalPwLength > 32, $this->getWarningWhenMethodUnavailable() . 'Duplicates of hashed passwords with plaintext password of length ' . $criticalPwLength . '+.');
+       }
+
+       /**
+        * @test
+        */
+       public function noUpdateNecessityForMd5() {
+               $password = 'password';
+               $saltedHashPassword = $this->objectInstance->getHashedPassword($password);
+               $this->assertFalse($this->objectInstance->isHashUpdateNeeded($saltedHashPassword));
+       }
+
+}
+
+
+?>
\ No newline at end of file
diff --git a/typo3/sysext/saltedpasswords/Tests/Unit/Salt/PhpassSaltTest.php b/typo3/sysext/saltedpasswords/Tests/Unit/Salt/PhpassSaltTest.php
new file mode 100644 (file)
index 0000000..d637587
--- /dev/null
@@ -0,0 +1,336 @@
+<?php
+namespace TYPO3\CMS\Saltedpasswords\Tests\Unit\Salt;
+
+/***************************************************************
+ *  Copyright notice
+ *
+ *  (c) 2009-2011 Marcus Krause <marcus#exp2009@t3sec.info>
+ *  All rights reserved
+ *
+ *  This script is part of the TYPO3 project. The TYPO3 project is
+ *  free software; you can redistribute it and/or modify
+ *  it under the terms of the GNU General Public License as published by
+ *  the Free Software Foundation; either version 2 of the License, or
+ *  (at your option) any later version.
+ *
+ *  The GNU General Public License can be found at
+ *  http://www.gnu.org/copyleft/gpl.html.
+ *  A copy is found in the textfile GPL.txt and important notices to the license
+ *  from the author is found in LICENSE.txt distributed with these scripts.
+ *
+ *
+ *  This script is distributed in the hope that it will be useful,
+ *  but WITHOUT ANY WARRANTY; without even the implied warranty of
+ *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ *  GNU General Public License for more details.
+ *
+ *  This copyright notice MUST APPEAR in all copies of the script!
+ ***************************************************************/
+
+/**
+ * Testcase for PhpassSalt
+ *
+ * @author Marcus Krause <marcus#exp2009@t3sec.info>
+ * @package TYPO3
+ * @subpackage tx_saltedpasswords
+ */
+class PhpassSaltTest extends \tx_phpunit_testcase {
+
+       /**
+        * Keeps instance of object to test.
+        *
+        * @var \TYPO3\CMS\Saltedpasswords\Salt\PhpassSalt
+        */
+       protected $objectInstance = NULL;
+
+       /**
+        * Sets up the fixtures for this testcase.
+        *
+        * @return void
+        */
+       public function setUp() {
+               $this->objectInstance = $this->getMock('TYPO3\\CMS\\Saltedpasswords\\Salt\\PhpassSalt', array('dummy'));
+       }
+
+       /**
+        * Tears down objects and settings created in this testcase.
+        *
+        * @return void
+        */
+       public function tearDown() {
+               $this->objectInstance = NULL;
+       }
+
+       /**
+        * @test
+        */
+       public function hasCorrectBaseClass() {
+               $hasCorrectBaseClass = 0 === strcmp('TYPO3\\CMS\\Saltedpasswords\\Salt\\PhpassSalt', get_class($this->objectInstance)) ? TRUE : FALSE;
+               // XCLASS ?
+               if (!$hasCorrectBaseClass && FALSE != get_parent_class($this->objectInstance)) {
+                       $hasCorrectBaseClass = is_subclass_of($this->objectInstance, 'TYPO3\\CMS\\Saltedpasswords\\Salt\\PhpassSalt');
+               }
+               $this->assertTrue($hasCorrectBaseClass);
+       }
+
+       /**
+        * @test
+        */
+       public function nonZeroSaltLength() {
+               $this->assertTrue($this->objectInstance->getSaltLength() > 0);
+       }
+
+       /**
+        * @test
+        */
+       public function emptyPasswordResultsInNullSaltedPassword() {
+               $password = '';
+               $this->assertNull($this->objectInstance->getHashedPassword($password));
+       }
+
+       /**
+        * @test
+        */
+       public function nonEmptyPasswordResultsInNonNullSaltedPassword() {
+               $password = 'a';
+               $this->assertNotNull($this->objectInstance->getHashedPassword($password));
+       }
+
+       /**
+        * @test
+        */
+       public function createdSaltedHashOfProperStructure() {
+               $password = 'password';
+               $saltedHashPassword = $this->objectInstance->getHashedPassword($password);
+               $this->assertTrue($this->objectInstance->isValidSaltedPW($saltedHashPassword));
+       }
+
+       /**
+        * @test
+        */
+       public function createdSaltedHashOfProperStructureForCustomSaltWithoutSetting() {
+               $password = 'password';
+               // custom salt without setting
+               $randomBytes = \TYPO3\CMS\Core\Utility\GeneralUtility::generateRandomBytes($this->objectInstance->getSaltLength());
+               $salt = $this->objectInstance->base64Encode($randomBytes, $this->objectInstance->getSaltLength());
+               $this->assertTrue($this->objectInstance->isValidSalt($salt));
+               $saltedHashPassword = $this->objectInstance->getHashedPassword($password, $salt);
+               $this->assertTrue($this->objectInstance->isValidSaltedPW($saltedHashPassword));
+       }
+
+       /**
+        * @test
+        */
+       public function createdSaltedHashOfProperStructureForMaximumHashCount() {
+               $password = 'password';
+               $maxHashCount = $this->objectInstance->getMaxHashCount();
+               $this->objectInstance->setHashCount($maxHashCount);
+               $saltedHashPassword = $this->objectInstance->getHashedPassword($password);
+               $this->assertTrue($this->objectInstance->isValidSaltedPW($saltedHashPassword));
+               // reset hashcount
+               $this->objectInstance->setHashCount(NULL);
+       }
+
+       /**
+        * @test
+        */
+       public function createdSaltedHashOfProperStructureForMinimumHashCount() {
+               $password = 'password';
+               $minHashCount = $this->objectInstance->getMinHashCount();
+               $this->objectInstance->setHashCount($minHashCount);
+               $saltedHashPassword = $this->objectInstance->getHashedPassword($password);
+               $this->assertTrue($this->objectInstance->isValidSaltedPW($saltedHashPassword));
+               // reset hashcount
+               $this->objectInstance->setHashCount(NULL);
+       }
+
+       /**
+        * Tests authentication procedure with alphabet characters.
+        *
+        * Checks if a "plain-text password" is everytime mapped to the
+        * same "salted password hash" when using the same salt.
+        *
+        * @test
+        */
+       public function authenticationWithValidAlphaCharClassPassword() {
+               $password = 'aEjOtY';
+               $saltedHashPassword = $this->objectInstance->getHashedPassword($password);
+               $this->assertTrue($this->objectInstance->checkPassword($password, $saltedHashPassword));
+       }
+
+       /**
+        * Tests authentication procedure with numeric characters.
+        *
+        * Checks if a "plain-text password" is everytime mapped to the
+        * same "salted password hash" when using the same salt.
+        *
+        * @test
+        */
+       public function authenticationWithValidNumericCharClassPassword() {
+               $password = '01369';
+               $saltedHashPassword = $this->objectInstance->getHashedPassword($password);
+               $this->assertTrue($this->objectInstance->checkPassword($password, $saltedHashPassword));
+       }
+
+       /**
+        * Tests authentication procedure with US-ASCII special characters.
+        *
+        * Checks if a "plain-text password" is everytime mapped to the
+        * same "salted password hash" when using the same salt.
+        *
+        * @test
+        */
+       public function authenticationWithValidAsciiSpecialCharClassPassword() {
+               $password = ' !"#$%&\'()*+,-./:;<=>?@[\\]^_`{|}~';
+               $saltedHashPassword = $this->objectInstance->getHashedPassword($password);
+               $this->assertTrue($this->objectInstance->checkPassword($password, $saltedHashPassword));
+       }
+
+       /**
+        * Tests authentication procedure with latin1 special characters.
+        *
+        * Checks if a "plain-text password" is everytime mapped to the
+        * same "salted password hash" when using the same salt.
+        *
+        * @test
+        */
+       public function authenticationWithValidLatin1SpecialCharClassPassword() {
+               $password = '';
+               for ($i = 160; $i <= 191; $i++) {
+                       $password .= chr($i);
+               }
+               $password .= chr(215) . chr(247);
+               $saltedHashPassword = $this->objectInstance->getHashedPassword($password);
+               $this->assertTrue($this->objectInstance->checkPassword($password, $saltedHashPassword));
+       }
+
+       /**
+        * Tests authentication procedure with latin1 umlauts.
+        *
+        * Checks if a "plain-text password" is everytime mapped to the
+        * same "salted password hash" when using the same salt.
+        *
+        * @test
+        */
+       public function authenticationWithValidLatin1UmlautCharClassPassword() {
+               $password = '';
+               for ($i = 192; $i <= 214; $i++) {
+                       $password .= chr($i);
+               }
+               for ($i = 216; $i <= 246; $i++) {
+                       $password .= chr($i);
+               }
+               for ($i = 248; $i <= 255; $i++) {
+                       $password .= chr($i);
+               }
+               $saltedHashPassword = $this->objectInstance->getHashedPassword($password);
+               $this->assertTrue($this->objectInstance->checkPassword($password, $saltedHashPassword));
+       }
+
+       /**
+        * @test
+        */
+       public function authenticationWithNonValidPassword() {
+               $password = 'password';
+               $password1 = $password . 'INVALID';
+               $saltedHashPassword = $this->objectInstance->getHashedPassword($password);
+               $this->assertFalse($this->objectInstance->checkPassword($password1, $saltedHashPassword));
+       }
+
+       /**
+        * @test
+        */
+       public function passwordVariationsResultInDifferentHashes() {
+               $pad = 'a';
+               $criticalPwLength = 0;
+               // We're using a constant salt.
+               $saltedHashPasswordCurrent = $salt = $this->objectInstance->getHashedPassword($pad);
+               for ($i = 0; $i <= 128; $i += 8) {
+                       $password = str_repeat($pad, max($i, 1));
+                       $saltedHashPasswordPrevious = $saltedHashPasswordCurrent;
+                       $saltedHashPasswordCurrent = $this->objectInstance->getHashedPassword($password, $salt);
+                       if ($i > 0 && 0 == strcmp($saltedHashPasswordPrevious, $saltedHashPasswordCurrent)) {
+                               $criticalPwLength = $i;
+                               break;
+                       }
+               }
+               $this->assertTrue($criticalPwLength == 0 || $criticalPwLength > 32, 'Duplicates of hashed passwords with plaintext password of length ' . $criticalPwLength . '+.');
+       }
+
+       /**
+        * @test
+        */
+       public function modifiedMinHashCount() {
+               $minHashCount = $this->objectInstance->getMinHashCount();
+               $this->objectInstance->setMinHashCount($minHashCount - 1);
+               $this->assertTrue($this->objectInstance->getMinHashCount() < $minHashCount);
+               $this->objectInstance->setMinHashCount($minHashCount + 1);
+               $this->assertTrue($this->objectInstance->getMinHashCount() > $minHashCount);
+       }
+
+       /**
+        * @test
+        */
+       public function modifiedMaxHashCount() {
+               $maxHashCount = $this->objectInstance->getMaxHashCount();
+               $this->objectInstance->setMaxHashCount($maxHashCount + 1);
+               $this->assertTrue($this->objectInstance->getMaxHashCount() > $maxHashCount);
+               $this->objectInstance->setMaxHashCount($maxHashCount - 1);
+               $this->assertTrue($this->objectInstance->getMaxHashCount() < $maxHashCount);
+       }
+
+       /**
+        * @test
+        */
+       public function modifiedHashCount() {
+               $hashCount = $this->objectInstance->getHashCount();
+               $this->objectInstance->setMaxHashCount($hashCount + 1);
+               $this->objectInstance->setHashCount($hashCount + 1);
+               $this->assertTrue($this->objectInstance->getHashCount() > $hashCount);
+               $this->objectInstance->setMinHashCount($hashCount - 1);
+               $this->objectInstance->setHashCount($hashCount - 1);
+               $this->assertTrue($this->objectInstance->getHashCount() < $hashCount);
+               // reset hashcount
+               $this->objectInstance->setHashCount(NULL);
+       }
+
+       /**
+        * @test
+        */
+       public function updateNecessityForValidSaltedPassword() {
+               $password = 'password';
+               $saltedHashPassword = $this->objectInstance->getHashedPassword($password);
+               $this->assertFalse($this->objectInstance->isHashUpdateNeeded($saltedHashPassword));
+       }
+
+       /**
+        * @test
+        */
+       public function updateNecessityForIncreasedHashcount() {
+               $password = 'password';
+               $saltedHashPassword = $this->objectInstance->getHashedPassword($password);
+               $increasedHashCount = $this->objectInstance->getHashCount() + 1;
+               $this->objectInstance->setMaxHashCount($increasedHashCount);
+               $this->objectInstance->setHashCount($increasedHashCount);
+               $this->assertTrue($this->objectInstance->isHashUpdateNeeded($saltedHashPassword));
+               // reset hashcount
+               $this->objectInstance->setHashCount(NULL);
+       }
+
+       /**
+        * @test
+        */
+       public function updateNecessityForDecreasedHashcount() {
+               $password = 'password';
+               $saltedHashPassword = $this->objectInstance->getHashedPassword($password);
+               $decreasedHashCount = $this->objectInstance->getHashCount() - 1;
+               $this->objectInstance->setMinHashCount($decreasedHashCount);
+               $this->objectInstance->setHashCount($decreasedHashCount);
+               $this->assertFalse($this->objectInstance->isHashUpdateNeeded($saltedHashPassword));
+               // reset hashcount
+               $this->objectInstance->setHashCount(NULL);
+       }
+
+}
+
+?>
\ No newline at end of file
diff --git a/typo3/sysext/saltedpasswords/Tests/Unit/Salt/SaltFactoryTest.php b/typo3/sysext/saltedpasswords/Tests/Unit/Salt/SaltFactoryTest.php
new file mode 100644 (file)
index 0000000..aa75e37
--- /dev/null
@@ -0,0 +1,155 @@
+<?php
+namespace TYPO3\CMS\Saltedpasswords\Tests\Unit\Salt;
+
+/***************************************************************
+ *  Copyright notice
+ *
+ *  (c) 2009-2011 Marcus Krause <marcus#exp2009@t3sec.info>
+ *  All rights reserved
+ *
+ *  This script is part of the TYPO3 project. The TYPO3 project is
+ *  free software; you can redistribute it and/or modify
+ *  it under the terms of the GNU General Public License as published by
+ *  the Free Software Foundation; either version 2 of the License, or
+ *  (at your option) any later version.
+ *
+ *  The GNU General Public License can be found at
+ *  http://www.gnu.org/copyleft/gpl.html.
+ *  A copy is found in the textfile GPL.txt and important notices to the license
+ *  from the author is found in LICENSE.txt distributed with these scripts.
+ *
+ *
+ *  This script is distributed in the hope that it will be useful,
+ *  but WITHOUT ANY WARRANTY; without even the implied warranty of
+ *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ *  GNU General Public License for more details.
+ *
+ *  This copyright notice MUST APPEAR in all copies of the script!
+ ***************************************************************/
+
+/**
+ * Testcase for SaltFactory
+ *
+ * @author Marcus Krause <marcus#exp2009@t3sec.info>
+ * @since 2009-09-06
+ * @package TYPO3
+ * @subpackage tx_saltedpasswords
+ */
+class SaltFactoryTest extends \tx_phpunit_testcase {
+
+       /**
+        * Keeps instance of object to test.
+        *
+        * @var \TYPO3\CMS\Saltedpasswords\Salt\AbstractSalt
+        */
+       protected $objectInstance = NULL;
+
+       /**
+        * Sets up the fixtures for this testcase.
+        *
+        * @return void
+        */
+       protected function setUp() {
+               $this->objectInstance = \TYPO3\CMS\Saltedpasswords\Salt\SaltFactory::getSaltingInstance();
+       }
+
+       /**
+        * Tears down objects and settings created in this testcase.
+        *
+        * @return void
+        */
+       public function tearDown() {
+               $this->objectInstance = NULL;
+       }
+
+       /**
+        * @test
+        */
+       public function objectInstanceNotNull() {
+               $this->assertNotNull($this->objectInstance);
+       }
+
+       /**
+        * @test
+        */
+       public function objectInstanceExtendsAbstractClass() {
+               $this->assertTrue(is_subclass_of($this->objectInstance, 'TYPO3\\CMS\\Saltedpasswords\\Salt\\AbstractSalt'));
+       }
+
+       /**
+        * @test
+        */
+       public function objectInstanceImplementsInterface() {
+               $this->assertTrue(method_exists($this->objectInstance, 'checkPassword'), 'Missing method checkPassword() from interface TYPO3\\CMS\\Saltedpasswords\\Salt\\SaltInterface.');
+               $this->assertTrue(method_exists($this->objectInstance, 'isHashUpdateNeeded'), 'Missing method isHashUpdateNeeded() from interface TYPO3\\CMS\\Saltedpasswords\\Salt\\SaltInterface.');
+               $this->assertTrue(method_exists($this->objectInstance, 'isValidSalt'), 'Missing method isValidSalt() from interface TYPO3\\CMS\\Saltedpasswords\\Salt\\SaltInterface.');
+               $this->assertTrue(method_exists($this->objectInstance, 'isValidSaltedPW'), 'Missing method isValidSaltedPW() from interface TYPO3\\CMS\\Saltedpasswords\\Salt\\SaltInterface.');
+               $this->assertTrue(method_exists($this->objectInstance, 'getHashedPassword'), 'Missing method getHashedPassword() from interface TYPO3\\CMS\\Saltedpasswords\\Salt\\SaltInterface.');
+               $this->assertTrue(method_exists($this->objectInstance, 'getSaltLength'), 'Missing method getSaltLength() from interface TYPO3\\CMS\\Saltedpasswords\\Salt\\SaltInterface.');
+       }
+
+       /**
+        * @test
+        */
+       public function base64EncodeReturnsProperLength() {
+               // 3 Bytes should result in a 6 char length base64 encoded string
+               // used for MD5 and PHPass salted hashing
+               $byteLength = 3;
+               $reqLengthBase64 = intval(ceil($byteLength * 8 / 6));
+               $randomBytes = \TYPO3\CMS\Core\Utility\GeneralUtility::generateRandomBytes($byteLength);
+               $this->assertTrue(strlen($this->objectInstance->base64Encode($randomBytes, $byteLength)) == $reqLengthBase64);
+               // 16 Bytes should result in a 22 char length base64 encoded string
+               // used for Blowfish salted hashing
+               $byteLength = 16;
+               $reqLengthBase64 = intval(ceil($byteLength * 8 / 6));
+               $randomBytes = \TYPO3\CMS\Core\Utility\GeneralUtility::generateRandomBytes($byteLength);
+               $this->assertTrue(strlen($this->objectInstance->base64Encode($randomBytes, $byteLength)) == $reqLengthBase64);
+       }
+
+       /**
+        * @test
+        */
+       public function objectInstanceForMD5Salts() {
+               $saltMD5 = '$1$rasmusle$rISCgZzpwk3UhDidwXvin0';
+               $this->objectInstance = \TYPO3\CMS\Saltedpasswords\Salt\SaltFactory::getSaltingInstance($saltMD5);
+               $this->assertTrue(get_class($this->objectInstance) == 'TYPO3\\CMS\\Saltedpasswords\\Salt\\Md5Salt' || is_subclass_of($this->objectInstance, 'TYPO3\\CMS\\Saltedpasswords\\Salt\\Md5Salt'));
+       }
+
+       /**
+        * @test
+        */
+       public function objectInstanceForBlowfishSalts() {
+               $saltBlowfish = '$2a$07$abcdefghijklmnopqrstuuIdQV69PAxWYTgmnoGpe0Sk47GNS/9ZW';
+               $this->objectInstance = \TYPO3\CMS\Saltedpasswords\Salt\SaltFactory::getSaltingInstance($saltBlowfish);
+               $this->assertTrue(get_class($this->objectInstance) == 'TYPO3\\CMS\\Saltedpasswords\\Salt\\BlowfishSalt' || is_subclass_of($this->objectInstance, 'TYPO3\\CMS\\Saltedpasswords\\Salt\\BlowfishSalt'));
+       }
+
+       /**
+        * @test
+        */
+       public function objectInstanceForPhpassSalts() {
+               $saltPhpass = '$P$CWF13LlG/0UcAQFUjnnS4LOqyRW43c.';
+               $this->objectInstance = \TYPO3\CMS\Saltedpasswords\Salt\SaltFactory::getSaltingInstance($saltPhpass);
+               $this->assertTrue(get_class($this->objectInstance) == 'TYPO3\\CMS\\Saltedpasswords\\Salt\\PhpassSalt' || is_subclass_of($this->objectInstance, 'TYPO3\\CMS\\Saltedpasswords\\Salt\\PhpassSalt'));
+       }
+
+       /**
+        * @test
+        */
+       public function resettingFactoryInstanceSucceeds() {
+               $defaultClassNameToUse = \TYPO3\CMS\Saltedpasswords\Utility\SaltedPasswordsUtility::getDefaultSaltingHashingMethod();
+               if ($defaultClassNameToUse == 'TYPO3\\CMS\\Saltedpasswords\\Salt\\Md5Salt') {
+                       $saltedPW = '$P$CWF13LlG/0UcAQFUjnnS4LOqyRW43c.';
+               } else {
+                       $saltedPW = '$1$rasmusle$rISCgZzpwk3UhDidwXvin0';
+               }
+               $this->objectInstance = \TYPO3\CMS\Saltedpasswords\Salt\SaltFactory::getSaltingInstance($saltedPW);
+               // resetting
+               $this->objectInstance = \TYPO3\CMS\Saltedpasswords\Salt\SaltFactory::getSaltingInstance(NULL);
+               $this->assertTrue(get_class($this->objectInstance) == $defaultClassNameToUse || is_subclass_of($this->objectInstance, $defaultClassNameToUse));
+       }
+
+}
+
+
+?>
\ No newline at end of file
diff --git a/typo3/sysext/saltedpasswords/Tests/Unit/Salts/BlowfishSaltTest.php b/typo3/sysext/saltedpasswords/Tests/Unit/Salts/BlowfishSaltTest.php
deleted file mode 100644 (file)
index 597aeaa..0000000
+++ /dev/null
@@ -1,366 +0,0 @@
-<?php
-namespace TYPO3\CMS\Saltedpasswords\Tests\Unit\Salts;
-
-/***************************************************************
- *  Copyright notice
- *
- *  (c) 2009-2011 Marcus Krause <marcus#exp2009@t3sec.info>
- *  All rights reserved
- *
- *  This script is part of the TYPO3 project. The TYPO3 project is
- *  free software; you can redistribute it and/or modify
- *  it under the terms of the GNU General Public License as published by
- *  the Free Software Foundation; either version 2 of the License, or
- *  (at your option) any later version.
- *
- *  The GNU General Public License can be found at
- *  http://www.gnu.org/copyleft/gpl.html.
- *  A copy is found in the textfile GPL.txt and important notices to the license
- *  from the author is found in LICENSE.txt distributed with these scripts.
- *
- *
- *  This script is distributed in the hope that it will be useful,
- *  but WITHOUT ANY WARRANTY; without even the implied warranty of
- *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
- *  GNU General Public License for more details.
- *
- *  This copyright notice MUST APPEAR in all copies of the script!
- ***************************************************************/
-/**
- * Contains class "tx_saltedpasswords_salts_blowfish"
- * that provides Blowfish salted hashing.
- */
-/**
- * Testcases for class tx_saltedpasswords_salts_blowfish.
- *
- * @author Marcus Krause <marcus#exp2009@t3sec.info>
- * @package TYPO3
- * @subpackage tx_saltedpasswords
- */
-class BlowfishSaltTest extends \tx_phpunit_testcase {
-
-       /**
-        * Keeps instance of object to test.
-        *
-        * @var \TYPO3\CMS\Saltedpasswords\Salt\BlowfishSalt
-        */
-       protected $objectInstance = NULL;
-
-       /**
-        * Sets up the fixtures for this testcase.
-        *
-        * @return void
-        */
-       public function setUp() {
-               $this->objectInstance = \TYPO3\CMS\Core\Utility\GeneralUtility::makeInstance('TYPO3\\CMS\\Saltedpasswords\\Salt\\BlowfishSalt');
-       }
-
-       /**
-        * Tears down objects and settings created in this testcase.
-        *
-        * @return void
-        */
-       public function tearDown() {
-               unset($this->objectInstance);
-       }
-
-       /**
-        * Marks tests as skipped if the blowfish method is not available.
-        *
-        * @return void
-        */
-       protected function skipTestIfBlowfishIsNotAvailable() {
-               if (!CRYPT_BLOWFISH) {
-                       $this->markTestSkipped('Blowfish is not supported on your platform.');
-               }
-       }
-
-       /**
-        * @test
-        */
-       public function hasCorrectBaseClass() {
-               $hasCorrectBaseClass = 0 === strcmp('TYPO3\\CMS\\Saltedpasswords\\Salt\\BlowfishSalt', get_class($this->objectInstance)) ? TRUE : FALSE;
-               // XCLASS ?
-               if (!$hasCorrectBaseClass && FALSE != get_parent_class($this->objectInstance)) {
-                       $hasCorrectBaseClass = is_subclass_of($this->objectInstance, 'TYPO3\\CMS\\Saltedpasswords\\Salt\\BlowfishSalt');
-               }
-               $this->assertTrue($hasCorrectBaseClass);
-       }
-
-       /**
-        * @test
-        */
-       public function nonZeroSaltLength() {
-               $this->assertTrue($this->objectInstance->getSaltLength() > 0);
-       }
-
-       /**
-        * @test
-        */
-       public function emptyPasswordResultsInNullSaltedPassword() {
-               $password = '';
-               $this->assertNull($this->objectInstance->getHashedPassword($password));
-       }
-
-       /**
-        * @test
-        */
-       public function nonEmptyPasswordResultsInNonNullSaltedPassword() {
-               $this->skipTestIfBlowfishIsNotAvailable();
-               $password = 'a';
-               $this->assertNotNull($this->objectInstance->getHashedPassword($password));
-       }
-
-       /**
-        * @test
-        */
-       public function createdSaltedHashOfProperStructure() {
-               $this->skipTestIfBlowfishIsNotAvailable();
-               $password = 'password';
-               $saltedHashPassword = $this->objectInstance->getHashedPassword($password);
-               $this->assertTrue($this->objectInstance->isValidSaltedPW($saltedHashPassword));
-       }
-
-       /**
-        * @test
-        */
-       public function createdSaltedHashOfProperStructureForCustomSaltWithoutSetting() {
-               $this->skipTestIfBlowfishIsNotAvailable();
-               $password = 'password';
-               // custom salt without setting
-               $randomBytes = \TYPO3\CMS\Core\Utility\GeneralUtility::generateRandomBytes($this->objectInstance->getSaltLength());
-               $salt = $this->objectInstance->base64Encode($randomBytes, $this->objectInstance->getSaltLength());
-               $this->assertTrue($this->objectInstance->isValidSalt($salt));
-               $saltedHashPassword = $this->objectInstance->getHashedPassword($password, $salt);
-               $this->assertTrue($this->objectInstance->isValidSaltedPW($saltedHashPassword));
-       }
-
-       /**
-        * @test
-        */
-       public function createdSaltedHashOfProperStructureForMaximumHashCount() {
-               $this->skipTestIfBlowfishIsNotAvailable();
-               $password = 'password';
-               $maxHashCount = $this->objectInstance->getMaxHashCount();
-               $this->objectInstance->setHashCount($maxHashCount);
-               $saltedHashPassword = $this->objectInstance->getHashedPassword($password);
-               $this->assertTrue($this->objectInstance->isValidSaltedPW($saltedHashPassword));
-               // reset hashcount
-               $this->objectInstance->setHashCount(NULL);
-       }
-
-       /**
-        * @test
-        */
-       public function createdSaltedHashOfProperStructureForMinimumHashCount() {
-               $this->skipTestIfBlowfishIsNotAvailable();
-               $password = 'password';
-               $minHashCount = $this->objectInstance->getMinHashCount();
-               $this->objectInstance->setHashCount($minHashCount);
-               $saltedHashPassword = $this->objectInstance->getHashedPassword($password);
-               $this->assertTrue($this->objectInstance->isValidSaltedPW($saltedHashPassword));
-               // reset hashcount
-               $this->objectInstance->setHashCount(NULL);
-       }
-
-       /**
-        * Tests authentication procedure with alphabet characters.
-        *
-        * Checks if a "plain-text password" is everytime mapped to the
-        * same "salted password hash" when using the same salt.
-        *
-        * @test
-        */
-       public function authenticationWithValidAlphaCharClassPassword() {
-               $this->skipTestIfBlowfishIsNotAvailable();
-               $password = 'aEjOtY';
-               $saltedHashPassword = $this->objectInstance->getHashedPassword($password);
-               $this->assertTrue($this->objectInstance->checkPassword($password, $saltedHashPassword));
-       }
-
-       /**
-        * Tests authentication procedure with numeric characters.
-        *
-        * Checks if a "plain-text password" is everytime mapped to the
-        * same "salted password hash" when using the same salt.
-        *
-        * @test
-        */
-       public function authenticationWithValidNumericCharClassPassword() {
-               $this->skipTestIfBlowfishIsNotAvailable();
-               $password = '01369';
-               $saltedHashPassword = $this->objectInstance->getHashedPassword($password);
-               $this->assertTrue($this->objectInstance->checkPassword($password, $saltedHashPassword));
-       }
-
-       /**
-        * Tests authentication procedure with US-ASCII special characters.
-        *
-        * Checks if a "plain-text password" is everytime mapped to the
-        * same "salted password hash" when using the same salt.
-        *
-        * @test
-        */
-       public function authenticationWithValidAsciiSpecialCharClassPassword() {
-               $this->skipTestIfBlowfishIsNotAvailable();
-               $password = ' !"#$%&\'()*+,-./:;<=>?@[\\]^_`{|}~';
-               $saltedHashPassword = $this->objectInstance->getHashedPassword($password);
-               $this->assertTrue($this->objectInstance->checkPassword($password, $saltedHashPassword));
-       }
-
-       /**
-        * Tests authentication procedure with latin1 special characters.
-        *
-        * Checks if a "plain-text password" is everytime mapped to the
-        * same "salted password hash" when using the same salt.
-        *
-        * @test
-        */
-       public function authenticationWithValidLatin1SpecialCharClassPassword() {
-               $this->skipTestIfBlowfishIsNotAvailable();
-               $password = '';
-               for ($i = 160; $i <= 191; $i++) {
-                       $password .= chr($i);
-               }
-               $password .= chr(215) . chr(247);
-               $saltedHashPassword = $this->objectInstance->getHashedPassword($password);
-               $this->assertTrue($this->objectInstance->checkPassword($password, $saltedHashPassword));
-       }
-
-       /**
-        * Tests authentication procedure with latin1 umlauts.
-        *
-        * Checks if a "plain-text password" is everytime mapped to the
-        * same "salted password hash" when using the same salt.
-        *
-        * @test
-        */
-       public function authenticationWithValidLatin1UmlautCharClassPassword() {
-               $this->skipTestIfBlowfishIsNotAvailable();
-               $password = '';
-               for ($i = 192; $i <= 214; $i++) {
-                       $password .= chr($i);
-               }
-               for ($i = 216; $i <= 246; $i++) {
-                       $password .= chr($i);
-               }
-               for ($i = 248; $i <= 255; $i++) {
-                       $password .= chr($i);
-               }
-               $saltedHashPassword = $this->objectInstance->getHashedPassword($password);
-               $this->assertTrue($this->objectInstance->checkPassword($password, $saltedHashPassword));
-       }
-
-       /**
-        * @test
-        */
-       public function authenticationWithNonValidPassword() {
-               $this->skipTestIfBlowfishIsNotAvailable();
-               $password = 'password';
-               $password1 = $password . 'INVALID';
-               $saltedHashPassword = $this->objectInstance->getHashedPassword($password);
-               $this->assertFalse($this->objectInstance->checkPassword($password1, $saltedHashPassword));
-       }
-
-       /**
-        * @test
-        */
-       public function passwordVariationsResultInDifferentHashes() {
-               $this->skipTestIfBlowfishIsNotAvailable();
-               $pad = 'a';
-               $password = '';
-               $criticalPwLength = 0;
-               // We're using a constant salt.
-               $saltedHashPasswordPrevious = ($saltedHashPasswordCurrent = ($salt = $this->objectInstance->getHashedPassword($pad)));
-               for ($i = 0; $i <= 128; $i += 8) {
-                       $password = str_repeat($pad, max($i, 1));
-                       $saltedHashPasswordPrevious = $saltedHashPasswordCurrent;
-                       $saltedHashPasswordCurrent = $this->objectInstance->getHashedPassword($password, $salt);
-                       if ($i > 0 && 0 == strcmp($saltedHashPasswordPrevious, $saltedHashPasswordCurrent)) {
-                               $criticalPwLength = $i;
-                               break;
-                       }
-               }
-               $this->assertTrue($criticalPwLength == 0 || $criticalPwLength > 32, 'Duplicates of hashed passwords with plaintext password of length ' . $criticalPwLength . '+.');
-       }
-
-       /**
-        * @test
-        */
-       public function modifiedMinHashCount() {
-               $minHashCount = $this->objectInstance->getMinHashCount();
-               $this->objectInstance->setMinHashCount($minHashCount - 1);
-               $this->assertTrue($this->objectInstance->getMinHashCount() < $minHashCount);
-               $this->objectInstance->setMinHashCount($minHashCount + 1);
-               $this->assertTrue($this->objectInstance->getMinHashCount() > $minHashCount);
-       }
-
-       /**
-        * @test
-        */
-       public function modifiedMaxHashCount() {
-               $maxHashCount = $this->objectInstance->getMaxHashCount();
-               $this->objectInstance->setMaxHashCount($maxHashCount + 1);
-               $this->assertTrue($this->objectInstance->getMaxHashCount() > $maxHashCount);
-               $this->objectInstance->setMaxHashCount($maxHashCount - 1);
-               $this->assertTrue($this->objectInstance->getMaxHashCount() < $maxHashCount);
-       }
-
-       /**
-        * @test
-        */
-       public function modifiedHashCount() {
-               $hashCount = $this->objectInstance->getHashCount();
-               $this->objectInstance->setMaxHashCount($hashCount + 1);
-               $this->objectInstance->setHashCount($hashCount + 1);
-               $this->assertTrue($this->objectInstance->getHashCount() > $hashCount);
-               $this->objectInstance->setMinHashCount($hashCount - 1);
-               $this->objectInstance->setHashCount($hashCount - 1);
-               $this->assertTrue($this->objectInstance->getHashCount() < $hashCount);
-               // reset hashcount
-               $this->objectInstance->setHashCount(NULL);
-       }
-
-       /**
-        * @test
-        */
-       public function updateNecessityForValidSaltedPassword() {
-               $this->skipTestIfBlowfishIsNotAvailable();
-               $password = 'password';
-               $saltedHashPassword = $this->objectInstance->getHashedPassword($password);
-               $this->assertFalse($this->objectInstance->isHashUpdateNeeded($saltedHashPassword));
-       }
-
-       /**
-        * @test
-        */
-       public function updateNecessityForIncreasedHashcount() {
-               $password = 'password';
-               $saltedHashPassword = $this->objectInstance->getHashedPassword($password);
-               $increasedHashCount = $this->objectInstance->getHashCount() + 1;
-               $this->objectInstance->setMaxHashCount($increasedHashCount);
-               $this->objectInstance->setHashCount($increasedHashCount);
-               $this->assertTrue($this->objectInstance->isHashUpdateNeeded($saltedHashPassword));
-               // reset hashcount
-               $this->objectInstance->setHashCount(NULL);
-       }
-
-       /**
-        * @test
-        */
-       public function updateNecessityForDecreasedHashcount() {
-               $this->skipTestIfBlowfishIsNotAvailable();
-               $password = 'password';
-               $saltedHashPassword = $this->objectInstance->getHashedPassword($password);
-               $decreasedHashCount = $this->objectInstance->getHashCount() - 1;
-               $this->objectInstance->setMinHashCount($decreasedHashCount);
-               $this->objectInstance->setHashCount($decreasedHashCount);
-               $this->assertFalse($this->objectInstance->isHashUpdateNeeded($saltedHashPassword));
-               // reset hashcount
-               $this->objectInstance->setHashCount(NULL);
-       }
-
-}
-
-
-?>
\ No newline at end of file
diff --git a/typo3/sysext/saltedpasswords/Tests/Unit/Salts/Md5SaltTest.php b/typo3/sysext/saltedpasswords/Tests/Unit/Salts/Md5SaltTest.php
deleted file mode 100644 (file)
index 62653c0..0000000
+++ /dev/null
@@ -1,262 +0,0 @@
-<?php
-namespace TYPO3\CMS\Saltedpasswords\Tests\Unit\Salts;
-
-/***************************************************************
- *  Copyright notice
- *
- *  (c) 2009-2011 Marcus Krause <marcus#exp2009@t3sec.info>
- *  All rights reserved
- *
- *  This script is part of the TYPO3 project. The TYPO3 project is
- *  free software; you can redistribute it and/or modify
- *  it under the terms of the GNU General Public License as published by
- *  the Free Software Foundation; either version 2 of the License, or
- *  (at your option) any later version.
- *
- *  The GNU General Public License can be found at
- *  http://www.gnu.org/copyleft/gpl.html.
- *  A copy is found in the textfile GPL.txt and important notices to the license
- *  from the author is found in LICENSE.txt distributed with these scripts.
- *
- *
- *  This script is distributed in the hope that it will be useful,
- *  but WITHOUT ANY WARRANTY; without even the implied warranty of
- *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
- *  GNU General Public License for more details.
- *
- *  This copyright notice MUST APPEAR in all copies of the script!
- ***************************************************************/
-/**
- * Contains testcases for "tx_saltedpasswords_salts_md5"
- * that provides MD5 salted hashing.
- */
-/**
- * Testcases for class tx_saltedpasswords_salts_md5.
- *
- * @author Marcus Krause <marcus#exp2009@t3sec.info>
- * @package TYPO3
- * @subpackage tx_saltedpasswords
- */
-class Md5SaltTest extends \tx_phpunit_testcase {
-
-       /**
-        * Keeps instance of object to test.
-        *
-        * @var \TYPO3\CMS\Saltedpasswords\Salt\Md5Salt
-        */
-       protected $objectInstance = NULL;
-
-       /**
-        * Sets up the fixtures for this testcase.
-        *
-        * @return void
-        */
-       public function setUp() {
-               $this->objectInstance = \TYPO3\CMS\Core\Utility\GeneralUtility::makeInstance('TYPO3\\CMS\\Saltedpasswords\\Salt\\Md5Salt');
-       }
-
-       /**
-        * Tears down objects and settings created in this testcase.
-        *
-        * @return void
-        */
-       public function tearDown() {
-               unset($this->objectInstance);
-       }
-
-       /**
-        * Prepares a message to be shown when a salted hashing is not supported.
-        *
-        * @return string Empty string if salted hashing method is available, otherwise an according warning
-        */
-       protected function getWarningWhenMethodUnavailable() {
-               $warningMsg = '';
-               if (!CRYPT_MD5) {
-                       $warningMsg .= 'MD5 is not supported on your platform. ' . 'Then, some of the md5 tests will fail.';
-               }
-       }
-
-       /**
-        * @test
-        */
-       public function hasCorrectBaseClass() {
-               $hasCorrectBaseClass = 0 === strcmp('TYPO3\\CMS\\Saltedpasswords\\Salt\\Md5Salt', get_class($this->objectInstance)) ? TRUE : FALSE;
-               // XCLASS ?
-               if (!$hasCorrectBaseClass && FALSE != get_parent_class($this->objectInstance)) {
-                       $hasCorrectBaseClass = is_subclass_of($this->objectInstance, 'TYPO3\\CMS\\Saltedpasswords\\Salt\\Md5Salt');
-               }
-               $this->assertTrue($hasCorrectBaseClass);
-       }
-
-       /**
-        * @test
-        */
-       public function nonZeroSaltLength() {
-               $this->assertTrue($this->objectInstance->getSaltLength() > 0);
-       }
-
-       /**
-        * @test
-        */
-       public function emptyPasswordResultsInNullSaltedPassword() {
-               $password = '';
-               $this->assertNull($this->objectInstance->getHashedPassword($password));
-       }
-
-       /**
-        * @test
-        */
-       public function nonEmptyPasswordResultsInNonNullSaltedPassword() {
-               $password = 'a';
-               $this->assertNotNull($this->objectInstance->getHashedPassword($password), $this->getWarningWhenMethodUnavailable());
-       }
-
-       /**
-        * @test
-        */
-       public function createdSaltedHashOfProperStructure() {
-               $password = 'password';
-               $saltedHashPassword = $this->objectInstance->getHashedPassword($password);
-               $this->assertTrue($this->objectInstance->isValidSaltedPW($saltedHashPassword), $this->getWarningWhenMethodUnavailable());
-       }
-
-       /**
-        * @test
-        */
-       public function createdSaltedHashOfProperStructureForCustomSaltWithoutSetting() {
-               $password = 'password';
-               // custom salt without setting
-               $randomBytes = \TYPO3\CMS\Core\Utility\GeneralUtility::generateRandomBytes($this->objectInstance->getSaltLength());
-               $salt = $this->objectInstance->base64Encode($randomBytes, $this->objectInstance->getSaltLength());
-               $this->assertTrue($this->objectInstance->isValidSalt($salt), $this->getWarningWhenMethodUnavailable());
-               $saltedHashPassword = $this->objectInstance->getHashedPassword($password, $salt);
-               $this->assertTrue($this->objectInstance->isValidSaltedPW($saltedHashPassword), $this->getWarningWhenMethodUnavailable());
-       }
-
-       /**
-        * Tests authentication procedure with alphabet characters.
-        *
-        * Checks if a "plain-text password" is everytime mapped to the
-        * same "salted password hash" when using the same salt.
-        *
-        * @test
-        */
-       public function authenticationWithValidAlphaCharClassPassword() {
-               $password = 'aEjOtY';
-               $saltedHashPassword = $this->objectInstance->getHashedPassword($password);
-               $this->assertTrue($this->objectInstance->checkPassword($password, $saltedHashPassword), $this->getWarningWhenMethodUnavailable());
-       }
-
-       /**
-        * Tests authentication procedure with numeric characters.
-        *
-        * Checks if a "plain-text password" is everytime mapped to the
-        * same "salted password hash" when using the same salt.
-        *
-        * @test
-        */
-       public function authenticationWithValidNumericCharClassPassword() {
-               $password = '01369';
-               $saltedHashPassword = $this->objectInstance->getHashedPassword($password);
-               $this->assertTrue($this->objectInstance->checkPassword($password, $saltedHashPassword), $this->getWarningWhenMethodUnavailable());
-       }
-
-       /**
-        * Tests authentication procedure with US-ASCII special characters.
-        *
-        * Checks if a "plain-text password" is everytime mapped to the
-        * same "salted password hash" when using the same salt.
-        *
-        * @test
-        */
-       public function authenticationWithValidAsciiSpecialCharClassPassword() {
-               $password = ' !"#$%&\'()*+,-./:;<=>?@[\\]^_`{|}~';
-               $saltedHashPassword = $this->objectInstance->getHashedPassword($password);
-               $this->assertTrue($this->objectInstance->checkPassword($password, $saltedHashPassword), $this->getWarningWhenMethodUnavailable());
-       }
-
-       /**
-        * Tests authentication procedure with latin1 special characters.
-        *
-        * Checks if a "plain-text password" is everytime mapped to the
-        * same "salted password hash" when using the same salt.
-        *
-        * @test
-        */
-       public function authenticationWithValidLatin1SpecialCharClassPassword() {
-               $password = '';
-               for ($i = 160; $i <= 191; $i++) {
-                       $password .= chr($i);
-               }
-               $password .= chr(215) . chr(247);
-               $saltedHashPassword = $this->objectInstance->getHashedPassword($password);
-               $this->assertTrue($this->objectInstance->checkPassword($password, $saltedHashPassword), $this->getWarningWhenMethodUnavailable());
-       }
-
-       /**
-        * Tests authentication procedure with latin1 umlauts.
-        *
-        * Checks if a "plain-text password" is everytime mapped to the
-        * same "salted password hash" when using the same salt.
-        *
-        * @test
-        */
-       public function authenticationWithValidLatin1UmlautCharClassPassword() {
-               $password = '';
-               for ($i = 192; $i <= 214; $i++) {
-                       $password .= chr($i);
-               }
-               for ($i = 216; $i <= 246; $i++) {
-                       $password .= chr($i);
-               }
-               for ($i = 248; $i <= 255; $i++) {
-                       $password .= chr($i);
-               }
-               $saltedHashPassword = $this->objectInstance->getHashedPassword($password);
-               $this->assertTrue($this->objectInstance->checkPassword($password, $saltedHashPassword), $this->getWarningWhenMethodUnavailable());
-       }
-
-       /**
-        * @test
-        */
-       public function authenticationWithNonValidPassword() {
-               $password = 'password';
-               $password1 = $password . 'INVALID';
-               $saltedHashPassword = $this->objectInstance->getHashedPassword($password);
-               $this->assertFalse($this->objectInstance->checkPassword($password1, $saltedHashPassword), $this->getWarningWhenMethodUnavailable());
-       }
-
-       /**
-        * @test
-        */
-       public function passwordVariationsResultInDifferentHashes() {
-               $pad = 'a';
-               $password = '';
-               $criticalPwLength = 0;
-               // We're using a constant salt.
-               $saltedHashPasswordPrevious = ($saltedHashPasswordCurrent = ($salt = $this->objectInstance->getHashedPassword($pad)));
-               for ($i = 0; $i <= 128; $i += 8) {
-                       $password = str_repeat($pad, max($i, 1));
-                       $saltedHashPasswordPrevious = $saltedHashPasswordCurrent;
-                       $saltedHashPasswordCurrent = $this->objectInstance->getHashedPassword($password, $salt);
-                       if ($i > 0 && 0 == strcmp($saltedHashPasswordPrevious, $saltedHashPasswordCurrent)) {
-                               $criticalPwLength = $i;
-                               break;
-                       }
-               }
-               $this->assertTrue($criticalPwLength == 0 || $criticalPwLength > 32, $this->getWarningWhenMethodUnavailable() . 'Duplicates of hashed passwords with plaintext password of length ' . $criticalPwLength . '+.');
-       }
-
-       /**
-        * @test
-        */
-       public function noUpdateNecessityForMd5() {
-               $password = 'password';
-               $saltedHashPassword = $this->objectInstance->getHashedPassword($password);
-               $this->assertFalse($this->objectInstance->isHashUpdateNeeded($saltedHashPassword));
-       }
-
-}
-
-
-?>
\ No newline at end of file
diff --git a/typo3/sysext/saltedpasswords/Tests/Unit/Salts/PhpassSaltTest.php b/typo3/sysext/saltedpasswords/Tests/Unit/Salts/PhpassSaltTest.php
deleted file mode 100644 (file)
index e43a50a..0000000
+++ /dev/null
@@ -1,341 +0,0 @@
-<?php
-namespace TYPO3\CMS\Saltedpasswords\Tests\Unit\Salts;
-
-/***************************************************************
- *  Copyright notice
- *
- *  (c) 2009-2011 Marcus Krause <marcus#exp2009@t3sec.info>
- *  All rights reserved
- *
- *  This script is part of the TYPO3 project. The TYPO3 project is
- *  free software; you can redistribute it and/or modify
- *  it under the terms of the GNU General Public License as published by
- *  the Free Software Foundation; either version 2 of the License, or
- *  (at your option) any later version.
- *
- *  The GNU General Public License can be found at
- *  http://www.gnu.org/copyleft/gpl.html.
- *  A copy is found in the textfile GPL.txt and important notices to the license
- *  from the author is found in LICENSE.txt distributed with these scripts.
- *
- *
- *  This script is distributed in the hope that it will be useful,
- *  but WITHOUT ANY WARRANTY; without even the implied warranty of
- *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
- *  GNU General Public License for more details.
- *
- *  This copyright notice MUST APPEAR in all copies of the script!
- ***************************************************************/
-/**
- * Contains testcases for "tx_saltedpasswords_salts_phpass"
- * that provides PHPass salted hashing.
- */
-/**
- * Testcases for class tx_saltedpasswords_salts_phpass.
- *
- * @author Marcus Krause <marcus#exp2009@t3sec.info>
- * @package TYPO3
- * @subpackage tx_saltedpasswords
- */
-class PhpassSaltTest extends \tx_phpunit_testcase {
-
-       /**
-        * Keeps instance of object to test.
-        *
-        * @var \TYPO3\CMS\Saltedpasswords\Salt\PhpassSalt
-        */
-       protected $objectInstance = NULL;
-
-       /**
-        * Sets up the fixtures for this testcase.
-        *
-        * @return void
-        */
-       public function setUp() {
-               $this->objectInstance = \TYPO3\CMS\Core\Utility\GeneralUtility::makeInstance('TYPO3\\CMS\\Saltedpasswords\\Salt\\PhpassSalt');
-       }
-
-       /**
-        * Tears down objects and settings created in this testcase.
-        *
-        * @return void
-        */
-       public function tearDown() {
-               unset($this->objectInstance);
-       }
-
-       /**
-        * @test
-        */
-       public function hasCorrectBaseClass() {
-               $hasCorrectBaseClass = 0 === strcmp('TYPO3\\CMS\\Saltedpasswords\\Salt\\PhpassSalt', get_class($this->objectInstance)) ? TRUE : FALSE;
-               // XCLASS ?
-               if (!$hasCorrectBaseClass && FALSE != get_parent_class($this->objectInstance)) {
-                       $hasCorrectBaseClass = is_subclass_of($this->objectInstance, 'TYPO3\\CMS\\Saltedpasswords\\Salt\\PhpassSalt');
-               }
-               $this->assertTrue($hasCorrectBaseClass);
-       }
-
-       /**
-        * @test
-        */
-       public function nonZeroSaltLength() {
-               $this->assertTrue($this->objectInstance->getSaltLength() > 0);
-       }
-
-       /**
-        * @test
-        */
-       public function emptyPasswordResultsInNullSaltedPassword() {
-               $password = '';
-               $this->assertNull($this->objectInstance->getHashedPassword($password));
-       }
-
-       /**
-        * @test
-        */
-       public function nonEmptyPasswordResultsInNonNullSaltedPassword() {
-               $password = 'a';
-               $this->assertNotNull($this->objectInstance->getHashedPassword($password));
-       }
-
-       /**
-        * @test
-        */
-       public function createdSaltedHashOfProperStructure() {
-               $password = 'password';
-               $saltedHashPassword = $this->objectInstance->getHashedPassword($password);
-               $this->assertTrue($this->objectInstance->isValidSaltedPW($saltedHashPassword));
-       }
-
-       /**
-        * @test
-        */
-       public function createdSaltedHashOfProperStructureForCustomSaltWithoutSetting() {
-               $password = 'password';
-               // custom salt without setting
-               $randomBytes = \TYPO3\CMS\Core\Utility\GeneralUtility::generateRandomBytes($this->objectInstance->getSaltLength());
-               $salt = $this->objectInstance->base64Encode($randomBytes, $this->objectInstance->getSaltLength());
-               $this->assertTrue($this->objectInstance->isValidSalt($salt));
-               $saltedHashPassword = $this->objectInstance->getHashedPassword($password, $salt);
-               $this->assertTrue($this->objectInstance->isValidSaltedPW($saltedHashPassword));
-       }
-
-       /**
-        * @test
-        */
-       public function createdSaltedHashOfProperStructureForMaximumHashCount() {
-               $password = 'password';
-               $maxHashCount = $this->objectInstance->getMaxHashCount();
-               $this->objectInstance->setHashCount($maxHashCount);
-               $saltedHashPassword = $this->objectInstance->getHashedPassword($password);
-               $this->assertTrue($this->objectInstance->isValidSaltedPW($saltedHashPassword));
-               // reset hashcount
-               $this->objectInstance->setHashCount(NULL);
-       }
-
-       /**
-        * @test
-        */
-       public function createdSaltedHashOfProperStructureForMinimumHashCount() {
-               $password = 'password';
-               $minHashCount = $this->objectInstance->getMinHashCount();
-               $this->objectInstance->setHashCount($minHashCount);
-               $saltedHashPassword = $this->objectInstance->getHashedPassword($password);
-               $this->assertTrue($this->objectInstance->isValidSaltedPW($saltedHashPassword));
-               // reset hashcount
-               $this->objectInstance->setHashCount(NULL);
-       }
-
-       /**
-        * Tests authentication procedure with alphabet characters.
-        *
-        * Checks if a "plain-text password" is everytime mapped to the
-        * same "salted password hash" when using the same salt.
-        *
-        * @test
-        */
-       public function authenticationWithValidAlphaCharClassPassword() {
-               $password = 'aEjOtY';
-               $saltedHashPassword = $this->objectInstance->getHashedPassword($password);
-               $this->assertTrue($this->objectInstance->checkPassword($password, $saltedHashPassword));
-       }
-
-       /**
-        * Tests authentication procedure with numeric characters.
-        *
-        * Checks if a "plain-text password" is everytime mapped to the
-        * same "salted password hash" when using the same salt.
-        *
-        * @test
-        */
-       public function authenticationWithValidNumericCharClassPassword() {
-               $password = '01369';
-               $saltedHashPassword = $this->objectInstance->getHashedPassword($password);
-               $this->assertTrue($this->objectInstance->checkPassword($password, $saltedHashPassword));
-       }
-
-       /**
-        * Tests authentication procedure with US-ASCII special characters.
-        *
-        * Checks if a "plain-text password" is everytime mapped to the
-        * same "salted password hash" when using the same salt.
-        *
-        * @test
-        */
-       public function authenticationWithValidAsciiSpecialCharClassPassword() {
-               $password = ' !"#$%&\'()*+,-./:;<=>?@[\\]^_`{|}~';
-               $saltedHashPassword = $this->objectInstance->getHashedPassword($password);
-               $this->assertTrue($this->objectInstance->checkPassword($password, $saltedHashPassword));
-       }
-
-       /**
-        * Tests authentication procedure with latin1 special characters.
-        *
-        * Checks if a "plain-text password" is everytime mapped to the
-        * same "salted password hash" when using the same salt.
-        *
-        * @test
-        */
-       public function authenticationWithValidLatin1SpecialCharClassPassword() {
-               $password = '';
-               for ($i = 160; $i <= 191; $i++) {
-                       $password .= chr($i);
-               }
-               $password .= chr(215) . chr(247);
-               $saltedHashPassword = $this->objectInstance->getHashedPassword($password);
-               $this->assertTrue($this->objectInstance->checkPassword($password, $saltedHashPassword));
-       }
-
-       /**
-        * Tests authentication procedure with latin1 umlauts.
-        *
-        * Checks if a "plain-text password" is everytime mapped to the
-        * same "salted password hash" when using the same salt.
-        *
-        * @test
-        */
-       public function authenticationWithValidLatin1UmlautCharClassPassword() {
-               $password = '';
-               for ($i = 192; $i <= 214; $i++) {
-                       $password .= chr($i);
-               }
-               for ($i = 216; $i <= 246; $i++) {
-                       $password .= chr($i);
-               }
-               for ($i = 248; $i <= 255; $i++) {
-                       $password .= chr($i);
-               }
-               $saltedHashPassword = $this->objectInstance->getHashedPassword($password);
-               $this->assertTrue($this->objectInstance->checkPassword($password, $saltedHashPassword));
-       }
-
-       /**
-        * @test
-        */
-       public function authenticationWithNonValidPassword() {
-               $password = 'password';
-               $password1 = $password . 'INVALID';
-               $saltedHashPassword = $this->objectInstance->getHashedPassword($password);
-               $this->assertFalse($this->objectInstance->checkPassword($password1, $saltedHashPassword));
-       }
-
-       /**
-        * @test
-        */
-       public function passwordVariationsResultInDifferentHashes() {
-               $pad = 'a';
-               $password = '';
-               $criticalPwLength = 0;
-               // We're using a constant salt.
-               $saltedHashPasswordPrevious = ($saltedHashPasswordCurrent = ($salt = $this->objectInstance->getHashedPassword($pad)));
-               for ($i = 0; $i <= 128; $i += 8) {
-                       $password = str_repeat($pad, max($i, 1));
-                       $saltedHashPasswordPrevious = $saltedHashPasswordCurrent;
-                       $saltedHashPasswordCurrent = $this->objectInstance->getHashedPassword($password, $salt);
-                       if ($i > 0 && 0 == strcmp($saltedHashPasswordPrevious, $saltedHashPasswordCurrent)) {
-                               $criticalPwLength = $i;
-                               break;
-                       }
-               }
-               $this->assertTrue($criticalPwLength == 0 || $criticalPwLength > 32, 'Duplicates of hashed passwords with plaintext password of length ' . $criticalPwLength . '+.');
-       }
-
-       /**
-        * @test
-        */
-       public function modifiedMinHashCount() {
-               $minHashCount = $this->objectInstance->getMinHashCount();
-               $this->objectInstance->setMinHashCount($minHashCount - 1);
-               $this->assertTrue($this->objectInstance->getMinHashCount() < $minHashCount);
-               $this->objectInstance->setMinHashCount($minHashCount + 1);
-               $this->assertTrue($this->objectInstance->getMinHashCount() > $minHashCount);
-       }
-
-       /**
-        * @test
-        */
-       public function modifiedMaxHashCount() {
-               $maxHashCount = $this->objectInstance->getMaxHashCount();
-               $this->objectInstance->setMaxHashCount($maxHashCount + 1);
-               $this->assertTrue($this->objectInstance->getMaxHashCount() > $maxHashCount);
-               $this->objectInstance->setMaxHashCount($maxHashCount - 1);
-               $this->assertTrue($this->objectInstance->getMaxHashCount() < $maxHashCount);
-       }
-
-       /**
-        * @test
-        */
-       public function modifiedHashCount() {
-               $hashCount = $this->objectInstance->getHashCount();
-               $this->objectInstance->setMaxHashCount($hashCount + 1);
-               $this->objectInstance->setHashCount($hashCount + 1);
-               $this->assertTrue($this->objectInstance->getHashCount() > $hashCount);
-               $this->objectInstance->setMinHashCount($hashCount - 1);
-               $this->objectInstance->setHashCount($hashCount - 1);
-               $this->assertTrue($this->objectInstance->getHashCount() < $hashCount);
-               // reset hashcount
-               $this->objectInstance->setHashCount(NULL);
-       }
-
-       /**
-        * @test
-        */
-       public function updateNecessityForValidSaltedPassword() {
-               $password = 'password';
-               $saltedHashPassword = $this->objectInstance->getHashedPassword($password);
-               $this->assertFalse($this->objectInstance->isHashUpdateNeeded($saltedHashPassword));
-       }
-
-       /**
-        * @test
-        */
-       public function updateNecessityForIncreasedHashcount() {
-               $password = 'password';
-               $saltedHashPassword = $this->objectInstance->getHashedPassword($password);
-               $increasedHashCount = $this->objectInstance->getHashCount() + 1;
-               $this->objectInstance->setMaxHashCount($increasedHashCount);
-               $this->objectInstance->setHashCount($increasedHashCount);
-               $this->assertTrue($this->objectInstance->isHashUpdateNeeded($saltedHashPassword));
-               // reset hashcount
-               $this->objectInstance->setHashCount(NULL);
-       }
-
-       /**
-        * @test
-        */
-       public function updateNecessityForDecreasedHashcount() {
-               $password = 'password';
-               $saltedHashPassword = $this->objectInstance->getHashedPassword($password);
-               $decreasedHashCount = $this->objectInstance->getHashCount() - 1;
-               $this->objectInstance->setMinHashCount($decreasedHashCount);
-               $this->objectInstance->setHashCount($decreasedHashCount);
-               $this->assertFalse($this->objectInstance->isHashUpdateNeeded($saltedHashPassword));
-               // reset hashcount
-               $this->objectInstance->setHashCount(NULL);
-       }
-
-}
-
-
-?>
\ No newline at end of file
diff --git a/typo3/sysext/saltedpasswords/Tests/Unit/Salts/SaltFactoryTest.php b/typo3/sysext/saltedpasswords/Tests/Unit/Salts/SaltFactoryTest.php
deleted file mode 100644 (file)
index dccb0be..0000000
+++ /dev/null
@@ -1,159 +0,0 @@
-<?php
-namespace TYPO3\CMS\Saltedpasswords\Tests\Unit\Salts;
-
-/***************************************************************
- *  Copyright notice
- *
- *  (c) 2009-2011 Marcus Krause <marcus#exp2009@t3sec.info>
- *  All rights reserved
- *
- *  This script is part of the TYPO3 project. The TYPO3 project is
- *  free software; you can redistribute it and/or modify
- *  it under the terms of the GNU General Public License as published by
- *  the Free Software Foundation; either version 2 of the License, or
- *  (at your option) any later version.
- *
- *  The GNU General Public License can be found at
- *  http://www.gnu.org/copyleft/gpl.html.
- *  A copy is found in the textfile GPL.txt and important notices to the license
- *  from the author is found in LICENSE.txt distributed with these scripts.
- *
- *
- *  This script is distributed in the hope that it will be useful,
- *  but WITHOUT ANY WARRANTY; without even the implied warranty of
- *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
- *  GNU General Public License for more details.
- *
- *  This copyright notice MUST APPEAR in all copies of the script!
- ***************************************************************/
-/**
- * Contains class "tx_saltedpasswords_salts_factory"
- * that provides a salted hashing method factory.
- */
-/**
- * Testcases for class tx_saltedpasswords_salts_factory.
- *
- * @author Marcus Krause <marcus#exp2009@t3sec.info>
- * @since 2009-09-06
- * @package TYPO3
- * @subpackage tx_saltedpasswords
- */
-class SaltFactoryTest extends \tx_phpunit_testcase {
-
-       /**
-        * Keeps instance of object to test.
-        *
-        * @var \TYPO3\CMS\Saltedpasswords\Salt\AbstractSalt
-        */
-       protected $objectInstance = NULL;
-
-       /**
-        * Sets up the fixtures for this testcase.
-        *
-        * @return void
-        */
-       protected function setUp() {
-               $this->objectInstance = \TYPO3\CMS\Saltedpasswords\Salt\SaltFactory::getSaltingInstance();
-       }
-
-       /**
-        * Tears down objects and settings created in this testcase.
-        *
-        * @return void
-        */
-       public function tearDown() {
-               unset($this->objectInstance);
-       }
-
-       /**
-        * @test
-        */
-       public function objectInstanceNotNull() {
-               $this->assertNotNull($this->objectInstance);
-       }
-
-       /**
-        * @test
-        */
-       public function objectInstanceExtendsAbstractClass() {
-               $this->assertTrue(is_subclass_of($this->objectInstance, 'TYPO3\\CMS\\Saltedpasswords\\Salt\\AbstractSalt'));
-       }
-
-       /**
-        * @test
-        */
-       public function objectInstanceImplementsInterface() {
-               $this->assertTrue(method_exists($this->objectInstance, 'checkPassword'), 'Missing method checkPassword() from interface TYPO3\\CMS\\Saltedpasswords\\Salt\\SaltInterface.');
-               $this->assertTrue(method_exists($this->objectInstance, 'isHashUpdateNeeded'), 'Missing method isHashUpdateNeeded() from interface TYPO3\\CMS\\Saltedpasswords\\Salt\\SaltInterface.');
-               $this->assertTrue(method_exists($this->objectInstance, 'isValidSalt'), 'Missing method isValidSalt() from interface TYPO3\\CMS\\Saltedpasswords\\Salt\\SaltInterface.');
-               $this->assertTrue(method_exists($this->objectInstance, 'isValidSaltedPW'), 'Missing method isValidSaltedPW() from interface TYPO3\\CMS\\Saltedpasswords\\Salt\\SaltInterface.');
-               $this->assertTrue(method_exists($this->objectInstance, 'getHashedPassword'), 'Missing method getHashedPassword() from interface TYPO3\\CMS\\Saltedpasswords\\Salt\\SaltInterface.');
-               $this->assertTrue(method_exists($this->objectInstance, 'getSaltLength'), 'Missing method getSaltLength() from interface TYPO3\\CMS\\Saltedpasswords\\Salt\\SaltInterface.');
-       }
-
-       /**
-        * @test
-        */
-       public function base64EncodeReturnsProperLength() {
-               // 3 Bytes should result in a 6 char length base64 encoded string
-               // used for MD5 and PHPass salted hashing
-               $byteLength = 3;
-               $reqLengthBase64 = intval(ceil($byteLength * 8 / 6));
-               $randomBytes = \TYPO3\CMS\Core\Utility\GeneralUtility::generateRandomBytes($byteLength);
-               $this->assertTrue(strlen($this->objectInstance->base64Encode($randomBytes, $byteLength)) == $reqLengthBase64);
-               // 16 Bytes should result in a 22 char length base64 encoded string
-               // used for Blowfish salted hashing
-               $byteLength = 16;
-               $reqLengthBase64 = intval(ceil($byteLength * 8 / 6));
-               $randomBytes = \TYPO3\CMS\Core\Utility\GeneralUtility::generateRandomBytes($byteLength);
-               $this->assertTrue(strlen($this->objectInstance->base64Encode($randomBytes, $byteLength)) == $reqLengthBase64);
-       }
-
-       /**
-        * @test
-        */
-       public function objectInstanceForMD5Salts() {
-               $saltMD5 = '$1$rasmusle$rISCgZzpwk3UhDidwXvin0';
-               $this->objectInstance = \TYPO3\CMS\Saltedpasswords\Salt\SaltFactory::getSaltingInstance($saltMD5);
-               $this->assertTrue(get_class($this->objectInstance) == 'TYPO3\\CMS\\Saltedpasswords\\Salt\\Md5Salt' || is_subclass_of($this->objectInstance, 'TYPO3\\CMS\\Saltedpasswords\\Salt\\Md5Salt'));
-       }
-
-       /**
-        * @test
-        */
-       public function objectInstanceForBlowfishSalts() {
-               $saltBlowfish = '$2a$07$abcdefghijklmnopqrstuuIdQV69PAxWYTgmnoGpe0Sk47GNS/9ZW';
-               $this->objectInstance = \TYPO3\CMS\Saltedpasswords\Salt\SaltFactory::getSaltingInstance($saltBlowfish);
-               $this->assertTrue(get_class($this->objectInstance) == 'TYPO3\\CMS\\Saltedpasswords\\Salt\\BlowfishSalt' || is_subclass_of($this->objectInstance, 'TYPO3\\CMS\\Saltedpasswords\\Salt\\BlowfishSalt'));
-       }
-
-       /**
-        * @test
-        */
-       public function objectInstanceForPhpassSalts() {
-               $saltPhpass = '$P$CWF13LlG/0UcAQFUjnnS4LOqyRW43c.';
-               $this->objectInstance = \TYPO3\CMS\Saltedpasswords\Salt\SaltFactory::getSaltingInstance($saltPhpass);
-               $this->assertTrue(get_class($this->objectInstance) == 'TYPO3\\CMS\\Saltedpasswords\\Salt\\PhpassSalt' || is_subclass_of($this->objectInstance, 'TYPO3\\CMS\\Saltedpasswords\\Salt\\PhpassSalt'));
-       }
-
-       /**
-        * @test
-        */
-       public function resettingFactoryInstanceSucceeds() {
-               $defaultClassNameToUse = \TYPO3\CMS\Saltedpasswords\Utility\SaltedPasswordsUtility::getDefaultSaltingHashingMethod();
-               $saltedPW = '';
-               if ($defaultClassNameToUse == 'TYPO3\\CMS\\Saltedpasswords\\Salt\\Md5Salt') {
-                       $saltedPW = '$P$CWF13LlG/0UcAQFUjnnS4LOqyRW43c.';
-               } else {
-                       $saltedPW = '$1$rasmusle$rISCgZzpwk3UhDidwXvin0';
-               }
-               $this->objectInstance = \TYPO3\CMS\Saltedpasswords\Salt\SaltFactory::getSaltingInstance($saltedPW);
-               // resetting
-               $this->objectInstance = \TYPO3\CMS\Saltedpasswords\Salt\SaltFactory::getSaltingInstance(NULL);
-               $this->assertTrue(get_class($this->objectInstance) == $defaultClassNameToUse || is_subclass_of($this->objectInstance, $defaultClassNameToUse));
-       }
-
-}
-
-
-?>
\ No newline at end of file
index 37d2833..bad1921 100644 (file)
@@ -26,12 +26,9 @@ namespace TYPO3\CMS\Saltedpasswords\Tests\Unit\Utility;
  *
  *  This copyright notice MUST APPEAR in all copies of the script!
  ***************************************************************/
+
 /**
- * Contains testcases for "tx_saltedpasswords_div"
- * that provides various helper functions.
- */
-/**
- * Testcases for class tx_saltedpasswords_div.
+ * Testcase for SaltedPasswordsUtility
  *
  * @author Marcus Krause <marcus#exp2009@t3sec.info>
  * @package TYPO3
@@ -39,15 +36,20 @@ namespace TYPO3\CMS\Saltedpasswords\Tests\Unit\Utility;
  */
 class SaltedPasswordsUtilityTest extends \tx_phpunit_testcase {
 
+       /**
+        * Enable backup of global and system variables
+        *
+        * @var boolean
+        */
        protected $backupGlobals = TRUE;
 
-       public function setUp() {
-
-       }
-
-       public function tearDown() {
-
-       }
+       /**
+        * Exclude TYPO3_DB from backup/ restore of $GLOBALS
+        * because resource types cannot be handled during serializing
+        *
+        * @var array
+        */
+       protected $backupGlobalsBlacklist = array('TYPO3_DB');
 
        /**
         * @test