Permalink
Browse files

Test the new password hashing functions w/ PhpUnit

  • Loading branch information...
franzliedke committed Jan 5, 2019
1 parent e61bcfb commit e9e1f4f0bdd948a88b17096319f09cdf42f291d1
@@ -25,6 +25,9 @@
"require-dev": {
"phpunit/phpunit": "^7"
},
"scripts": {
"test": "phpunit tests"
},
"config": {
"sort-packages": true
}
@@ -0,0 +1,53 @@
<?php
use PHPUnit\Framework\TestCase;
require_once __DIR__.'/../../include/functions.php';
class flux_password_needs_rehash_Test extends TestCase
{
public function setUp()
{
$GLOBALS['password_hash_cost'] = 10;
}
public function testModernHashDoesNotNeedRehash()
{
// Generated by password_hash() - default algorithm, cost = 10
$hash = '$2y$10$2jxnmnumkXcRJKWLe7fZSeGQ7lM/Sq54hpN1Bup2CrP4iEvVlSPbe';
$this->assertFalse(
flux_password_needs_rehash($hash)
);
}
public function testWrappedMd5HashNeedsRehash()
{
// MD5 hash passed through password_hash()
$hash = '#MD5#$2y$10$r1LX7fOs7Wn7CvCgWYplleNs4Vt0qrSx3HCmE/bIpNRl6dtKL/XQO';
$this->assertTrue(
flux_password_needs_rehash($hash)
);
}
public function testWrappedSaltedSha1HashNeedsRehash()
{
// Salted SHA1 (salt = "pepper") passed through password_hash()
$hash = '#SHA1-S#pepper#$2y$10$wXrX5f8RUwX7kAPH2e1PgOQTNFHm5s/Jzt76icoFC81rX66cS7QSe';
$this->assertTrue(
flux_password_needs_rehash($hash)
);
}
public function testWrappedUnsaltedSha1HashNeedsRehash()
{
// SHA1 hash passed through password_hash()
$hash = '#SHA1#$2y$10$XWRFN4jqCXkrL6e8TGEKZ.BIorXIx/09RmNqoGSpMfxiMHTvr10J2';
$this->assertTrue(
flux_password_needs_rehash($hash)
);
}
}
@@ -0,0 +1,55 @@
<?php
use PHPUnit\Framework\TestCase;
require_once __DIR__.'/../../include/functions.php';
class flux_password_verify_Test extends TestCase
{
public function testVerificationFailsWithUnhashedPassword()
{
$this->assertFalse(
flux_password_verify('password', 'password')
);
}
public function testVerificationSucceedsWithModernHash()
{
// Generated by password_hash() - default algorithm, cost = 10
$hash = '$2y$10$2jxnmnumkXcRJKWLe7fZSeGQ7lM/Sq54hpN1Bup2CrP4iEvVlSPbe';
$this->assertTrue(
flux_password_verify('password', $hash)
);
}
public function testVerificationSucceedsWithMd5Hash()
{
// MD5 hash passed through password_hash()
$hash = '#MD5#$2y$10$r1LX7fOs7Wn7CvCgWYplleNs4Vt0qrSx3HCmE/bIpNRl6dtKL/XQO';
$this->assertTrue(
flux_password_verify('password', $hash)
);
}
public function testVerificationSucceedsWithSaltedSha1Hash()
{
// Salted SHA1 (salt = "pepper") passed through password_hash()
$hash = '#SHA1-S#pepper#$2y$10$wXrX5f8RUwX7kAPH2e1PgOQTNFHm5s/Jzt76icoFC81rX66cS7QSe';
$this->assertTrue(
flux_password_verify('password', $hash)
);
}
public function testVerificationSucceedsWithUnsaltedSha1Hash()
{
// SHA1 hash passed through password_hash()
$hash = '#SHA1#$2y$10$XWRFN4jqCXkrL6e8TGEKZ.BIorXIx/09RmNqoGSpMfxiMHTvr10J2';
$this->assertTrue(
flux_password_verify('password', $hash)
);
}
}

0 comments on commit e9e1f4f

Please sign in to comment.