Merge pull request #7334 from stefanotorresi/feature/http-basic-auth-…

…bcrypt-support feature: add bcrypt support to apache http basic auth
zendframework · Mar 17, 2015 · 1b4f493 · 1b4f493
2 parents ed1393c + 7a35320
commit 1b4f493
Show file tree

Hide file tree

Showing 4 changed files with 22 additions and 2 deletions.
diff --git a/library/Zend/Crypt/Password/Apache.php b/library/Zend/Crypt/Password/Apache.php
@@ -129,6 +129,7 @@ public function verify($password, $hash)
             $hash2 = '{SHA}' . base64_encode(sha1($password, true));
             return Utils::compareStrings($hash, $hash2);
         }
+
         if (substr($hash, 0, 6) === '$apr1$') {
             $token = explode('$', $hash);
             if (empty($token[2])) {
@@ -139,7 +140,10 @@ public function verify($password, $hash)
             $hash2 = $this->apr1Md5($password, $token[2]);
             return Utils::compareStrings($hash, $hash2);
         }
-        if (strlen($hash) > 13) { // digest
+
+        $bcryptPattern = '/\$2[ay]?\$[0-9]{2}\$[' . addcslashes(static::BASE64, '+/') . '\.]{53}/';
+
+        if (strlen($hash) > 13 && ! preg_match($bcryptPattern, $hash)) { // digest
             if (empty($this->userName) || empty($this->authName)) {
                 throw new Exception\RuntimeException(
                     'You must specify UserName and AuthName (realm) to verify the digest'
@@ -148,6 +152,7 @@ public function verify($password, $hash)
             $hash2 = md5($this->userName . ':' . $this->authName . ':' .$password);
             return Utils::compareStrings($hash, $hash2);
         }
+
         return Utils::compareStrings($hash, crypt($password, $hash));
     }
 

diff --git a/tests/ZendTest/Authentication/Adapter/Http/ApacheResolverTest.php b/tests/ZendTest/Authentication/Adapter/Http/ApacheResolverTest.php
@@ -38,6 +38,11 @@ class ApacheResolverTest extends \PHPUnit_Framework_TestCase
      */
     protected $_badPath;
 
+    /**
+     * @var Apache
+     */
+    protected $_apache;
+
     /**
      * Sets the paths to files used in this test, and creates a shared resolver instance
      * having a valid path.
@@ -104,7 +109,8 @@ public function providePasswordFiles()
             array( $path . '/htbasic.plaintext' ),
             array( $path . '/htbasic.md5' ),
             array( $path . '/htbasic.sha1' ),
-            array( $path . '/htbasic.crypt' )
+            array( $path . '/htbasic.crypt' ),
+            array( $path . '/htbasic.bcrypt' ),
         );
     }
 

diff --git a/tests/ZendTest/Authentication/Adapter/Http/TestAsset/htbasic.bcrypt b/tests/ZendTest/Authentication/Adapter/Http/TestAsset/htbasic.bcrypt
@@ -0,0 +1 @@
+test:$2y$05$BYMNSHjpDGCMWb9Qpv6z3eGLenGdw9eXmWHBpBDZyCF7YKuKlfqKy
diff --git a/tests/ZendTest/Crypt/Password/ApacheTest.php b/tests/ZendTest/Crypt/Password/ApacheTest.php
@@ -10,6 +10,7 @@
 namespace ZendTest\Crypt\Password;
 
 use Zend\Crypt\Password\Apache;
+use Zend\Crypt\Password\Bcrypt;
 use Zend\Crypt\Password\Exception;
 
 /**
@@ -175,4 +176,11 @@ public function testApr1Md5WrongSaltFormat()
         $this->apache->verify('myPassword', '$apr1$z0Hhe5Lq3$6YdJKbkrJg77Dvw2gpuSA1');
         $this->apache->verify('myPassword', '$apr1$z0Hhe5L&$6YdJKbkrJg77Dvw2gpuSA1');
     }
+
+    public function testCanVerifyBcryptHashes()
+    {
+        $bcrypt = new Bcrypt();
+        $hash = $bcrypt->create('myPassword');
+        $this->assertTrue($this->apache->verify('myPassword', $hash));
+    }
 }