ILIAS  release_5-4 Revision v5.4.26-12-gabc799a52e6
ilBcryptPasswordEncoderTest.php
Go to the documentation of this file.
1 <?php
2 /* Copyright (c) 1998-2014 ILIAS open source, Extended GPL, see docs/LICENSE */
3 
4 require_once 'Services/Password/classes/encoders/class.ilBcryptPasswordEncoder.php';
5 require_once 'Services/Password/test/ilPasswordBaseTest.php';
6 
7 use org\bovigo\vfs;
8 
14 class ilBcryptPasswordEncoderTest extends ilPasswordBaseTest
15 {
19  const VALID_COSTS = '08';
20 
24  const PASSWORD = 'password';
25 
29  const WRONG_PASSWORD = 'wrong_password';
30 
34  const CLIENT_SALT = 'homer!12345_/';
35 
39  const PASSWORD_SALT = 'salt';
40 
44  protected $test_directory;
45 
49  protected $test_directory_url;
50 
54  public function getTestDirectory()
55  {
56  return $this->test_directory;
57  }
58 
62  public function setTestDirectory($test_directory)
63  {
64  $this->test_directory = $test_directory;
65  }
66 
70  public function getTestDirectoryUrl()
71  {
72  return $this->test_directory_url;
73  }
74 
78  public function setTestDirectoryUrl($test_directory_url)
79  {
80  $this->test_directory_url = $test_directory_url;
81  }
82 
86  protected function setUp()
87  {
88  vfs\vfsStream::setup();
89  $this->setTestDirectory(vfs\vfsStream::newDirectory('tests')->at(vfs\vfsStreamWrapper::getRoot()));
90  $this->setTestDirectoryUrl(vfs\vfsStream::url('root/tests'));
91 
92  parent::setUp();
93  }
94 
98  private function skipIfPhpVersionIsNotSupported()
99  {
100  if (version_compare(phpversion(), '5.3.7', '<')) {
101  $this->markTestSkipped('Requires PHP >= 5.3.7');
102  }
103  }
104 
108  public function costsProvider()
109  {
110  $data = array();
111  for ($i = 4; $i <= 31; $i++) {
112  $data[] = array($i);
113  }
114  return $data;
115  }
116 
120  private function getInstanceWithConfiguredDataDirectory()
121  {
122  $encoder = new ilBcryptPasswordEncoder(array(
123  'data_directory' => $this->getTestDirectoryUrl()
124  ));
125 
126  return $encoder;
127  }
128 
132  public function testInstanceCanBeCreated()
133  {
134  $security_flaw_ignoring_encoder = new ilBcryptPasswordEncoder(array(
135  'ignore_security_flaw' => true,
136  'data_directory' => $this->getTestDirectoryUrl()
137  ));
138  $this->assertTrue($security_flaw_ignoring_encoder->isSecurityFlawIgnored());
139 
140  $security_flaw_respecting_encoder = new ilBcryptPasswordEncoder(array(
141  'ignore_security_flaw' => false,
142  'data_directory' => $this->getTestDirectoryUrl()
143  ));
144  $this->assertFalse($security_flaw_respecting_encoder->isSecurityFlawIgnored());
145 
146  $encoder = new ilBcryptPasswordEncoder(array(
147  'cost' => self::VALID_COSTS,
148  'data_directory' => $this->getTestDirectoryUrl()
149  ));
150  $this->assertInstanceOf('ilBcryptPasswordEncoder', $encoder);
151  $this->assertEquals(self::VALID_COSTS, $encoder->getCosts());
152  $this->assertFalse($encoder->isSecurityFlawIgnored());
153  $encoder->setClientSalt(self::CLIENT_SALT);
154 
155  return $encoder;
156  }
157 
161  public function testCostsCanBeRetrievedWhenCostsAreSet(ilBcryptPasswordEncoder $encoder)
162  {
163  $encoder->setCosts(4);
164  $this->assertEquals(4, $encoder->getCosts());
165  }
166 
171  public function testCostsCannotBeSetAboveRange(ilBcryptPasswordEncoder $encoder)
172  {
173  $this->assertException(ilPasswordException::class);
174  $encoder->setCosts(32);
175  }
176 
181  public function testCostsCannotBeSetBelowRange(ilBcryptPasswordEncoder $encoder)
182  {
183  $this->assertException(ilPasswordException::class);
184  $encoder->setCosts(3);
185  }
186 
191  public function testCostsCanBeSetInRange($costs, ilBcryptPasswordEncoder $encoder)
192  {
193  $encoder->setCosts($costs);
194  }
195 
199  public function testPasswordShouldBeCorrectlyEncodedAndVerified(ilBcryptPasswordEncoder $encoder)
200  {
201  $encoder->setCosts(self::VALID_COSTS);
202  $encoded_password = $encoder->encodePassword(self::PASSWORD, self::PASSWORD_SALT);
203  $this->assertTrue($encoder->isPasswordValid($encoded_password, self::PASSWORD, self::PASSWORD_SALT));
204  $this->assertFalse($encoder->isPasswordValid($encoded_password, self::WRONG_PASSWORD, self::PASSWORD_SALT));
205  return $encoder;
206  }
207 
212  public function testExceptionIsRaisedIfThePasswordExceedsTheSupportedLengthOnEncoding(ilBcryptPasswordEncoder $encoder)
213  {
214  $this->assertException(ilPasswordException::class);
215  $encoder->setCosts(self::VALID_COSTS);
216  $encoder->encodePassword(str_repeat('a', 5000), self::PASSWORD_SALT);
217  }
218 
222  public function testPasswordVerificationShouldFailIfTheRawPasswordExceedsTheSupportedLength(ilBcryptPasswordEncoder $encoder)
223  {
224  $encoder->setCosts(self::VALID_COSTS);
225  $this->assertFalse($encoder->isPasswordValid('encoded', str_repeat('a', 5000), self::PASSWORD_SALT));
226  }
227 
231  public function testEncoderReliesOnSalts(ilBcryptPasswordEncoder $encoder)
232  {
233  $this->assertTrue($encoder->requiresSalt());
234  }
235 
239  public function testEncoderDoesNotSupportReencoding(ilBcryptPasswordEncoder $encoder)
240  {
241  $this->assertFalse($encoder->requiresReencoding('hello'));
242  }
243 
247  public function testNameShouldBeBcrypt(ilBcryptPasswordEncoder $encoder)
248  {
249  $this->assertEquals('bcrypt', $encoder->getName());
250  }
251 
255  public function testExceptionIsRaisedIfSaltIsMissingIsOnEncoding()
256  {
257  $this->assertException(ilPasswordException::class);
258  $encoder = $this->getInstanceWithConfiguredDataDirectory();
259  $encoder->setClientSalt(null);
260  $encoder->setCosts(self::VALID_COSTS);
261  $encoder->encodePassword(self::PASSWORD, self::PASSWORD_SALT);
262  }
263 
267  public function testExceptionIsRaisedIfSaltIsMissingIsOnVerification()
268  {
269  $this->assertException(ilPasswordException::class);
270  $encoder = $this->getInstanceWithConfiguredDataDirectory();
271  $encoder->setClientSalt(null);
272  $encoder->setCosts(self::VALID_COSTS);
273  $encoder->isPasswordValid('12121212', self::PASSWORD, self::PASSWORD_SALT);
274  }
275 
279  public function testInstanceCanBeCreatedAndInitializedWithClientSalt()
280  {
281  $this->getTestDirectory()->chmod(0777);
282  vfs\vfsStream::newFile(ilBcryptPasswordEncoder::SALT_STORAGE_FILENAME)->withContent(self::CLIENT_SALT)->at($this->getTestDirectory());
283 
284  $encoder = $this->getInstanceWithConfiguredDataDirectory();
285  $this->assertEquals(self::CLIENT_SALT, $encoder->getClientSalt());
286  }
287 
291  public function testClientSaltIsGeneratedWhenNoClientSaltExistsYet()
292  {
293  $this->getTestDirectory()->chmod(0777);
294 
295  $encoder = $this->getInstanceWithConfiguredDataDirectory();
296  $this->assertNotNull($encoder->getClientSalt());
297  }
298 
302  public function testExceptionIsRaisedWhenClientSaltCouldNotBeGeneratedInCaseNoClientSaltExistsYet()
303  {
304  $this->assertException(ilPasswordException::class);
305  $this->getTestDirectory()->chmod(0000);
306 
307  $encoder = $this->getInstanceWithConfiguredDataDirectory();
308  }
309 
313  public function testBackwardCompatibilityCanBeRetrievedWhenBackwardCompatibilityIsSet()
314  {
315  $encoder = $this->getInstanceWithConfiguredDataDirectory();
316  $encoder->setBackwardCompatibility(true);
317  $this->assertTrue($encoder->isBackwardCompatibilityEnabled());
318  $encoder->setBackwardCompatibility(false);
319  $this->assertFalse($encoder->isBackwardCompatibilityEnabled());
320  }
321 
325  public function testBackwardCompatibility()
326  {
327  $this->skipIfPhpVersionIsNotSupported();
328 
329  $encoder = $this->getInstanceWithConfiguredDataDirectory();
330  $encoder->setClientSalt(self::CLIENT_SALT);
331  $encoder->setBackwardCompatibility(true);
332  $encoded_password = $encoder->encodePassword(self::PASSWORD, self::PASSWORD_SALT);
333  $this->assertTrue($encoder->isPasswordValid($encoded_password, self::PASSWORD, self::PASSWORD_SALT));
334  $this->assertEquals('$2a$', substr($encoded_password, 0, 4));
335 
336  $another_encoder = $this->getInstanceWithConfiguredDataDirectory();
337  $another_encoder->setClientSalt(self::CLIENT_SALT);
338  $another_encoder->setBackwardCompatibility(false);
339  $another_encoded_password = $another_encoder->encodePassword(self::PASSWORD, self::PASSWORD_SALT);
340  $this->assertEquals('$2y$', substr($another_encoded_password, 0, 4));
341  $this->assertTrue($another_encoder->isPasswordValid($encoded_password, self::PASSWORD, self::PASSWORD_SALT));
342  }
343 
347  public function testExceptionIsRaisedIfTheRawPasswordContainsA8BitCharacterAndBackwardCompatibilityIsEnabled()
348  {
349  $this->assertException(ilPasswordException::class);
350  $encoder = $this->getInstanceWithConfiguredDataDirectory();
351  $encoder->setClientSalt(self::CLIENT_SALT);
352  $encoder->setBackwardCompatibility(true);
353  $encoder->encodePassword(self::PASSWORD . chr(195), self::PASSWORD_SALT);
354  }
355 
359  public function testExceptionIsNotRaisedIfTheRawPasswordContainsA8BitCharacterAndBackwardCompatibilityIsEnabledWithIgnoredSecurityFlaw()
360  {
361  $encoder = $this->getInstanceWithConfiguredDataDirectory();
362  $encoder->setClientSalt(self::CLIENT_SALT);
363  $encoder->setBackwardCompatibility(true);
364  $encoder->setIsSecurityFlawIgnored(true);
365  $encoder->encodePassword(self::PASSWORD . chr(195), self::PASSWORD_SALT);
366  }
367 }
ilBcryptPasswordEncoderTest\testCostsCannotBeSetAboveRange
testCostsCannotBeSetAboveRange(ilBcryptPasswordEncoder $encoder)
testInstanceCanBeCreated ilPasswordException
Definition: ilBcryptPasswordEncoderTest.php:171
ilBcryptPasswordEncoder\encodePassword
encodePassword($raw, $salt)
{Encodes the raw password.The password to encode The salt string The encoded password} ...
Definition: class.ilBcryptPasswordEncoder.php:151
ilBcryptPasswordEncoder\requiresSalt
requiresSalt()
{Returns whether or not the encoder requires a salt.boolean}
Definition: class.ilBcryptPasswordEncoder.php:190
ilBcryptPasswordEncoderTest\testCostsCanBeRetrievedWhenCostsAreSet
testCostsCanBeRetrievedWhenCostsAreSet(ilBcryptPasswordEncoder $encoder)
testInstanceCanBeCreated
Definition: ilBcryptPasswordEncoderTest.php:161
ilBcryptPasswordEncoderTest\testEncoderDoesNotSupportReencoding
testEncoderDoesNotSupportReencoding(ilBcryptPasswordEncoder $encoder)
testInstanceCanBeCreated
Definition: ilBcryptPasswordEncoderTest.php:239
ilBcryptPasswordEncoderTest\testCostsCanBeSetInRange
testCostsCanBeSetInRange($costs, ilBcryptPasswordEncoder $encoder)
testInstanceCanBeCreated costsProvider
Definition: ilBcryptPasswordEncoderTest.php:191
ilBcryptPasswordEncoder\requiresReencoding
requiresReencoding($encoded)
{Returns whether or not the a encoded password needs to be re-encoded.string boolean} ...
Definition: class.ilBcryptPasswordEncoder.php:200
ilBcryptPasswordEncoderTest\testExceptionIsNotRaisedIfTheRawPasswordContainsA8BitCharacterAndBackwardCompatibilityIsEnabledWithIgnoredSecurityFlaw
testExceptionIsNotRaisedIfTheRawPasswordContainsA8BitCharacterAndBackwardCompatibilityIsEnabledWithIgnoredSecurityFlaw()
Definition: ilBcryptPasswordEncoderTest.php:359
ilBcryptPasswordEncoderTest\testPasswordShouldBeCorrectlyEncodedAndVerified
testPasswordShouldBeCorrectlyEncodedAndVerified(ilBcryptPasswordEncoder $encoder)
testInstanceCanBeCreated
Definition: ilBcryptPasswordEncoderTest.php:199
ilBcryptPasswordEncoderTest\testExceptionIsRaisedIfSaltIsMissingIsOnEncoding
testExceptionIsRaisedIfSaltIsMissingIsOnEncoding()
ilPasswordException
Definition: ilBcryptPasswordEncoderTest.php:255
ilBcryptPasswordEncoderTest\testExceptionIsRaisedIfThePasswordExceedsTheSupportedLengthOnEncoding
testExceptionIsRaisedIfThePasswordExceedsTheSupportedLengthOnEncoding(ilBcryptPasswordEncoder $encoder)
testInstanceCanBeCreated ilPasswordException
Definition: ilBcryptPasswordEncoderTest.php:212
ilBcryptPasswordEncoderTest\testExceptionIsRaisedIfSaltIsMissingIsOnVerification
testExceptionIsRaisedIfSaltIsMissingIsOnVerification()
ilPasswordException
Definition: ilBcryptPasswordEncoderTest.php:267
ilBcryptPasswordEncoderTest\testPasswordVerificationShouldFailIfTheRawPasswordExceedsTheSupportedLength
testPasswordVerificationShouldFailIfTheRawPasswordExceedsTheSupportedLength(ilBcryptPasswordEncoder $encoder)
testInstanceCanBeCreated
Definition: ilBcryptPasswordEncoderTest.php:222
ilBcryptPasswordEncoder\getName
getName()
{Returns a unique name/id of the concrete password encoder.string}
Definition: class.ilBcryptPasswordEncoder.php:182
ilBcryptPasswordEncoderTest\testExceptionIsRaisedIfTheRawPasswordContainsA8BitCharacterAndBackwardCompatibilityIsEnabled
testExceptionIsRaisedIfTheRawPasswordContainsA8BitCharacterAndBackwardCompatibilityIsEnabled()
ilPasswordException
Definition: ilBcryptPasswordEncoderTest.php:347
ilBcryptPasswordEncoderTest\testExceptionIsRaisedWhenClientSaltCouldNotBeGeneratedInCaseNoClientSaltExistsYet
testExceptionIsRaisedWhenClientSaltCouldNotBeGeneratedInCaseNoClientSaltExistsYet()
ilPasswordException
Definition: ilBcryptPasswordEncoderTest.php:302
ilBcryptPasswordEncoderTest\testCostsCannotBeSetBelowRange
testCostsCannotBeSetBelowRange(ilBcryptPasswordEncoder $encoder)
testInstanceCanBeCreated ilPasswordException
Definition: ilBcryptPasswordEncoderTest.php:181
ilBcryptPasswordEncoderTest\testNameShouldBeBcrypt
testNameShouldBeBcrypt(ilBcryptPasswordEncoder $encoder)
testInstanceCanBeCreated
Definition: ilBcryptPasswordEncoderTest.php:247
$i
$i
Definition: disco.tpl.php:19
ilBcryptPasswordEncoderTest\testEncoderReliesOnSalts
testEncoderReliesOnSalts(ilBcryptPasswordEncoder $encoder)
testInstanceCanBeCreated
Definition: ilBcryptPasswordEncoderTest.php:231
ilBcryptPasswordEncoder\isPasswordValid
isPasswordValid($encoded, $raw, $salt)
{Checks a raw password against an encoded password.The raw password has to be injected into the encod...
Definition: class.ilBcryptPasswordEncoder.php:169
ilPasswordBaseTest\assertException
assertException($exception_class)
Definition: ilPasswordBaseTest.php:13
$data
$data
Definition: bench.php:6