1f2ae886aSAndreas Gohr<?php 2f2ae886aSAndreas Gohr 336340418SAndreas Gohrclass auth_password_test extends DokuWikiTest { 4f2ae886aSAndreas Gohr 5f2ae886aSAndreas Gohr // hashes for the password foo$method, using abcdefgh as salt 6f2ae886aSAndreas Gohr var $passes = array( 7f2ae886aSAndreas Gohr 'smd5' => '$1$abcdefgh$SYbjm2AEvSoHG7Xapi8so.', 8f2ae886aSAndreas Gohr 'apr1' => '$apr1$abcdefgh$C/GzYTF4kOVByYLEoD5X4.', 9f2ae886aSAndreas Gohr 'md5' => '8fa22d62408e5351553acdd91c6b7003', 10f2ae886aSAndreas Gohr 'sha1' => 'b456d3b0efd105d613744ffd549514ecafcfc7e1', 11f2ae886aSAndreas Gohr 'ssha' => '{SSHA}QMHG+uC7bHNYKkmoLbNsNI38/dJhYmNk', 12f2ae886aSAndreas Gohr 'lsmd5' => '{SMD5}HGbkPrkWgy9KgcRGWlrsUWFiY2RlZmdo', 13f2ae886aSAndreas Gohr 'crypt' => 'ablvoGr1hvZ5k', 14f2ae886aSAndreas Gohr 'mysql' => '4a1fa3780bd6fd55', 15f2ae886aSAndreas Gohr 'my411' => '*e5929347e25f82e19e4ebe92f1dc6b6e7c2dbd29', 16f2ae886aSAndreas Gohr 'kmd5' => 'a579299436d7969791189acadd86fcb716', 17f2ae886aSAndreas Gohr 'djangomd5' => 'md5$abcde$d0fdddeda8cd92725d2b54148ac09158', 18f2ae886aSAndreas Gohr 'djangosha1' => 'sha1$abcde$c8e65a7f0acc9158843048a53dcc5a6bc4d17678', 19*32c7ba22SAndreas Gohr 20f2ae886aSAndreas Gohr ); 21f2ae886aSAndreas Gohr 22*32c7ba22SAndreas Gohr function __construct() { 23*32c7ba22SAndreas Gohr if(defined('CRYPT_SHA512') && CRYPT_SHA512 == 1) { 24*32c7ba22SAndreas Gohr // Check SHA512 only if available in this PHP 25*32c7ba22SAndreas Gohr $this->passes['sha512'] = '$6$abcdefgh12345678$J9.zOcgx0lotwZdcz0uulA3IVQMinZvFZVjA5vapRLVAAqtay23XD4xeeUxQ3B4JvDWYFBIxVWW1tOYlHX13k1'; 26*32c7ba22SAndreas Gohr } 27*32c7ba22SAndreas Gohr } 28*32c7ba22SAndreas Gohr 29f2ae886aSAndreas Gohr 30f2ae886aSAndreas Gohr function test_cryptPassword(){ 31f2ae886aSAndreas Gohr foreach($this->passes as $method => $hash){ 32f2ae886aSAndreas Gohr $info = "testing method $method"; 33f2ae886aSAndreas Gohr $this->assertEquals(auth_cryptPassword('foo'.$method, $method,'abcdefgh12345678912345678912345678'), 34f2ae886aSAndreas Gohr $hash, $info); 35f2ae886aSAndreas Gohr } 36f2ae886aSAndreas Gohr } 37f2ae886aSAndreas Gohr 38f2ae886aSAndreas Gohr function test_verifyPassword(){ 39f2ae886aSAndreas Gohr foreach($this->passes as $method => $hash){ 40f2ae886aSAndreas Gohr $info = "testing method $method"; 41f2ae886aSAndreas Gohr $this->assertTrue(auth_verifyPassword('foo'.$method, $hash), $info); 421831d8a0SAndreas Gohr $this->assertFalse(auth_verifyPassword('bar'.$method, $hash), $info); 43f2ae886aSAndreas Gohr } 44f2ae886aSAndreas Gohr } 45f2ae886aSAndreas Gohr 46f2ae886aSAndreas Gohr function test_verifySelf(){ 47f2ae886aSAndreas Gohr foreach($this->passes as $method => $hash){ 48f2ae886aSAndreas Gohr $info = "testing method $method"; 49f2ae886aSAndreas Gohr $hash = auth_cryptPassword('foo'.$method,$method); 50f2ae886aSAndreas Gohr $this->assertTrue(auth_verifyPassword('foo'.$method, $hash), $info); 51f2ae886aSAndreas Gohr } 52f2ae886aSAndreas Gohr } 53f2ae886aSAndreas Gohr 54f2ae886aSAndreas Gohr function test_bcrypt_self(){ 55f2ae886aSAndreas Gohr $hash = auth_cryptPassword('foobcrypt','bcrypt'); 56f2ae886aSAndreas Gohr $this->assertTrue(auth_verifyPassword('foobcrypt',$hash)); 57f2ae886aSAndreas Gohr } 58f2ae886aSAndreas Gohr 59f2ae886aSAndreas Gohr function test_verifyPassword_fixedbcrypt(){ 60f2ae886aSAndreas Gohr $this->assertTrue(auth_verifyPassword('foobcrypt','$2a$12$uTWercxbq4sjp2xAzv3we.ZOxk51m5V/Bv5bp2H27oVFJl5neFQoC')); 61f2ae886aSAndreas Gohr } 62f2ae886aSAndreas Gohr 63f2ae886aSAndreas Gohr function test_verifyPassword_nohash(){ 64f2ae886aSAndreas Gohr $this->assertTrue(auth_verifyPassword('foo','$1$$n1rTiFE0nRifwV/43bVon/')); 65f2ae886aSAndreas Gohr } 66f2ae886aSAndreas Gohr 67f2ae886aSAndreas Gohr function test_verifyPassword_fixedpmd5(){ 68f2ae886aSAndreas Gohr $this->assertTrue(auth_verifyPassword('test12345','$P$9IQRaTwmfeRo7ud9Fh4E2PdI0S3r.L0')); 69f2ae886aSAndreas Gohr $this->assertTrue(auth_verifyPassword('test12345','$H$9IQRaTwmfeRo7ud9Fh4E2PdI0S3r.L0')); 70f2ae886aSAndreas Gohr } 71f2ae886aSAndreas Gohr 72529b0416SAndreas Gohr function test_veryPassword_mediawiki(){ 73529b0416SAndreas Gohr $this->assertTrue(auth_verifyPassword('password', ':B:838c83e1:e4ab7024509eef084cdabd03d8b2972c')); 74529b0416SAndreas Gohr } 75529b0416SAndreas Gohr 76529b0416SAndreas Gohr 771831d8a0SAndreas Gohr /** 781831d8a0SAndreas Gohr * pmd5 checking should throw an exception when a hash with a too high 791831d8a0SAndreas Gohr * iteration count is passed 801831d8a0SAndreas Gohr */ 811831d8a0SAndreas Gohr function test_verifyPassword_pmd5Exception(){ 821831d8a0SAndreas Gohr $except = false; 831831d8a0SAndreas Gohr try{ 841831d8a0SAndreas Gohr auth_verifyPassword('foopmd5', '$H$abcdefgh1ZbJodHxmeXVAhEzTG7IAp.'); 851831d8a0SAndreas Gohr }catch (Exception $e){ 861831d8a0SAndreas Gohr $except = true; 871831d8a0SAndreas Gohr } 881831d8a0SAndreas Gohr $this->assertTrue($except); 891831d8a0SAndreas Gohr } 901831d8a0SAndreas Gohr 91f2ae886aSAndreas Gohr} 92f2ae886aSAndreas Gohr 93f2ae886aSAndreas Gohr//Setup VIM: ex: et ts=4 : 94