xref: /dokuwiki/_test/tests/inc/auth_password.test.php (revision 6f9868d593e26f4f6d3700f37d1caca4a1343b78) 
1f2ae886aSAndreas Gohr<?php
2f2ae886aSAndreas Gohr
336340418SAndreas Gohrclass auth_password_test extends DokuWikiTest {
4f2ae886aSAndreas Gohr
5b216b154SAndreas Gohr    /**
6b216b154SAndreas Gohr     *  precomputed hashes
7b216b154SAndreas Gohr     *
8b216b154SAndreas Gohr     * for the password foo$method, using abcdefgh12345678912345678912345678 as salt
9b216b154SAndreas Gohr     *
10b216b154SAndreas Gohr     * @return array
11b216b154SAndreas Gohr     */
12b216b154SAndreas Gohr    public function hashes() {
13b216b154SAndreas Gohr
14b216b154SAndreas Gohr        $passes = array(
15b216b154SAndreas Gohr            array('smd5', '$1$abcdefgh$SYbjm2AEvSoHG7Xapi8so.'),
16b216b154SAndreas Gohr            array('apr1', '$apr1$abcdefgh$C/GzYTF4kOVByYLEoD5X4.'),
17b216b154SAndreas Gohr            array('md5', '8fa22d62408e5351553acdd91c6b7003'),
18b216b154SAndreas Gohr            array('sha1', 'b456d3b0efd105d613744ffd549514ecafcfc7e1'),
19b216b154SAndreas Gohr            array('ssha', '{SSHA}QMHG+uC7bHNYKkmoLbNsNI38/dJhYmNk'),
20b216b154SAndreas Gohr            array('lsmd5', '{SMD5}HGbkPrkWgy9KgcRGWlrsUWFiY2RlZmdo'),
21b216b154SAndreas Gohr            array('crypt', 'ablvoGr1hvZ5k'),
22b216b154SAndreas Gohr            array('mysql', '4a1fa3780bd6fd55'),
23b216b154SAndreas Gohr            array('my411', '*E5929347E25F82E19E4EBE92F1DC6B6E7C2DBD29'),
24b216b154SAndreas Gohr            array('kmd5', 'a579299436d7969791189acadd86fcb716'),
25b216b154SAndreas Gohr            array('djangomd5', 'md5$abcde$d0fdddeda8cd92725d2b54148ac09158'),
26b216b154SAndreas Gohr            array('djangosha1', 'sha1$abcde$c8e65a7f0acc9158843048a53dcc5a6bc4d17678'),
2732c7ba22SAndreas Gohr
28f2ae886aSAndreas Gohr        );
29f2ae886aSAndreas Gohr
3032c7ba22SAndreas Gohr        if(defined('CRYPT_SHA512') && CRYPT_SHA512 == 1) {
3132c7ba22SAndreas Gohr            // Check SHA512 only if available in this PHP
32b216b154SAndreas Gohr            $passes[] = array('sha512', '$6$abcdefgh12345678$J9.zOcgx0lotwZdcz0uulA3IVQMinZvFZVjA5vapRLVAAqtay23XD4xeeUxQ3B4JvDWYFBIxVWW1tOYlHX13k1');
3332c7ba22SAndreas Gohr        }
34924cc11cSAndreas Gohr        if(function_exists('hash_pbkdf2')) {
35924cc11cSAndreas Gohr            if(in_array('sha256', hash_algos())) {
36b216b154SAndreas Gohr                $passes[] = array('djangopbkdf2_sha256', 'pbkdf2_sha256$24000$abcdefgh1234$R23OyZJ0nGHLG6MvPNfEkV5AOz3jUY5zthByPXs2gn0=');
37924cc11cSAndreas Gohr            }
38924cc11cSAndreas Gohr            if(in_array('sha1', hash_algos())) {
39b216b154SAndreas Gohr                $passes[] = array('djangopbkdf2_sha1', 'pbkdf2_sha1$24000$abcdefgh1234$pOliX4vV1hgOv7lFNURIHHx41HI=');
40924cc11cSAndreas Gohr            }
41924cc11cSAndreas Gohr        }
42b216b154SAndreas Gohr        return $passes;
4332c7ba22SAndreas Gohr    }
4432c7ba22SAndreas Gohr
45b216b154SAndreas Gohr    /**
46b216b154SAndreas Gohr     * @dataProvider hashes
47b216b154SAndreas Gohr     * @param $method
48b216b154SAndreas Gohr     * @param $hash
49b216b154SAndreas Gohr     */
50b216b154SAndreas Gohr    function test_cryptPassword($method, $hash) {
51924cc11cSAndreas Gohr        $this->assertEquals(
52924cc11cSAndreas Gohr            $hash,
53b216b154SAndreas Gohr            auth_cryptPassword('foo' . $method, $method, 'abcdefgh12345678912345678912345678')
54b216b154SAndreas Gohr        );
55f2ae886aSAndreas Gohr    }
56f2ae886aSAndreas Gohr
57b216b154SAndreas Gohr    /**
58b216b154SAndreas Gohr     * @dataProvider hashes
59b216b154SAndreas Gohr     * @param $method
60b216b154SAndreas Gohr     * @param $hash
61b216b154SAndreas Gohr     */
62b216b154SAndreas Gohr    function test_verifyPassword($method, $hash) {
63b216b154SAndreas Gohr        $this->assertTrue(auth_verifyPassword('foo' . $method, $hash));
64b216b154SAndreas Gohr        $this->assertFalse(auth_verifyPassword('bar' . $method, $hash));
65f2ae886aSAndreas Gohr    }
66f2ae886aSAndreas Gohr
67b216b154SAndreas Gohr    /**
68b216b154SAndreas Gohr     * @dataProvider hashes
69b216b154SAndreas Gohr     * @param $method
70b216b154SAndreas Gohr     * @param $hash
71b216b154SAndreas Gohr     */
72b216b154SAndreas Gohr    function test_verifySelf($method, $hash) {
73f2ae886aSAndreas Gohr        $hash = auth_cryptPassword('foo' . $method, $method);
74b216b154SAndreas Gohr        $this->assertTrue(auth_verifyPassword('foo' . $method, $hash));
75f2ae886aSAndreas Gohr    }
76f2ae886aSAndreas Gohr
77f2ae886aSAndreas Gohr    function test_bcrypt_self() {
78f2ae886aSAndreas Gohr        $hash = auth_cryptPassword('foobcrypt', 'bcrypt');
79f2ae886aSAndreas Gohr        $this->assertTrue(auth_verifyPassword('foobcrypt', $hash));
80f2ae886aSAndreas Gohr    }
81f2ae886aSAndreas Gohr
82f2ae886aSAndreas Gohr    function test_verifyPassword_fixedbcrypt() {
83f2ae886aSAndreas Gohr        $this->assertTrue(auth_verifyPassword('foobcrypt', '$2a$12$uTWercxbq4sjp2xAzv3we.ZOxk51m5V/Bv5bp2H27oVFJl5neFQoC'));
84f2ae886aSAndreas Gohr    }
85f2ae886aSAndreas Gohr
86f2ae886aSAndreas Gohr    function test_verifyPassword_nohash() {
87f2ae886aSAndreas Gohr        $this->assertTrue(auth_verifyPassword('foo', '$1$$n1rTiFE0nRifwV/43bVon/'));
88f2ae886aSAndreas Gohr    }
89f2ae886aSAndreas Gohr
90f2ae886aSAndreas Gohr    function test_verifyPassword_fixedpmd5() {
91f2ae886aSAndreas Gohr        $this->assertTrue(auth_verifyPassword('test12345', '$P$9IQRaTwmfeRo7ud9Fh4E2PdI0S3r.L0'));
92f2ae886aSAndreas Gohr        $this->assertTrue(auth_verifyPassword('test12345', '$H$9IQRaTwmfeRo7ud9Fh4E2PdI0S3r.L0'));
93f2ae886aSAndreas Gohr    }
94f2ae886aSAndreas Gohr
95529b0416SAndreas Gohr    function test_veryPassword_mediawiki() {
96529b0416SAndreas Gohr        $this->assertTrue(auth_verifyPassword('password', ':B:838c83e1:e4ab7024509eef084cdabd03d8b2972c'));
97529b0416SAndreas Gohr    }
98529b0416SAndreas Gohr
991831d8a0SAndreas Gohr    /**
1001831d8a0SAndreas Gohr     * pmd5 checking should throw an exception when a hash with a too high
1011831d8a0SAndreas Gohr     * iteration count is passed
1021831d8a0SAndreas Gohr     */
1031831d8a0SAndreas Gohr    function test_verifyPassword_pmd5Exception() {
1041831d8a0SAndreas Gohr        $except = false;
1051831d8a0SAndreas Gohr        try {
1061831d8a0SAndreas Gohr            auth_verifyPassword('foopmd5', '$H$abcdefgh1ZbJodHxmeXVAhEzTG7IAp.');
1071831d8a0SAndreas Gohr        } catch(Exception $e) {
1081831d8a0SAndreas Gohr            $except = true;
1091831d8a0SAndreas Gohr        }
1101831d8a0SAndreas Gohr        $this->assertTrue($except);
1111831d8a0SAndreas Gohr    }
1121831d8a0SAndreas Gohr
113*6f9868d5SPhy    /**
114*6f9868d5SPhy     * issue #2629, support PHP's crypt() format (with rounds=0 parameter)
115*6f9868d5SPhy     */
116*6f9868d5SPhy    function test_verifyPassword_sha512_crypt() {
117*6f9868d5SPhy        if(defined('CRYPT_SHA512') && CRYPT_SHA512 == 1) {
118*6f9868d5SPhy            $this->assertTrue(auth_verifyPassword('Qwerty123', '$6$rounds=3000$9in6UciYPFG6ydsJ$YBjypQ7XoRqvJoX1a2.spSysSVHcdreVXi1Xh5SyOxo2yNSxDjlUCun2YXrwk9.YP6vmRvCWrhp0fbPgSOT7..'));
119*6f9868d5SPhy        } else {
120*6f9868d5SPhy            $this->markTestSkipped('SHA512 not available in this PHP environment');
121*6f9868d5SPhy        }
122*6f9868d5SPhy    }
123*6f9868d5SPhy
124f2ae886aSAndreas Gohr}
125