1f2ae886aSAndreas Gohr<?php 2f2ae886aSAndreas Gohr 336340418SAndreas Gohrclass auth_password_test extends DokuWikiTest { 4f2ae886aSAndreas Gohr 5*924cc11cSAndreas Gohr // hashes for the password foo$method, using abcdefgh12345678912345678912345678 as salt 6f2ae886aSAndreas Gohr var $passes = array( 7f2ae886aSAndreas Gohr 'smd5' => '$1$abcdefgh$SYbjm2AEvSoHG7Xapi8so.', 8f2ae886aSAndreas Gohr 'apr1' => '$apr1$abcdefgh$C/GzYTF4kOVByYLEoD5X4.', 9f2ae886aSAndreas Gohr 'md5' => '8fa22d62408e5351553acdd91c6b7003', 10f2ae886aSAndreas Gohr 'sha1' => 'b456d3b0efd105d613744ffd549514ecafcfc7e1', 11f2ae886aSAndreas Gohr 'ssha' => '{SSHA}QMHG+uC7bHNYKkmoLbNsNI38/dJhYmNk', 12f2ae886aSAndreas Gohr 'lsmd5' => '{SMD5}HGbkPrkWgy9KgcRGWlrsUWFiY2RlZmdo', 13f2ae886aSAndreas Gohr 'crypt' => 'ablvoGr1hvZ5k', 14f2ae886aSAndreas Gohr 'mysql' => '4a1fa3780bd6fd55', 15f2ae886aSAndreas Gohr 'my411' => '*e5929347e25f82e19e4ebe92f1dc6b6e7c2dbd29', 16f2ae886aSAndreas Gohr 'kmd5' => 'a579299436d7969791189acadd86fcb716', 17f2ae886aSAndreas Gohr 'djangomd5' => 'md5$abcde$d0fdddeda8cd92725d2b54148ac09158', 18f2ae886aSAndreas Gohr 'djangosha1' => 'sha1$abcde$c8e65a7f0acc9158843048a53dcc5a6bc4d17678', 1932c7ba22SAndreas Gohr 20f2ae886aSAndreas Gohr ); 21f2ae886aSAndreas Gohr 2232c7ba22SAndreas Gohr function __construct() { 2332c7ba22SAndreas Gohr if(defined('CRYPT_SHA512') && CRYPT_SHA512 == 1) { 2432c7ba22SAndreas Gohr // Check SHA512 only if available in this PHP 2532c7ba22SAndreas Gohr $this->passes['sha512'] = '$6$abcdefgh12345678$J9.zOcgx0lotwZdcz0uulA3IVQMinZvFZVjA5vapRLVAAqtay23XD4xeeUxQ3B4JvDWYFBIxVWW1tOYlHX13k1'; 2632c7ba22SAndreas Gohr } 27*924cc11cSAndreas Gohr if(function_exists('hash_pbkdf2')) { 28*924cc11cSAndreas Gohr if(in_array('sha256', hash_algos())) { 29*924cc11cSAndreas Gohr $this->passes['djangopbkdf2_sha256'] = 'pbkdf2_sha256$24000$abcdefgh1234$R23OyZJ0nGHLG6MvPNfEkV5AOz3jUY5zthByPXs2gn0='; 30*924cc11cSAndreas Gohr } 31*924cc11cSAndreas Gohr if(in_array('sha1', hash_algos())) { 32*924cc11cSAndreas Gohr $this->passes['djangopbkdf2_sha1'] = 'pbkdf2_sha1$24000$abcdefgh1234$pOliX4vV1hgOv7lFNURIHHx41HI='; 33*924cc11cSAndreas Gohr } 34*924cc11cSAndreas Gohr } 3532c7ba22SAndreas Gohr } 3632c7ba22SAndreas Gohr 37f2ae886aSAndreas Gohr 38f2ae886aSAndreas Gohr function test_cryptPassword(){ 39f2ae886aSAndreas Gohr foreach($this->passes as $method => $hash){ 40f2ae886aSAndreas Gohr $info = "testing method $method"; 41*924cc11cSAndreas Gohr $this->assertEquals( 42*924cc11cSAndreas Gohr $hash, 43*924cc11cSAndreas Gohr auth_cryptPassword('foo'.$method, $method,'abcdefgh12345678912345678912345678'), 44*924cc11cSAndreas Gohr $info); 45f2ae886aSAndreas Gohr } 46f2ae886aSAndreas Gohr } 47f2ae886aSAndreas Gohr 48f2ae886aSAndreas Gohr function test_verifyPassword(){ 49f2ae886aSAndreas Gohr foreach($this->passes as $method => $hash){ 50f2ae886aSAndreas Gohr $info = "testing method $method"; 51f2ae886aSAndreas Gohr $this->assertTrue(auth_verifyPassword('foo'.$method, $hash), $info); 521831d8a0SAndreas Gohr $this->assertFalse(auth_verifyPassword('bar'.$method, $hash), $info); 53f2ae886aSAndreas Gohr } 54f2ae886aSAndreas Gohr } 55f2ae886aSAndreas Gohr 56f2ae886aSAndreas Gohr function test_verifySelf(){ 57f2ae886aSAndreas Gohr foreach($this->passes as $method => $hash){ 58f2ae886aSAndreas Gohr $info = "testing method $method"; 59f2ae886aSAndreas Gohr $hash = auth_cryptPassword('foo'.$method,$method); 60f2ae886aSAndreas Gohr $this->assertTrue(auth_verifyPassword('foo'.$method, $hash), $info); 61f2ae886aSAndreas Gohr } 62f2ae886aSAndreas Gohr } 63f2ae886aSAndreas Gohr 64f2ae886aSAndreas Gohr function test_bcrypt_self(){ 65f2ae886aSAndreas Gohr $hash = auth_cryptPassword('foobcrypt','bcrypt'); 66f2ae886aSAndreas Gohr $this->assertTrue(auth_verifyPassword('foobcrypt',$hash)); 67f2ae886aSAndreas Gohr } 68f2ae886aSAndreas Gohr 69f2ae886aSAndreas Gohr function test_verifyPassword_fixedbcrypt(){ 70f2ae886aSAndreas Gohr $this->assertTrue(auth_verifyPassword('foobcrypt','$2a$12$uTWercxbq4sjp2xAzv3we.ZOxk51m5V/Bv5bp2H27oVFJl5neFQoC')); 71f2ae886aSAndreas Gohr } 72f2ae886aSAndreas Gohr 73f2ae886aSAndreas Gohr function test_verifyPassword_nohash(){ 74f2ae886aSAndreas Gohr $this->assertTrue(auth_verifyPassword('foo','$1$$n1rTiFE0nRifwV/43bVon/')); 75f2ae886aSAndreas Gohr } 76f2ae886aSAndreas Gohr 77f2ae886aSAndreas Gohr function test_verifyPassword_fixedpmd5(){ 78f2ae886aSAndreas Gohr $this->assertTrue(auth_verifyPassword('test12345','$P$9IQRaTwmfeRo7ud9Fh4E2PdI0S3r.L0')); 79f2ae886aSAndreas Gohr $this->assertTrue(auth_verifyPassword('test12345','$H$9IQRaTwmfeRo7ud9Fh4E2PdI0S3r.L0')); 80f2ae886aSAndreas Gohr } 81f2ae886aSAndreas Gohr 82529b0416SAndreas Gohr function test_veryPassword_mediawiki(){ 83529b0416SAndreas Gohr $this->assertTrue(auth_verifyPassword('password', ':B:838c83e1:e4ab7024509eef084cdabd03d8b2972c')); 84529b0416SAndreas Gohr } 85529b0416SAndreas Gohr 86529b0416SAndreas Gohr 871831d8a0SAndreas Gohr /** 881831d8a0SAndreas Gohr * pmd5 checking should throw an exception when a hash with a too high 891831d8a0SAndreas Gohr * iteration count is passed 901831d8a0SAndreas Gohr */ 911831d8a0SAndreas Gohr function test_verifyPassword_pmd5Exception(){ 921831d8a0SAndreas Gohr $except = false; 931831d8a0SAndreas Gohr try{ 941831d8a0SAndreas Gohr auth_verifyPassword('foopmd5', '$H$abcdefgh1ZbJodHxmeXVAhEzTG7IAp.'); 951831d8a0SAndreas Gohr }catch (Exception $e){ 961831d8a0SAndreas Gohr $except = true; 971831d8a0SAndreas Gohr } 981831d8a0SAndreas Gohr $this->assertTrue($except); 991831d8a0SAndreas Gohr } 1001831d8a0SAndreas Gohr 101f2ae886aSAndreas Gohr} 102f2ae886aSAndreas Gohr 103f2ae886aSAndreas Gohr//Setup VIM: ex: et ts=4 : 104