1f2ae886aSAndreas Gohr<?php 2f2ae886aSAndreas Gohr 336340418SAndreas Gohrclass auth_password_test extends DokuWikiTest { 4f2ae886aSAndreas Gohr 5*b216b154SAndreas Gohr /** 6*b216b154SAndreas Gohr * precomputed hashes 7*b216b154SAndreas Gohr * 8*b216b154SAndreas Gohr * for the password foo$method, using abcdefgh12345678912345678912345678 as salt 9*b216b154SAndreas Gohr * 10*b216b154SAndreas Gohr * @return array 11*b216b154SAndreas Gohr */ 12*b216b154SAndreas Gohr public function hashes() { 13*b216b154SAndreas Gohr 14*b216b154SAndreas Gohr $passes = array( 15*b216b154SAndreas Gohr array('smd5', '$1$abcdefgh$SYbjm2AEvSoHG7Xapi8so.'), 16*b216b154SAndreas Gohr array('apr1', '$apr1$abcdefgh$C/GzYTF4kOVByYLEoD5X4.'), 17*b216b154SAndreas Gohr array('md5', '8fa22d62408e5351553acdd91c6b7003'), 18*b216b154SAndreas Gohr array('sha1', 'b456d3b0efd105d613744ffd549514ecafcfc7e1'), 19*b216b154SAndreas Gohr array('ssha', '{SSHA}QMHG+uC7bHNYKkmoLbNsNI38/dJhYmNk'), 20*b216b154SAndreas Gohr array('lsmd5', '{SMD5}HGbkPrkWgy9KgcRGWlrsUWFiY2RlZmdo'), 21*b216b154SAndreas Gohr array('crypt', 'ablvoGr1hvZ5k'), 22*b216b154SAndreas Gohr array('mysql', '4a1fa3780bd6fd55'), 23*b216b154SAndreas Gohr array('my411', '*E5929347E25F82E19E4EBE92F1DC6B6E7C2DBD29'), 24*b216b154SAndreas Gohr array('kmd5', 'a579299436d7969791189acadd86fcb716'), 25*b216b154SAndreas Gohr array('djangomd5', 'md5$abcde$d0fdddeda8cd92725d2b54148ac09158'), 26*b216b154SAndreas Gohr array('djangosha1', 'sha1$abcde$c8e65a7f0acc9158843048a53dcc5a6bc4d17678'), 2732c7ba22SAndreas Gohr 28f2ae886aSAndreas Gohr ); 29f2ae886aSAndreas Gohr 3032c7ba22SAndreas Gohr if(defined('CRYPT_SHA512') && CRYPT_SHA512 == 1) { 3132c7ba22SAndreas Gohr // Check SHA512 only if available in this PHP 32*b216b154SAndreas Gohr $passes[] = array('sha512', '$6$abcdefgh12345678$J9.zOcgx0lotwZdcz0uulA3IVQMinZvFZVjA5vapRLVAAqtay23XD4xeeUxQ3B4JvDWYFBIxVWW1tOYlHX13k1'); 3332c7ba22SAndreas Gohr } 34924cc11cSAndreas Gohr if(function_exists('hash_pbkdf2')) { 35924cc11cSAndreas Gohr if(in_array('sha256', hash_algos())) { 36*b216b154SAndreas Gohr $passes[] = array('djangopbkdf2_sha256', 'pbkdf2_sha256$24000$abcdefgh1234$R23OyZJ0nGHLG6MvPNfEkV5AOz3jUY5zthByPXs2gn0='); 37924cc11cSAndreas Gohr } 38924cc11cSAndreas Gohr if(in_array('sha1', hash_algos())) { 39*b216b154SAndreas Gohr $passes[] = array('djangopbkdf2_sha1', 'pbkdf2_sha1$24000$abcdefgh1234$pOliX4vV1hgOv7lFNURIHHx41HI='); 40924cc11cSAndreas Gohr } 41924cc11cSAndreas Gohr } 42*b216b154SAndreas Gohr return $passes; 4332c7ba22SAndreas Gohr } 4432c7ba22SAndreas Gohr 45*b216b154SAndreas Gohr /** 46*b216b154SAndreas Gohr * @dataProvider hashes 47*b216b154SAndreas Gohr * @param $method 48*b216b154SAndreas Gohr * @param $hash 49*b216b154SAndreas Gohr */ 50*b216b154SAndreas Gohr function test_cryptPassword($method, $hash) { 51924cc11cSAndreas Gohr $this->assertEquals( 52924cc11cSAndreas Gohr $hash, 53*b216b154SAndreas Gohr auth_cryptPassword('foo' . $method, $method, 'abcdefgh12345678912345678912345678') 54*b216b154SAndreas Gohr ); 55f2ae886aSAndreas Gohr } 56f2ae886aSAndreas Gohr 57*b216b154SAndreas Gohr /** 58*b216b154SAndreas Gohr * @dataProvider hashes 59*b216b154SAndreas Gohr * @param $method 60*b216b154SAndreas Gohr * @param $hash 61*b216b154SAndreas Gohr */ 62*b216b154SAndreas Gohr function test_verifyPassword($method, $hash) { 63*b216b154SAndreas Gohr $this->assertTrue(auth_verifyPassword('foo' . $method, $hash)); 64*b216b154SAndreas Gohr $this->assertFalse(auth_verifyPassword('bar' . $method, $hash)); 65f2ae886aSAndreas Gohr } 66f2ae886aSAndreas Gohr 67*b216b154SAndreas Gohr /** 68*b216b154SAndreas Gohr * @dataProvider hashes 69*b216b154SAndreas Gohr * @param $method 70*b216b154SAndreas Gohr * @param $hash 71*b216b154SAndreas Gohr */ 72*b216b154SAndreas Gohr function test_verifySelf($method, $hash) { 73f2ae886aSAndreas Gohr $hash = auth_cryptPassword('foo' . $method, $method); 74*b216b154SAndreas Gohr $this->assertTrue(auth_verifyPassword('foo' . $method, $hash)); 75f2ae886aSAndreas Gohr } 76f2ae886aSAndreas Gohr 77f2ae886aSAndreas Gohr function test_bcrypt_self() { 78f2ae886aSAndreas Gohr $hash = auth_cryptPassword('foobcrypt', 'bcrypt'); 79f2ae886aSAndreas Gohr $this->assertTrue(auth_verifyPassword('foobcrypt', $hash)); 80f2ae886aSAndreas Gohr } 81f2ae886aSAndreas Gohr 82f2ae886aSAndreas Gohr function test_verifyPassword_fixedbcrypt() { 83f2ae886aSAndreas Gohr $this->assertTrue(auth_verifyPassword('foobcrypt', '$2a$12$uTWercxbq4sjp2xAzv3we.ZOxk51m5V/Bv5bp2H27oVFJl5neFQoC')); 84f2ae886aSAndreas Gohr } 85f2ae886aSAndreas Gohr 86f2ae886aSAndreas Gohr function test_verifyPassword_nohash() { 87f2ae886aSAndreas Gohr $this->assertTrue(auth_verifyPassword('foo', '$1$$n1rTiFE0nRifwV/43bVon/')); 88f2ae886aSAndreas Gohr } 89f2ae886aSAndreas Gohr 90f2ae886aSAndreas Gohr function test_verifyPassword_fixedpmd5() { 91f2ae886aSAndreas Gohr $this->assertTrue(auth_verifyPassword('test12345', '$P$9IQRaTwmfeRo7ud9Fh4E2PdI0S3r.L0')); 92f2ae886aSAndreas Gohr $this->assertTrue(auth_verifyPassword('test12345', '$H$9IQRaTwmfeRo7ud9Fh4E2PdI0S3r.L0')); 93f2ae886aSAndreas Gohr } 94f2ae886aSAndreas Gohr 95529b0416SAndreas Gohr function test_veryPassword_mediawiki() { 96529b0416SAndreas Gohr $this->assertTrue(auth_verifyPassword('password', ':B:838c83e1:e4ab7024509eef084cdabd03d8b2972c')); 97529b0416SAndreas Gohr } 98529b0416SAndreas Gohr 991831d8a0SAndreas Gohr /** 1001831d8a0SAndreas Gohr * pmd5 checking should throw an exception when a hash with a too high 1011831d8a0SAndreas Gohr * iteration count is passed 1021831d8a0SAndreas Gohr */ 1031831d8a0SAndreas Gohr function test_verifyPassword_pmd5Exception() { 1041831d8a0SAndreas Gohr $except = false; 1051831d8a0SAndreas Gohr try { 1061831d8a0SAndreas Gohr auth_verifyPassword('foopmd5', '$H$abcdefgh1ZbJodHxmeXVAhEzTG7IAp.'); 1071831d8a0SAndreas Gohr } catch(Exception $e) { 1081831d8a0SAndreas Gohr $except = true; 1091831d8a0SAndreas Gohr } 1101831d8a0SAndreas Gohr $this->assertTrue($except); 1111831d8a0SAndreas Gohr } 1121831d8a0SAndreas Gohr 113f2ae886aSAndreas Gohr} 114