/** * @requires PHP 5.3.7 */ public function testCheckPasswordLength() { $encoder = new BCryptPasswordEncoder(self::VALID_COST); $result = $encoder->encodePassword(str_repeat('a', 72), null); $this->assertFalse($encoder->isPasswordValid($result, str_repeat('a', 73), 'salt')); $this->assertTrue($encoder->isPasswordValid($result, str_repeat('a', 72), 'salt')); }
public function testValidation() { $this->skipIfPhpVersionIsNotSupported(); $encoder = new BCryptPasswordEncoder(self::VALID_COST); $result = $encoder->encodePassword(self::PASSWORD, null); $this->assertTrue($encoder->isPasswordValid($result, self::PASSWORD, null)); $this->assertFalse($encoder->isPasswordValid($result, 'anotherPassword', null)); }
public function testValidationKnownPassword() { $encoder = new BCryptPasswordEncoder($this->secureRandom, self::VALID_COST); $prefix = '$' . (version_compare(phpversion(), '5.3.7', '>=') ? '2y' : '2a') . '$'; $encrypted = $prefix . '04$ABCDEFGHIJKLMNOPQRSTU.uTmwd4KMSHxbUsG7bng8x7YdA0PM1iq'; $this->assertTrue($encoder->isPasswordValid($encrypted, self::PASSWORD, null)); }
public function testEncodePasswordBcrypt() { $this->passwordEncoderCommandTester->execute(array('command' => 'security:encode-password', 'password' => 'password', 'user-class' => 'Custom\\Class\\Bcrypt\\User'), array('interactive' => false)); $output = $this->passwordEncoderCommandTester->getDisplay(); $this->assertContains('Password encoding succeeded', $output); $encoder = new BCryptPasswordEncoder(17); preg_match('# Encoded password\\s{1,}([\\w+\\/$.]+={0,2})\\s+#', $output, $matches); $hash = $matches[1]; $this->assertTrue($encoder->isPasswordValid($hash, 'password', null)); }
public function testResetPassword() { $passwordReset = new PasswordReset($this->dataUser, $this->dataPasswordReset); $app = TestDBSetup::createAppAndDB(false); $user = $this->dataUser->createEmpty(); $user->set('username', 'user2'); $user->set('password', 'asdasd'); $user->set('email', '*****@*****.**'); $this->dataUser->create($user); $hash = $user->get('password'); $salt = $user->get('salt'); $encoder = new BCryptPasswordEncoder(13); $this->assertTrue($encoder->isPasswordValid($hash, 'asdasd', $salt)); $token = $passwordReset->requestPasswordReset('email', '*****@*****.**'); $read = $passwordReset->resetPassword('asdasd', 'dsadsa'); $this->assertFalse($read); $read = $passwordReset->resetPassword('', 'dsadsa'); $this->assertFalse($read); $read = $passwordReset->resetPassword(null, 'dsadsa'); $this->assertFalse($read); $read = $passwordReset->resetPassword($token, 'dsadsa'); $this->assertTrue($read); $updatedUser = $this->dataUser->get($user->get('id')); $newHash = $updatedUser->get('password'); $this->assertTrue($encoder->isPasswordValid($newHash, 'dsadsa', $salt)); // A token can be only used once $read = $passwordReset->resetPassword($token, 'dsadsa'); $this->assertFalse($read); // A password reset must be used within 48h $token = $passwordReset->requestPasswordReset('email', '*****@*****.**'); $passwordResets = $this->dataPasswordReset->listEntries(['token' => $token]); if (count($passwordResets) !== 1) { $this->fail(); } $oldCreatedAt = gmdate('Y-m-d H:i:s', time() - 3 * 24 * 60 * 60); $app['db']->executeUpdate('UPDATE password_reset SET created_at = ? WHERE token = ?', [$oldCreatedAt, $token]); $read = $passwordReset->resetPassword($token, 'dsadsa'); $this->assertFalse($read); }
public function testCheckPasswordLength() { $encoder = new BCryptPasswordEncoder(self::VALID_COST); $this->assertFalse($encoder->isPasswordValid('encoded', str_repeat('a', 5000), 'salt')); }
/** * @param string $hash * @param string $rawPassword * * @return bool */ protected function isValidPassword($hash, $rawPassword) { $encoder = new BCryptPasswordEncoder(self::BCRYPT_FACTOR); return $encoder->isPasswordValid($hash, $rawPassword, self::BCRYPT_SALT); }
/** * A utility function to verify if the password in the db matches the given password * This is primarily used in tests * @param string $passwordToVerify * @return bool true if the password matches, false if not */ public function verifyPassword($passwordToVerify) { $bcrypt = new BCryptPasswordEncoder(BCRYPT_COST); return $bcrypt->isPasswordValid($this->password, $passwordToVerify, null); }