public function testValidateAutoLoginToken() { $enc = new PasswordEncryptor_Blowfish(); $m1 = new Member(); $m1->PasswordEncryption = 'blowfish'; $m1->Salt = $enc->salt('123'); $m1Token = $m1->generateAutologinTokenAndStoreHash(); $m2 = new Member(); $m2->PasswordEncryption = 'blowfish'; $m2->Salt = $enc->salt('456'); $m2Token = $m2->generateAutologinTokenAndStoreHash(); $this->assertTrue($m1->validateAutoLoginToken($m1Token), 'Passes token validity test against matching member.'); $this->assertFalse($m2->validateAutoLoginToken($m1Token), 'Fails token validity test against other member.'); }
public function testEncryptorBlowfish() { Config::inst()->update('SilverStripe\\Security\\PasswordEncryptor', 'encryptors', ['test_blowfish' => ['SilverStripe\\Security\\PasswordEncryptor_Blowfish' => '']]); $e = PasswordEncryptor::create_for_algorithm('test_blowfish'); $password = '******'; $salt = $e->salt($password); $modSalt = substr($salt, 0, 3) . str_shuffle(substr($salt, 3, strlen($salt))); $this->assertTrue($e->checkAEncryptionLevel() == 'y' || $e->checkAEncryptionLevel() == 'x' || $e->checkAEncryptionLevel() == 'a'); $this->assertTrue($e->check($e->encrypt($password, $salt), "mypassword", $salt)); $this->assertFalse($e->check($e->encrypt($password, $salt), "anotherpw", $salt)); $this->assertFalse($e->check($e->encrypt($password, $salt), "mypassword", $modSalt)); PasswordEncryptor_Blowfish::set_cost(1); $salt = $e->salt($password); $modSalt = substr($salt, 0, 3) . str_shuffle(substr($salt, 3, strlen($salt))); $this->assertNotEquals(1, PasswordEncryptor_Blowfish::get_cost()); $this->assertEquals(4, PasswordEncryptor_Blowfish::get_cost()); $this->assertTrue($e->check($e->encrypt($password, $salt), "mypassword", $salt)); $this->assertFalse($e->check($e->encrypt($password, $salt), "anotherpw", $salt)); $this->assertFalse($e->check($e->encrypt($password, $salt), "mypassword", $modSalt)); PasswordEncryptor_Blowfish::set_cost(11); $salt = $e->salt($password); $modSalt = substr($salt, 0, 3) . str_shuffle(substr($salt, 3, strlen($salt))); $this->assertEquals(11, PasswordEncryptor_Blowfish::get_cost()); $this->assertTrue($e->check($e->encrypt($password, $salt), "mypassword", $salt)); $this->assertFalse($e->check($e->encrypt($password, $salt), "anotherpw", $salt)); $this->assertFalse($e->check($e->encrypt($password, $salt), "mypassword", $modSalt)); PasswordEncryptor_Blowfish::set_cost(35); $this->assertNotEquals(35, PasswordEncryptor_Blowfish::get_cost()); $this->assertEquals(31, PasswordEncryptor_Blowfish::get_cost()); //Don't actually test this one. It takes too long. 31 takes too long to process }