Changeset View
Changeset View
Standalone View
Standalone View
src/applications/auth/__tests__/PhabricatorAuthPasswordTestCase.php
Show First 20 Lines • Show All 93 Lines • ▼ Show 20 Lines | public function testPasswordEngine() { | ||||
// The revoked password makes this password non-unique for all account | // The revoked password makes this password non-unique for all account | ||||
// types. | // types. | ||||
$this->assertFalse($engine->isUniquePassword($password1)); | $this->assertFalse($engine->isUniquePassword($password1)); | ||||
$this->assertTrue($engine->isUniquePassword($password2)); | $this->assertTrue($engine->isUniquePassword($password2)); | ||||
$this->assertFalse($account_engine->isUniquePassword($password1)); | $this->assertFalse($account_engine->isUniquePassword($password1)); | ||||
$this->assertTrue($account_engine->isUniquePassword($password2)); | $this->assertTrue($account_engine->isUniquePassword($password2)); | ||||
} | } | ||||
public function testPasswordUpgrade() { | |||||
$weak_hasher = new PhabricatorIteratedMD5PasswordHasher(); | |||||
// Make sure we have two different hashers, and that the second one is | |||||
// stronger than iterated MD5. The most common reason this would fail is | |||||
// if an install does not have bcrypt available. | |||||
$strong_hasher = PhabricatorPasswordHasher::getBestHasher(); | |||||
if ($strong_hasher->getStrength() <= $weak_hasher->getStrength()) { | |||||
$this->assertSkipped( | |||||
pht( | |||||
'Multiple password hashers of different strengths are not '. | |||||
'available, so hash upgrading can not be tested.')); | |||||
} | |||||
$envelope = new PhutilOpaqueEnvelope('lunar1997'); | |||||
$user = $this->generateNewTestUser(); | |||||
$type = PhabricatorAuthPassword::PASSWORD_TYPE_TEST; | |||||
$content_source = $this->newContentSource(); | |||||
$engine = id(new PhabricatorAuthPasswordEngine()) | |||||
->setViewer($user) | |||||
->setContentSource($content_source) | |||||
->setPasswordType($type) | |||||
->setObject($user); | |||||
$password = PhabricatorAuthPassword::initializeNewPassword($user, $type) | |||||
->setPasswordWithHasher($envelope, $user, $weak_hasher) | |||||
->save(); | |||||
$weak_name = $weak_hasher->getHashName(); | |||||
$strong_name = $strong_hasher->getHashName(); | |||||
// Since we explicitly used the weak hasher, the password should have | |||||
// been hashed with it. | |||||
$actual_hasher = $password->getHasher(); | |||||
$this->assertEqual($weak_name, $actual_hasher->getHashName()); | |||||
$is_valid = $engine | |||||
->setUpgradeHashers(false) | |||||
->isValidPassword($envelope, $user); | |||||
$password->reload(); | |||||
// Since we disabled hasher upgrading, the password should not have been | |||||
// rehashed. | |||||
$this->assertTrue($is_valid); | |||||
$actual_hasher = $password->getHasher(); | |||||
$this->assertEqual($weak_name, $actual_hasher->getHashName()); | |||||
$is_valid = $engine | |||||
->setUpgradeHashers(true) | |||||
->isValidPassword($envelope, $user); | |||||
$password->reload(); | |||||
// Now that we enabled hasher upgrading, the password should have been | |||||
// automatically rehashed into the stronger format. | |||||
$this->assertTrue($is_valid); | |||||
$actual_hasher = $password->getHasher(); | |||||
$this->assertEqual($strong_name, $actual_hasher->getHashName()); | |||||
// We should also have an "upgrade" transaction in the transaction record | |||||
// now which records the two hasher names. | |||||
$xactions = id(new PhabricatorAuthPasswordTransactionQuery()) | |||||
->setViewer($user) | |||||
->withObjectPHIDs(array($password->getPHID())) | |||||
->withTransactionTypes( | |||||
array( | |||||
PhabricatorAuthPasswordUpgradeTransaction::TRANSACTIONTYPE, | |||||
)) | |||||
->execute(); | |||||
$this->assertEqual(1, count($xactions)); | |||||
$xaction = head($xactions); | |||||
$this->assertEqual($weak_name, $xaction->getOldValue()); | |||||
$this->assertEqual($strong_name, $xaction->getNewValue()); | |||||
$is_valid = $engine | |||||
->isValidPassword($envelope, $user); | |||||
// Finally, the password should still be valid after all the dust has | |||||
// settled. | |||||
$this->assertTrue($is_valid); | |||||
} | |||||
private function revokePassword( | private function revokePassword( | ||||
PhabricatorUser $actor, | PhabricatorUser $actor, | ||||
PhabricatorAuthPassword $password) { | PhabricatorAuthPassword $password) { | ||||
$content_source = $this->newContentSource(); | $content_source = $this->newContentSource(); | ||||
$revoke_type = PhabricatorAuthPasswordRevokeTransaction::TRANSACTIONTYPE; | $revoke_type = PhabricatorAuthPasswordRevokeTransaction::TRANSACTIONTYPE; | ||||
$xactions = array(); | $xactions = array(); | ||||
Show All 14 Lines |