Changeset View
Changeset View
Standalone View
Standalone View
src/applications/auth/__tests__/PhabricatorAuthPasswordTestCase.php
| Show First 20 Lines • Show All 93 Lines • ▼ Show 20 Lines | public function testPasswordEngine() { | ||||
| // The revoked password makes this password non-unique for all account | // The revoked password makes this password non-unique for all account | ||||
| // types. | // types. | ||||
| $this->assertFalse($engine->isUniquePassword($password1)); | $this->assertFalse($engine->isUniquePassword($password1)); | ||||
| $this->assertTrue($engine->isUniquePassword($password2)); | $this->assertTrue($engine->isUniquePassword($password2)); | ||||
| $this->assertFalse($account_engine->isUniquePassword($password1)); | $this->assertFalse($account_engine->isUniquePassword($password1)); | ||||
| $this->assertTrue($account_engine->isUniquePassword($password2)); | $this->assertTrue($account_engine->isUniquePassword($password2)); | ||||
| } | } | ||||
| public function testPasswordBlocklisting() { | |||||
| $user = $this->generateNewTestUser(); | |||||
| $user | |||||
| ->setUsername('iasimov') | |||||
| ->setRealName('Isaac Asimov') | |||||
| ->save(); | |||||
| $test_type = PhabricatorAuthPassword::PASSWORD_TYPE_TEST; | |||||
| $content_source = $this->newContentSource(); | |||||
| $engine = id(new PhabricatorAuthPasswordEngine()) | |||||
| ->setViewer($user) | |||||
| ->setContentSource($content_source) | |||||
| ->setPasswordType($test_type) | |||||
| ->setObject($user); | |||||
| $env = PhabricatorEnv::beginScopedEnv(); | |||||
| $env->overrideEnvConfig('account.minimum-password-length', 4); | |||||
| $passwords = array( | |||||
| 'a23li432m9mdf' => true, | |||||
| // Empty. | |||||
| '' => false, | |||||
| // Password length tests. | |||||
| 'xh3' => false, | |||||
| 'xh32' => true, | |||||
| // In common password blocklist. | |||||
| 'password1' => false, | |||||
| // Tests for the account identifier blocklist. | |||||
| 'isaac' => false, | |||||
| 'iasimov' => false, | |||||
| 'iasimov1' => false, | |||||
| 'asimov' => false, | |||||
| 'iSaAc' => false, | |||||
| '32IASIMOV' => false, | |||||
| 'i-am-iasimov-this-is-my-long-strong-password' => false, | |||||
| 'iasimo' => false, | |||||
| // These are okay: although they're visually similar, they aren't mutual | |||||
| // substrings of any identifier. | |||||
| 'iasimo1' => true, | |||||
| 'isa1mov' => true, | |||||
| ); | |||||
| foreach ($passwords as $password => $expect) { | |||||
| $this->assertBlocklistedPassword($engine, $password, $expect); | |||||
| } | |||||
| } | |||||
| private function assertBlocklistedPassword( | |||||
| PhabricatorAuthPasswordEngine $engine, | |||||
| $raw_password, | |||||
| $expect_valid) { | |||||
| $envelope_1 = new PhutilOpaqueEnvelope($raw_password); | |||||
| $envelope_2 = new PhutilOpaqueEnvelope($raw_password); | |||||
| $caught = null; | |||||
| try { | |||||
| $engine->checkNewPassword($envelope_1, $envelope_2); | |||||
| } catch (PhabricatorAuthPasswordException $exception) { | |||||
| $caught = $exception; | |||||
| } | |||||
| $this->assertEqual( | |||||
| $expect_valid, | |||||
| !($caught instanceof PhabricatorAuthPasswordException), | |||||
| pht('Validity of password "%s".', $raw_password)); | |||||
| } | |||||
| public function testPasswordUpgrade() { | public function testPasswordUpgrade() { | ||||
| $weak_hasher = new PhabricatorIteratedMD5PasswordHasher(); | $weak_hasher = new PhabricatorIteratedMD5PasswordHasher(); | ||||
| // Make sure we have two different hashers, and that the second one is | // Make sure we have two different hashers, and that the second one is | ||||
| // stronger than iterated MD5. The most common reason this would fail is | // stronger than iterated MD5. The most common reason this would fail is | ||||
| // if an install does not have bcrypt available. | // if an install does not have bcrypt available. | ||||
| $strong_hasher = PhabricatorPasswordHasher::getBestHasher(); | $strong_hasher = PhabricatorPasswordHasher::getBestHasher(); | ||||
| if ($strong_hasher->getStrength() <= $weak_hasher->getStrength()) { | if ($strong_hasher->getStrength() <= $weak_hasher->getStrength()) { | ||||
| ▲ Show 20 Lines • Show All 99 Lines • Show Last 20 Lines | |||||