summaryrefslogtreecommitdiffstats
path: root/tests
diff options
context:
space:
mode:
authorRoeland Jago Douma <roeland@famdouma.nl>2020-01-29 21:39:58 +0100
committerRoeland Jago Douma <roeland@famdouma.nl>2020-02-03 21:41:17 +0100
commit0d651f106c3bd317835c15cc82f3689d71432d48 (patch)
tree24e19f1378cd7f5aa9f26e882b5d1fac2478ff8c /tests
parent4503cff51a5a075291ac63d1ae5472ae49b97679 (diff)
downloadnextcloud-server-0d651f106c3bd317835c15cc82f3689d71432d48.tar.gz
nextcloud-server-0d651f106c3bd317835c15cc82f3689d71432d48.zip
Allow selecting the hashing algorithm
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
Diffstat (limited to 'tests')
-rw-r--r--tests/lib/Security/HasherTest.php65
1 files changed, 63 insertions, 2 deletions
diff --git a/tests/lib/Security/HasherTest.php b/tests/lib/Security/HasherTest.php
index 3222b5d0984..e680efb19b6 100644
--- a/tests/lib/Security/HasherTest.php
+++ b/tests/lib/Security/HasherTest.php
@@ -126,8 +126,12 @@ class HasherTest extends \Test\TestCase {
$this->config
->expects($this->any())
->method('getSystemValue')
- ->with('passwordsalt', null)
- ->will($this->returnValue('6Wow67q1wZQZpUUeI6G2LsWUu4XKx'));
+ ->willReturnCallback(function ($key, $default) {
+ if($key === 'passwordsalt') {
+ return '6Wow67q1wZQZpUUeI6G2LsWUu4XKx';
+ }
+ return $default;
+ });
$result = $this->hasher->verify($password, $hash);
$this->assertSame($expected, $result);
@@ -162,4 +166,61 @@ class HasherTest extends \Test\TestCase {
$this->assertFalse(password_needs_rehash($relativePath['hash'], PASSWORD_ARGON2I, []));
}
+
+ public function testUsePasswordDefaultArgon2iVerify() {
+ if (!\defined('PASSWORD_ARGON2I')) {
+ $this->markTestSkipped('Need ARGON2 support to test ARGON2 hashes');
+ }
+
+ $this->config->method('getSystemValue')
+ ->with('hashing_default_password')
+ ->willReturn(true);
+
+ $message = 'mysecret';
+
+ $argon2i = 2 . '|' . password_hash($message, PASSWORD_ARGON2I, []);
+
+ $newHash = null;
+ $this->assertTrue($this->hasher->verify($message, $argon2i, $newHash));
+ $this->assertNotNull($newHash);
+ }
+
+ public function testDoNotUserPasswordDefaultArgon2iVerify() {
+ if (!\defined('PASSWORD_ARGON2I')) {
+ $this->markTestSkipped('Need ARGON2 support to test ARGON2 hashes');
+ }
+
+ $this->config->method('getSystemValue')
+ ->with('hashing_default_password')
+ ->willReturn(false);
+
+ $message = 'mysecret';
+
+ $argon2i = 2 . '|' . password_hash($message, PASSWORD_ARGON2I, []);
+
+ $newHash = null;
+ $this->assertTrue($this->hasher->verify($message, $argon2i, $newHash));
+ $this->assertNull($newHash);
+ }
+
+ public function testHashUsePasswordDefault() {
+ if (!\defined('PASSWORD_ARGON2I')) {
+ $this->markTestSkipped('Need ARGON2 support to test ARGON2 hashes');
+ }
+
+ $this->config->method('getSystemValue')
+ ->with('hashing_default_password')
+ ->willReturn(true);
+
+ $message = 'mysecret';
+
+ $hash = $this->hasher->hash($message);
+ $relativePath = self::invokePrivate($this->hasher, 'splitHash', [$hash]);
+
+ $this->assertSame(1, $relativePath['version']);
+
+ $info = password_get_info($relativePath['hash']);
+ $this->assertEquals(PASSWORD_BCRYPT, $info['algo']);
+
+ }
}