탐색 도움말
로그인
bachir
/
materio-base-d7
1
0
포크 0
파일 이슈 0 풀 리퀘스트 0 위키
트리: ad76968844
브랜치 태그
materio-base-d7
/
modules
/
simpletest
/
tests
/
password.test

password.test 2.5 KB
히스토리 Raw

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960 
  1. <?php
    2. 

  2. 

  3. /**
    4. 

  4.  * @file
    5. 

  5.  * Provides unit tests for password.inc.
    6. 

  6.  */
    7. 

  7. 

  8. /**
    9. 

  9.  * Unit tests for password hashing API.
    10. 

  10.  */
    11. 

  11. class PasswordHashingTest extends DrupalWebTestCase {
    12. 

  12.   protected $profile = 'testing';
    13. 

  13. 

  14.   public static function getInfo() {
    15. 

  15.     return array(
    16. 

  16.       'name' => 'Password hashing',
    17. 

  17.       'description' => 'Password hashing unit tests.',
    18. 

  18.       'group' => 'System',
    19. 

  19.     );
    20. 

  20.   }
    21. 

  21. 

  22.   function setUp() {
    23. 

  23.     require_once DRUPAL_ROOT . '/' . variable_get('password_inc', 'includes/password.inc');
    24. 

  24.     parent::setUp();
    25. 

  25.   }
    26. 

  26. 

  27.   /**
    28. 

  28.    * Test password hashing.
    29. 

  29.    */
    30. 

  30.   function testPasswordHashing() {
    31. 

  31.     // Set a log2 iteration count that is deliberately out of bounds to test
    32. 

  32.     // that it is corrected to be within bounds.
    33. 

  33.     variable_set('password_count_log2', 1);
    34. 

  34.     // Set up a fake $account with a password 'baz', hashed with md5.
    35. 

  35.     $password = 'baz';
    36. 

  36.     $account = (object) array('name' => 'foo', 'pass' => md5($password));
    37. 

  37.     // The md5 password should be flagged as needing an update.
    38. 

  38.     $this->assertTrue(user_needs_new_hash($account), 'User with md5 password needs a new hash.');
    39. 

  39.     // Re-hash the password.
    40. 

  40.     $old_hash = $account->pass;
    41. 

  41.     $account->pass = user_hash_password($password);
    42. 

  42.     $this->assertIdentical(_password_get_count_log2($account->pass), DRUPAL_MIN_HASH_COUNT, 'Re-hashed password has the minimum number of log2 iterations.');
    43. 

  43.     $this->assertTrue($account->pass != $old_hash, 'Password hash changed.');
    44. 

  44.     $this->assertTrue(user_check_password($password, $account), 'Password check succeeds.');
    45. 

  45.     // Since the log2 setting hasn't changed and the user has a valid password,
    46. 

  46.     // user_needs_new_hash() should return FALSE.
    47. 

  47.     $this->assertFalse(user_needs_new_hash($account), 'User does not need a new hash.');
    48. 

  48.     // Increment the log2 iteration to MIN + 1.
    49. 

  49.     variable_set('password_count_log2', DRUPAL_MIN_HASH_COUNT + 1);
    50. 

  50.     $this->assertTrue(user_needs_new_hash($account), 'User needs a new hash after incrementing the log2 count.');
    51. 

  51.     // Re-hash the password.
    52. 

  52.     $old_hash = $account->pass;
    53. 

  53.     $account->pass = user_hash_password($password);
    54. 

  54.     $this->assertIdentical(_password_get_count_log2($account->pass), DRUPAL_MIN_HASH_COUNT + 1, 'Re-hashed password has the correct number of log2 iterations.');
    55. 

  55.     $this->assertTrue($account->pass != $old_hash, 'Password hash changed again.');
    56. 

  56.     // Now the hash should be OK.
    57. 

  57.     $this->assertFalse(user_needs_new_hash($account), 'Re-hashed password does not need a new hash.');
    58. 

  58.     $this->assertTrue(user_check_password($password, $account), 'Password check succeeds with re-hashed password.');
    59. 

  59.   }
    60. 

  60. }
    61.