HasherTest.php 3.8 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118
  1. <?php
  2. /**
  3. * Copyright (c) 2014 Lukas Reschke <lukas@owncloud.com>
  4. * This file is licensed under the Affero General Public License version 3 or
  5. * later.
  6. * See the COPYING-README file.
  7. */
  8. namespace Test\Security;
  9. use OC\Security\Hasher;
  10. /**
  11. * Class HasherTest
  12. */
  13. class HasherTest extends \Test\TestCase {
  14. /**
  15. * @return array
  16. */
  17. public function versionHashProvider()
  18. {
  19. return array(
  20. array('asf32äà$$a.|3', null),
  21. array('asf32äà$$a.|3|5', null),
  22. array('1|2|3|4', array('version' => 1, 'hash' => '2|3|4')),
  23. array('1|我看|这本书。 我看這本書', array('version' => 1, 'hash' => '我看|这本书。 我看這本書'))
  24. );
  25. }
  26. /**
  27. * @return array
  28. */
  29. public function allHashProviders()
  30. {
  31. return array(
  32. // Bogus values
  33. array(null, 'asf32äà$$a.|3', false),
  34. array(null, false, false),
  35. // Valid SHA1 strings
  36. array('password', '5baa61e4c9b93f3f0682250b6cf8331b7ee68fd8', true),
  37. array('owncloud.com', '27a4643e43046c3569e33b68c1a4b15d31306d29', true),
  38. // Invalid SHA1 strings
  39. array('InvalidString', '5baa61e4c9b93f3f0682250b6cf8331b7ee68fd8', false),
  40. array('AnotherInvalidOne', '27a4643e43046c3569e33b68c1a4b15d31306d29', false),
  41. // Valid legacy password string with password salt "6Wow67q1wZQZpUUeI6G2LsWUu4XKx"
  42. array('password', '$2a$08$emCpDEl.V.QwPWt5gPrqrOhdpH6ailBmkj2Hd2vD5U8qIy20HBe7.', true),
  43. array('password', '$2a$08$yjaLO4ev70SaOsWZ9gRS3eRSEpHVsmSWTdTms1949mylxJ279hzo2', true),
  44. array('password', '$2a$08$.jNRG/oB4r7gHJhAyb.mDupNUAqTnBIW/tWBqFobaYflKXiFeG0A6', true),
  45. array('owncloud.com', '$2a$08$YbEsyASX/hXVNMv8hXQo7ezreN17T8Jl6PjecGZvpX.Ayz2aUyaZ2', true),
  46. array('owncloud.com', '$2a$11$cHdDA2IkUP28oNGBwlL7jO/U3dpr8/0LIjTZmE8dMPA7OCUQsSTqS', true),
  47. array('owncloud.com', '$2a$08$GH.UoIfJ1e.qeZ85KPqzQe6NR8XWRgJXWIUeE1o/j1xndvyTA1x96', true),
  48. // Invalid legacy passwords
  49. array('password', '$2a$08$oKAQY5IhnZocP.61MwP7xu7TNeOb7Ostvk3j6UpacvaNMs.xRj7O2', false),
  50. // Valid passwords "6Wow67q1wZQZpUUeI6G2LsWUu4XKx"
  51. array('password', '1|$2a$05$ezAE0dkwk57jlfo6z5Pql.gcIK3ReXT15W7ITNxVS0ksfhO/4E4Kq', true),
  52. array('password', '1|$2a$05$4OQmloFW4yTVez2MEWGIleDO9Z5G9tWBXxn1vddogmKBQq/Mq93pe', true),
  53. array('password', '1|$2a$11$yj0hlp6qR32G9exGEXktB.yW2rgt2maRBbPgi3EyxcDwKrD14x/WO', true),
  54. array('owncloud.com', '1|$2a$10$Yiss2WVOqGakxuuqySv5UeOKpF8d8KmNjuAPcBMiRJGizJXjA2bKm', true),
  55. array('owncloud.com', '1|$2a$10$v9mh8/.mF/Ut9jZ7pRnpkuac3bdFCnc4W/gSumheQUi02Sr.xMjPi', true),
  56. array('owncloud.com', '1|$2a$05$ST5E.rplNRfDCzRpzq69leRzsTGtY7k88h9Vy2eWj0Ug/iA9w5kGK', true),
  57. // Invalid passwords
  58. array('password', '0|$2a$08$oKAQY5IhnZocP.61MwP7xu7TNeOb7Ostvk3j6UpacvaNMs.xRj7O2', false),
  59. array('password', '1|$2a$08$oKAQY5IhnZocP.61MwP7xu7TNeOb7Ostvk3j6UpacvaNMs.xRj7O2', false),
  60. array('password', '2|$2a$08$oKAQY5IhnZocP.61MwP7xu7TNeOb7Ostvk3j6UpacvaNMs.xRj7O2', false),
  61. );
  62. }
  63. /** @var Hasher */
  64. protected $hasher;
  65. /** @var \OCP\IConfig */
  66. protected $config;
  67. protected function setUp() {
  68. parent::setUp();
  69. $this->config = $this->getMockBuilder('\OCP\IConfig')
  70. ->disableOriginalConstructor()->getMock();
  71. $this->hasher = new Hasher($this->config);
  72. }
  73. function testHash() {
  74. $hash = $this->hasher->hash('String To Hash');
  75. $this->assertNotNull($hash);
  76. }
  77. /**
  78. * @dataProvider versionHashProvider
  79. */
  80. function testSplitHash($hash, $expected) {
  81. $relativePath = self::invokePrivate($this->hasher, 'splitHash', array($hash));
  82. $this->assertSame($expected, $relativePath);
  83. }
  84. /**
  85. * @dataProvider allHashProviders
  86. */
  87. function testVerify($password, $hash, $expected) {
  88. $this->config
  89. ->expects($this->any())
  90. ->method('getSystemValue')
  91. ->with('passwordsalt', null)
  92. ->will($this->returnValue('6Wow67q1wZQZpUUeI6G2LsWUu4XKx'));
  93. $result = $this->hasher->verify($password, $hash);
  94. $this->assertSame($expected, $result);
  95. }
  96. }