makary/phpbb
1
0
Fork 0
mirror of https://github.com/phpbb/phpbb.git synced 2025-06-28 14:18:52 +00:00
Code Issues Projects Releases Packages Wiki Activity

[feature/passwords] Make sure hash has the required length

Browse source 
Also added tests to make sure that crypto drivers are enforcing the hash
length.

PHPBB3-11610
This commit is contained in:
Marc Alexander 2013-06-16 23:55:33 +02:00
parent 7ddf004489
commit 4b81b93d10
2 changed files with 17 additions and 3 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

4
phpBB/includes/crypto/driver/bcrypt.php
View file

@ -53,6 +53,10 @@ class phpbb_crypto_driver_bcrypt extends phpbb_crypto_driver_base
} }
$hash = crypt($password, $salt); $hash = crypt($password, $salt);
if (strlen($hash) < 60)
{
return false;
}
return $hash; return $hash;
} }

16
tests/crypto/manager_test.php
View file

@ -16,6 +16,8 @@ require_once dirname(__FILE__) . '/../../phpBB/includes/crypto/driver/helper.php
class phpbb_crypto_manager_test extends PHPUnit_Framework_TestCase class phpbb_crypto_manager_test extends PHPUnit_Framework_TestCase
{ {
protected $crypto_drivers;
public function setUp() public function setUp()
{ {
global $phpbb_root_path, $phpEx; global $phpbb_root_path, $phpEx;
@ -26,14 +28,14 @@ class phpbb_crypto_manager_test extends PHPUnit_Framework_TestCase
// Prepare dependencies for manager and driver // Prepare dependencies for manager and driver
$config = new phpbb_config(array()); $config = new phpbb_config(array());
$crypto_drivers = array( $this->crypto_drivers = array(
'crypto.driver.bcrypt' => new phpbb_crypto_driver_bcrypt($config), 'crypto.driver.bcrypt' => new phpbb_crypto_driver_bcrypt($config),
'crypto.driver.bcrypt_2y' => new phpbb_crypto_driver_bcrypt_2y($config), 'crypto.driver.bcrypt_2y' => new phpbb_crypto_driver_bcrypt_2y($config),
'crypto.driver.salted_md5' => new phpbb_crypto_driver_salted_md5($config), 'crypto.driver.salted_md5' => new phpbb_crypto_driver_salted_md5($config),
'crypto.driver.phpass' => new phpbb_crypto_driver_phpass($config), 'crypto.driver.phpass' => new phpbb_crypto_driver_phpass($config),
); );
foreach ($crypto_drivers as $key => $driver) foreach ($this->crypto_drivers as $key => $driver)
{ {
$this->phpbb_container->set($key, $driver); $this->phpbb_container->set($key, $driver);
} }
@ -42,7 +44,7 @@ class phpbb_crypto_manager_test extends PHPUnit_Framework_TestCase
$config['allow_avatar_' . get_class($this->avatar_barfoo)] = false; $config['allow_avatar_' . get_class($this->avatar_barfoo)] = false;
*/ */
// Set up avatar manager // Set up avatar manager
$this->manager = new phpbb_crypto_manager($config, $this->phpbb_container, $crypto_drivers); $this->manager = new phpbb_crypto_manager($config, $this->phpbb_container, $this->crypto_drivers);
} }
public function hash_password_data() public function hash_password_data()
@ -115,4 +117,12 @@ class phpbb_crypto_manager_test extends PHPUnit_Framework_TestCase
$test_word = str_shuffle($test_word); $test_word = str_shuffle($test_word);
} }
} }
public function test_hash_password_length()
{
foreach ($this->crypto_drivers as $driver)
{
$this->assertEquals(false, $driver->hash('foobar', 'foobar'));
}
}
} }