NotificationsYou must be signed in to change notification settings
Fork9.7k
Star30.8k

Commitc25c368

committed

[PasswordHasher] Make bcrypt nul byte hash test tolerant to PHP related failures

1 parent93fcdb8 commitc25c368Copy full SHA for c25c368

File tree

2 files changed

+44

-18

lines changed

src/Symfony/Component/PasswordHasher/Tests/Hasher
- NativePasswordHasherTest.php
- SodiumPasswordHasherTest.php

2 files changed

+44

-18

lines changed

`‎src/Symfony/Component/PasswordHasher/Tests/Hasher/NativePasswordHasherTest.php‎`

Lines changed: 22 additions & 9 deletions

Original file line number	Diff line number	Diff line change
`@@ -99,23 +99,36 @@ public function testBcryptWithLongPassword()`
`99`	`99`	`}`
`100`	`100`
`101`	`101`	`/**`
`102`		`- * "password_hash()" does not accept passwords containing NUL bytes prior to PHP 8.2`
`103`		- * and throws a ValueError, thus this test is skipped because `$hasher->verify()` will
`104`		`- * not be executed.`
`105`		`- *`
`106`		`- * @requires PHP >= 8.2`
	`102`	`+ * @requires PHP < 8.4`
`107`	`103`	`*/`
`108`	`104`	`publicfunctiontestBcryptWithNulByte()`
`109`	`105`	`{`
`110`	`106`	`$hasher =newNativePasswordHasher(null,null,4, \PASSWORD_BCRYPT);`
`111`	`107`	`$plainPassword ="a\0b";`
`112`	`108`
`113`		`-if (\PHP_VERSION_ID <80218 \|\| \PHP_VERSION_ID >=80300 && \PHP_VERSION_ID <80305) {`
`114`		`-// password_hash() does not accept passwords containing NUL bytes since PHP 8.2.18 and 8.3.5`
`115`		`-$this->assertFalse($hasher->verify(password_hash($plainPassword, \PASSWORD_BCRYPT, ['cost' =>4]),$plainPassword));`
	`109`	`+try {`
	`110`	`+$hash =password_hash($plainPassword, \PASSWORD_BCRYPT, ['cost' =>4]);`
	`111`	`+ }catch (\Throwable$throwable) {`
	`112`	`+// we skip the test in case the PHP version does not support NUL bytes in passwords`
	`113`	`+// with bcrypt`
	`114`	`+//`
	`115`	`+// @see https://github.com/php/php-src/commit/11f2568767660ffe92fbc6799800e01203aad73a`
	`116`	`+if (false !==strpos($throwable->getMessage(),'Bcrypt password must not contain null character')) {`
	`117`	`+$this->markTestSkipped('password_hash() does not accept passwords containing NUL bytes.');`
	`118`	`+ }`
	`119`	`+`
	`120`	`+throw$throwable;`
`116`	`121`	`}`
`117`	`122`
`118`		`-$this->assertTrue($hasher->verify($hasher->hash($plainPassword),$plainPassword));`
	`123`	`+if (null ===$hash) {`
	`124`	`+// we also skip the test in case password_hash() returns null as`
	`125`	`+// implemented in security patches backports`
	`126`	`+//`
	`127`	`+// @see https://github.com/shivammathur/php-src-backports/commit/d22d9ebb29dce86edd622205dd1196a2796c08c7`
	`128`	`+$this->markTestSkipped('password_hash() does not accept passwords containing NUL bytes.');`
	`129`	`+ }`
	`130`	`+`
	`131`	`+$this->assertTrue($hasher->verify($hash,$plainPassword));`
`119`	`132`	`}`
`120`	`133`
`121`	`134`	`publicfunctiontestNeedsRehash()`

`‎src/Symfony/Component/PasswordHasher/Tests/Hasher/SodiumPasswordHasherTest.php‎`

Lines changed: 22 additions & 9 deletions

Original file line number	Diff line number	Diff line change
`@@ -74,23 +74,36 @@ public function testBcryptWithLongPassword()`
`74`	`74`	`}`
`75`	`75`
`76`	`76`	`/**`
`77`		`- * "password_hash()" does not accept passwords containing NUL bytes prior to PHP 8.2`
`78`		- * and throws a ValueError, thus this test is skipped because `$hasher->verify()` will
`79`		`- * not be executed.`
`80`		`- *`
`81`		`- * @requires PHP >= 8.2`
	`77`	`+ * @requires PHP < 8.4`
`82`	`78`	`*/`
`83`	`79`	`publicfunctiontestBcryptWithNulByte()`
`84`	`80`	`{`
`85`	`81`	`$hasher =newSodiumPasswordHasher(null,null);`
`86`	`82`	`$plainPassword ="a\0b";`
`87`	`83`
`88`		`-if (\PHP_VERSION_ID <80218 \|\| \PHP_VERSION_ID >=80300 && \PHP_VERSION_ID <80305) {`
`89`		`-// password_hash() does not accept passwords containing NUL bytes since PHP 8.2.18 and 8.3.5`
`90`		`-$this->assertFalse($hasher->verify(password_hash($plainPassword, \PASSWORD_BCRYPT, ['cost' =>4]),$plainPassword));`
	`84`	`+try {`
	`85`	`+$hash =password_hash($plainPassword, \PASSWORD_BCRYPT, ['cost' =>4]);`
	`86`	`+ }catch (\Throwable$throwable) {`
	`87`	`+// we skip the test in case the PHP version does not support NUL bytes in passwords`
	`88`	`+// with bcrypt`
	`89`	`+//`
	`90`	`+// @see https://github.com/php/php-src/commit/11f2568767660ffe92fbc6799800e01203aad73a`
	`91`	`+if (false !==strpos($throwable->getMessage(),'Bcrypt password must not contain null character')) {`
	`92`	`+$this->markTestSkipped('password_hash() does not accept passwords containing NUL bytes.');`
	`93`	`+ }`
	`94`	`+`
	`95`	`+throw$throwable;`
`91`	`96`	`}`
`92`	`97`
`93`		`-$this->assertTrue($hasher->verify((newNativePasswordHasher(null,null,4, \PASSWORD_BCRYPT))->hash($plainPassword),$plainPassword));`
	`98`	`+if (null ===$hash) {`
	`99`	`+// we also skip the test in case password_hash() returns null as`
	`100`	`+// implemented in security patches backports`
	`101`	`+//`
	`102`	`+// @see https://github.com/shivammathur/php-src-backports/commit/d22d9ebb29dce86edd622205dd1196a2796c08c7`
	`103`	`+$this->markTestSkipped('password_hash() does not accept passwords containing NUL bytes.');`
	`104`	`+ }`
	`105`	`+`
	`106`	`+$this->assertTrue($hasher->verify($hash,$plainPassword));`
`94`	`107`	`}`
`95`	`108`
`96`	`109`	`publicfunctiontestUserProvidedSaltIsNotUsed()`

0 commit comments

Comments

(0)

Movatterモバイル変換

Navigation Menu

Search code, repositories, users, issues, pull requests...

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Uh oh!

Commitc25c368

File tree

2 files changed

2 files changed

`‎src/Symfony/Component/PasswordHasher/Tests/Hasher/NativePasswordHasherTest.php‎`

`‎src/Symfony/Component/PasswordHasher/Tests/Hasher/SodiumPasswordHasherTest.php‎`

0 commit comments