[Security] limited the password length passed to encoders

1 files changed, 20 insertions, 0 deletions

diff --git a/Core/Tests/Encoder/PlaintextPasswordEncoderTest.php b/Core/Tests/Encoder/PlaintextPasswordEncoderTest.php
index 513a94a..763aae1 100644
--- a/Core/Tests/Encoder/PlaintextPasswordEncoderTest.php
+++ b/Core/Tests/Encoder/PlaintextPasswordEncoderTest.php
@@ -36,4 +36,24 @@ class PlaintextPasswordEncoderTest extends \PHPUnit_Framework_TestCase
 
         $this->assertSame('foo', $encoder->encodePassword('foo', ''));
     }
+
+    /**
+     * @expectedException \Symfony\Component\Security\Core\Exception\BadCredentialsException
+     */
+    public function testEncodePasswordLength()
+    {
+        $encoder = new PlaintextPasswordEncoder();
+
+        $encoder->encodePassword(str_repeat('a', 5000), 'salt');
+    }
+
+    /**
+     * @expectedException \Symfony\Component\Security\Core\Exception\BadCredentialsException
+     */
+    public function testCheckPasswordLength()
+    {
+        $encoder = new PlaintextPasswordEncoder();
+
+        $encoder->isPasswordValid('encoded', str_repeat('a', 5000), 'salt');
+    }
 }