[Security] limited the password length passed to encodersv2.2.9

1 files changed, 16 insertions, 0 deletions

diff --git a/Tests/Core/Encoder/BasePasswordEncoderTest.php b/Tests/Core/Encoder/BasePasswordEncoderTest.php
index 2ef1dcc..762f6ab 100644
--- a/Tests/Core/Encoder/BasePasswordEncoderTest.php
+++ b/Tests/Core/Encoder/BasePasswordEncoderTest.php
@@ -53,6 +53,12 @@ class BasePasswordEncoderTest extends \PHPUnit_Framework_TestCase
         $this->invokeMergePasswordAndSalt('password', '{foo}');
     }
 
+    public function testIsPasswordTooLong()
+    {
+        $this->assertTrue($this->invokeIsPasswordTooLong(str_repeat('a', 10000)));
+        $this->assertFalse($this->invokeIsPasswordTooLong(str_repeat('a', 10)));
+    }
+
     protected function invokeDemergePasswordAndSalt($password)
     {
         $encoder = new PasswordEncoder();
@@ -82,4 +88,14 @@ class BasePasswordEncoderTest extends \PHPUnit_Framework_TestCase
 
         return $m->invoke($encoder, $p1, $p2);
     }
+
+    protected function invokeIsPasswordTooLong($p)
+    {
+        $encoder = new PasswordEncoder();
+        $r = new \ReflectionObject($encoder);
+        $m = $r->getMethod('isPasswordTooLong');
+        $m->setAccessible(true);
+
+        return $m->invoke($encoder, $p);
+    }
 }