diff options
| -rw-r--r-- | Core/Encoder/BCryptPasswordEncoder.php | 9 | ||||
| -rw-r--r-- | Core/Encoder/BasePasswordEncoder.php | 11 | ||||
| -rw-r--r-- | Core/Encoder/MessageDigestPasswordEncoder.php | 10 | ||||
| -rw-r--r-- | Core/Encoder/Pbkdf2PasswordEncoder.php | 10 | ||||
| -rw-r--r-- | Core/Encoder/PlaintextPasswordEncoder.php | 10 | ||||
| -rw-r--r-- | Core/Tests/Encoder/BCryptPasswordEncoderTest.php | 23 | ||||
| -rw-r--r-- | Core/Tests/Encoder/BasePasswordEncoderTest.php | 16 | ||||
| -rw-r--r-- | Core/Tests/Encoder/MessageDigestPasswordEncoderTest.php | 5 | ||||
| -rw-r--r-- | Core/Tests/Encoder/Pbkdf2PasswordEncoderTest.php | 9 | ||||
| -rw-r--r-- | Core/Tests/Encoder/PlaintextPasswordEncoderTest.php | 5 |
10 files changed, 63 insertions, 45 deletions
diff --git a/Core/Encoder/BCryptPasswordEncoder.php b/Core/Encoder/BCryptPasswordEncoder.php index e8b2632..fc79021 100644 --- a/Core/Encoder/BCryptPasswordEncoder.php +++ b/Core/Encoder/BCryptPasswordEncoder.php @@ -12,6 +12,7 @@ namespace Symfony\Component\Security\Core\Encoder; use Symfony\Component\Security\Core\Encoder\BasePasswordEncoder; +use Symfony\Component\Security\Core\Exception\BadCredentialsException; /** * @author Elnur Abdurrakhimov <elnur@elnur.pro> @@ -64,7 +65,9 @@ class BCryptPasswordEncoder extends BasePasswordEncoder */ public function encodePassword($raw, $salt) { - $this->checkPasswordLength($raw); + if ($this->isPasswordTooLong($raw)) { + throw new BadCredentialsException('Invalid password.'); + } $options = array('cost' => $this->cost); @@ -80,8 +83,6 @@ class BCryptPasswordEncoder extends BasePasswordEncoder */ public function isPasswordValid($encoded, $raw, $salt) { - $this->checkPasswordLength($raw); - - return password_verify($raw, $encoded); + return !$this->isPasswordTooLong($raw) && password_verify($raw, $encoded); } } diff --git a/Core/Encoder/BasePasswordEncoder.php b/Core/Encoder/BasePasswordEncoder.php index b7e52bb..ba8ba79 100644 --- a/Core/Encoder/BasePasswordEncoder.php +++ b/Core/Encoder/BasePasswordEncoder.php @@ -87,10 +87,13 @@ abstract class BasePasswordEncoder implements PasswordEncoderInterface return StringUtils::equals($password1, $password2); } - protected function checkPasswordLength($password) + /** + * Checks if the password is too long. + * + * @return Boolean true if the password is too long, false otherwise + */ + protected function isPasswordTooLong($password) { - if (strlen($password) > self::MAX_PASSWORD_LENGTH) { - throw new BadCredentialsException('Invalid password.'); - } + return strlen($password) > self::MAX_PASSWORD_LENGTH; } } diff --git a/Core/Encoder/MessageDigestPasswordEncoder.php b/Core/Encoder/MessageDigestPasswordEncoder.php index efe1e5c..a7e5546 100644 --- a/Core/Encoder/MessageDigestPasswordEncoder.php +++ b/Core/Encoder/MessageDigestPasswordEncoder.php @@ -11,6 +11,8 @@ namespace Symfony\Component\Security\Core\Encoder; +use Symfony\Component\Security\Core\Exception\BadCredentialsException; + /** * MessageDigestPasswordEncoder uses a message digest algorithm. * @@ -41,7 +43,9 @@ class MessageDigestPasswordEncoder extends BasePasswordEncoder */ public function encodePassword($raw, $salt) { - $this->checkPasswordLength($raw); + if ($this->isPasswordTooLong($raw)) { + throw new BadCredentialsException('Invalid password.'); + } if (!in_array($this->algorithm, hash_algos(), true)) { throw new \LogicException(sprintf('The algorithm "%s" is not supported.', $this->algorithm)); @@ -63,8 +67,6 @@ class MessageDigestPasswordEncoder extends BasePasswordEncoder */ public function isPasswordValid($encoded, $raw, $salt) { - $this->checkPasswordLength($raw); - - return $this->comparePasswords($encoded, $this->encodePassword($raw, $salt)); + return !$this->isPasswordTooLong($raw) && $this->comparePasswords($encoded, $this->encodePassword($raw, $salt)); } } diff --git a/Core/Encoder/Pbkdf2PasswordEncoder.php b/Core/Encoder/Pbkdf2PasswordEncoder.php index a4b5c3b..8a5a958 100644 --- a/Core/Encoder/Pbkdf2PasswordEncoder.php +++ b/Core/Encoder/Pbkdf2PasswordEncoder.php @@ -11,6 +11,8 @@ namespace Symfony\Component\Security\Core\Encoder; +use Symfony\Component\Security\Core\Exception\BadCredentialsException; + /** * Pbkdf2PasswordEncoder uses the PBKDF2 (Password-Based Key Derivation Function 2). * @@ -54,7 +56,9 @@ class Pbkdf2PasswordEncoder extends BasePasswordEncoder */ public function encodePassword($raw, $salt) { - $this->checkPasswordLength($raw); + if ($this->isPasswordTooLong($raw)) { + throw new BadCredentialsException('Invalid password.'); + } if (!in_array($this->algorithm, hash_algos(), true)) { throw new \LogicException(sprintf('The algorithm "%s" is not supported.', $this->algorithm)); @@ -74,9 +78,7 @@ class Pbkdf2PasswordEncoder extends BasePasswordEncoder */ public function isPasswordValid($encoded, $raw, $salt) { - $this->checkPasswordLength($raw); - - return $this->comparePasswords($encoded, $this->encodePassword($raw, $salt)); + return !$this->isPasswordTooLong($raw) && $this->comparePasswords($encoded, $this->encodePassword($raw, $salt)); } private function hashPbkdf2($algorithm, $password, $salt, $iterations, $length = 0) diff --git a/Core/Encoder/PlaintextPasswordEncoder.php b/Core/Encoder/PlaintextPasswordEncoder.php index 55aad18..22f3da4 100644 --- a/Core/Encoder/PlaintextPasswordEncoder.php +++ b/Core/Encoder/PlaintextPasswordEncoder.php @@ -11,6 +11,8 @@ namespace Symfony\Component\Security\Core\Encoder; +use Symfony\Component\Security\Core\Exception\BadCredentialsException; + /** * PlaintextPasswordEncoder does not do any encoding. * @@ -35,7 +37,9 @@ class PlaintextPasswordEncoder extends BasePasswordEncoder */ public function encodePassword($raw, $salt) { - $this->checkPasswordLength($raw); + if ($this->isPasswordTooLong($raw)) { + throw new BadCredentialsException('Invalid password.'); + } return $this->mergePasswordAndSalt($raw, $salt); } @@ -45,7 +49,9 @@ class PlaintextPasswordEncoder extends BasePasswordEncoder */ public function isPasswordValid($encoded, $raw, $salt) { - $this->checkPasswordLength($raw); + if ($this->isPasswordTooLong($raw)) { + return false; + } $pass2 = $this->mergePasswordAndSalt($raw, $salt); diff --git a/Core/Tests/Encoder/BCryptPasswordEncoderTest.php b/Core/Tests/Encoder/BCryptPasswordEncoderTest.php index 99f03a3..2213dc5 100644 --- a/Core/Tests/Encoder/BCryptPasswordEncoderTest.php +++ b/Core/Tests/Encoder/BCryptPasswordEncoderTest.php @@ -64,30 +64,27 @@ class BCryptPasswordEncoderTest extends \PHPUnit_Framework_TestCase $this->assertFalse($encoder->isPasswordValid($result, 'anotherPassword', null)); } + private function skipIfPhpVersionIsNotSupported() + { + if (version_compare(phpversion(), '5.3.7', '<')) { + $this->markTestSkipped('Requires PHP >= 5.3.7'); + } + } + /** * @expectedException \Symfony\Component\Security\Core\Exception\BadCredentialsException */ public function testEncodePasswordLength() { - $encoder = new BCryptPasswordEncoder(4); + $encoder = new BCryptPasswordEncoder(self::VALID_COST); $encoder->encodePassword(str_repeat('a', 5000), 'salt'); } - /** - * @expectedException \Symfony\Component\Security\Core\Exception\BadCredentialsException - */ public function testCheckPasswordLength() { - $encoder = new BCryptPasswordEncoder(4); - - $encoder->isPasswordValid('encoded', str_repeat('a', 5000), 'salt'); - } + $encoder = new BCryptPasswordEncoder(self::VALID_COST); - private function skipIfPhpVersionIsNotSupported() - { - if (version_compare(phpversion(), '5.3.7', '<')) { - $this->markTestSkipped('Requires PHP >= 5.3.7'); - } + $this->assertFalse($encoder->isPasswordValid('encoded', str_repeat('a', 5000), 'salt')); } } diff --git a/Core/Tests/Encoder/BasePasswordEncoderTest.php b/Core/Tests/Encoder/BasePasswordEncoderTest.php index 73fac2e..81f3d3c 100644 --- a/Core/Tests/Encoder/BasePasswordEncoderTest.php +++ b/Core/Tests/Encoder/BasePasswordEncoderTest.php @@ -53,6 +53,12 @@ class BasePasswordEncoderTest extends \PHPUnit_Framework_TestCase $this->invokeMergePasswordAndSalt('password', '{foo}'); } + public function testIsPasswordTooLong() + { + $this->assertTrue($this->invokeIsPasswordTooLong(str_repeat('a', 10000))); + $this->assertFalse($this->invokeIsPasswordTooLong(str_repeat('a', 10))); + } + protected function invokeDemergePasswordAndSalt($password) { $encoder = new PasswordEncoder(); @@ -82,4 +88,14 @@ class BasePasswordEncoderTest extends \PHPUnit_Framework_TestCase return $m->invoke($encoder, $p1, $p2); } + + protected function invokeIsPasswordTooLong($p) + { + $encoder = new PasswordEncoder(); + $r = new \ReflectionObject($encoder); + $m = $r->getMethod('isPasswordTooLong'); + $m->setAccessible(true); + + return $m->invoke($encoder, $p); + } } diff --git a/Core/Tests/Encoder/MessageDigestPasswordEncoderTest.php b/Core/Tests/Encoder/MessageDigestPasswordEncoderTest.php index 1e8faaf..ada5ccf 100644 --- a/Core/Tests/Encoder/MessageDigestPasswordEncoderTest.php +++ b/Core/Tests/Encoder/MessageDigestPasswordEncoderTest.php @@ -53,13 +53,10 @@ class MessageDigestPasswordEncoderTest extends \PHPUnit_Framework_TestCase $encoder->encodePassword(str_repeat('a', 5000), 'salt'); } - /** - * @expectedException \Symfony\Component\Security\Core\Exception\BadCredentialsException - */ public function testCheckPasswordLength() { $encoder = new MessageDigestPasswordEncoder(); - $encoder->isPasswordValid('encoded', str_repeat('a', 5000), 'salt'); + $this->assertFalse($encoder->isPasswordValid('encoded', str_repeat('a', 5000), 'salt')); } } diff --git a/Core/Tests/Encoder/Pbkdf2PasswordEncoderTest.php b/Core/Tests/Encoder/Pbkdf2PasswordEncoderTest.php index 4991330..fdc400a 100644 --- a/Core/Tests/Encoder/Pbkdf2PasswordEncoderTest.php +++ b/Core/Tests/Encoder/Pbkdf2PasswordEncoderTest.php @@ -48,18 +48,15 @@ class Pbkdf2PasswordEncoderTest extends \PHPUnit_Framework_TestCase */ public function testEncodePasswordLength() { - $encoder = new Pbkdf2PasswordEncoder(); + $encoder = new Pbkdf2PasswordEncoder('foobar'); $encoder->encodePassword(str_repeat('a', 5000), 'salt'); } - /** - * @expectedException \Symfony\Component\Security\Core\Exception\BadCredentialsException - */ public function testCheckPasswordLength() { - $encoder = new Pbkdf2PasswordEncoder(); + $encoder = new Pbkdf2PasswordEncoder('foobar'); - $encoder->isPasswordValid('encoded', str_repeat('a', 5000), 'salt'); + $this->assertFalse($encoder->isPasswordValid('encoded', str_repeat('a', 5000), 'salt')); } } diff --git a/Core/Tests/Encoder/PlaintextPasswordEncoderTest.php b/Core/Tests/Encoder/PlaintextPasswordEncoderTest.php index 763aae1..c7e0d2a 100644 --- a/Core/Tests/Encoder/PlaintextPasswordEncoderTest.php +++ b/Core/Tests/Encoder/PlaintextPasswordEncoderTest.php @@ -47,13 +47,10 @@ class PlaintextPasswordEncoderTest extends \PHPUnit_Framework_TestCase $encoder->encodePassword(str_repeat('a', 5000), 'salt'); } - /** - * @expectedException \Symfony\Component\Security\Core\Exception\BadCredentialsException - */ public function testCheckPasswordLength() { $encoder = new PlaintextPasswordEncoder(); - $encoder->isPasswordValid('encoded', str_repeat('a', 5000), 'salt'); + $this->assertFalse($encoder->isPasswordValid('encoded', str_repeat('a', 5000), 'salt')); } } |