moodle/moodle
3
0
Fork 0
mirror of https://github.com/moodle/moodle.git synced 2025-08-05 08:56:36 +02:00
Code Issues Projects Releases Packages Wiki Activity Actions

MDL-49520 libraries: Update password_compat library

Browse source
This commit is contained in:
Dave Cooper 2015-03-25 15:07:22 +08:00
parent a149d6a177
commit b1c5888daf
7 changed files with 295 additions and 250 deletions
Download patch file Download diff file Expand all files Collapse all files

47
lib/password_compat/lib/password.php
View file

@ -9,10 +9,19 @@
namespace { namespace {
if (!defined('PASSWORD_DEFAULT')) { if (!defined('PASSWORD_BCRYPT')) {
/**
* PHPUnit Process isolation caches constants, but not function declarations.
* So we need to check if the constants are defined separately from
* the functions to enable supporting process isolation in userland
* code.
*/
define('PASSWORD_BCRYPT', 1); define('PASSWORD_BCRYPT', 1);
define('PASSWORD_DEFAULT', PASSWORD_BCRYPT); define('PASSWORD_DEFAULT', PASSWORD_BCRYPT);
define('PASSWORD_BCRYPT_DEFAULT_COST', 10);
}
if (!function_exists('password_hash')) {
/** /**
* Hash the password using the specified algorithm * Hash the password using the specified algorithm
@ -28,6 +37,9 @@ if (!defined('PASSWORD_DEFAULT')) {
trigger_error("Crypt must be loaded for password_hash to function", E_USER_WARNING); trigger_error("Crypt must be loaded for password_hash to function", E_USER_WARNING);
return null; return null;
} }
if (is_null($password) || is_int($password)) {
$password = (string) $password;
}
if (!is_string($password)) { if (!is_string($password)) {
trigger_error("password_hash(): Password must be a string", E_USER_WARNING); trigger_error("password_hash(): Password must be a string", E_USER_WARNING);
return null; return null;
@ -39,8 +51,7 @@ if (!defined('PASSWORD_DEFAULT')) {
$resultLength = 0; $resultLength = 0;
switch ($algo) { switch ($algo) {
case PASSWORD_BCRYPT: case PASSWORD_BCRYPT:
// Note that this is a C constant, but not exposed to PHP, so we don't define it here. $cost = PASSWORD_BCRYPT_DEFAULT_COST;
$cost = 10;
if (isset($options['cost'])) { if (isset($options['cost'])) {
$cost = $options['cost']; $cost = $options['cost'];
if ($cost < 4 || $cost > 31) { if ($cost < 4 || $cost > 31) {
@ -158,7 +169,7 @@ if (!defined('PASSWORD_DEFAULT')) {
* 'algo' => 1, * 'algo' => 1,
* 'algoName' => 'bcrypt', * 'algoName' => 'bcrypt',
* 'options' => array( * 'options' => array(
* 'cost' => 10, * 'cost' => PASSWORD_BCRYPT_DEFAULT_COST,
* ), * ),
* ) * )
* *
@ -199,7 +210,7 @@ if (!defined('PASSWORD_DEFAULT')) {
} }
switch ($algo) { switch ($algo) {
case PASSWORD_BCRYPT: case PASSWORD_BCRYPT:
$cost = isset($options['cost']) ? $options['cost'] : 10; $cost = isset($options['cost']) ? $options['cost'] : PASSWORD_BCRYPT_DEFAULT_COST;
if ($cost != $info['options']['cost']) { if ($cost != $info['options']['cost']) {
return true; return true;
} }
@ -238,6 +249,9 @@ if (!defined('PASSWORD_DEFAULT')) {
} }
namespace PasswordCompat\binary { namespace PasswordCompat\binary {
if (!function_exists('PasswordCompat\\binary\\_strlen')) {
/** /**
* Count the number of bytes in a string * Count the number of bytes in a string
* *
@ -276,4 +290,25 @@ namespace PasswordCompat\binary {
return substr($binary_string, $start, $length); return substr($binary_string, $start, $length);
} }
/**
* Check if current PHP version is compatible with the library
*
* @return boolean the check result
*/
function check() {
static $pass = NULL;
if (is_null($pass)) {
if (function_exists('crypt')) {
$hash = '$2y$04$usesomesillystringfore7hnbRJHxXVLeakoG8K30oukPsA.ztMG';
$test = crypt("password", $hash);
$pass = $test == $hash;
} else {
$pass = false;
}
}
return $pass;
}
}
} }

2
lib/password_compat/readme_moodle.txt
View file

@ -1,7 +1,7 @@
Description of password_compat import into Moodle: Description of password_compat import into Moodle:
================================================== ==================================================
Imported from: https://github.com/ircmaxell/password_compat/commit/c91b1168bc53c26f56fc65f16958b5be45ca5dc9 Imported from: https://github.com/ircmaxell/password_compat/releases/tag/v1.0.4
Copyright: (c) 2012 Anthony Ferrara Copyright: (c) 2012 Anthony Ferrara
License: MIT License License: MIT License

10
lib/password_compat/tests/PasswordHashTest.php
View file

@ -32,6 +32,16 @@ class PasswordHashTest extends PHPUnit_Framework_TestCase {
} }
} }
public function testNullBehavior() {
$hash = password_hash(null, PASSWORD_BCRYPT, array("salt" => "1234567890123456789012345678901234567890"));
$this->assertEquals('$2y$10$123456789012345678901uhihPb9QpE2n03zMu9TDdvO34jDn6mO.', $hash);
}
public function testIntegerBehavior() {
$hash = password_hash(12345, PASSWORD_BCRYPT, array("salt" => "1234567890123456789012345678901234567890"));
$this->assertEquals('$2y$10$123456789012345678901ujczD5TiARVFtc68bZCAlbEg1fCIexfO', $hash);
}
/** /**
* @expectedException PHPUnit_Framework_Error * @expectedException PHPUnit_Framework_Error
*/ */

2
lib/thirdpartylibs.xml
View file

@ -88,7 +88,7 @@
<location>password_compat</location> <location>password_compat</location>
<name>Compatible password hashing</name> <name>Compatible password hashing</name>
<license>MIT</license> <license>MIT</license>
<version></version> <version>1.0.4</version>
<licenseversion></licenseversion> <licenseversion></licenseversion>
</library> </library>
<library> <library>