MDL-49520 libraries: Update password_compat library

2025-08-05 00:46:50 +02:00 · 2015-03-25 15:07:22 +08:00 · 2015-03-25 15:07:22 +08:00 · b1c5888daf
commit b1c5888daf
parent a149d6a177
7 changed files with 295 additions and 250 deletions
--- a/lib/password_compat/lib/password.php
+++ b/lib/password_compat/lib/password.php
@ -9,10 +9,19 @@

 namespace {

-if (!defined('PASSWORD_DEFAULT')) {
-
+    if (!defined('PASSWORD_BCRYPT')) {
+        /**
+         * PHPUnit Process isolation caches constants, but not function declarations.
+         * So we need to check if the constants are defined separately from 
+         * the functions to enable supporting process isolation in userland
+         * code.
+         */
        define('PASSWORD_BCRYPT', 1);
        define('PASSWORD_DEFAULT', PASSWORD_BCRYPT);
+        define('PASSWORD_BCRYPT_DEFAULT_COST', 10);
+    }
+
+    if (!function_exists('password_hash')) {

        /**
         * Hash the password using the specified algorithm
@ -28,6 +37,9 @@ if (!defined('PASSWORD_DEFAULT')) {
                trigger_error("Crypt must be loaded for password_hash to function", E_USER_WARNING);
                return null;
            }
+            if (is_null($password) || is_int($password)) {
+                $password = (string) $password;
+            }
            if (!is_string($password)) {
                trigger_error("password_hash(): Password must be a string", E_USER_WARNING);
                return null;
@ -39,8 +51,7 @@ if (!defined('PASSWORD_DEFAULT')) {
            $resultLength = 0;
            switch ($algo) {
                case PASSWORD_BCRYPT:
-                // Note that this is a C constant, but not exposed to PHP, so we don't define it here.
-                $cost = 10;
+                    $cost = PASSWORD_BCRYPT_DEFAULT_COST;
                    if (isset($options['cost'])) {
                        $cost = $options['cost'];
                        if ($cost < 4 || $cost > 31) {
@ -158,7 +169,7 @@ if (!defined('PASSWORD_DEFAULT')) {
         *    'algo' => 1,
         *    'algoName' => 'bcrypt',
         *    'options' => array(
-     *        'cost' => 10,
+         *        'cost' => PASSWORD_BCRYPT_DEFAULT_COST,
         *    ),
         * )
         *
@ -199,7 +210,7 @@ if (!defined('PASSWORD_DEFAULT')) {
            }
            switch ($algo) {
                case PASSWORD_BCRYPT:
-                $cost = isset($options['cost']) ? $options['cost'] : 10;
+                    $cost = isset($options['cost']) ? $options['cost'] : PASSWORD_BCRYPT_DEFAULT_COST;
                    if ($cost != $info['options']['cost']) {
                        return true;
                    }
@ -238,6 +249,9 @@ if (!defined('PASSWORD_DEFAULT')) {
 }

 namespace PasswordCompat\binary {
+
+    if (!function_exists('PasswordCompat\\binary\\_strlen')) {
+
        /**
         * Count the number of bytes in a string
         *
@ -276,4 +290,25 @@ namespace PasswordCompat\binary {
            return substr($binary_string, $start, $length);
        }

+        /**
+         * Check if current PHP version is compatible with the library
+         *
+         * @return boolean the check result
+         */
+        function check() {
+            static $pass = NULL;
+
+            if (is_null($pass)) {
+                if (function_exists('crypt')) {
+                    $hash = '$2y$04$usesomesillystringfore7hnbRJHxXVLeakoG8K30oukPsA.ztMG';
+                    $test = crypt("password", $hash);
+                    $pass = $test == $hash;
+                } else {
+                    $pass = false;
+                }
+            }
+            return $pass;
+        }
+
+    }
 }
--- a/lib/password_compat/readme_moodle.txt
+++ b/lib/password_compat/readme_moodle.txt
@ -1,7 +1,7 @@
 Description of password_compat import into Moodle:
 ==================================================

-Imported from: https://github.com/ircmaxell/password_compat/commit/c91b1168bc53c26f56fc65f16958b5be45ca5dc9
+Imported from: https://github.com/ircmaxell/password_compat/releases/tag/v1.0.4
 Copyright: (c) 2012 Anthony Ferrara
 License: MIT License

--- a/lib/password_compat/tests/PasswordHashTest.php
+++ b/lib/password_compat/tests/PasswordHashTest.php
@ -32,6 +32,16 @@ class PasswordHashTest extends PHPUnit_Framework_TestCase {
        }
    }

+    public function testNullBehavior() {
+        $hash = password_hash(null, PASSWORD_BCRYPT, array("salt" => "1234567890123456789012345678901234567890"));
+        $this->assertEquals('$2y$10$123456789012345678901uhihPb9QpE2n03zMu9TDdvO34jDn6mO.', $hash);
+    }
+
+    public function testIntegerBehavior() {
+        $hash = password_hash(12345, PASSWORD_BCRYPT, array("salt" => "1234567890123456789012345678901234567890"));
+        $this->assertEquals('$2y$10$123456789012345678901ujczD5TiARVFtc68bZCAlbEg1fCIexfO', $hash);
+    }    
+
    /**
     * @expectedException PHPUnit_Framework_Error
     */
--- a/lib/thirdpartylibs.xml
+++ b/lib/thirdpartylibs.xml
@ -88,7 +88,7 @@
    <location>password_compat</location>
    <name>Compatible password hashing</name>
    <license>MIT</license>
-    <version></version>
+    <version>1.0.4</version>
    <licenseversion></licenseversion>
  </library>
  <library>