From 392476b5c42900b585c94d69dcdb33ba2b9b9cd2 Mon Sep 17 00:00:00 2001 From: Bastian Hofmann Date: Wed, 28 Feb 2018 13:36:06 +0100 Subject: [PATCH 1/5] Make algorithm for password_hash configurable. This allows to use the new Argon2i algorithm introduced in PHP 7.2 (https://wiki.php.net/rfc/argon2_password_hash). Since this feature only makes sense for PHP 7.2, it's also fine to bump the minimum version requirement to 7.0, remove the not needed compatibility library and upgrade PhpUnit so that the test suite does not throw any warnings or deprecation notices on 7.2. --- .gitignore | 3 +- .travis.yml | 6 +- composer.json | 7 +- composer.lock | 1572 +++++++++++++++++ .../Password/Decorator/AbstractDecorator.php | 17 + .../Password/Decorator/UpgradeDecorator.php | 4 +- .../Password/PasswordValidator.php | 29 +- .../Password/PasswordValidatorInterface.php | 17 + .../Tests/Decorator/AbstractDecoratorTest.php | 23 +- .../Tests/Decorator/IntegrationTest.php | 21 +- .../KarptoniteRehashUpgradeDecoratorTest.php | 19 +- .../Tests/Decorator/StorageDecoratorTest.php | 31 +- .../Tests/Decorator/UpgradeDecoratorTest.php | 22 +- .../Password/Tests/PasswordValidatorTest.php | 49 +- 14 files changed, 1756 insertions(+), 64 deletions(-) create mode 100644 composer.lock diff --git a/.gitignore b/.gitignore index e227275..d7cab93 100644 --- a/.gitignore +++ b/.gitignore @@ -1,3 +1,2 @@ build -composer.lock -vendor/ \ No newline at end of file +vendor/ diff --git a/.travis.yml b/.travis.yml index a182f24..0c9c03a 100644 --- a/.travis.yml +++ b/.travis.yml @@ -1,11 +1,9 @@ language: php php: - - 5.3 - - 5.4 - - 5.5 - - 5.6 - 7.0 + - 7.1 + - 7.2 before_script: - composer self-update diff --git a/composer.json b/composer.json index 52b0cd2..919d549 100644 --- a/composer.json +++ b/composer.json @@ -27,13 +27,12 @@ "bin/version-check" ], "require": { - "php": ">=5.3.7", - "ircmaxell/password-compat": "1.*", - "wp-cli/php-cli-tools": "0.10.*" + "php": ">=7.0.0", + "wp-cli/php-cli-tools": "0.11.*" }, "require-dev": { "league/phpunit-coverage-listener": "~1.1", - "phpunit/phpunit": "4.*" + "phpunit/phpunit": "7.*" }, "autoload": { "psr-0": { diff --git a/composer.lock b/composer.lock new file mode 100644 index 0000000..b53a937 --- /dev/null +++ b/composer.lock @@ -0,0 +1,1572 @@ +{ + "_readme": [ + "This file locks the dependencies of your project to a known state", + "Read more about it at https://getcomposer.org/doc/01-basic-usage.md#composer-lock-the-lock-file", + "This file is @generated automatically" + ], + "content-hash": "1c2026281e2d6ebbedda8402ee934c5f", + "packages": [ + { + "name": "wp-cli/php-cli-tools", + "version": "v0.11.8", + "source": { + "type": "git", + "url": "https://github.com/wp-cli/php-cli-tools.git", + "reference": "363c75349f5dde561e0b416dd00f7aaa76fa2c27" + }, + "dist": { + "type": "zip", + "url": "https://api.github.com/repos/wp-cli/php-cli-tools/zipball/363c75349f5dde561e0b416dd00f7aaa76fa2c27", + "reference": "363c75349f5dde561e0b416dd00f7aaa76fa2c27", + "shasum": "" + }, + "require": { + "php": ">= 5.3.0" + }, + "type": "library", + "autoload": { + "psr-0": { + "cli": "lib/" + }, + "files": [ + "lib/cli/cli.php" + ] + }, + "notification-url": "https://packagist.org/downloads/", + "license": [ + "MIT" + ], + "authors": [ + { + "name": "James Logsdon", + "email": "jlogsdon@php.net", + "role": "Developer" + }, + { + "name": "Daniel Bachhuber", + "email": "daniel@handbuilt.co", + "role": "Maintainer" + } + ], + "description": "Console utilities for PHP", + "homepage": "http://github.com/wp-cli/php-cli-tools", + "keywords": [ + "cli", + "console" + ], + "time": "2017-10-12T21:50:48+00:00" + } + ], + "packages-dev": [ + { + "name": "doctrine/instantiator", + "version": "1.1.0", + "source": { + "type": "git", + "url": "https://github.com/doctrine/instantiator.git", + "reference": "185b8868aa9bf7159f5f953ed5afb2d7fcdc3bda" + }, + "dist": { + "type": "zip", + "url": "https://api.github.com/repos/doctrine/instantiator/zipball/185b8868aa9bf7159f5f953ed5afb2d7fcdc3bda", + "reference": "185b8868aa9bf7159f5f953ed5afb2d7fcdc3bda", + "shasum": "" + }, + "require": { + "php": "^7.1" + }, + "require-dev": { + "athletic/athletic": "~0.1.8", + "ext-pdo": "*", + "ext-phar": "*", + "phpunit/phpunit": "^6.2.3", + "squizlabs/php_codesniffer": "^3.0.2" + }, + "type": "library", + "extra": { + "branch-alias": { + "dev-master": "1.2.x-dev" + } + }, + "autoload": { + "psr-4": { + "Doctrine\\Instantiator\\": "src/Doctrine/Instantiator/" + } + }, + "notification-url": "https://packagist.org/downloads/", + "license": [ + "MIT" + ], + "authors": [ + { + "name": "Marco Pivetta", + "email": "ocramius@gmail.com", + "homepage": "http://ocramius.github.com/" + } + ], + "description": "A small, lightweight utility to instantiate objects in PHP without invoking their constructors", + "homepage": "https://github.com/doctrine/instantiator", + "keywords": [ + "constructor", + "instantiate" + ], + "time": "2017-07-22T11:58:36+00:00" + }, + { + "name": "league/phpunit-coverage-listener", + "version": "v1.1.2", + "source": { + "type": "git", + "url": "https://github.com/thephpleague/phpunit-coverage-listener.git", + "reference": "dedb0a4de71908de3e6793ecc424925cd3e54dc2" + }, + "dist": { + "type": "zip", + "url": "https://api.github.com/repos/thephpleague/phpunit-coverage-listener/zipball/dedb0a4de71908de3e6793ecc424925cd3e54dc2", + "reference": "dedb0a4de71908de3e6793ecc424925cd3e54dc2", + "shasum": "" + }, + "require": { + "php": ">=5.3.3" + }, + "require-dev": { + "phpunit/phpunit": "~3.7" + }, + "type": "library", + "autoload": { + "psr-0": { + "League\\PHPUnitCoverageListener": "src/" + } + }, + "notification-url": "https://packagist.org/downloads/", + "license": [ + "MIT" + ], + "authors": [ + { + "name": "Taufan Aditya", + "email": "toopay@taufanaditya.com", + "homepage": "http://taufanaditya.com", + "role": "lead" + } + ], + "description": "Utility library that allow you to process the PHPUnit code-coverage information and send it into some remote location via cURL", + "homepage": "https://github.com/php-loep/phpunit-coverage-listener", + "keywords": [ + "coverage", + "coveralls", + "phpunit" + ], + "time": "2013-10-07T14:31:28+00:00" + }, + { + "name": "myclabs/deep-copy", + "version": "1.7.0", + "source": { + "type": "git", + "url": "https://github.com/myclabs/DeepCopy.git", + "reference": "3b8a3a99ba1f6a3952ac2747d989303cbd6b7a3e" + }, + "dist": { + "type": "zip", + "url": "https://api.github.com/repos/myclabs/DeepCopy/zipball/3b8a3a99ba1f6a3952ac2747d989303cbd6b7a3e", + "reference": "3b8a3a99ba1f6a3952ac2747d989303cbd6b7a3e", + "shasum": "" + }, + "require": { + "php": "^5.6 || ^7.0" + }, + "require-dev": { + "doctrine/collections": "^1.0", + "doctrine/common": "^2.6", + "phpunit/phpunit": "^4.1" + }, + "type": "library", + "autoload": { + "psr-4": { + "DeepCopy\\": "src/DeepCopy/" + }, + "files": [ + "src/DeepCopy/deep_copy.php" + ] + }, + "notification-url": "https://packagist.org/downloads/", + "license": [ + "MIT" + ], + "description": "Create deep copies (clones) of your objects", + "keywords": [ + "clone", + "copy", + "duplicate", + "object", + "object graph" + ], + "time": "2017-10-19T19:58:43+00:00" + }, + { + "name": "phar-io/manifest", + "version": "1.0.1", + "source": { + "type": "git", + "url": "https://github.com/phar-io/manifest.git", + "reference": "2df402786ab5368a0169091f61a7c1e0eb6852d0" + }, + "dist": { + "type": "zip", + "url": "https://api.github.com/repos/phar-io/manifest/zipball/2df402786ab5368a0169091f61a7c1e0eb6852d0", + "reference": "2df402786ab5368a0169091f61a7c1e0eb6852d0", + "shasum": "" + }, + "require": { + "ext-dom": "*", + "ext-phar": "*", + "phar-io/version": "^1.0.1", + "php": "^5.6 || ^7.0" + }, + "type": "library", + "extra": { + "branch-alias": { + "dev-master": "1.0.x-dev" + } + }, + "autoload": { + "classmap": [ + "src/" + ] + }, + "notification-url": "https://packagist.org/downloads/", + "license": [ + "BSD-3-Clause" + ], + "authors": [ + { + "name": "Arne Blankerts", + "email": "arne@blankerts.de", + "role": "Developer" + }, + { + "name": "Sebastian Heuer", + "email": "sebastian@phpeople.de", + "role": "Developer" + }, + { + "name": "Sebastian Bergmann", + "email": "sebastian@phpunit.de", + "role": "Developer" + } + ], + "description": "Component for reading phar.io manifest information from a PHP Archive (PHAR)", + "time": "2017-03-05T18:14:27+00:00" + }, + { + "name": "phar-io/version", + "version": "1.0.1", + "source": { + "type": "git", + "url": "https://github.com/phar-io/version.git", + "reference": "a70c0ced4be299a63d32fa96d9281d03e94041df" + }, + "dist": { + "type": "zip", + "url": "https://api.github.com/repos/phar-io/version/zipball/a70c0ced4be299a63d32fa96d9281d03e94041df", + "reference": "a70c0ced4be299a63d32fa96d9281d03e94041df", + "shasum": "" + }, + "require": { + "php": "^5.6 || ^7.0" + }, + "type": "library", + "autoload": { + "classmap": [ + "src/" + ] + }, + "notification-url": "https://packagist.org/downloads/", + "license": [ + "BSD-3-Clause" + ], + "authors": [ + { + "name": "Arne Blankerts", + "email": "arne@blankerts.de", + "role": "Developer" + }, + { + "name": "Sebastian Heuer", + "email": "sebastian@phpeople.de", + "role": "Developer" + }, + { + "name": "Sebastian Bergmann", + "email": "sebastian@phpunit.de", + "role": "Developer" + } + ], + "description": "Library for handling version information and constraints", + "time": "2017-03-05T17:38:23+00:00" + }, + { + "name": "phpdocumentor/reflection-common", + "version": "1.0.1", + "source": { + "type": "git", + "url": "https://github.com/phpDocumentor/ReflectionCommon.git", + "reference": "21bdeb5f65d7ebf9f43b1b25d404f87deab5bfb6" + }, + "dist": { + "type": "zip", + "url": "https://api.github.com/repos/phpDocumentor/ReflectionCommon/zipball/21bdeb5f65d7ebf9f43b1b25d404f87deab5bfb6", + "reference": "21bdeb5f65d7ebf9f43b1b25d404f87deab5bfb6", + "shasum": "" + }, + "require": { + "php": ">=5.5" + }, + "require-dev": { + "phpunit/phpunit": "^4.6" + }, + "type": "library", + "extra": { + "branch-alias": { + "dev-master": "1.0.x-dev" + } + }, + "autoload": { + "psr-4": { + "phpDocumentor\\Reflection\\": [ + "src" + ] + } + }, + "notification-url": "https://packagist.org/downloads/", + "license": [ + "MIT" + ], + "authors": [ + { + "name": "Jaap van Otterdijk", + "email": "opensource@ijaap.nl" + } + ], + "description": "Common reflection classes used by phpdocumentor to reflect the code structure", + "homepage": "http://www.phpdoc.org", + "keywords": [ + "FQSEN", + "phpDocumentor", + "phpdoc", + "reflection", + "static analysis" + ], + "time": "2017-09-11T18:02:19+00:00" + }, + { + "name": "phpdocumentor/reflection-docblock", + "version": "4.3.0", + "source": { + "type": "git", + "url": "https://github.com/phpDocumentor/ReflectionDocBlock.git", + "reference": "94fd0001232e47129dd3504189fa1c7225010d08" + }, + "dist": { + "type": "zip", + "url": "https://api.github.com/repos/phpDocumentor/ReflectionDocBlock/zipball/94fd0001232e47129dd3504189fa1c7225010d08", + "reference": "94fd0001232e47129dd3504189fa1c7225010d08", + "shasum": "" + }, + "require": { + "php": "^7.0", + "phpdocumentor/reflection-common": "^1.0.0", + "phpdocumentor/type-resolver": "^0.4.0", + "webmozart/assert": "^1.0" + }, + "require-dev": { + "doctrine/instantiator": "~1.0.5", + "mockery/mockery": "^1.0", + "phpunit/phpunit": "^6.4" + }, + "type": "library", + "extra": { + "branch-alias": { + "dev-master": "4.x-dev" + } + }, + "autoload": { + "psr-4": { + "phpDocumentor\\Reflection\\": [ + "src/" + ] + } + }, + "notification-url": "https://packagist.org/downloads/", + "license": [ + "MIT" + ], + "authors": [ + { + "name": "Mike van Riel", + "email": "me@mikevanriel.com" + } + ], + "description": "With this component, a library can provide support for annotations via DocBlocks or otherwise retrieve information that is embedded in a DocBlock.", + "time": "2017-11-30T07:14:17+00:00" + }, + { + "name": "phpdocumentor/type-resolver", + "version": "0.4.0", + "source": { + "type": "git", + "url": "https://github.com/phpDocumentor/TypeResolver.git", + "reference": "9c977708995954784726e25d0cd1dddf4e65b0f7" + }, + "dist": { + "type": "zip", + "url": "https://api.github.com/repos/phpDocumentor/TypeResolver/zipball/9c977708995954784726e25d0cd1dddf4e65b0f7", + "reference": "9c977708995954784726e25d0cd1dddf4e65b0f7", + "shasum": "" + }, + "require": { + "php": "^5.5 || ^7.0", + "phpdocumentor/reflection-common": "^1.0" + }, + "require-dev": { + "mockery/mockery": "^0.9.4", + "phpunit/phpunit": "^5.2||^4.8.24" + }, + "type": "library", + "extra": { + "branch-alias": { + "dev-master": "1.0.x-dev" + } + }, + "autoload": { + "psr-4": { + "phpDocumentor\\Reflection\\": [ + "src/" + ] + } + }, + "notification-url": "https://packagist.org/downloads/", + "license": [ + "MIT" + ], + "authors": [ + { + "name": "Mike van Riel", + "email": "me@mikevanriel.com" + } + ], + "time": "2017-07-14T14:27:02+00:00" + }, + { + "name": "phpspec/prophecy", + "version": "1.7.5", + "source": { + "type": "git", + "url": "https://github.com/phpspec/prophecy.git", + "reference": "dfd6be44111a7c41c2e884a336cc4f461b3b2401" + }, + "dist": { + "type": "zip", + "url": "https://api.github.com/repos/phpspec/prophecy/zipball/dfd6be44111a7c41c2e884a336cc4f461b3b2401", + "reference": "dfd6be44111a7c41c2e884a336cc4f461b3b2401", + "shasum": "" + }, + "require": { + "doctrine/instantiator": "^1.0.2", + "php": "^5.3|^7.0", + "phpdocumentor/reflection-docblock": "^2.0|^3.0.2|^4.0", + "sebastian/comparator": "^1.1|^2.0", + "sebastian/recursion-context": "^1.0|^2.0|^3.0" + }, + "require-dev": { + "phpspec/phpspec": "^2.5|^3.2", + "phpunit/phpunit": "^4.8.35 || ^5.7 || ^6.5" + }, + "type": "library", + "extra": { + "branch-alias": { + "dev-master": "1.7.x-dev" + } + }, + "autoload": { + "psr-0": { + "Prophecy\\": "src/" + } + }, + "notification-url": "https://packagist.org/downloads/", + "license": [ + "MIT" + ], + "authors": [ + { + "name": "Konstantin Kudryashov", + "email": "ever.zet@gmail.com", + "homepage": "http://everzet.com" + }, + { + "name": "Marcello Duarte", + "email": "marcello.duarte@gmail.com" + } + ], + "description": "Highly opinionated mocking framework for PHP 5.3+", + "homepage": "https://github.com/phpspec/prophecy", + "keywords": [ + "Double", + "Dummy", + "fake", + "mock", + "spy", + "stub" + ], + "time": "2018-02-19T10:16:54+00:00" + }, + { + "name": "phpunit/php-code-coverage", + "version": "6.0.1", + "source": { + "type": "git", + "url": "https://github.com/sebastianbergmann/php-code-coverage.git", + "reference": "f8ca4b604baf23dab89d87773c28cc07405189ba" + }, + "dist": { + "type": "zip", + "url": "https://api.github.com/repos/sebastianbergmann/php-code-coverage/zipball/f8ca4b604baf23dab89d87773c28cc07405189ba", + "reference": "f8ca4b604baf23dab89d87773c28cc07405189ba", + "shasum": "" + }, + "require": { + "ext-dom": "*", + "ext-xmlwriter": "*", + "php": "^7.1", + "phpunit/php-file-iterator": "^1.4.2", + "phpunit/php-text-template": "^1.2.1", + "phpunit/php-token-stream": "^3.0", + "sebastian/code-unit-reverse-lookup": "^1.0.1", + "sebastian/environment": "^3.0", + "sebastian/version": "^2.0.1", + "theseer/tokenizer": "^1.1" + }, + "require-dev": { + "phpunit/phpunit": "^7.0" + }, + "suggest": { + "ext-xdebug": "^2.6.0" + }, + "type": "library", + "extra": { + "branch-alias": { + "dev-master": "6.0-dev" + } + }, + "autoload": { + "classmap": [ + "src/" + ] + }, + "notification-url": "https://packagist.org/downloads/", + "license": [ + "BSD-3-Clause" + ], + "authors": [ + { + "name": "Sebastian Bergmann", + "email": "sebastian@phpunit.de", + "role": "lead" + } + ], + "description": "Library that provides collection, processing, and rendering functionality for PHP code coverage information.", + "homepage": "https://github.com/sebastianbergmann/php-code-coverage", + "keywords": [ + "coverage", + "testing", + "xunit" + ], + "time": "2018-02-02T07:01:41+00:00" + }, + { + "name": "phpunit/php-file-iterator", + "version": "1.4.5", + "source": { + "type": "git", + "url": "https://github.com/sebastianbergmann/php-file-iterator.git", + "reference": "730b01bc3e867237eaac355e06a36b85dd93a8b4" + }, + "dist": { + "type": "zip", + "url": "https://api.github.com/repos/sebastianbergmann/php-file-iterator/zipball/730b01bc3e867237eaac355e06a36b85dd93a8b4", + "reference": "730b01bc3e867237eaac355e06a36b85dd93a8b4", + "shasum": "" + }, + "require": { + "php": ">=5.3.3" + }, + "type": "library", + "extra": { + "branch-alias": { + "dev-master": "1.4.x-dev" + } + }, + "autoload": { + "classmap": [ + "src/" + ] + }, + "notification-url": "https://packagist.org/downloads/", + "license": [ + "BSD-3-Clause" + ], + "authors": [ + { + "name": "Sebastian Bergmann", + "email": "sb@sebastian-bergmann.de", + "role": "lead" + } + ], + "description": "FilterIterator implementation that filters files based on a list of suffixes.", + "homepage": "https://github.com/sebastianbergmann/php-file-iterator/", + "keywords": [ + "filesystem", + "iterator" + ], + "time": "2017-11-27T13:52:08+00:00" + }, + { + "name": "phpunit/php-text-template", + "version": "1.2.1", + "source": { + "type": "git", + "url": "https://github.com/sebastianbergmann/php-text-template.git", + "reference": "31f8b717e51d9a2afca6c9f046f5d69fc27c8686" + }, + "dist": { + "type": "zip", + "url": "https://api.github.com/repos/sebastianbergmann/php-text-template/zipball/31f8b717e51d9a2afca6c9f046f5d69fc27c8686", + "reference": "31f8b717e51d9a2afca6c9f046f5d69fc27c8686", + "shasum": "" + }, + "require": { + "php": ">=5.3.3" + }, + "type": "library", + "autoload": { + "classmap": [ + "src/" + ] + }, + "notification-url": "https://packagist.org/downloads/", + "license": [ + "BSD-3-Clause" + ], + "authors": [ + { + "name": "Sebastian Bergmann", + "email": "sebastian@phpunit.de", + "role": "lead" + } + ], + "description": "Simple template engine.", + "homepage": "https://github.com/sebastianbergmann/php-text-template/", + "keywords": [ + "template" + ], + "time": "2015-06-21T13:50:34+00:00" + }, + { + "name": "phpunit/php-timer", + "version": "2.0.0", + "source": { + "type": "git", + "url": "https://github.com/sebastianbergmann/php-timer.git", + "reference": "8b8454ea6958c3dee38453d3bd571e023108c91f" + }, + "dist": { + "type": "zip", + "url": "https://api.github.com/repos/sebastianbergmann/php-timer/zipball/8b8454ea6958c3dee38453d3bd571e023108c91f", + "reference": "8b8454ea6958c3dee38453d3bd571e023108c91f", + "shasum": "" + }, + "require": { + "php": "^7.1" + }, + "require-dev": { + "phpunit/phpunit": "^7.0" + }, + "type": "library", + "extra": { + "branch-alias": { + "dev-master": "2.0-dev" + } + }, + "autoload": { + "classmap": [ + "src/" + ] + }, + "notification-url": "https://packagist.org/downloads/", + "license": [ + "BSD-3-Clause" + ], + "authors": [ + { + "name": "Sebastian Bergmann", + "email": "sebastian@phpunit.de", + "role": "lead" + } + ], + "description": "Utility class for timing", + "homepage": "https://github.com/sebastianbergmann/php-timer/", + "keywords": [ + "timer" + ], + "time": "2018-02-01T13:07:23+00:00" + }, + { + "name": "phpunit/php-token-stream", + "version": "3.0.0", + "source": { + "type": "git", + "url": "https://github.com/sebastianbergmann/php-token-stream.git", + "reference": "21ad88bbba7c3d93530d93994e0a33cd45f02ace" + }, + "dist": { + "type": "zip", + "url": "https://api.github.com/repos/sebastianbergmann/php-token-stream/zipball/21ad88bbba7c3d93530d93994e0a33cd45f02ace", + "reference": "21ad88bbba7c3d93530d93994e0a33cd45f02ace", + "shasum": "" + }, + "require": { + "ext-tokenizer": "*", + "php": "^7.1" + }, + "require-dev": { + "phpunit/phpunit": "^7.0" + }, + "type": "library", + "extra": { + "branch-alias": { + "dev-master": "3.0-dev" + } + }, + "autoload": { + "classmap": [ + "src/" + ] + }, + "notification-url": "https://packagist.org/downloads/", + "license": [ + "BSD-3-Clause" + ], + "authors": [ + { + "name": "Sebastian Bergmann", + "email": "sebastian@phpunit.de" + } + ], + "description": "Wrapper around PHP's tokenizer extension.", + "homepage": "https://github.com/sebastianbergmann/php-token-stream/", + "keywords": [ + "tokenizer" + ], + "time": "2018-02-01T13:16:43+00:00" + }, + { + "name": "phpunit/phpunit", + "version": "7.0.2", + "source": { + "type": "git", + "url": "https://github.com/sebastianbergmann/phpunit.git", + "reference": "e2f8aa21bc54b6ba218bdd4f9e0dac1e9bc3b4e9" + }, + "dist": { + "type": "zip", + "url": "https://api.github.com/repos/sebastianbergmann/phpunit/zipball/e2f8aa21bc54b6ba218bdd4f9e0dac1e9bc3b4e9", + "reference": "e2f8aa21bc54b6ba218bdd4f9e0dac1e9bc3b4e9", + "shasum": "" + }, + "require": { + "ext-dom": "*", + "ext-json": "*", + "ext-libxml": "*", + "ext-mbstring": "*", + "ext-xml": "*", + "myclabs/deep-copy": "^1.6.1", + "phar-io/manifest": "^1.0.1", + "phar-io/version": "^1.0", + "php": "^7.1", + "phpspec/prophecy": "^1.7", + "phpunit/php-code-coverage": "^6.0", + "phpunit/php-file-iterator": "^1.4.3", + "phpunit/php-text-template": "^1.2.1", + "phpunit/php-timer": "^2.0", + "phpunit/phpunit-mock-objects": "^6.0", + "sebastian/comparator": "^2.1", + "sebastian/diff": "^3.0", + "sebastian/environment": "^3.1", + "sebastian/exporter": "^3.1", + "sebastian/global-state": "^2.0", + "sebastian/object-enumerator": "^3.0.3", + "sebastian/resource-operations": "^1.0", + "sebastian/version": "^2.0.1" + }, + "require-dev": { + "ext-pdo": "*" + }, + "suggest": { + "ext-xdebug": "*", + "phpunit/php-invoker": "^2.0" + }, + "bin": [ + "phpunit" + ], + "type": "library", + "extra": { + "branch-alias": { + "dev-master": "7.0-dev" + } + }, + "autoload": { + "classmap": [ + "src/" + ] + }, + "notification-url": "https://packagist.org/downloads/", + "license": [ + "BSD-3-Clause" + ], + "authors": [ + { + "name": "Sebastian Bergmann", + "email": "sebastian@phpunit.de", + "role": "lead" + } + ], + "description": "The PHP Unit Testing framework.", + "homepage": "https://phpunit.de/", + "keywords": [ + "phpunit", + "testing", + "xunit" + ], + "time": "2018-02-26T07:03:12+00:00" + }, + { + "name": "phpunit/phpunit-mock-objects", + "version": "6.0.1", + "source": { + "type": "git", + "url": "https://github.com/sebastianbergmann/phpunit-mock-objects.git", + "reference": "e3249dedc2d99259ccae6affbc2684eac37c2e53" + }, + "dist": { + "type": "zip", + "url": "https://api.github.com/repos/sebastianbergmann/phpunit-mock-objects/zipball/e3249dedc2d99259ccae6affbc2684eac37c2e53", + "reference": "e3249dedc2d99259ccae6affbc2684eac37c2e53", + "shasum": "" + }, + "require": { + "doctrine/instantiator": "^1.0.5", + "php": "^7.1", + "phpunit/php-text-template": "^1.2.1", + "sebastian/exporter": "^3.1" + }, + "require-dev": { + "phpunit/phpunit": "^7.0" + }, + "suggest": { + "ext-soap": "*" + }, + "type": "library", + "extra": { + "branch-alias": { + "dev-master": "6.0.x-dev" + } + }, + "autoload": { + "classmap": [ + "src/" + ] + }, + "notification-url": "https://packagist.org/downloads/", + "license": [ + "BSD-3-Clause" + ], + "authors": [ + { + "name": "Sebastian Bergmann", + "email": "sebastian@phpunit.de", + "role": "lead" + } + ], + "description": "Mock Object library for PHPUnit", + "homepage": "https://github.com/sebastianbergmann/phpunit-mock-objects/", + "keywords": [ + "mock", + "xunit" + ], + "time": "2018-02-15T05:27:38+00:00" + }, + { + "name": "sebastian/code-unit-reverse-lookup", + "version": "1.0.1", + "source": { + "type": "git", + "url": "https://github.com/sebastianbergmann/code-unit-reverse-lookup.git", + "reference": "4419fcdb5eabb9caa61a27c7a1db532a6b55dd18" + }, + "dist": { + "type": "zip", + "url": "https://api.github.com/repos/sebastianbergmann/code-unit-reverse-lookup/zipball/4419fcdb5eabb9caa61a27c7a1db532a6b55dd18", + "reference": "4419fcdb5eabb9caa61a27c7a1db532a6b55dd18", + "shasum": "" + }, + "require": { + "php": "^5.6 || ^7.0" + }, + "require-dev": { + "phpunit/phpunit": "^5.7 || ^6.0" + }, + "type": "library", + "extra": { + "branch-alias": { + "dev-master": "1.0.x-dev" + } + }, + "autoload": { + "classmap": [ + "src/" + ] + }, + "notification-url": "https://packagist.org/downloads/", + "license": [ + "BSD-3-Clause" + ], + "authors": [ + { + "name": "Sebastian Bergmann", + "email": "sebastian@phpunit.de" + } + ], + "description": "Looks up which function or method a line of code belongs to", + "homepage": "https://github.com/sebastianbergmann/code-unit-reverse-lookup/", + "time": "2017-03-04T06:30:41+00:00" + }, + { + "name": "sebastian/comparator", + "version": "2.1.3", + "source": { + "type": "git", + "url": "https://github.com/sebastianbergmann/comparator.git", + "reference": "34369daee48eafb2651bea869b4b15d75ccc35f9" + }, + "dist": { + "type": "zip", + "url": "https://api.github.com/repos/sebastianbergmann/comparator/zipball/34369daee48eafb2651bea869b4b15d75ccc35f9", + "reference": "34369daee48eafb2651bea869b4b15d75ccc35f9", + "shasum": "" + }, + "require": { + "php": "^7.0", + "sebastian/diff": "^2.0 || ^3.0", + "sebastian/exporter": "^3.1" + }, + "require-dev": { + "phpunit/phpunit": "^6.4" + }, + "type": "library", + "extra": { + "branch-alias": { + "dev-master": "2.1.x-dev" + } + }, + "autoload": { + "classmap": [ + "src/" + ] + }, + "notification-url": "https://packagist.org/downloads/", + "license": [ + "BSD-3-Clause" + ], + "authors": [ + { + "name": "Jeff Welch", + "email": "whatthejeff@gmail.com" + }, + { + "name": "Volker Dusch", + "email": "github@wallbash.com" + }, + { + "name": "Bernhard Schussek", + "email": "bschussek@2bepublished.at" + }, + { + "name": "Sebastian Bergmann", + "email": "sebastian@phpunit.de" + } + ], + "description": "Provides the functionality to compare PHP values for equality", + "homepage": "https://github.com/sebastianbergmann/comparator", + "keywords": [ + "comparator", + "compare", + "equality" + ], + "time": "2018-02-01T13:46:46+00:00" + }, + { + "name": "sebastian/diff", + "version": "3.0.0", + "source": { + "type": "git", + "url": "https://github.com/sebastianbergmann/diff.git", + "reference": "e09160918c66281713f1c324c1f4c4c3037ba1e8" + }, + "dist": { + "type": "zip", + "url": "https://api.github.com/repos/sebastianbergmann/diff/zipball/e09160918c66281713f1c324c1f4c4c3037ba1e8", + "reference": "e09160918c66281713f1c324c1f4c4c3037ba1e8", + "shasum": "" + }, + "require": { + "php": "^7.1" + }, + "require-dev": { + "phpunit/phpunit": "^7.0", + "symfony/process": "^2 || ^3.3 || ^4" + }, + "type": "library", + "extra": { + "branch-alias": { + "dev-master": "3.0-dev" + } + }, + "autoload": { + "classmap": [ + "src/" + ] + }, + "notification-url": "https://packagist.org/downloads/", + "license": [ + "BSD-3-Clause" + ], + "authors": [ + { + "name": "Kore Nordmann", + "email": "mail@kore-nordmann.de" + }, + { + "name": "Sebastian Bergmann", + "email": "sebastian@phpunit.de" + } + ], + "description": "Diff implementation", + "homepage": "https://github.com/sebastianbergmann/diff", + "keywords": [ + "diff", + "udiff", + "unidiff", + "unified diff" + ], + "time": "2018-02-01T13:45:15+00:00" + }, + { + "name": "sebastian/environment", + "version": "3.1.0", + "source": { + "type": "git", + "url": "https://github.com/sebastianbergmann/environment.git", + "reference": "cd0871b3975fb7fc44d11314fd1ee20925fce4f5" + }, + "dist": { + "type": "zip", + "url": "https://api.github.com/repos/sebastianbergmann/environment/zipball/cd0871b3975fb7fc44d11314fd1ee20925fce4f5", + "reference": "cd0871b3975fb7fc44d11314fd1ee20925fce4f5", + "shasum": "" + }, + "require": { + "php": "^7.0" + }, + "require-dev": { + "phpunit/phpunit": "^6.1" + }, + "type": "library", + "extra": { + "branch-alias": { + "dev-master": "3.1.x-dev" + } + }, + "autoload": { + "classmap": [ + "src/" + ] + }, + "notification-url": "https://packagist.org/downloads/", + "license": [ + "BSD-3-Clause" + ], + "authors": [ + { + "name": "Sebastian Bergmann", + "email": "sebastian@phpunit.de" + } + ], + "description": "Provides functionality to handle HHVM/PHP environments", + "homepage": "http://www.github.com/sebastianbergmann/environment", + "keywords": [ + "Xdebug", + "environment", + "hhvm" + ], + "time": "2017-07-01T08:51:00+00:00" + }, + { + "name": "sebastian/exporter", + "version": "3.1.0", + "source": { + "type": "git", + "url": "https://github.com/sebastianbergmann/exporter.git", + "reference": "234199f4528de6d12aaa58b612e98f7d36adb937" + }, + "dist": { + "type": "zip", + "url": "https://api.github.com/repos/sebastianbergmann/exporter/zipball/234199f4528de6d12aaa58b612e98f7d36adb937", + "reference": "234199f4528de6d12aaa58b612e98f7d36adb937", + "shasum": "" + }, + "require": { + "php": "^7.0", + "sebastian/recursion-context": "^3.0" + }, + "require-dev": { + "ext-mbstring": "*", + "phpunit/phpunit": "^6.0" + }, + "type": "library", + "extra": { + "branch-alias": { + "dev-master": "3.1.x-dev" + } + }, + "autoload": { + "classmap": [ + "src/" + ] + }, + "notification-url": "https://packagist.org/downloads/", + "license": [ + "BSD-3-Clause" + ], + "authors": [ + { + "name": "Jeff Welch", + "email": "whatthejeff@gmail.com" + }, + { + "name": "Volker Dusch", + "email": "github@wallbash.com" + }, + { + "name": "Bernhard Schussek", + "email": "bschussek@2bepublished.at" + }, + { + "name": "Sebastian Bergmann", + "email": "sebastian@phpunit.de" + }, + { + "name": "Adam Harvey", + "email": "aharvey@php.net" + } + ], + "description": "Provides the functionality to export PHP variables for visualization", + "homepage": "http://www.github.com/sebastianbergmann/exporter", + "keywords": [ + "export", + "exporter" + ], + "time": "2017-04-03T13:19:02+00:00" + }, + { + "name": "sebastian/global-state", + "version": "2.0.0", + "source": { + "type": "git", + "url": "https://github.com/sebastianbergmann/global-state.git", + "reference": "e8ba02eed7bbbb9e59e43dedd3dddeff4a56b0c4" + }, + "dist": { + "type": "zip", + "url": "https://api.github.com/repos/sebastianbergmann/global-state/zipball/e8ba02eed7bbbb9e59e43dedd3dddeff4a56b0c4", + "reference": "e8ba02eed7bbbb9e59e43dedd3dddeff4a56b0c4", + "shasum": "" + }, + "require": { + "php": "^7.0" + }, + "require-dev": { + "phpunit/phpunit": "^6.0" + }, + "suggest": { + "ext-uopz": "*" + }, + "type": "library", + "extra": { + "branch-alias": { + "dev-master": "2.0-dev" + } + }, + "autoload": { + "classmap": [ + "src/" + ] + }, + "notification-url": "https://packagist.org/downloads/", + "license": [ + "BSD-3-Clause" + ], + "authors": [ + { + "name": "Sebastian Bergmann", + "email": "sebastian@phpunit.de" + } + ], + "description": "Snapshotting of global state", + "homepage": "http://www.github.com/sebastianbergmann/global-state", + "keywords": [ + "global state" + ], + "time": "2017-04-27T15:39:26+00:00" + }, + { + "name": "sebastian/object-enumerator", + "version": "3.0.3", + "source": { + "type": "git", + "url": "https://github.com/sebastianbergmann/object-enumerator.git", + "reference": "7cfd9e65d11ffb5af41198476395774d4c8a84c5" + }, + "dist": { + "type": "zip", + "url": "https://api.github.com/repos/sebastianbergmann/object-enumerator/zipball/7cfd9e65d11ffb5af41198476395774d4c8a84c5", + "reference": "7cfd9e65d11ffb5af41198476395774d4c8a84c5", + "shasum": "" + }, + "require": { + "php": "^7.0", + "sebastian/object-reflector": "^1.1.1", + "sebastian/recursion-context": "^3.0" + }, + "require-dev": { + "phpunit/phpunit": "^6.0" + }, + "type": "library", + "extra": { + "branch-alias": { + "dev-master": "3.0.x-dev" + } + }, + "autoload": { + "classmap": [ + "src/" + ] + }, + "notification-url": "https://packagist.org/downloads/", + "license": [ + "BSD-3-Clause" + ], + "authors": [ + { + "name": "Sebastian Bergmann", + "email": "sebastian@phpunit.de" + } + ], + "description": "Traverses array structures and object graphs to enumerate all referenced objects", + "homepage": "https://github.com/sebastianbergmann/object-enumerator/", + "time": "2017-08-03T12:35:26+00:00" + }, + { + "name": "sebastian/object-reflector", + "version": "1.1.1", + "source": { + "type": "git", + "url": "https://github.com/sebastianbergmann/object-reflector.git", + "reference": "773f97c67f28de00d397be301821b06708fca0be" + }, + "dist": { + "type": "zip", + "url": "https://api.github.com/repos/sebastianbergmann/object-reflector/zipball/773f97c67f28de00d397be301821b06708fca0be", + "reference": "773f97c67f28de00d397be301821b06708fca0be", + "shasum": "" + }, + "require": { + "php": "^7.0" + }, + "require-dev": { + "phpunit/phpunit": "^6.0" + }, + "type": "library", + "extra": { + "branch-alias": { + "dev-master": "1.1-dev" + } + }, + "autoload": { + "classmap": [ + "src/" + ] + }, + "notification-url": "https://packagist.org/downloads/", + "license": [ + "BSD-3-Clause" + ], + "authors": [ + { + "name": "Sebastian Bergmann", + "email": "sebastian@phpunit.de" + } + ], + "description": "Allows reflection of object attributes, including inherited and non-public ones", + "homepage": "https://github.com/sebastianbergmann/object-reflector/", + "time": "2017-03-29T09:07:27+00:00" + }, + { + "name": "sebastian/recursion-context", + "version": "3.0.0", + "source": { + "type": "git", + "url": "https://github.com/sebastianbergmann/recursion-context.git", + "reference": "5b0cd723502bac3b006cbf3dbf7a1e3fcefe4fa8" + }, + "dist": { + "type": "zip", + "url": "https://api.github.com/repos/sebastianbergmann/recursion-context/zipball/5b0cd723502bac3b006cbf3dbf7a1e3fcefe4fa8", + "reference": "5b0cd723502bac3b006cbf3dbf7a1e3fcefe4fa8", + "shasum": "" + }, + "require": { + "php": "^7.0" + }, + "require-dev": { + "phpunit/phpunit": "^6.0" + }, + "type": "library", + "extra": { + "branch-alias": { + "dev-master": "3.0.x-dev" + } + }, + "autoload": { + "classmap": [ + "src/" + ] + }, + "notification-url": "https://packagist.org/downloads/", + "license": [ + "BSD-3-Clause" + ], + "authors": [ + { + "name": "Jeff Welch", + "email": "whatthejeff@gmail.com" + }, + { + "name": "Sebastian Bergmann", + "email": "sebastian@phpunit.de" + }, + { + "name": "Adam Harvey", + "email": "aharvey@php.net" + } + ], + "description": "Provides functionality to recursively process PHP variables", + "homepage": "http://www.github.com/sebastianbergmann/recursion-context", + "time": "2017-03-03T06:23:57+00:00" + }, + { + "name": "sebastian/resource-operations", + "version": "1.0.0", + "source": { + "type": "git", + "url": "https://github.com/sebastianbergmann/resource-operations.git", + "reference": "ce990bb21759f94aeafd30209e8cfcdfa8bc3f52" + }, + "dist": { + "type": "zip", + "url": "https://api.github.com/repos/sebastianbergmann/resource-operations/zipball/ce990bb21759f94aeafd30209e8cfcdfa8bc3f52", + "reference": "ce990bb21759f94aeafd30209e8cfcdfa8bc3f52", + "shasum": "" + }, + "require": { + "php": ">=5.6.0" + }, + "type": "library", + "extra": { + "branch-alias": { + "dev-master": "1.0.x-dev" + } + }, + "autoload": { + "classmap": [ + "src/" + ] + }, + "notification-url": "https://packagist.org/downloads/", + "license": [ + "BSD-3-Clause" + ], + "authors": [ + { + "name": "Sebastian Bergmann", + "email": "sebastian@phpunit.de" + } + ], + "description": "Provides a list of PHP built-in functions that operate on resources", + "homepage": "https://www.github.com/sebastianbergmann/resource-operations", + "time": "2015-07-28T20:34:47+00:00" + }, + { + "name": "sebastian/version", + "version": "2.0.1", + "source": { + "type": "git", + "url": "https://github.com/sebastianbergmann/version.git", + "reference": "99732be0ddb3361e16ad77b68ba41efc8e979019" + }, + "dist": { + "type": "zip", + "url": "https://api.github.com/repos/sebastianbergmann/version/zipball/99732be0ddb3361e16ad77b68ba41efc8e979019", + "reference": "99732be0ddb3361e16ad77b68ba41efc8e979019", + "shasum": "" + }, + "require": { + "php": ">=5.6" + }, + "type": "library", + "extra": { + "branch-alias": { + "dev-master": "2.0.x-dev" + } + }, + "autoload": { + "classmap": [ + "src/" + ] + }, + "notification-url": "https://packagist.org/downloads/", + "license": [ + "BSD-3-Clause" + ], + "authors": [ + { + "name": "Sebastian Bergmann", + "email": "sebastian@phpunit.de", + "role": "lead" + } + ], + "description": "Library that helps with managing the version number of Git-hosted PHP projects", + "homepage": "https://github.com/sebastianbergmann/version", + "time": "2016-10-03T07:35:21+00:00" + }, + { + "name": "theseer/tokenizer", + "version": "1.1.0", + "source": { + "type": "git", + "url": "https://github.com/theseer/tokenizer.git", + "reference": "cb2f008f3f05af2893a87208fe6a6c4985483f8b" + }, + "dist": { + "type": "zip", + "url": "https://api.github.com/repos/theseer/tokenizer/zipball/cb2f008f3f05af2893a87208fe6a6c4985483f8b", + "reference": "cb2f008f3f05af2893a87208fe6a6c4985483f8b", + "shasum": "" + }, + "require": { + "ext-dom": "*", + "ext-tokenizer": "*", + "ext-xmlwriter": "*", + "php": "^7.0" + }, + "type": "library", + "autoload": { + "classmap": [ + "src/" + ] + }, + "notification-url": "https://packagist.org/downloads/", + "license": [ + "BSD-3-Clause" + ], + "authors": [ + { + "name": "Arne Blankerts", + "email": "arne@blankerts.de", + "role": "Developer" + } + ], + "description": "A small library for converting tokenized PHP source code into XML and potentially other formats", + "time": "2017-04-07T12:08:54+00:00" + }, + { + "name": "webmozart/assert", + "version": "1.3.0", + "source": { + "type": "git", + "url": "https://github.com/webmozart/assert.git", + "reference": "0df1908962e7a3071564e857d86874dad1ef204a" + }, + "dist": { + "type": "zip", + "url": "https://api.github.com/repos/webmozart/assert/zipball/0df1908962e7a3071564e857d86874dad1ef204a", + "reference": "0df1908962e7a3071564e857d86874dad1ef204a", + "shasum": "" + }, + "require": { + "php": "^5.3.3 || ^7.0" + }, + "require-dev": { + "phpunit/phpunit": "^4.6", + "sebastian/version": "^1.0.1" + }, + "type": "library", + "extra": { + "branch-alias": { + "dev-master": "1.3-dev" + } + }, + "autoload": { + "psr-4": { + "Webmozart\\Assert\\": "src/" + } + }, + "notification-url": "https://packagist.org/downloads/", + "license": [ + "MIT" + ], + "authors": [ + { + "name": "Bernhard Schussek", + "email": "bschussek@gmail.com" + } + ], + "description": "Assertions to validate method input/output with nice error messages.", + "keywords": [ + "assert", + "check", + "validate" + ], + "time": "2018-01-29T19:49:41+00:00" + } + ], + "aliases": [], + "minimum-stability": "stable", + "stability-flags": [], + "prefer-stable": false, + "prefer-lowest": false, + "platform": { + "php": ">=7.0.0" + }, + "platform-dev": [] +} diff --git a/src/JeremyKendall/Password/Decorator/AbstractDecorator.php b/src/JeremyKendall/Password/Decorator/AbstractDecorator.php index 6ff0958..11b7a96 100644 --- a/src/JeremyKendall/Password/Decorator/AbstractDecorator.php +++ b/src/JeremyKendall/Password/Decorator/AbstractDecorator.php @@ -63,4 +63,21 @@ public function setOptions(array $options) { $this->validator->setOptions($options); } + + /** + * {@inheritDoc} + */ + public function setAlgorithm($algorithm) + { + $this->validator->setAlgorithm($algorithm); + } + + /** + * {@inheritDoc} + */ + public function getAlgorithm() + { + return $this->validator->getAlgorithm() ?: PASSWORD_DEFAULT; + } + } diff --git a/src/JeremyKendall/Password/Decorator/UpgradeDecorator.php b/src/JeremyKendall/Password/Decorator/UpgradeDecorator.php index c0f938e..d3c4801 100644 --- a/src/JeremyKendall/Password/Decorator/UpgradeDecorator.php +++ b/src/JeremyKendall/Password/Decorator/UpgradeDecorator.php @@ -55,7 +55,7 @@ public function isValid($password, $passwordHash, $legacySalt = null, $identity return $this->validator->isValid($password, $passwordHash, $legacySalt, $identity); } - + /** * This method returns an upgraded password, one that is hashed by the * password_hash method in such a way that it forces the PasswordValidator @@ -77,6 +77,6 @@ private function createHashWhichWillForceRehashInValidator($password) $cost++; } - return password_hash($password, PASSWORD_DEFAULT, array('cost' => $cost)); + return password_hash($password, $this->getAlgorithm(), array('cost' => $cost)); } } diff --git a/src/JeremyKendall/Password/PasswordValidator.php b/src/JeremyKendall/Password/PasswordValidator.php index 54f6311..2b1bb6a 100644 --- a/src/JeremyKendall/Password/PasswordValidator.php +++ b/src/JeremyKendall/Password/PasswordValidator.php @@ -10,7 +10,6 @@ namespace JeremyKendall\Password; -use JeremyKendall\Password\PasswordHashFailureException; use JeremyKendall\Password\Result as ValidationResult; /** @@ -28,6 +27,11 @@ class PasswordValidator implements PasswordValidatorInterface */ protected $resultInfo = array(); + /** + * @var int algorithm for password_hash + */ + protected $algorithm = PASSWORD_DEFAULT; + /** * {@inheritDoc} */ @@ -41,8 +45,8 @@ public function isValid($password, $passwordHash, $legacySalt = null, $identity $isValid = password_verify($password, $passwordHash); $needsRehash = password_needs_rehash( - $passwordHash, - PASSWORD_DEFAULT, + $passwordHash, + $this->algorithm, $this->getOptions() ); @@ -67,7 +71,7 @@ public function rehash($password) { $hash = password_hash( $password, - PASSWORD_DEFAULT, + $this->algorithm, $this->getOptions() ); @@ -101,4 +105,21 @@ public function setOptions(array $options) { $this->options = $options; } + + /** + * {@inheritDoc} + */ + public function setAlgorithm($algorithm) + { + $this->algorithm = $algorithm; + } + + /** + * {@inheritDoc} + */ + public function getAlgorithm() + { + return $this->algorithm; + } + } diff --git a/src/JeremyKendall/Password/PasswordValidatorInterface.php b/src/JeremyKendall/Password/PasswordValidatorInterface.php index 1bc1f13..9ec015d 100644 --- a/src/JeremyKendall/Password/PasswordValidatorInterface.php +++ b/src/JeremyKendall/Password/PasswordValidatorInterface.php @@ -52,4 +52,21 @@ public function setOptions(array $options); * @return array password_hash options */ public function getOptions(); + + /** + * Set the algorithm for the password_hash function + * + * @see http://php.net/password_hash + * Defaults to PASSWORD_DEFAULT + * + * @param int $algorithm + */ + public function setAlgorithm($algorithm); + + /** + * Get the algorithm for the password_hash function + * + * @return int algorithm + */ + public function getAlgorithm(); } diff --git a/tests/JeremyKendall/Password/Tests/Decorator/AbstractDecoratorTest.php b/tests/JeremyKendall/Password/Tests/Decorator/AbstractDecoratorTest.php index c0d8ea5..d767a07 100644 --- a/tests/JeremyKendall/Password/Tests/Decorator/AbstractDecoratorTest.php +++ b/tests/JeremyKendall/Password/Tests/Decorator/AbstractDecoratorTest.php @@ -11,23 +11,28 @@ namespace JeremyKendall\Password\Tests\Decorator; use JeremyKendall\Password\Decorator\AbstractDecorator; +use JeremyKendall\Password\PasswordValidatorInterface; +use PHPUnit\Framework\TestCase; -class AbstractDecoratorTest extends \PHPUnit_Framework_TestCase +class AbstractDecoratorTest extends TestCase { + + /** + * @var AbstractDecorator + */ private $decorator; + /** + * @var PasswordValidatorInterface|\PHPUnit_Framework_MockObject_MockObject + */ private $decoratedValidator; protected function setUp() { - parent::setUp(); - - $this->decoratedValidator = $this->getMockBuilder('JeremyKendall\Password\PasswordValidatorInterface') - ->disableOriginalConstructor() - ->getMock(); + $this->decoratedValidator = $this->createMock(PasswordValidatorInterface::class); - $this->decorator = - $this->getMockBuilder('JeremyKendall\Password\Decorator\AbstractDecorator') + $this->decorator = + $this->getMockBuilder(AbstractDecorator::class) ->setConstructorArgs(array($this->decoratedValidator)) ->getMockForAbstractClass(); } @@ -49,7 +54,7 @@ public function testIsValidWithOptionalArgs() $this->decorator->isValid('password', 'passwordHash', 'legacySalt', 'identity'); } - + public function testRehash() { $this->decoratedValidator->expects($this->once()) diff --git a/tests/JeremyKendall/Password/Tests/Decorator/IntegrationTest.php b/tests/JeremyKendall/Password/Tests/Decorator/IntegrationTest.php index 7e4a270..86ded8b 100644 --- a/tests/JeremyKendall/Password/Tests/Decorator/IntegrationTest.php +++ b/tests/JeremyKendall/Password/Tests/Decorator/IntegrationTest.php @@ -15,18 +15,23 @@ use JeremyKendall\Password\Decorator\StorageDecorator; use JeremyKendall\Password\Result as ValidationResult; use JeremyKendall\Password\Storage\StorageInterface; +use PHPUnit\Framework\TestCase; /** * @group integration */ -class IntegrationTest extends \PHPUnit_Framework_TestCase +class IntegrationTest extends TestCase { + + /** + * @var StorageInterface|\PHPUnit_Framework_MockObject_MockObject + */ protected $storage; + protected $callback; + protected function setUp() { - parent::setUp(); - $this->callback = function ($credential, $passwordHash) { if (hash('sha512', $credential) === $passwordHash) { return true; @@ -34,16 +39,16 @@ protected function setUp() return false; }; - $this->storage = $this->getMock('JeremyKendall\Password\Storage\StorageInterface'); + $this->storage = $this->createMock(StorageInterface::class); } public function testLegacyPasswordIsValidUpgradedRehashedStored() { $validator = new UpgradeDecorator( new StorageDecorator( - new PasswordValidator(), + new PasswordValidator(), $this->storage - ), + ), $this->callback ); $password = 'password'; @@ -69,9 +74,9 @@ public function testLegacyPasswordIsValidUpgradedRehashedStored2() { $validator = new StorageDecorator( new UpgradeDecorator( - new PasswordValidator(), + new PasswordValidator(), $this->callback - ), + ), $this->storage ); $password = 'password'; diff --git a/tests/JeremyKendall/Password/Tests/Decorator/KarptoniteRehashUpgradeDecoratorTest.php b/tests/JeremyKendall/Password/Tests/Decorator/KarptoniteRehashUpgradeDecoratorTest.php index b66da34..76f3be5 100644 --- a/tests/JeremyKendall/Password/Tests/Decorator/KarptoniteRehashUpgradeDecoratorTest.php +++ b/tests/JeremyKendall/Password/Tests/Decorator/KarptoniteRehashUpgradeDecoratorTest.php @@ -11,7 +11,9 @@ namespace JeremyKendall\Password\Tests\Decorator; use JeremyKendall\Password\Decorator\UpgradeDecorator; +use JeremyKendall\Password\PasswordValidatorInterface; use JeremyKendall\Password\Result as ValidationResult; +use PHPUnit\Framework\TestCase; /** * This test validates the upgrade scenario outlined in Daniel Karp's blog post @@ -22,9 +24,17 @@ * test the plain text password's legacy hash against the upgraded, persisted * hash. */ -class KarptoniteRehashUpgradeDecoratorTest extends \PHPUnit_Framework_TestCase +class KarptoniteRehashUpgradeDecoratorTest extends TestCase { + + /** + * @var UpgradeDecorator + */ private $decorator; + + /** + * @var PasswordValidatorInterface|\PHPUnit_Framework_MockObject_MockObject + */ private $decoratedValidator; private $validationCallback; private $plainTextPassword; @@ -33,8 +43,6 @@ class KarptoniteRehashUpgradeDecoratorTest extends \PHPUnit_Framework_TestCase protected function setUp() { - parent::setUp(); - $this->validationCallback = function ($credential, $passwordHash, $salt) { // Recreate the legacy hash. This was the persisted password hash // prior to upgrading. @@ -48,8 +56,7 @@ protected function setUp() return false; }; - $interface = 'JeremyKendall\Password\PasswordValidatorInterface'; - $this->decoratedValidator = $this->getMockBuilder($interface) + $this->decoratedValidator = $this->getMockBuilder(PasswordValidatorInterface::class) ->disableOriginalConstructor() ->getMock(); @@ -128,6 +135,8 @@ public function testRehashingPasswordHashesScenarioCredentialIsNotValid() /** * @dataProvider callbackDataProvider + * @param string $password + * @param bool $result */ public function testVerifyValidationCallback($password, $result) { diff --git a/tests/JeremyKendall/Password/Tests/Decorator/StorageDecoratorTest.php b/tests/JeremyKendall/Password/Tests/Decorator/StorageDecoratorTest.php index b1d90fe..18a76ed 100644 --- a/tests/JeremyKendall/Password/Tests/Decorator/StorageDecoratorTest.php +++ b/tests/JeremyKendall/Password/Tests/Decorator/StorageDecoratorTest.php @@ -11,25 +11,34 @@ namespace JeremyKendall\Password\Tests\Decorator; use JeremyKendall\Password\Decorator\StorageDecorator; +use JeremyKendall\Password\PasswordValidatorInterface; use JeremyKendall\Password\Result as ValidationResult; +use JeremyKendall\Password\Storage\IdentityMissingException; use JeremyKendall\Password\Storage\StorageInterface; +use PHPUnit\Framework\TestCase; -class StorageDecoratorTest extends \PHPUnit_Framework_TestCase +class StorageDecoratorTest extends TestCase { + + /** + * @var StorageDecorator + */ protected $decorator; + /** + * @var PasswordValidatorInterface|\PHPUnit_Framework_MockObject_MockObject + */ protected $decoratedValidator; + /** + * @var StorageInterface|\PHPUnit_Framework_MockObject_MockObject + */ protected $storage; protected function setUp() { - parent::setUp(); - - $this->storage = $this->getMock('JeremyKendall\Password\Storage\StorageInterface'); - $this->decoratedValidator = $this->getMockBuilder('JeremyKendall\Password\PasswordValidatorInterface') - ->disableOriginalConstructor() - ->getMock(); + $this->storage = $this->createMock(StorageInterface::class); + $this->decoratedValidator = $this->createMock(PasswordValidatorInterface::class); $this->decorator = new StorageDecorator( $this->decoratedValidator, $this->storage @@ -63,10 +72,8 @@ public function testPasswordValidPasswordRehashedAndStored() public function testFailureToProvideIdentityThrowsException() { - $this->setExpectedException( - 'JeremyKendall\Password\Storage\IdentityMissingException', - 'The StorageDecorator requires an $identity argument.' - ); + $this->expectException(IdentityMissingException::class); + $this->expectExceptionMessage('The StorageDecorator requires an $identity argument.'); $valid = new ValidationResult( ValidationResult::SUCCESS_PASSWORD_REHASHED, @@ -81,6 +88,6 @@ public function testFailureToProvideIdentityThrowsException() ->with('password', 'passwordHash') ->will($this->returnValue($valid)); - $result = $this->decorator->isValid('password', 'passwordHash'); + $this->decorator->isValid('password', 'passwordHash'); } } diff --git a/tests/JeremyKendall/Password/Tests/Decorator/UpgradeDecoratorTest.php b/tests/JeremyKendall/Password/Tests/Decorator/UpgradeDecoratorTest.php index 606eb92..a1a9d58 100644 --- a/tests/JeremyKendall/Password/Tests/Decorator/UpgradeDecoratorTest.php +++ b/tests/JeremyKendall/Password/Tests/Decorator/UpgradeDecoratorTest.php @@ -11,19 +11,27 @@ namespace JeremyKendall\Password\Tests\Decorator; use JeremyKendall\Password\Decorator\UpgradeDecorator; +use JeremyKendall\Password\PasswordValidatorInterface; use JeremyKendall\Password\Result as ValidationResult; +use PHPUnit\Framework\TestCase; -class UpgradeDecoratorTest extends \PHPUnit_Framework_TestCase +class UpgradeDecoratorTest extends TestCase { + + /** + * @var UpgradeDecorator + */ private $decorator; + /** + * @var PasswordValidatorInterface|\PHPUnit_Framework_MockObject_MockObject + */ private $decoratedValidator; private $validationCallback; protected function setUp() { - parent::setUp(); $this->validationCallback = function ($credential, $passwordHash) { if (hash('sha512', $credential) === $passwordHash) { return true; @@ -31,10 +39,8 @@ protected function setUp() return false; }; - - $this->decoratedValidator = $this->getMockBuilder('JeremyKendall\Password\PasswordValidatorInterface') - ->disableOriginalConstructor() - ->getMock(); + + $this->decoratedValidator = $this->createMock(PasswordValidatorInterface::class); $this->decorator = new UpgradeDecorator( $this->decoratedValidator, @@ -63,7 +69,7 @@ public function testPasswordValidAndPasswordRehashed() $this->assertTrue($result->isValid()); $this->assertEquals( - ValidationResult::SUCCESS_PASSWORD_REHASHED, + ValidationResult::SUCCESS_PASSWORD_REHASHED, $result->getCode() ); // Rehashed password is a valid hash @@ -115,7 +121,7 @@ public function testPasswordHashPasswordValidDecoratedValidatorTakesOver() $this->assertTrue($result->isValid()); $this->assertEquals( - ValidationResult::SUCCESS, + ValidationResult::SUCCESS, $result->getCode() ); $this->assertNull($result->getPassword()); diff --git a/tests/JeremyKendall/Password/Tests/PasswordValidatorTest.php b/tests/JeremyKendall/Password/Tests/PasswordValidatorTest.php index 1ec76dd..e5fc548 100644 --- a/tests/JeremyKendall/Password/Tests/PasswordValidatorTest.php +++ b/tests/JeremyKendall/Password/Tests/PasswordValidatorTest.php @@ -12,14 +12,17 @@ use JeremyKendall\Password\PasswordValidator; use JeremyKendall\Password\Result as ValidationResult; +use PHPUnit\Framework\TestCase; -class PasswordValidatorTest extends \PHPUnit_Framework_TestCase +class PasswordValidatorTest extends TestCase { + /** + * @var PasswordValidator + */ private $validator; protected function setUp() { - parent::setUp(); $this->validator = new PasswordValidator(); } @@ -31,7 +34,22 @@ public function testPasswordIsValidDoesNotNeedRehash() $this->assertTrue($result->isValid()); $this->assertEquals( - ValidationResult::SUCCESS, + ValidationResult::SUCCESS, + $result->getCode() + ); + $this->assertNull($result->getPassword()); + } + + public function testPasswordIsValidDoesNotNeedRehashWithAlgorithm() + { + $passwordHash = password_hash('password', PASSWORD_ARGON2I); + + $this->validator->setAlgorithm(PASSWORD_ARGON2I); + $result = $this->validator->isValid('password', $passwordHash); + + $this->assertTrue($result->isValid()); + $this->assertEquals( + ValidationResult::SUCCESS, $result->getCode() ); $this->assertNull($result->getPassword()); @@ -47,7 +65,7 @@ public function testPasswordIsValidAndIsRehashed() $this->assertTrue($result->isValid()); $this->assertEquals( - ValidationResult::SUCCESS_PASSWORD_REHASHED, + ValidationResult::SUCCESS_PASSWORD_REHASHED, $result->getCode() ); $this->assertStringStartsWith('$2y$10$', $result->getPassword()); @@ -66,12 +84,31 @@ public function testCostNineHashValidAndNotRehashedBecauseOptions() $this->assertTrue($result->isValid()); $this->assertEquals( - ValidationResult::SUCCESS, + ValidationResult::SUCCESS, $result->getCode() ); $this->assertNull($result->getPassword()); } + public function testPasswordIsValidAndIsRehashedBecauseAlgorithm() + { + $options = ['cost' => 9]; + $passwordHash = password_hash('password', PASSWORD_DEFAULT, $options); + $this->assertStringStartsWith('$2y$09$', $passwordHash); + + $this->validator->setAlgorithm(PASSWORD_ARGON2I); + $result = $this->validator->isValid('password', $passwordHash); + + $this->assertTrue($result->isValid()); + $this->assertEquals( + ValidationResult::SUCCESS_PASSWORD_REHASHED, + $result->getCode() + ); + $this->assertStringStartsWith('$argon2i$v=19$m=1024,t=2,p=', $result->getPassword()); + // Rehashed password is a valid hash + $this->assertTrue(password_verify('password', $result->getPassword())); + } + public function testPasswordIsInvalid() { $passwordHash = password_hash('passwordz', PASSWORD_DEFAULT); @@ -80,7 +117,7 @@ public function testPasswordIsInvalid() $this->assertFalse($result->isValid()); $this->assertEquals( - ValidationResult::FAILURE_PASSWORD_INVALID, + ValidationResult::FAILURE_PASSWORD_INVALID, $result->getCode() ); $this->assertNull($result->getPassword()); From 2b05adbbf31dba3f28b9eee8253bcb7bae9e20b7 Mon Sep 17 00:00:00 2001 From: Bastian Hofmann Date: Wed, 28 Feb 2018 13:40:37 +0100 Subject: [PATCH 2/5] Only run tests against 7.1 since this is the minimum version requirement for PHPUnit 7 --- .travis.yml | 1 - 1 file changed, 1 deletion(-) diff --git a/.travis.yml b/.travis.yml index 0c9c03a..e1d0e28 100644 --- a/.travis.yml +++ b/.travis.yml @@ -1,7 +1,6 @@ language: php php: - - 7.0 - 7.1 - 7.2 From a6607d46206cf1dd3bbcb1089b9618d83b3d8665 Mon Sep 17 00:00:00 2001 From: Bastian Hofmann Date: Wed, 28 Feb 2018 13:46:47 +0100 Subject: [PATCH 3/5] Do not execute tests that use new password_hash algorithm on php versions that do not support this algorithm --- .../JeremyKendall/Password/Tests/PasswordValidatorTest.php | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/tests/JeremyKendall/Password/Tests/PasswordValidatorTest.php b/tests/JeremyKendall/Password/Tests/PasswordValidatorTest.php index e5fc548..f6a208e 100644 --- a/tests/JeremyKendall/Password/Tests/PasswordValidatorTest.php +++ b/tests/JeremyKendall/Password/Tests/PasswordValidatorTest.php @@ -42,6 +42,9 @@ public function testPasswordIsValidDoesNotNeedRehash() public function testPasswordIsValidDoesNotNeedRehashWithAlgorithm() { + if (PHP_MAJOR_VERSION === 7 && PHP_MINOR_VERSION < 2) { + $this->markTestSkipped('PASSWORD_ARGON2I is only available for PHP >= 7.2'); + } $passwordHash = password_hash('password', PASSWORD_ARGON2I); $this->validator->setAlgorithm(PASSWORD_ARGON2I); @@ -92,6 +95,9 @@ public function testCostNineHashValidAndNotRehashedBecauseOptions() public function testPasswordIsValidAndIsRehashedBecauseAlgorithm() { + if (PHP_MAJOR_VERSION === 7 && PHP_MINOR_VERSION < 2) { + $this->markTestSkipped('PASSWORD_ARGON2I is only available for PHP >= 7.2'); + } $options = ['cost' => 9]; $passwordHash = password_hash('password', PASSWORD_DEFAULT, $options); $this->assertStringStartsWith('$2y$09$', $passwordHash); From 435c7d80707fa4cf7e8c4dc75238f4fe74bb8a6c Mon Sep 17 00:00:00 2001 From: Bastian Hofmann Date: Wed, 28 Feb 2018 13:53:11 +0100 Subject: [PATCH 4/5] Try to fix travis build where PHP 7.2 does not contain sodium --- .travis.yml | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/.travis.yml b/.travis.yml index e1d0e28..e50b2fa 100644 --- a/.travis.yml +++ b/.travis.yml @@ -4,6 +4,10 @@ php: - 7.1 - 7.2 +before_install: + # Fix Argon2i password hasher in TravisCi PHP version + - composer require paragonie/sodium_compat + before_script: - composer self-update - composer install --prefer-dist From de944dffa0ada2f97e57767c9116549321d73a7f Mon Sep 17 00:00:00 2001 From: Bastian Hofmann Date: Wed, 28 Feb 2018 14:14:17 +0100 Subject: [PATCH 5/5] Try to fix travis build where PHP 7.2 does not contain sodium --- .travis.yml | 4 ---- tests/JeremyKendall/Password/Tests/PasswordValidatorTest.php | 4 ++-- 2 files changed, 2 insertions(+), 6 deletions(-) diff --git a/.travis.yml b/.travis.yml index e50b2fa..e1d0e28 100644 --- a/.travis.yml +++ b/.travis.yml @@ -4,10 +4,6 @@ php: - 7.1 - 7.2 -before_install: - # Fix Argon2i password hasher in TravisCi PHP version - - composer require paragonie/sodium_compat - before_script: - composer self-update - composer install --prefer-dist diff --git a/tests/JeremyKendall/Password/Tests/PasswordValidatorTest.php b/tests/JeremyKendall/Password/Tests/PasswordValidatorTest.php index f6a208e..2ca7f54 100644 --- a/tests/JeremyKendall/Password/Tests/PasswordValidatorTest.php +++ b/tests/JeremyKendall/Password/Tests/PasswordValidatorTest.php @@ -42,7 +42,7 @@ public function testPasswordIsValidDoesNotNeedRehash() public function testPasswordIsValidDoesNotNeedRehashWithAlgorithm() { - if (PHP_MAJOR_VERSION === 7 && PHP_MINOR_VERSION < 2) { + if (!defined('PASSWORD_ARGON2I')) { $this->markTestSkipped('PASSWORD_ARGON2I is only available for PHP >= 7.2'); } $passwordHash = password_hash('password', PASSWORD_ARGON2I); @@ -95,7 +95,7 @@ public function testCostNineHashValidAndNotRehashedBecauseOptions() public function testPasswordIsValidAndIsRehashedBecauseAlgorithm() { - if (PHP_MAJOR_VERSION === 7 && PHP_MINOR_VERSION < 2) { + if (!defined('PASSWORD_ARGON2I')) { $this->markTestSkipped('PASSWORD_ARGON2I is only available for PHP >= 7.2'); } $options = ['cost' => 9];