home | career | drupal | java | mac | mysql | perl | php | scala | uml | unix

Drupal example source code file (password.test)

This example Drupal source code file (password.test) is included in the DevDaily.com "Drupal Source Code Warehouse" project. The intent of this project is to help you "Learn Drupal by Example".

PHP - Drupal tags/keywords

account, array, check, drupal_min_hash_count, function, hash, log2, new, of, old_hash, password, php, succeeds, the

The password.test Drupal example source code

<?php
// $Id: password.test,v 1.1 2010/12/18 00:56:18 dries Exp $

/**
 * @file
 * Provides unit tests for password.inc.
 */

/**
 * Unit tests for password hashing API.
 */
class PasswordHashingTest extends DrupalWebTestCase {
  protected $profile = 'testing';

  public static function getInfo() {
    return array(
      'name' => 'Password hashing',
      'description' => 'Password hashing unit tests.',
      'group' => 'System',
    );
  }

  function setUp() {
    require_once DRUPAL_ROOT . '/' . variable_get('password_inc', 'includes/password.inc');
    parent::setUp();
  }

  /**
   * Test password hashing.
   */
  function testPasswordHashing() {
    // Set a log2 iteration count that is deliberately out of bounds to test
    // that it is corrected to be within bounds.
    variable_set('password_count_log2', 1);
    // Set up a fake $account with a password 'baz', hashed with md5.
    $password = 'baz';
    $account = (object) array('name' => 'foo', 'pass' => md5($password));
    // The md5 password should be flagged as needing an update.
    $this->assertTrue(user_needs_new_hash($account), t('User with md5 password needs a new hash.'));
    // Re-hash the password.
    $old_hash = $account->pass;
    $account->pass = user_hash_password($password);
    $this->assertIdentical(_password_get_count_log2($account->pass), DRUPAL_MIN_HASH_COUNT, t('Re-hashed password has the minimum number of log2 iterations.'));
    $this->assertTrue($account->pass != $old_hash, t('Password hash changed.'));
    $this->assertTrue(user_check_password($password, $account), t('Password check succeeds.'));
    // Since the log2 setting hasn't changed and the user has a valid password,
    // user_needs_new_hash() should return FALSE.
    $this->assertFalse(user_needs_new_hash($account), t('User does not need a new hash.'));
    // Increment the log2 iteration to MIN + 1.
    variable_set('password_count_log2', DRUPAL_MIN_HASH_COUNT + 1);
    $this->assertTrue(user_needs_new_hash($account), t('User needs a new hash after incrementing the log2 count.'));
    // Re-hash the password.
    $old_hash = $account->pass;
    $account->pass = user_hash_password($password);
    $this->assertIdentical(_password_get_count_log2($account->pass), DRUPAL_MIN_HASH_COUNT + 1, t('Re-hashed password has the correct number of log2 iterations.'));
    $this->assertTrue($account->pass != $old_hash, t('Password hash changed again.'));
    // Now the hash should be OK.
    $this->assertFalse(user_needs_new_hash($account), t('Re-hashed password does not need a new hash.'));
    $this->assertTrue(user_check_password($password, $account), t('Password check succeeds with re-hashed password.'));
  }
}

Other Drupal examples (source code examples)

Here is a short list of links related to this Drupal password.test source code file:

new blog posts

"Drupal" is a registered trademark of Dries Buytaert.

my drupal tutorials and examples  

Copyright 1998-2016 Alvin Alexander, alvinalexander.com
All Rights Reserved.

Beginning in 2016, a portion of the proceeds from pages under the '/drupal-code-examples/' URI will be donated to charity.