1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
|
<?php
namespace Roundcube\Plugins\Tests;
use PHPUnit\Framework\TestCase;
class Tests_Password extends TestCase
{
public static function setUpBeforeClass(): void
{
include_once INSTALL_PATH . 'plugins/password/password.php';
}
/**
* Plugin object construction test
*/
function test_constructor()
{
$rcube = \rcube::get_instance();
$plugin = new \password($rcube->plugins);
$this->assertInstanceOf(\password::class, $plugin);
$this->assertInstanceOf(\rcube_plugin::class, $plugin);
}
/**
* A dummy test testing PHP syntax on password drivers
*/
function test_all_drivers()
{
if ($files = glob(INSTALL_PATH . 'plugins/password/drivers/*.php')) {
foreach ($files as $file) {
if (preg_match('|/([a-z_]+)\.php$|', $file, $matches)) {
$this->load_driver($matches[1]);
}
}
}
}
/**
* cpanel driver test
*/
function test_driver_cpanel()
{
$driver_class = $this->load_driver('cpanel');
$error_result = $driver_class::decode_response(false);
$this->assertEquals($error_result, PASSWORD_CONNECT_ERROR);
$bad_result = $driver_class::decode_response(null);
$this->assertEquals($bad_result, PASSWORD_CONNECT_ERROR);
$null_result = $driver_class::decode_response('null');
$this->assertEquals($null_result, PASSWORD_ERROR);
$malformed_result = $driver_class::decode_response('random {string]!');
$this->assertEquals($malformed_result, PASSWORD_ERROR);
$other_result = $driver_class::decode_response('{"a":"b"}');
$this->assertEquals($other_result, PASSWORD_ERROR);
$fail_response = '{"data":null,"errors":["Execution of Email::passwdp'
. 'op (api version:3) is not permitted inside of webmail"],"sta'
. 'tus":0,"metadata":{},"messages":null}';
$error_message = 'Execution of Email::passwdpop (api version:3) is no'
. 't permitted inside of webmail';
$expected_result = [
'code' => PASSWORD_ERROR,
'message' => $error_message
];
$fail_result = $driver_class::decode_response($fail_response);
$this->assertEquals($expected_result, $fail_result);
$success_response = '{"metadata":{},"data":null,"messages":null,"errors'
. '":null,"status":1}';
$good_result = $driver_class::decode_response($success_response);
$this->assertEquals($good_result, PASSWORD_SUCCESS);
}
/**
* Loads a driver's source file, checks that its class exist and returns the
* driver's class name.
*
* @param string $driver driver name, example: "chpasswd"
* @return string driver's class name, example: "rcube_chpasswd_password"
*/
function load_driver($driver)
{
include_once INSTALL_PATH . "plugins/password/drivers/$driver.php";
$driver_class = "rcube_{$driver}_password";
$this->assertTrue(class_exists($driver_class));
return $driver_class;
}
/**
* Test hash_password()
*/
function test_hash_password()
{
$pass = \password::hash_password('test', 'clear');
$this->assertSame('test', $pass);
$pass = \password::hash_password('test', 'ad');
$this->assertSame("\"\0t\0e\0s\0t\0\"\0", $pass);
$pass = \password::hash_password('test', 'ssha');
$this->assertMatchesRegularExpression('/^\{SSHA\}[a-zA-Z0-9+\/]{32}$/', $pass);
$pass = \password::hash_password('test', 'ssha256');
$this->assertMatchesRegularExpression('/^\{SSHA256\}[a-zA-Z0-9+\/=]{48}$/', $pass);
$pass = \password::hash_password('test', 'sha256-crypt');
$this->assertMatchesRegularExpression('/^\{SHA256-CRYPT\}\$5\$[a-zA-Z0-9]{16}\$[a-zA-Z0-9.\/]{43}$/', $pass);
$pass = \password::hash_password('test', 'hash-bcrypt');
$this->assertMatchesRegularExpression('/^\{BLF-CRYPT\}\$2y\$[0123456789]{2}\$[a-zA-Z0-9.\/]{53}$/', $pass);
// TODO: Test all algos
}
}
|
