From 79d4558a5811aa426b7a85eb493dec10dc982a6a Mon Sep 17 00:00:00 2001 From: Tony Levi Date: Mon, 3 Aug 2015 16:16:03 +0930 Subject: [PATCH] MDL-52283 core: password_hash() deprecation in PHP7 --- auth/db/tests/db_test.php | 2 +- lib/password_compat/readme_moodle.txt | 2 ++ lib/password_compat/tests/PasswordHashTest.php | 8 ++++---- 3 files changed, 7 insertions(+), 5 deletions(-) diff --git a/auth/db/tests/db_test.php b/auth/db/tests/db_test.php index e619df670cf..7979bd86a4b 100644 --- a/auth/db/tests/db_test.php +++ b/auth/db/tests/db_test.php @@ -309,7 +309,7 @@ class auth_db_testcase extends advanced_testcase { require_once($CFG->libdir.'/password_compat/lib/password.php'); set_config('passtype', 'saltedcrypt', 'auth/db'); $auth->config->passtype = 'saltedcrypt'; - $user3->pass = password_hash('heslo', PASSWORD_BCRYPT, array('salt' => 'best_salt_ever_moodle_rocks_dont_tell')); + $user3->pass = password_hash('heslo', PASSWORD_BCRYPT); $DB->update_record('auth_db_users', $user3); $this->assertTrue($auth->user_login('u3', 'heslo')); diff --git a/lib/password_compat/readme_moodle.txt b/lib/password_compat/readme_moodle.txt index a0e38e388b1..4e0707234e0 100644 --- a/lib/password_compat/readme_moodle.txt +++ b/lib/password_compat/readme_moodle.txt @@ -16,6 +16,8 @@ Our changes: * Added the following require_once() to the test files: global $CFG; require_once($CFG->dirroot . '/lib/password_compat/lib/password.php'); +* tests/PasswordHashTest.php supresses debugging from using salt in password_hash() + see MDL-52283 Library description: ==================== diff --git a/lib/password_compat/tests/PasswordHashTest.php b/lib/password_compat/tests/PasswordHashTest.php index 31435bcbc53..261d6df368e 100644 --- a/lib/password_compat/tests/PasswordHashTest.php +++ b/lib/password_compat/tests/PasswordHashTest.php @@ -19,12 +19,12 @@ class PasswordHashTest extends PHPUnit_Framework_TestCase { } public function testKnownSalt() { - $hash = password_hash("rasmuslerdorf", PASSWORD_BCRYPT, array("cost" => 7, "salt" => "usesomesillystringforsalt")); + $hash = @password_hash("rasmuslerdorf", PASSWORD_BCRYPT, array("cost" => 7, "salt" => "usesomesillystringforsalt")); $this->assertEquals('$2y$07$usesomesillystringfore2uDLvp1Ii2e./U9C8sBjqp8I90dH6hi', $hash); } public function testRawSalt() { - $hash = password_hash("test", PASSWORD_BCRYPT, array("salt" => "123456789012345678901" . chr(0))); + $hash = @password_hash("test", PASSWORD_BCRYPT, array("salt" => "123456789012345678901" . chr(0))); if (version_compare(PHP_VERSION, '5.5.0', '<')) { $this->assertEquals('$2y$10$KRGxLBS0Lxe3KBCwKxOzLexLDeu0ZfqJAKTubOfy7O/yL2hjimw3u', $hash); } else { @@ -33,12 +33,12 @@ class PasswordHashTest extends PHPUnit_Framework_TestCase { } public function testNullBehavior() { - $hash = password_hash(null, PASSWORD_BCRYPT, array("salt" => "1234567890123456789012345678901234567890")); + $hash = @password_hash(null, PASSWORD_BCRYPT, array("salt" => "1234567890123456789012345678901234567890")); $this->assertEquals('$2y$10$123456789012345678901uhihPb9QpE2n03zMu9TDdvO34jDn6mO.', $hash); } public function testIntegerBehavior() { - $hash = password_hash(12345, PASSWORD_BCRYPT, array("salt" => "1234567890123456789012345678901234567890")); + $hash = @password_hash(12345, PASSWORD_BCRYPT, array("salt" => "1234567890123456789012345678901234567890")); $this->assertEquals('$2y$10$123456789012345678901ujczD5TiARVFtc68bZCAlbEg1fCIexfO', $hash); }