[Security] Verify if a password encoded with bcrypt is no longer than 72 characters
This commit is contained in:
parent
b23c9a3b5b
commit
5c302669eb
@ -19,6 +19,8 @@ use Symfony\Component\Security\Core\Exception\BadCredentialsException;
|
|||||||
*/
|
*/
|
||||||
class BCryptPasswordEncoder extends BasePasswordEncoder
|
class BCryptPasswordEncoder extends BasePasswordEncoder
|
||||||
{
|
{
|
||||||
|
const MAX_PASSWORD_LENGTH = 72;
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* @var string
|
* @var string
|
||||||
*/
|
*/
|
||||||
|
@ -95,6 +95,6 @@ abstract class BasePasswordEncoder implements PasswordEncoderInterface
|
|||||||
*/
|
*/
|
||||||
protected function isPasswordTooLong($password)
|
protected function isPasswordTooLong($password)
|
||||||
{
|
{
|
||||||
return strlen($password) > self::MAX_PASSWORD_LENGTH;
|
return strlen($password) > static::MAX_PASSWORD_LENGTH;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
@ -73,13 +73,15 @@ class BCryptPasswordEncoderTest extends \PHPUnit_Framework_TestCase
|
|||||||
{
|
{
|
||||||
$encoder = new BCryptPasswordEncoder(self::VALID_COST);
|
$encoder = new BCryptPasswordEncoder(self::VALID_COST);
|
||||||
|
|
||||||
$encoder->encodePassword(str_repeat('a', 5000), 'salt');
|
$encoder->encodePassword(str_repeat('a', 73), 'salt');
|
||||||
}
|
}
|
||||||
|
|
||||||
public function testCheckPasswordLength()
|
public function testCheckPasswordLength()
|
||||||
{
|
{
|
||||||
$encoder = new BCryptPasswordEncoder(self::VALID_COST);
|
$encoder = new BCryptPasswordEncoder(self::VALID_COST);
|
||||||
|
$result = $encoder->encodePassword(str_repeat('a', 72), null);
|
||||||
|
|
||||||
$this->assertFalse($encoder->isPasswordValid('encoded', str_repeat('a', 5000), 'salt'));
|
$this->assertFalse($encoder->isPasswordValid($result, str_repeat('a', 73), 'salt'));
|
||||||
|
$this->assertTrue($encoder->isPasswordValid($result, str_repeat('a', 72), 'salt'));
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
Reference in New Issue
Block a user