[Security] Verify if a password encoded with bcrypt is no longer than 72 characters
This commit is contained in:
parent
b23c9a3b5b
commit
5c302669eb
@ -19,6 +19,8 @@ use Symfony\Component\Security\Core\Exception\BadCredentialsException;
|
||||
*/
|
||||
class BCryptPasswordEncoder extends BasePasswordEncoder
|
||||
{
|
||||
const MAX_PASSWORD_LENGTH = 72;
|
||||
|
||||
/**
|
||||
* @var string
|
||||
*/
|
||||
|
@ -95,6 +95,6 @@ abstract class BasePasswordEncoder implements PasswordEncoderInterface
|
||||
*/
|
||||
protected function isPasswordTooLong($password)
|
||||
{
|
||||
return strlen($password) > self::MAX_PASSWORD_LENGTH;
|
||||
return strlen($password) > static::MAX_PASSWORD_LENGTH;
|
||||
}
|
||||
}
|
||||
|
@ -73,13 +73,15 @@ class BCryptPasswordEncoderTest extends \PHPUnit_Framework_TestCase
|
||||
{
|
||||
$encoder = new BCryptPasswordEncoder(self::VALID_COST);
|
||||
|
||||
$encoder->encodePassword(str_repeat('a', 5000), 'salt');
|
||||
$encoder->encodePassword(str_repeat('a', 73), 'salt');
|
||||
}
|
||||
|
||||
public function testCheckPasswordLength()
|
||||
{
|
||||
$encoder = new BCryptPasswordEncoder(self::VALID_COST);
|
||||
$result = $encoder->encodePassword(str_repeat('a', 72), null);
|
||||
|
||||
$this->assertFalse($encoder->isPasswordValid('encoded', str_repeat('a', 5000), 'salt'));
|
||||
$this->assertFalse($encoder->isPasswordValid($result, str_repeat('a', 73), 'salt'));
|
||||
$this->assertTrue($encoder->isPasswordValid($result, str_repeat('a', 72), 'salt'));
|
||||
}
|
||||
}
|
||||
|
Reference in New Issue
Block a user