Skip to content
This repository has been archived by the owner on Jan 29, 2020. It is now read-only.

Commit

Permalink
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Merge pull request zendframework/zendframework#5604 from samsonasik/c…
Browse files Browse the repository at this point in the history
…hange/php-require-version

[2.3.0] change php require version from 5.3.3 to 5.3.23 in all resources and update tests that no longer support 5.3.3
Showing 3 changed files with 4 additions and 48 deletions.
2 changes: 1 addition & 1 deletion composer.json
Original file line number Diff line number Diff line change
@@ -13,7 +13,7 @@
}
},
"require": {
"php": ">=5.3.3",
"php": ">=5.3.23",
"zendframework/zend-math": "self.version",
"zendframework/zend-stdlib": "self.version",
"zendframework/zend-servicemanager": "self.version"
16 changes: 0 additions & 16 deletions src/Password/Bcrypt.php
Original file line number Diff line number Diff line change
@@ -121,22 +121,6 @@ public function verify($password, $hash)
if ($result === $hash) {
return true;
}
if (strlen($result) <= 13) {
/* This should only happen if the algorithm that generated hash is
* either unsupported by this version of crypt(), or is invalid.
*
* An example of when this can happen, is if you generate
* non-backwards-compatible hashes on 5.3.7+, and then try to verify
* them on < 5.3.7.
*
* This is needed, because version comparisons are not possible due
* to back-ported functionality by some distributions.
*/
throw new Exception\RuntimeException(
'The supplied password hash could not be verified. Please check ' .
'backwards compatibility settings.'
);
}
return false;
}

34 changes: 3 additions & 31 deletions test/Password/BcryptTest.php
Original file line number Diff line number Diff line change
@@ -32,11 +32,8 @@ public function setUp()
$this->bcrypt = new Bcrypt();
$this->salt = '1234567890123456';
$this->password = 'test';
if (version_compare(PHP_VERSION, '5.3.7') >= 0) {
$this->prefix = '$2y$';
} else {
$this->prefix = '$2a$';
}
$this->prefix = '$2y$';

$this->bcryptPassword = $this->prefix . '10$MTIzNDU2Nzg5MDEyMzQ1Nej0NmcAWSLR.oP7XOR9HD/vjUuOj100y';
}

@@ -118,38 +115,13 @@ public function testVerify()
$this->assertFalse($this->bcrypt->verify(substr($this->password, -1), $this->bcryptPassword));
}

public function testVerifyFailureVersion()
{
$test = (substr(crypt('test', '$2y$04$012345678901234567890123456789'), 0, 3) === '$2y');
if (!$test) {
// We don't support new style hashes, test verify failure
$hash = '$y2$14$MTIzNDU2Nzg5MDEyMzQ1NeWUUefVlefsTbFhsbqKFv/vPSZBrSFVm';
$this->setExpectedException('Zend\Crypt\Password\Exception\RuntimeException',
'The supplied password hash could not be verified. Please check ' .
'backwards compatibility settings.'
);
$this->bcrypt->verify('test', $hash);
} else {
$this->markTestSkipped('Test requires PHP which does not support $2y hashes (<5.3.7)');
}
}

public function testPasswordWith8bitCharacter()
{
$password = 'test' . chr(128);
$this->bcrypt->setSalt($this->salt);

if (version_compare(PHP_VERSION, '5.3.7') >= 0) {
$this->assertEquals('$2y$10$MTIzNDU2Nzg5MDEyMzQ1NemFdU/4JOrNpxMym09Mbp0m4hKTgfQo.',
$this->assertEquals('$2y$10$MTIzNDU2Nzg5MDEyMzQ1NemFdU/4JOrNpxMym09Mbp0m4hKTgfQo.',
$this->bcrypt->create($password));
} else {
$this->setExpectedException('Zend\Crypt\Password\Exception\RuntimeException',
'The bcrypt implementation used by PHP can contain a security flaw ' .
'using password with 8-bit character. ' .
'We suggest to upgrade to PHP 5.3.7+ or use passwords with only 7-bit characters'
);
$output = $this->bcrypt->create($password);
}
}

public function testSetBackwardCompatibility()

0 comments on commit 7a5f15e

Please sign in to comment.