WordPress.org

Make WordPress Core


Ignore:
File:
1 edited

Legend:

Unmodified
Added
Removed
  • branches/4.0/tests/phpunit/tests/auth.php

    r29620 r30467  
    33/**
    44 * @group pluggable
     5 * @group auth
    56 */
    67class Tests_Auth extends WP_UnitTestCase {
     
    100101        $this->assertFalse( wp_verify_nonce( null ) );
    101102    }
     103
     104    function test_password_length_limit() {
     105        $passwords = array(
     106            str_repeat( 'a', 4095 ), // short
     107            str_repeat( 'a', 4096 ), // limit
     108            str_repeat( 'a', 4097 ), // long
     109        );
     110
     111        $user_id = $this->factory->user->create( array( 'user_login' => 'password-length-test' ) );
     112
     113        wp_set_password( $passwords[1], $user_id );
     114        $user = get_user_by( 'id', $user_id );
     115        // phpass hashed password
     116        $this->assertStringStartsWith( '$P$', $user->data->user_pass );
     117
     118        $user = wp_authenticate( 'password-length-test', $passwords[0] );
     119        // Wrong Password
     120        $this->assertInstanceOf( 'WP_Error', $user );
     121
     122        $user = wp_authenticate( 'password-length-test', $passwords[1] );
     123        $this->assertInstanceOf( 'WP_User', $user );
     124        $this->assertEquals( $user_id, $user->ID );
     125
     126        $user = wp_authenticate( 'password-length-test', $passwords[2] );
     127        // Wrong Password
     128        $this->assertInstanceOf( 'WP_Error', $user );
     129
     130
     131        wp_set_password( $passwords[2], $user_id );
     132        $user = get_user_by( 'id', $user_id );
     133        // Password broken by setting it to be too long.
     134        $this->assertEquals( '*', $user->data->user_pass );
     135
     136        $user = wp_authenticate( 'password-length-test', $passwords[0] );
     137        // Wrong Password
     138        $this->assertInstanceOf( 'WP_Error', $user );
     139
     140        $user = wp_authenticate( 'password-length-test', $passwords[1] );
     141        // Wrong Password
     142        $this->assertInstanceOf( 'WP_Error', $user );
     143
     144        $user = wp_authenticate( 'password-length-test', $passwords[2] );
     145        // Password broken by setting it to be too long.
     146        $this->assertInstanceOf( 'WP_Error', $user );
     147    }
    102148}
Note: See TracChangeset for help on using the changeset viewer.