2016-01-02 13:39:28 +00:00
|
|
|
<?php
|
2014-04-05 18:42:46 +00:00
|
|
|
/*
|
|
|
|
$Id$
|
|
|
|
|
|
|
|
This code is part of LDAP Account Manager (http://www.ldap-account-manager.org/)
|
|
|
|
Copyright (C) 2014 Roland Gruber
|
|
|
|
|
|
|
|
This program is free software; you can redistribute it and/or modify
|
|
|
|
it under the terms of the GNU General Public License as published by
|
|
|
|
the Free Software Foundation; either version 2 of the License, or
|
|
|
|
(at your option) any later version.
|
|
|
|
|
|
|
|
This program is distributed in the hope that it will be useful,
|
|
|
|
but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
|
|
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
|
|
|
GNU General Public License for more details.
|
|
|
|
|
|
|
|
You should have received a copy of the GNU General Public License
|
|
|
|
along with this program; if not, write to the Free Software
|
|
|
|
Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
|
|
|
|
|
|
|
|
*/
|
|
|
|
|
|
|
|
$_SERVER ['REMOTE_ADDR'] = '127.0.0.1';
|
|
|
|
|
|
|
|
include_once (dirname ( __FILE__ ) . '/../utils/configuration.inc');
|
|
|
|
include_once (dirname ( __FILE__ ) . '/../../lib/security.inc');
|
|
|
|
|
|
|
|
/**
|
|
|
|
* Checks password checking functions.
|
2016-01-02 13:39:28 +00:00
|
|
|
*
|
2014-04-05 18:42:46 +00:00
|
|
|
* @author Roland Gruber
|
|
|
|
*
|
|
|
|
*/
|
|
|
|
class SecurityTest extends PHPUnit_Framework_TestCase {
|
2016-01-02 13:39:28 +00:00
|
|
|
|
|
|
|
private $cfg = null;
|
|
|
|
|
2014-04-05 18:42:46 +00:00
|
|
|
protected function setUp() {
|
|
|
|
testCreateDefaultConfig ();
|
|
|
|
$this->cfg = &$_SESSION ['cfgMain'];
|
|
|
|
$this->resetPasswordRules();
|
|
|
|
}
|
2016-01-02 13:39:28 +00:00
|
|
|
|
2014-04-05 18:42:46 +00:00
|
|
|
public function testMinLength() {
|
|
|
|
$this->cfg->passwordMinLength = 5;
|
|
|
|
$this->checkPwd(array('55555', '666666'), array('1', '22', '333', '4444'));
|
|
|
|
}
|
2016-01-02 13:39:28 +00:00
|
|
|
|
2014-04-05 18:42:46 +00:00
|
|
|
public function testMinUpper() {
|
|
|
|
$this->cfg->passwordMinUpper = 3;
|
|
|
|
$this->checkPwd(array('55A5AA55', '6BB666BB66', 'ABC'), array ('1A', '2C2C', 'AB3', '44BB'));
|
|
|
|
}
|
2016-01-02 13:39:28 +00:00
|
|
|
|
2014-04-05 18:42:46 +00:00
|
|
|
public function testMinLower() {
|
|
|
|
$this->cfg->passwordMinLower = 3;
|
|
|
|
$this->checkPwd(array('55a5aa55', '6bb666bb66', 'abc'), array ('1a', '2c2c', 'ab3', '44bbABC'));
|
|
|
|
}
|
2016-01-02 13:39:28 +00:00
|
|
|
|
2014-04-05 18:42:46 +00:00
|
|
|
public function testMinNumeric() {
|
|
|
|
$this->cfg->passwordMinNumeric = 3;
|
|
|
|
$this->checkPwd(array('333', '4444'), array('1', '22', '33A', '44bb'));
|
|
|
|
}
|
2016-01-02 13:39:28 +00:00
|
|
|
|
2014-04-05 18:42:46 +00:00
|
|
|
public function testMinSymbol() {
|
|
|
|
$this->cfg->passwordMinSymbol = 3;
|
|
|
|
$this->checkPwd(array('---', '++++'), array('1.', '2.2.', '3+3+A', '44bb'));
|
|
|
|
}
|
2016-01-02 13:39:28 +00:00
|
|
|
|
2014-04-05 18:42:46 +00:00
|
|
|
public function testMinClasses() {
|
|
|
|
$this->cfg->passwordMinClasses = 3;
|
|
|
|
$this->checkPwd(array('aB.', 'aB.1', 'aa.B99'), array('1', '2.', '3+-', '44bb'));
|
|
|
|
}
|
2016-01-02 13:39:28 +00:00
|
|
|
|
2014-04-05 18:42:46 +00:00
|
|
|
public function testRulesCount() {
|
|
|
|
$this->cfg->passwordMinUpper = 3;
|
|
|
|
$this->cfg->passwordMinLower = 3;
|
|
|
|
$this->cfg->passwordMinNumeric = 3;
|
|
|
|
$this->cfg->passwordMinSymbol = 3;
|
|
|
|
$this->cfg->passwordMinClasses = 3;
|
|
|
|
// all rules
|
|
|
|
$this->cfg->checkedRulesCount = -1;
|
|
|
|
$this->checkPwd(array('ABC---abc123', 'ABC123xxx.-.-'), array('1', '2.', '3+-', '44bb', 'ABCabc---22'));
|
|
|
|
// at least 3 rules
|
|
|
|
$this->cfg->checkedRulesCount = 3;
|
|
|
|
$this->checkPwd(array('ABC---abc', 'ABC123.-.-', 'ABCabc-'), array('1', '2.', '3+-', '44bb', 'ABC--22'));
|
|
|
|
}
|
2016-01-02 13:39:28 +00:00
|
|
|
|
2014-04-05 18:42:46 +00:00
|
|
|
public function testUser() {
|
|
|
|
$this->cfg->passwordMustNotContainUser = 'true';
|
|
|
|
$this->checkPwd(array('u', 'us', 'use', 'use1r'), array('user', '2user', 'user3'), 'user');
|
|
|
|
}
|
2016-01-02 13:39:28 +00:00
|
|
|
|
2014-04-05 18:42:46 +00:00
|
|
|
public function testUserAttributes() {
|
|
|
|
$this->cfg->passwordMustNotContain3Chars = 'true';
|
|
|
|
$this->checkPwd(array('u', 'us', 'us1e', 'us1er'), array('use', 'user', '2user', 'user3'), 'user');
|
|
|
|
$this->checkPwd(
|
|
|
|
array('uf', 'usfi', 'us1ela3s', 'us1er.la#st'),
|
|
|
|
array('use', 'user', '2user', 'user3', 'las', 'last', 'fir', 'first'),
|
|
|
|
'user',
|
|
|
|
array('first', 'last'));
|
|
|
|
}
|
2016-01-02 13:39:28 +00:00
|
|
|
|
2014-04-05 18:42:46 +00:00
|
|
|
/**
|
|
|
|
* Resets the password rules to do no checks at all.
|
|
|
|
*/
|
|
|
|
private function resetPasswordRules() {
|
|
|
|
$this->cfg->passwordMinLength = 0;
|
|
|
|
$this->cfg->passwordMinUpper = 0;
|
|
|
|
$this->cfg->passwordMinLower = 0;
|
|
|
|
$this->cfg->passwordMinNumeric = 0;
|
|
|
|
$this->cfg->passwordMinSymbol = 0;
|
|
|
|
$this->cfg->passwordMinClasses = 0;
|
|
|
|
$this->cfg->checkedRulesCount = -1;
|
|
|
|
$this->cfg->passwordMustNotContainUser = 'false';
|
|
|
|
$this->cfg->passwordMustNotContain3Chars = 'false';
|
|
|
|
}
|
2016-01-02 13:39:28 +00:00
|
|
|
|
2014-04-05 18:42:46 +00:00
|
|
|
/**
|
|
|
|
* Checks if the given passwords are correctly accepted/rejected.
|
2016-01-02 13:39:28 +00:00
|
|
|
*
|
2014-04-05 18:42:46 +00:00
|
|
|
* @param array $pwdsToAccept passwords that must be accepted
|
|
|
|
* @param array $pwdsToReject passwords that must be rejected
|
|
|
|
* @param String $userName user name
|
|
|
|
* @param array $otherUserAttrs other user attributes to check
|
|
|
|
*/
|
|
|
|
private function checkPwd($pwdsToAccept, $pwdsToReject, $userName = null, $otherUserAttrs = null) {
|
|
|
|
if ($userName == null) {
|
|
|
|
$userName = 'username';
|
|
|
|
}
|
|
|
|
if ($otherUserAttrs == null) {
|
|
|
|
$otherUserAttrs = array ();
|
|
|
|
}
|
|
|
|
foreach ($pwdsToAccept as $pwd) {
|
|
|
|
$this->assertTrue(checkPasswordStrength($pwd, $userName, $otherUserAttrs));
|
|
|
|
}
|
|
|
|
foreach ($pwdsToReject as $pwd) {
|
|
|
|
$this->assertNotTrue(checkPasswordStrength($pwd, $userName, $otherUserAttrs));
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
?>
|