Add password management and the associated tests

git-svn-id: https://svn.fournier38.fr/svn/ProgSVN/trunk@4137 bf3deb0d-5f1a-0410-827f-c0cc1f45334c

Tests/passwordTest.php

@@ -0,0 +1,49 @@
+<?php
+/** Test the password class
+  */
+class test_password extends PHPUnit_Framework_TestCase
+{
+  public function test_cryptPasswd_1 ()
+  {
+    $res = \password::cryptPasswd ("AAA");
+    $this->assertSame (substr ($res, 0, 4), "$2y$");
+  }
+
+  public function test_cryptPasswd_2 ()
+  {
+    // Test the randomization of the salt : must be different each time
+    $res1 = \password::cryptPasswd ("AAA");
+    echo "RES1=$res1\n";
+    $res2 = \password::cryptPasswd ("AAA");
+    echo "RES2=$res2\n";
+    $res3 = \password::cryptPasswd ("AAA");
+    echo "RES3=$res3\n";
+    $this->assertSame (count (array_unique (array ($res1, $res2, $res3))), 3);
+    // Three passwords : each must have a different result
+  }
+
+  public function test_checkPassword_1 ()
+  {
+    $res = \password::checkPassword ("AAA", "AAA");
+    $this->assertSame ($res, false);
+  }
+
+  public function test_checkPassword_2 ()
+  {
+    $res = \password::checkPassword ("AAA", \password::cryptPasswd ("AAA"));
+    $this->assertSame ($res, true);
+  }
+
+  public function test_checkPassword_3 ()
+  {
+    $res = \password::checkPassword ("AAA", \password::cryptPasswd ("BBB"));
+    $this->assertSame ($res, false);
+  }
+
+  public function test_checkPassword_4 ()
+  {
+    $res = \password::checkPassword ("AAA",
+      '$2y$11$Y.E98jbjgDpV61eK..9MT.klzTeg7ulO4WH/B5yA8cAGMIh.zoNXq');
+    $this->assertSame ($res, true);
+  }
+}

password.php

@@ -0,0 +1,48 @@
+<?php
+/** A class to manage the password hashing
+  */
+class password
+{
+  /** Crypt the password with the best algorithm available
+    * @param string $password The password to crypt
+    * @return string The hashed password
+    */
+  static public function cryptPasswd ($password)
+  {
+    if (! function_exists ("openssl_random_pseudo_bytes"))
+      throw new \Exception (dgettext ("domframework",
+                            "No PHP support for openssl_random_pseudo_bytes"),
+                            500);
+    if (! is_string ($password) && ! is_integer ($password))
+      throw new \Exception (dgettext ("domframework",
+        "Invalid clear password provided to be crypted : not a string"), 403);
+    $cost = 11;
+    $salt = substr (base64_encode (openssl_random_pseudo_bytes (17)), 0, 22);
+    $salt = str_replace ("+", ".", $salt);
+    $param = '$'.implode ('$', array (
+             "2y", //select the most secure version of blowfish (>=PHP 5.3.7)
+             str_pad ($cost, 2, "0", STR_PAD_LEFT), //add the cost in two digits
+             $salt //add the salt
+    ));
+    //now do the actual hashing
+    return crypt ($password, $param);
+  }
+
+  /** Check if the clear password is valid against the hashed one
+    * @param string $clear The clear password
+    * @param string $hashed The hashed password
+    * @return boolean true if the password correspond to the hash
+    */
+  static public function checkPassword ($clear, $hashed)
+  {
+    if (! is_string ($clear))
+      throw new \Exception (dgettext ("domframework",
+        "Invalid clear password provided to be checked : not a string"), 403);
+    if (! is_string ($clear))
+      throw new \Exception (dgettext ("domframework",
+        "Invalid hashed password provided to be checked : not a string"), 403);
+    if (crypt ($clear, $hashed) === $hashed)
+      return true;
+    return false;
+  }
+}