diff options
Diffstat (limited to 'modules/simpletest')
| -rw-r--r-- | modules/simpletest/tests/password.test | 21 |
1 files changed, 21 insertions, 0 deletions
diff --git a/modules/simpletest/tests/password.test b/modules/simpletest/tests/password.test index 5259d19e8..7105f3b7a 100644 --- a/modules/simpletest/tests/password.test +++ b/modules/simpletest/tests/password.test @@ -57,4 +57,25 @@ class PasswordHashingTest extends DrupalWebTestCase { $this->assertFalse(user_needs_new_hash($account), 'Re-hashed password does not need a new hash.'); $this->assertTrue(user_check_password($password, $account), 'Password check succeeds with re-hashed password.'); } + + /** + * Verifies that passwords longer than 512 bytes are not hashed. + */ + public function testLongPassword() { + $password = str_repeat('x', 512); + $result = user_hash_password($password); + $this->assertFalse(empty($result), '512 byte long password is allowed.'); + $password = str_repeat('x', 513); + $result = user_hash_password($password); + $this->assertFalse($result, '513 byte long password is not allowed.'); + // Check a string of 3-byte UTF-8 characters. + $password = str_repeat('€', 170); + $result = user_hash_password($password); + $this->assertFalse(empty($result), '510 byte long password is allowed.'); + $password .= 'xx'; + $this->assertFalse(empty($result), '512 byte long password is allowed.'); + $password = str_repeat('€', 171); + $result = user_hash_password($password); + $this->assertFalse($result, '513 byte long password is not allowed.'); + } } |