From 81586d9e9d04dcee487c50de426c04221899b6d0 Mon Sep 17 00:00:00 2001
From: David Rothstein <drothstein@gmail.com>
Date: Wed, 19 Nov 2014 15:24:29 -0500
Subject: Drupal 7.34

---
 modules/simpletest/tests/password.test | 21 +++++++++++++++++++++
 1 file changed, 21 insertions(+)

(limited to 'modules/simpletest')

diff --git a/modules/simpletest/tests/password.test b/modules/simpletest/tests/password.test
index 5259d19e8..7105f3b7a 100644
--- a/modules/simpletest/tests/password.test
+++ b/modules/simpletest/tests/password.test
@@ -57,4 +57,25 @@ class PasswordHashingTest extends DrupalWebTestCase {
     $this->assertFalse(user_needs_new_hash($account), 'Re-hashed password does not need a new hash.');
     $this->assertTrue(user_check_password($password, $account), 'Password check succeeds with re-hashed password.');
   }
+
+  /**
+   * Verifies that passwords longer than 512 bytes are not hashed.
+   */
+  public function testLongPassword() {
+    $password = str_repeat('x', 512);
+    $result = user_hash_password($password);
+    $this->assertFalse(empty($result), '512 byte long password is allowed.');
+    $password = str_repeat('x', 513);
+    $result = user_hash_password($password);
+    $this->assertFalse($result, '513 byte long password is not allowed.');
+    // Check a string of 3-byte UTF-8 characters.
+    $password = str_repeat('€', 170);
+    $result = user_hash_password($password);
+    $this->assertFalse(empty($result), '510 byte long password is allowed.');
+    $password .= 'xx';
+    $this->assertFalse(empty($result), '512 byte long password is allowed.');
+    $password = str_repeat('€', 171);
+    $result = user_hash_password($password);
+    $this->assertFalse($result, '513 byte long password is not allowed.');
+  }
 }
-- 
cgit v1.2.3