From 57b1af03188120e4e76b8e1304123b724dd25aca Mon Sep 17 00:00:00 2001
From: Dries Buytaert <dries@buytaert.net>
Date: Sat, 18 Dec 2010 00:56:18 +0000
Subject: - Patch #991270 by carlos8f, chx: password_count_log2 var out of
 bounds is a sorry mess.

---
 modules/user/user.test | 25 +++++++++++++++++++++++++
 1 file changed, 25 insertions(+)

(limited to 'modules/user/user.test')

diff --git a/modules/user/user.test b/modules/user/user.test
index a49a89b5c..d999c85e2 100644
--- a/modules/user/user.test
+++ b/modules/user/user.test
@@ -366,6 +366,31 @@ class UserLoginTestCase extends DrupalWebTestCase {
     $this->assertFailedLogin($user1, 'user');
   }
 
+  /**
+   * Test that user password is re-hashed upon login after changing $count_log2.
+   */
+  function testPasswordRehashOnLogin() {
+    // Load password hashing API.
+    require_once DRUPAL_ROOT . '/' . variable_get('password_inc', 'includes/password.inc');
+    // Set initial $count_log2 to the default, DRUPAL_HASH_COUNT.
+    variable_set('password_count_log2', DRUPAL_HASH_COUNT);
+    // Create a new user and authenticate.
+    $account = $this->drupalCreateUser(array());
+    $password = $account->pass_raw;
+    $this->drupalLogin($account);
+    $this->drupalLogout();
+    // Load the stored user. The password hash should reflect $count_log2.
+    $account = user_load($account->uid);
+    $this->assertIdentical(_password_get_count_log2($account->pass), DRUPAL_HASH_COUNT);
+    // Change $count_log2 and log in again.
+    variable_set('password_count_log2', DRUPAL_HASH_COUNT + 1);
+    $account->pass_raw = $password;
+    $this->drupalLogin($account);
+    // Load the stored user, which should have a different password hash now.
+    $account = user_load($account->uid, TRUE);
+    $this->assertIdentical(_password_get_count_log2($account->pass), DRUPAL_HASH_COUNT + 1);
+  }
+
   /**
    * Make an unsuccessful login attempt.
    *
-- 
cgit v1.2.3