1 user.test | UserLoginTestCase::testPasswordRehashOnLogin() |
Test that user password is re-hashed upon login after changing $count_log2.
File
- core/
modules/ user/ tests/ user.test, line 570 - Tests for user.module.
Class
- UserLoginTestCase
- Functional tests for user logins, including rate limiting of login attempts.
Code
function testPasswordRehashOnLogin() {
// Load password hashing API.
require_once BACKDROP_ROOT . '/' . settings_get('password_inc', 'core/includes/password.inc');
// Set initial $count_log2 to the default, BACKDROP_HASH_COUNT.
$GLOBALS['settings']['password_count_log2'] = BACKDROP_HASH_COUNT;
tempstore_set('simpletest', 'settings', array(
'password_count_log2' => BACKDROP_HASH_COUNT,
), REQUEST_TIME + 3600);
// Create a new user and authenticate.
$account = $this->backdropCreateUser(array());
$password = $account->pass_raw;
$this->backdropLogin($account);
$this->backdropLogout();
// Load the stored user. The password hash should reflect $count_log2.
$account = user_load($account->uid);
$this->assertIdentical(_password_get_count_log2($account->pass), BACKDROP_HASH_COUNT);
// Change $count_log2 and log in again.
tempstore_set('simpletest', 'settings', array(
'password_count_log2' => BACKDROP_HASH_COUNT + 1,
), REQUEST_TIME + 3600);
$account->pass_raw = $password;
$this->backdropLogin($account);
// Load the stored user, which should have a different password hash now.
$account = user_load($account->uid, TRUE);
$this->assertIdentical(_password_get_count_log2($account->pass), BACKDROP_HASH_COUNT + 1);
}