1 user.test UserLoginTestCase::testPasswordRehashOnLogin()

Test that user password is re-hashed upon login after changing $count_log2.

File

core/modules/user/tests/user.test, line 543
Tests for user.module.

Class

UserLoginTestCase
Functional tests for user logins, including rate limiting of login attempts.

Code

function testPasswordRehashOnLogin() {
  // Load password hashing API.
  require_once BACKDROP_ROOT . '/' . settings_get('password_inc', 'core/includes/password.inc');
  // Set initial $count_log2 to the default, BACKDROP_HASH_COUNT.
  $GLOBALS['settings']['password_count_log2'] = BACKDROP_HASH_COUNT;
  tempstore_set('simpletest', 'settings', array(
    'password_count_log2' => BACKDROP_HASH_COUNT,
  ), REQUEST_TIME + 3600);

  // Create a new user and authenticate.
  $account = $this->backdropCreateUser(array());
  $password = $account->pass_raw;
  $this->backdropLogin($account);
  $this->backdropLogout();
  // Load the stored user. The password hash should reflect $count_log2.
  $account = user_load($account->uid);
  $this->assertIdentical(_password_get_count_log2($account->pass), BACKDROP_HASH_COUNT);
  // Change $count_log2 and log in again.
  tempstore_set('simpletest', 'settings', array(
    'password_count_log2' => BACKDROP_HASH_COUNT + 1,
  ), REQUEST_TIME + 3600);

  $account->pass_raw = $password;
  $this->backdropLogin($account);
  // Load the stored user, which should have a different password hash now.
  $account = user_load($account->uid, TRUE);
  $this->assertIdentical(_password_get_count_log2($account->pass), BACKDROP_HASH_COUNT + 1);
}