[PasswordHasher] Make bcrypt nul byte hash test tolerant to PHP relat…

…ed failures
symfony · May 7, 2024 · 259547a · 259547a
1 parent 93fcdb8
commit 259547a
Show file tree

Hide file tree

Showing 2 changed files with 12 additions and 24 deletions.
diff --git a/src/Symfony/Component/PasswordHasher/Tests/Hasher/NativePasswordHasherTest.php b/src/Symfony/Component/PasswordHasher/Tests/Hasher/NativePasswordHasherTest.php
@@ -98,24 +98,18 @@ public function testBcryptWithLongPassword()
         $this->assertTrue($hasher->verify($hasher->hash($plainPassword), $plainPassword));
     }
 
-    /**
-     * "password_hash()" does not accept passwords containing NUL bytes prior to PHP 8.2
-     * and throws a ValueError, thus this test is skipped because `$hasher->verify()` will
-     * not be executed.
-     *
-     * @requires PHP >= 8.2
-     */
     public function testBcryptWithNulByte()
     {
         $hasher = new NativePasswordHasher(null, null, 4, \PASSWORD_BCRYPT);
         $plainPassword = "a\0b";
 
-        if (\PHP_VERSION_ID < 80218 || \PHP_VERSION_ID >= 80300 && \PHP_VERSION_ID < 80305) {
-            // password_hash() does not accept passwords containing NUL bytes since PHP 8.2.18 and 8.3.5
-            $this->assertFalse($hasher->verify(password_hash($plainPassword, \PASSWORD_BCRYPT, ['cost' => 4]), $plainPassword));
-        }
+        try {
+            $verified = $hasher->verify($hasher->hash($plainPassword), $plainPassword);
 
-        $this->assertTrue($hasher->verify($hasher->hash($plainPassword), $plainPassword));
+            $this->assertTrue($verified);
+        } catch (\ValueError $error) {
+            $this->markTestSkipped(sprintf('password_hash() does not accept passwords containing NUL bytes on PHP %s. ', PHP_VERSION));
+        }
     }
 
     public function testNeedsRehash()

diff --git a/src/Symfony/Component/PasswordHasher/Tests/Hasher/SodiumPasswordHasherTest.php b/src/Symfony/Component/PasswordHasher/Tests/Hasher/SodiumPasswordHasherTest.php
@@ -73,24 +73,18 @@ public function testBcryptWithLongPassword()
         $this->assertTrue($hasher->verify((new NativePasswordHasher(null, null, 4, \PASSWORD_BCRYPT))->hash($plainPassword), $plainPassword));
     }
 
-    /**
-     * "password_hash()" does not accept passwords containing NUL bytes prior to PHP 8.2
-     * and throws a ValueError, thus this test is skipped because `$hasher->verify()` will
-     * not be executed.
-     *
-     * @requires PHP >= 8.2
-     */
     public function testBcryptWithNulByte()
     {
         $hasher = new SodiumPasswordHasher(null, null);
         $plainPassword = "a\0b";
 
-        if (\PHP_VERSION_ID < 80218 || \PHP_VERSION_ID >= 80300 && \PHP_VERSION_ID < 80305) {
-            // password_hash() does not accept passwords containing NUL bytes since PHP 8.2.18 and 8.3.5
-            $this->assertFalse($hasher->verify(password_hash($plainPassword, \PASSWORD_BCRYPT, ['cost' => 4]), $plainPassword));
-        }
+        try {
+            $verified = $hasher->verify((new NativePasswordHasher(null, null, 4, \PASSWORD_BCRYPT))->hash($plainPassword), $plainPassword);
 
-        $this->assertTrue($hasher->verify((new NativePasswordHasher(null, null, 4, \PASSWORD_BCRYPT))->hash($plainPassword), $plainPassword));
+            $this->assertTrue($verified);
+        } catch (\ValueError $error) {
+            $this->markTestSkipped(sprintf('password_hash() does not accept passwords containing NUL bytes on PHP %s. ', PHP_VERSION));
+        }
     }
 
     public function testUserProvidedSaltIsNotUsed()