function UserLoginTest::testPasswordRehashOnLogin

Same name in other branches
  1. 8.9.x core/modules/user/tests/src/Functional/UserLoginTest.php \Drupal\Tests\user\Functional\UserLoginTest::testPasswordRehashOnLogin()
  2. 10 core/modules/user/tests/src/Functional/UserLoginTest.php \Drupal\Tests\user\Functional\UserLoginTest::testPasswordRehashOnLogin()
  3. 11.x core/modules/user/tests/src/Functional/UserLoginTest.php \Drupal\Tests\user\Functional\UserLoginTest::testPasswordRehashOnLogin()

Tests user password is re-hashed upon login after changing $count_log2.

File

core/modules/user/tests/src/Functional/UserLoginTest.php, line 142

Class

UserLoginTest
Ensure that login works as expected.

Namespace

Drupal\Tests\user\Functional

Code

public function testPasswordRehashOnLogin() {
    // Determine default log2 for phpass hashing algorithm.
    $default_count_log2 = 16;
    // Retrieve instance of password hashing algorithm.
    $password_hasher = $this->container
        ->get('password');
    // Create a new user and authenticate.
    $account = $this->drupalCreateUser([]);
    $password = $account->passRaw;
    $this->drupalLogin($account);
    $this->drupalLogout();
    // Load the stored user. The password hash should reflect $default_count_log2.
    $user_storage = $this->container
        ->get('entity_type.manager')
        ->getStorage('user');
    $account = User::load($account->id());
    $this->assertSame($default_count_log2, $password_hasher->getCountLog2($account->getPassword()));
    // Change the required number of iterations by loading a test-module
    // containing the necessary container builder code and then verify that the
    // users password gets rehashed during the login.
    $overridden_count_log2 = 19;
    \Drupal::service('module_installer')->install([
        'user_custom_phpass_params_test',
    ]);
    $this->resetAll();
    $account->passRaw = $password;
    $this->drupalLogin($account);
    // Load the stored user, which should have a different password hash now.
    $user_storage->resetCache([
        $account->id(),
    ]);
    $account = $user_storage->load($account->id());
    $this->assertSame($overridden_count_log2, $password_hasher->getCountLog2($account->getPassword()));
    $this->assertTrue($password_hasher->check($password, $account->getPassword()));
}

Buggy or inaccurate documentation? Please file an issue. Need support? Need help programming? Connect with the Drupal community.