function UserLoginTest::testPasswordRehashOnLogin

Tests user password is re-hashed upon login after changing $count_log2.

File

core/modules/user/tests/src/Functional/UserLoginTest.php, line 142

Class

UserLoginTest

Ensure that login works as expected.

Namespace

Code

public function testPasswordRehashOnLogin() {
  // Determine default log2 for phpass hashing algorithm.
  $default_count_log2 = 16;
  // Retrieve instance of password hashing algorithm.
  $password_hasher = $this->container
    ->get('password');
  // Create a new user and authenticate.
  $account = $this->drupalCreateUser([]);
  $password = $account->passRaw;
  $this->drupalLogin($account);
  $this->drupalLogout();
  // Load the stored user. The password hash should reflect $default_count_log2.
  $user_storage = $this->container
    ->get('entity_type.manager')
    ->getStorage('user');
  $account = User::load($account->id());
  $this->assertSame($default_count_log2, $password_hasher->getCountLog2($account->getPassword()));
  // Change the required number of iterations by loading a test-module
  // containing the necessary container builder code and then verify that the
  // users password gets rehashed during the login.
  $overridden_count_log2 = 19;
  \Drupal::service('module_installer')->install([
    'user_custom_phpass_params_test',
  ]);
  $this->resetAll();
  $account->passRaw = $password;
  $this->drupalLogin($account);
  // Load the stored user, which should have a different password hash now.
  $user_storage->resetCache([
    $account->id(),
  ]);
  $account = $user_storage->load($account->id());
  $this->assertSame($overridden_count_log2, $password_hasher->getCountLog2($account->getPassword()));
  $this->assertTrue($password_hasher->check($password, $account->getPassword()));
}