function UserLoginTest::testPasswordRehashOnLogin

Tests user password is re-hashed upon login after changing $count_log2.

File

core/modules/user/tests/src/Functional/UserLoginTest.php, line 142

Class

UserLoginTest

Ensure that login works as expected.

Namespace

Code

public function testPasswordRehashOnLogin() {
    // Determine default log2 for phpass hashing algorithm.
    $default_count_log2 = 16;
    // Retrieve instance of password hashing algorithm.
    $password_hasher = $this->container
        ->get('password');
    // Create a new user and authenticate.
    $account = $this->drupalCreateUser([]);
    $password = $account->passRaw;
    $this->drupalLogin($account);
    $this->drupalLogout();
    // Load the stored user. The password hash should reflect $default_count_log2.
    $user_storage = $this->container
        ->get('entity_type.manager')
        ->getStorage('user');
    $account = User::load($account->id());
    $this->assertSame($default_count_log2, $password_hasher->getCountLog2($account->getPassword()));
    // Change the required number of iterations by loading a test-module
    // containing the necessary container builder code and then verify that the
    // users password gets rehashed during the login.
    $overridden_count_log2 = 19;
    \Drupal::service('module_installer')->install([
        'user_custom_phpass_params_test',
    ]);
    $this->resetAll();
    $account->passRaw = $password;
    $this->drupalLogin($account);
    // Load the stored user, which should have a different password hash now.
    $user_storage->resetCache([
        $account->id(),
    ]);
    $account = $user_storage->load($account->id());
    $this->assertSame($overridden_count_log2, $password_hasher->getCountLog2($account->getPassword()));
    $this->assertTrue($password_hasher->check($password, $account->getPassword()));
}