Merge pull request #29 from roots/implements-needs-verify

Implement needs verify

.gitignore

@@ -1 +1,2 @@
 vendor
+coverage

composer.json

@@ -10,17 +10,23 @@
       "homepage": "https://github.com/swalkinshaw"
     },
     {
-      "name": "qwp6t",
+      "name": "QWp6t",
       "homepage": "https://github.com/qwp6t"
     },
+    {
+      "name": "Brandon Nifong",
+      "homepage": "https://github.com/log1x"
+    },
     {
       "name": "Jan Pingel",
       "email": "jpingel@bitpiston.com",
       "homepage": "http://janpingel.com"
     }
   ],
   "keywords": [
-    "wordpress wp bcrypt password"
+    "wordpress",
+    "bcrypt",
+    "passwords"
   ],
   "support": {
     "issues": "https://github.com/roots/wp-password-bcrypt/issues",
@@ -38,9 +44,9 @@
     "php": ">=5.6.0"
   },
   "require-dev": {
-    "brain/monkey": "^2.5",
+    "brain/monkey": "^2.6",
+    "mockery/mockery": "^1.4",
     "dealerdirect/phpcodesniffer-composer-installer": "^0.7.0",
-    "mockery/mockery": "^1.3 | ^1.4",
     "phpunit/phpunit": "<= 9.3",
     "squizlabs/php_codesniffer": "^3.5",
     "phpcompatibility/php-compatibility": "^9.3"
@@ -59,6 +65,7 @@
   },
   "scripts": {
     "test": "phpunit",
-    "lint": "phpcs"
+    "lint": "phpcs",
+    "coverage": "XDEBUG_MODE=coverage phpunit --coverage-text --coverage-html=coverage"
   }
 }

tests/Constants.php

@@ -0,0 +1,43 @@
+<?php
+
+namespace Roots\PasswordBcrypt\Tests;
+
+// phpcs:disable PHPCompatibility.Classes.NewConstVisibility.Found
+
+class Constants
+{
+    /**
+     * The user ID to use while testing the plugin.
+     *
+     * @const int
+     */
+    public const USER_ID = 1;
+
+    /**
+     * The password to use while testing the plugin.
+     *
+     * @const string
+     */
+    public const PASSWORD = 'password';
+
+    /**
+     * The expected password bcrypt hash.
+     *
+     * @const string
+     */
+    public const BCRYPT_HASH = '$2y$10$KIMXDMJq9camkaNHkdrmcOaYJ0AT9lvovEf92yWA34sKdfnn97F9i';
+
+    /**
+     * The expected password PHPass hash.
+     *
+     * @const string
+     */
+    public const PHPPASS_HASH = '$P$BDMJH/qCLaUc5Lj8Oiwp7XmWzrCcJ21';
+
+    /**
+     * The expected invalid hash.
+     *
+     * @const string
+     */
+    public const INVALID_HASH = 'NOT_A_REAL_HASH';
+}

tests/MocksWpHasher.php

@@ -0,0 +1,15 @@
+<?php
+
+namespace Roots\PasswordBcrypt\Tests;
+
+use Mockery;
+
+trait MocksWpHasher
+{
+    protected function wpHasher()
+    {
+        global $wp_hasher;
+
+        return $wp_hasher = Mockery::mock('overload:PasswordHash');
+    }
+}

tests/MocksWpdb.php

@@ -0,0 +1,21 @@
+<?php
+
+namespace Roots\PasswordBcrypt\Tests;
+
+use Mockery;
+
+trait MocksWpdb
+{
+    protected function wpdb($properties = ['users' => 'wp_users'])
+    {
+        global $wpdb;
+
+        $wpdb = Mockery::mock('overload:wpdb');
+
+        foreach ($properties as $property => $value) {
+            $wpdb->{$property} = $value;
+        }
+
+        return $wpdb;
+    }
+}

tests/TestCase.php

@@ -0,0 +1,36 @@
+<?php
+
+namespace Roots\PasswordBcrypt\Tests;
+
+use Brain\Monkey;
+use Mockery\Adapter\Phpunit\MockeryTestCase;
+
+// phpcs:disable PHPCompatibility.FunctionDeclarations.NewReturnTypeDeclarations.voidFound
+
+class TestCase extends MockeryTestCase
+{
+    use MocksWpdb;
+    use MocksWpHasher;
+
+    /**
+     * Setup the test case.
+     *
+     * @return void
+     */
+    protected function setUp(): void
+    {
+        Monkey\setUp();
+        parent::setUp();
+    }
+
+    /**
+     * Tear down the test case.
+     *
+     * @return void
+     */
+    protected function tearDown(): void
+    {
+        Monkey\tearDown();
+        parent::tearDown();
+    }
+}

tests/TestCaseLegacy.php

@@ -0,0 +1,34 @@
+<?php
+
+namespace Roots\PasswordBcrypt\Tests;
+
+use Brain\Monkey;
+use Mockery\Adapter\Phpunit\MockeryTestCase;
+
+class TestCaseLegacy extends MockeryTestCase
+{
+    use MocksWpdb;
+    use MocksWpHasher;
+
+    /**
+     * Setup the test case.
+     *
+     * @return void
+     */
+    protected function setUp()
+    {
+        Monkey\setUp();
+        parent::setUp();
+    }
+
+    /**
+     * Tear down the test case.
+     *
+     * @return void
+     */
+    protected function tearDown()
+    {
+        Monkey\tearDown();
+        parent::tearDown();
+    }
+}

tests/Unit/UserPasswordTest.php

@@ -0,0 +1,119 @@
+<?php
+
+namespace Roots\PasswordBcrypt\Tests\Unit;
+
+use Roots\PasswordBcrypt\Tests\TestCase;
+use Roots\PasswordBcrypt\Tests\Constants;
+
+use function Brain\Monkey\Functions\expect;
+use function Brain\Monkey\Filters\expectApplied;
+
+class UserPasswordTest extends TestCase
+{
+    /** @test */
+    public function a_password_is_hashed_using_bcrypt()
+    {
+        $this
+            ->wpdb()
+            ->shouldReceive('update')
+            ->withAnyArgs()
+            ->andReturnNull();
+
+        expect('clean_user_cache')
+            ->once()
+            ->andReturn(true);
+
+        $this->assertTrue(
+            password_verify(Constants::PASSWORD, wp_set_password(Constants::PASSWORD, Constants::USER_ID))
+        );
+    }
+
+    /** @test */
+    public function hashing_password_applies_filter()
+    {
+        wp_hash_password(Constants::PASSWORD);
+
+        expectApplied('wp_hash_password_options')
+            ->andReturn(Constants::BCRYPT_HASH);
+    }
+
+    /** @test */
+    public function bcrypt_passwords_should_be_verified()
+    {
+        $this
+            ->wpHasher()
+            ->shouldReceive('CheckPassword')
+            ->once()
+            ->with(Constants::PASSWORD, Constants::INVALID_HASH)
+            ->andReturn(false);
+
+        $this->assertTrue(
+            wp_check_password(Constants::PASSWORD, Constants::BCRYPT_HASH)
+        );
+
+        $this->assertFalse(
+            wp_check_password(Constants::PASSWORD, Constants::INVALID_HASH)
+        );
+    }
+
+    /** @test */
+    public function phpass_passwords_should_be_verified_and_converted_to_bcrypt()
+    {
+        $this
+            ->wpdb()
+            ->shouldReceive('update')
+            ->withAnyArgs()
+            ->andReturnNull();
+
+        $this
+            ->wpHasher()
+            ->shouldReceive('CheckPassword')
+            ->once()
+            ->with(Constants::PASSWORD, Constants::PHPPASS_HASH)
+            ->andReturn(true);
+
+        expect('clean_user_cache')
+            ->once()
+            ->andReturn(true);
+
+        $this->assertTrue(
+            wp_check_password(Constants::PASSWORD, Constants::PHPPASS_HASH, Constants::USER_ID)
+        );
+    }
+
+    /** @test */
+    public function wp_hasher_global_should_be_automatically_assigned()
+    {
+        global $wp_hasher;
+
+        $this
+            ->wpdb()
+            ->shouldReceive('update')
+            ->withAnyArgs()
+            ->andReturnNull();
+
+        $this
+            ->wpHasher() // 👈🏼 global is assigned here
+            ->shouldReceive('CheckPassword')
+            ->once()
+            ->with(Constants::PASSWORD, Constants::PHPPASS_HASH)
+            ->andReturn(true);
+
+        expect('clean_user_cache')
+            ->once()
+            ->andReturn(true);
+
+
+        $class_name = get_class($wp_hasher);
+        $wp_hasher = null;
+
+
+        $this->assertNotInstanceOf($class_name, $wp_hasher);
+
+        $this->assertTrue(
+            wp_check_password(Constants::PASSWORD, Constants::PHPPASS_HASH, Constants::USER_ID)
+        );
+
+        $this->assertInstanceOf($class_name, $wp_hasher);
+    }
+}