@@ -74,23 +74,36 @@ public function testBcryptWithLongPassword()
74
74
}
75
75
76
76
/**
77
- * "password_hash()" does not accept passwords containing NUL bytes prior to PHP 8.2
78
- * and throws a ValueError, thus this test is skipped because `$hasher->verify()` will
79
- * not be executed.
80
- *
81
- * @requires PHP >= 8.2
77
+ * @requires PHP < 8.4
82
78
*/
83
79
public function testBcryptWithNulByte ()
84
80
{
85
81
$ hasher = new SodiumPasswordHasher (null , null );
86
82
$ plainPassword = "a \0b " ;
87
83
88
- if (\PHP_VERSION_ID < 80218 || \PHP_VERSION_ID >= 80300 && \PHP_VERSION_ID < 80305 ) {
89
- // password_hash() does not accept passwords containing NUL bytes since PHP 8.2.18 and 8.3.5
90
- $ this ->assertFalse ($ hasher ->verify (password_hash ($ plainPassword , \PASSWORD_BCRYPT , ['cost ' => 4 ]), $ plainPassword ));
84
+ try {
85
+ $ hash = password_hash ($ plainPassword , \PASSWORD_BCRYPT , ['cost ' => 4 ]);
86
+ } catch (\Throwable $ throwable ) {
87
+ // we skip the test in case the PHP version does not support NUL bytes in passwords
88
+ // with bcrypt
89
+ //
90
+ // @see https://github.com/php/php-src/commit/11f2568767660ffe92fbc6799800e01203aad73a
91
+ if (false !== strpos ($ throwable ->getMessage (), 'Bcrypt password must not contain null character ' )) {
92
+ $ this ->markTestSkipped ('password_hash() does not accept passwords containing NUL bytes. ' );
93
+ }
94
+
95
+ throw $ throwable ;
91
96
}
92
97
93
- $ this ->assertTrue ($ hasher ->verify ((new NativePasswordHasher (null , null , 4 , \PASSWORD_BCRYPT ))->hash ($ plainPassword ), $ plainPassword ));
98
+ if (null === $ hash ) {
99
+ // we also skip the test in case password_hash() returns null as
100
+ // implemented in security patches backports
101
+ //
102
+ // @see https://github.com/shivammathur/php-src-backports/commit/d22d9ebb29dce86edd622205dd1196a2796c08c7
103
+ $ this ->markTestSkipped ('password_hash() does not accept passwords containing NUL bytes. ' );
104
+ }
105
+
106
+ $ this ->assertTrue ($ hasher ->verify ($ hash , $ plainPassword ));
94
107
}
95
108
96
109
public function testUserProvidedSaltIsNotUsed ()
0 commit comments