Added tests for passwords with non alpha characters and braces (#1179)
This commit is contained in:
Jenny Tam
GitHub
parent
6349d06fee
commit
721d8e7b04
|
|
@ -0,0 +1,80 @@
|
|||
--TEST--
|
||||
Test passwords with non alphanumeric characters and braces
|
||||
--DESCRIPTION--
|
||||
The first two cases should fail with a message about login failures. Only the last case fails because the right curly brace was not escaped with another right brace.
|
||||
--ENV--
|
||||
PHPT_EXEC=true
|
||||
--SKIPIF--
|
||||
<?php require('skipif.inc'); ?>
|
||||
--FILE--
|
||||
<?php
|
||||
require_once 'MsSetup.inc';
|
||||
require_once 'MsCommon_mid-refactor.inc';
|
||||
|
||||
function generateRandomPassword($insertBraces = true, $escapeBraces = true)
|
||||
{
|
||||
$random = '! ;.4{X#r?o,*';
|
||||
$brace = '}';
|
||||
|
||||
if (!$insertBraces) {
|
||||
// simply return the string with non alphanumeric characters
|
||||
return $random;
|
||||
} else {
|
||||
// randomly insert one or more braces into $random
|
||||
$len = strlen($random);
|
||||
$pos = rand(0, $len);
|
||||
|
||||
$result = substr($random, 0, $pos);
|
||||
$result .= $brace;
|
||||
if ($escapeBraces) {
|
||||
$result .= $brace;
|
||||
}
|
||||
|
||||
$result .= substr($random, $pos);
|
||||
return $result;
|
||||
}
|
||||
}
|
||||
|
||||
try {
|
||||
$randomPwd = generateRandomPassword(false);
|
||||
trace($randomPwd . PHP_EOL);
|
||||
$conn = new PDO("sqlsrv:Server=$server;", $uid, $randomPwd);
|
||||
|
||||
echo "Incorrect password '$randomPwd' without right braces should have failed!" . PHP_EOL;
|
||||
} catch (PDOException $e) {
|
||||
$error = '*Login failed for user*';
|
||||
if (!fnmatch($error, $e->getMessage())) {
|
||||
echo "Expected $error but got:\n";
|
||||
var_dump($e->getMessage());
|
||||
}
|
||||
}
|
||||
|
||||
try {
|
||||
$randomPwd = generateRandomPassword();
|
||||
trace($randomPwd . PHP_EOL);
|
||||
$conn = new PDO("sqlsrv:Server=$server;", $uid, $randomPwd);
|
||||
|
||||
echo "Incorrect password '$randomPwd' with right braces should have failed!" . PHP_EOL;
|
||||
} catch (PDOException $e) {
|
||||
$error = '*Login failed for user*';
|
||||
if (!fnmatch($error, $e->getMessage())) {
|
||||
echo "Expected $error but got:\n";
|
||||
var_dump($e->getMessage());
|
||||
}
|
||||
}
|
||||
|
||||
try {
|
||||
$randomPwd = generateRandomPassword(true, false);
|
||||
trace($randomPwd . PHP_EOL);
|
||||
$conn = new PDO("sqlsrv:Server=$server;", $uid, $randomPwd);
|
||||
|
||||
echo ("Shouldn't have connected without escaping braces!" . PHP_EOL);
|
||||
} catch (PDOException $e) {
|
||||
echo $e->getMessage() . PHP_EOL;
|
||||
}
|
||||
|
||||
echo "Done" . PHP_EOL;
|
||||
?>
|
||||
--EXPECT--
|
||||
SQLSTATE[IMSSP]: An unescaped right brace (}) was found in either the user name or password. All right braces must be escaped with another right brace (}}).
|
||||
Done
|
||||
|
|
@ -0,0 +1,75 @@
|
|||
--TEST--
|
||||
Test passwords with non alphanumeric characters and braces
|
||||
--DESCRIPTION--
|
||||
The first two cases should fail with a message about login failures. Only the last case fails because the right curly brace was not escaped with another right brace.
|
||||
--ENV--
|
||||
PHPT_EXEC=true
|
||||
--SKIPIF--
|
||||
<?php require('skipif.inc'); ?>
|
||||
--FILE--
|
||||
<?php
|
||||
sqlsrv_configure('WarningsReturnAsErrors', 0);
|
||||
|
||||
require_once 'MsCommon.inc';
|
||||
|
||||
function generateRandomPassword($insertBraces = true, $escapeBraces = true)
|
||||
{
|
||||
$random = '! {W#g&;.,*6';
|
||||
$brace = '}';
|
||||
|
||||
if (!$insertBraces) {
|
||||
// simply return the string with non alphanumeric characters
|
||||
return $random;
|
||||
} else {
|
||||
// randomly insert one or more braces into $random
|
||||
$len = strlen($random);
|
||||
$pos = rand(0, $len);
|
||||
|
||||
$result = substr($random, 0, $pos);
|
||||
$result .= $brace;
|
||||
if ($escapeBraces) {
|
||||
$result .= $brace;
|
||||
}
|
||||
|
||||
$result .= substr($random, $pos);
|
||||
return $result;
|
||||
}
|
||||
}
|
||||
|
||||
function checkErrorMessages($conn, $testCase, $randomPwd)
|
||||
{
|
||||
$error = '*Login failed for user*';
|
||||
if (!$conn) {
|
||||
if (!fnmatch($error, sqlsrv_errors()[0]['message'])) {
|
||||
echo "Unexpected error for $testCase with '$randomPwd':" . PHP_EOL;
|
||||
var_dump(sqlsrv_errors());
|
||||
}
|
||||
} else {
|
||||
echo "$testCase: should have failed!" . PHP_EOL;
|
||||
}
|
||||
}
|
||||
|
||||
$randomPwd = generateRandomPassword(false);
|
||||
trace($randomPwd . PHP_EOL);
|
||||
$conn = sqlsrv_connect($server, array("UID" => $userName, "pwd" => $randomPwd));
|
||||
checkErrorMessages($conn, 'Password without right braces', $randomPwd);
|
||||
|
||||
$randomPwd = generateRandomPassword();
|
||||
trace($randomPwd . PHP_EOL);
|
||||
$conn = sqlsrv_connect($server, array("UID" => $userName, "pwd" => $randomPwd));
|
||||
checkErrorMessages($conn, 'Password with right braces', $randomPwd);
|
||||
|
||||
$randomPwd = generateRandomPassword(true, false);
|
||||
trace($randomPwd . PHP_EOL);
|
||||
$conn = sqlsrv_connect($server, array("UID" => $userName, "pwd" => $randomPwd));
|
||||
if ($conn) {
|
||||
echo ("Shouldn't have connected without escaping braces!" . PHP_EOL);
|
||||
}
|
||||
$errors = sqlsrv_errors();
|
||||
echo $errors[0]["message"] . PHP_EOL;
|
||||
|
||||
echo "Done" . PHP_EOL;
|
||||
?>
|
||||
--EXPECT--
|
||||
An unescaped right brace (}) was found in either the user name or password. All right braces must be escaped with another right brace (}}).
|
||||
Done
|
||||
Loading…
Reference in a new issue