Added tests for passwords with non alpha characters and braces (#1179)
This commit is contained in:
parent
6349d06fee
commit
721d8e7b04
|
@ -0,0 +1,80 @@
|
||||||
|
--TEST--
|
||||||
|
Test passwords with non alphanumeric characters and braces
|
||||||
|
--DESCRIPTION--
|
||||||
|
The first two cases should fail with a message about login failures. Only the last case fails because the right curly brace was not escaped with another right brace.
|
||||||
|
--ENV--
|
||||||
|
PHPT_EXEC=true
|
||||||
|
--SKIPIF--
|
||||||
|
<?php require('skipif.inc'); ?>
|
||||||
|
--FILE--
|
||||||
|
<?php
|
||||||
|
require_once 'MsSetup.inc';
|
||||||
|
require_once 'MsCommon_mid-refactor.inc';
|
||||||
|
|
||||||
|
function generateRandomPassword($insertBraces = true, $escapeBraces = true)
|
||||||
|
{
|
||||||
|
$random = '! ;.4{X#r?o,*';
|
||||||
|
$brace = '}';
|
||||||
|
|
||||||
|
if (!$insertBraces) {
|
||||||
|
// simply return the string with non alphanumeric characters
|
||||||
|
return $random;
|
||||||
|
} else {
|
||||||
|
// randomly insert one or more braces into $random
|
||||||
|
$len = strlen($random);
|
||||||
|
$pos = rand(0, $len);
|
||||||
|
|
||||||
|
$result = substr($random, 0, $pos);
|
||||||
|
$result .= $brace;
|
||||||
|
if ($escapeBraces) {
|
||||||
|
$result .= $brace;
|
||||||
|
}
|
||||||
|
|
||||||
|
$result .= substr($random, $pos);
|
||||||
|
return $result;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
try {
|
||||||
|
$randomPwd = generateRandomPassword(false);
|
||||||
|
trace($randomPwd . PHP_EOL);
|
||||||
|
$conn = new PDO("sqlsrv:Server=$server;", $uid, $randomPwd);
|
||||||
|
|
||||||
|
echo "Incorrect password '$randomPwd' without right braces should have failed!" . PHP_EOL;
|
||||||
|
} catch (PDOException $e) {
|
||||||
|
$error = '*Login failed for user*';
|
||||||
|
if (!fnmatch($error, $e->getMessage())) {
|
||||||
|
echo "Expected $error but got:\n";
|
||||||
|
var_dump($e->getMessage());
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
try {
|
||||||
|
$randomPwd = generateRandomPassword();
|
||||||
|
trace($randomPwd . PHP_EOL);
|
||||||
|
$conn = new PDO("sqlsrv:Server=$server;", $uid, $randomPwd);
|
||||||
|
|
||||||
|
echo "Incorrect password '$randomPwd' with right braces should have failed!" . PHP_EOL;
|
||||||
|
} catch (PDOException $e) {
|
||||||
|
$error = '*Login failed for user*';
|
||||||
|
if (!fnmatch($error, $e->getMessage())) {
|
||||||
|
echo "Expected $error but got:\n";
|
||||||
|
var_dump($e->getMessage());
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
try {
|
||||||
|
$randomPwd = generateRandomPassword(true, false);
|
||||||
|
trace($randomPwd . PHP_EOL);
|
||||||
|
$conn = new PDO("sqlsrv:Server=$server;", $uid, $randomPwd);
|
||||||
|
|
||||||
|
echo ("Shouldn't have connected without escaping braces!" . PHP_EOL);
|
||||||
|
} catch (PDOException $e) {
|
||||||
|
echo $e->getMessage() . PHP_EOL;
|
||||||
|
}
|
||||||
|
|
||||||
|
echo "Done" . PHP_EOL;
|
||||||
|
?>
|
||||||
|
--EXPECT--
|
||||||
|
SQLSTATE[IMSSP]: An unescaped right brace (}) was found in either the user name or password. All right braces must be escaped with another right brace (}}).
|
||||||
|
Done
|
|
@ -0,0 +1,75 @@
|
||||||
|
--TEST--
|
||||||
|
Test passwords with non alphanumeric characters and braces
|
||||||
|
--DESCRIPTION--
|
||||||
|
The first two cases should fail with a message about login failures. Only the last case fails because the right curly brace was not escaped with another right brace.
|
||||||
|
--ENV--
|
||||||
|
PHPT_EXEC=true
|
||||||
|
--SKIPIF--
|
||||||
|
<?php require('skipif.inc'); ?>
|
||||||
|
--FILE--
|
||||||
|
<?php
|
||||||
|
sqlsrv_configure('WarningsReturnAsErrors', 0);
|
||||||
|
|
||||||
|
require_once 'MsCommon.inc';
|
||||||
|
|
||||||
|
function generateRandomPassword($insertBraces = true, $escapeBraces = true)
|
||||||
|
{
|
||||||
|
$random = '! {W#g&;.,*6';
|
||||||
|
$brace = '}';
|
||||||
|
|
||||||
|
if (!$insertBraces) {
|
||||||
|
// simply return the string with non alphanumeric characters
|
||||||
|
return $random;
|
||||||
|
} else {
|
||||||
|
// randomly insert one or more braces into $random
|
||||||
|
$len = strlen($random);
|
||||||
|
$pos = rand(0, $len);
|
||||||
|
|
||||||
|
$result = substr($random, 0, $pos);
|
||||||
|
$result .= $brace;
|
||||||
|
if ($escapeBraces) {
|
||||||
|
$result .= $brace;
|
||||||
|
}
|
||||||
|
|
||||||
|
$result .= substr($random, $pos);
|
||||||
|
return $result;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
function checkErrorMessages($conn, $testCase, $randomPwd)
|
||||||
|
{
|
||||||
|
$error = '*Login failed for user*';
|
||||||
|
if (!$conn) {
|
||||||
|
if (!fnmatch($error, sqlsrv_errors()[0]['message'])) {
|
||||||
|
echo "Unexpected error for $testCase with '$randomPwd':" . PHP_EOL;
|
||||||
|
var_dump(sqlsrv_errors());
|
||||||
|
}
|
||||||
|
} else {
|
||||||
|
echo "$testCase: should have failed!" . PHP_EOL;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
$randomPwd = generateRandomPassword(false);
|
||||||
|
trace($randomPwd . PHP_EOL);
|
||||||
|
$conn = sqlsrv_connect($server, array("UID" => $userName, "pwd" => $randomPwd));
|
||||||
|
checkErrorMessages($conn, 'Password without right braces', $randomPwd);
|
||||||
|
|
||||||
|
$randomPwd = generateRandomPassword();
|
||||||
|
trace($randomPwd . PHP_EOL);
|
||||||
|
$conn = sqlsrv_connect($server, array("UID" => $userName, "pwd" => $randomPwd));
|
||||||
|
checkErrorMessages($conn, 'Password with right braces', $randomPwd);
|
||||||
|
|
||||||
|
$randomPwd = generateRandomPassword(true, false);
|
||||||
|
trace($randomPwd . PHP_EOL);
|
||||||
|
$conn = sqlsrv_connect($server, array("UID" => $userName, "pwd" => $randomPwd));
|
||||||
|
if ($conn) {
|
||||||
|
echo ("Shouldn't have connected without escaping braces!" . PHP_EOL);
|
||||||
|
}
|
||||||
|
$errors = sqlsrv_errors();
|
||||||
|
echo $errors[0]["message"] . PHP_EOL;
|
||||||
|
|
||||||
|
echo "Done" . PHP_EOL;
|
||||||
|
?>
|
||||||
|
--EXPECT--
|
||||||
|
An unescaped right brace (}) was found in either the user name or password. All right braces must be escaped with another right brace (}}).
|
||||||
|
Done
|
Loading…
Reference in a new issue