I want to test (unit testing) HashPassword($password) method from WordPress.
How I can check that HashPassword("123123") will return the correct hash for it?
For example, I want to do something like:
$hashFor123123 = "$P$P)230230832482349823";
$result = HashPassword("123123");
$this->assertSame($hashFor123123, $result);
But, HashPassword method each time returns a new string with hash. That is why I cant do assert.
How to test it?
>Solution :
Password hashing uses a random salt, so each time you hash the same password you’ll get a different value back. The theory is explained here, even though WordPress doesn’t use the php password hashing functions, but rather their own. You cannot compare hashes; you can only check whether a given unhashed password matches a hash.
The random salt defeats cybercreeps’ use of rainbow lookup tables to recover passwords given their hashes. This helps keep your users’ passwords secret even if a cybercreep manages to steal your wp_users table. Defense in depth, it’s called.
In WordPress, you can hash a password and then check it using wp_hash_password() and wp_check_password(), something like this.
$hash = wp_hash_password( '123123' );
if ( wp_check_password( '123123', $hash )) {
/* it worked */
} else {
/* it did not work */
}
It’s not clear why it is worth your time to unit-test this subsystem. It is used in production many billions of times every day around the world.