Skip to content

Commit 5c59a6b

Browse files
marienfressinaudmarienfressinaud
committed
chore: Increase performance during tests
`password_hash()` function is time-consuming depending on the cost of the algorithm. In PHP 8.4, default cost passed from 10 to 12. It had the consequence to decrease the tests performance. Now, cost is always 4 during tests, and 12 in development/production.
1 parent 18b70a9 commit 5c59a6b

File tree

10 files changed

+56
-45
lines changed

10 files changed

+56
-45
lines changed

configuration/environment_development.php

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -63,6 +63,7 @@
6363
'plausible_url' => $dotenv->pop('APP_PLAUSIBLE_URL', ''),
6464
'bileto_url' => $dotenv->pop('APP_BILETO_URL', ''),
6565
'bileto_api_token' => $dotenv->pop('APP_BILETO_API_TOKEN', ''),
66+
'password_hash_cost' => 12,
6667
],
6768

6869
'data_path' => $dotenv->pop('APP_DATA_PATH', $app_path . '/data'),

configuration/environment_production.php

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -66,6 +66,7 @@
6666
'plausible_url' => $dotenv->pop('APP_PLAUSIBLE_URL', ''),
6767
'bileto_url' => $dotenv->pop('APP_BILETO_URL', ''),
6868
'bileto_api_token' => $dotenv->pop('APP_BILETO_API_TOKEN', ''),
69+
'password_hash_cost' => 12,
6970
],
7071

7172
'database' => [

configuration/environment_test.php

Lines changed: 2 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -54,6 +54,8 @@
5454
'plausible_url' => '',
5555
'bileto_url' => '',
5656
'bileto_api_token' => '',
57+
// The lowest possible value for bcrypt algorithm.
58+
'password_hash_cost' => 4,
5759
'mock_host' => $dotenv->pop('MOCK_HOST', ''),
5860
],
5961

src/Configuration.php

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -26,6 +26,7 @@
2626
* 'plausible_url': string,
2727
* 'bileto_url': string,
2828
* 'bileto_api_token': string,
29+
* 'password_hash_cost': int,
2930
* 'mock_host'?: string,
3031
* }
3132
*

src/models/User.php

Lines changed: 7 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -798,6 +798,12 @@ public function isMastodonEnabled(): bool
798798
*/
799799
public static function passwordHash(string $password): string
800800
{
801-
return $password ? password_hash($password, PASSWORD_BCRYPT) : '';
801+
if ($password) {
802+
return password_hash($password, PASSWORD_BCRYPT, [
803+
'cost' => \App\Configuration::$application['password_hash_cost'],
804+
]);
805+
} else {
806+
return '';
807+
}
802808
}
803809
}

tests/controllers/PasswordsTest.php

Lines changed: 10 additions & 10 deletions
Original file line numberDiff line numberDiff line change
@@ -342,7 +342,7 @@ public function testUpdateChangesPasswordAndRedirectsCorrectly(): void
342342
$user = UserFactory::create([
343343
'email' => $email,
344344
'reset_token' => $token->token,
345-
'password_hash' => password_hash($old_password, PASSWORD_BCRYPT),
345+
'password_hash' => models\User::passwordHash($old_password),
346346
]);
347347

348348
$response = $this->appRun('POST', '/password/edit', [
@@ -373,7 +373,7 @@ public function testUpdateDeletesResetToken(): void
373373
$user = UserFactory::create([
374374
'email' => $email,
375375
'reset_token' => $token->token,
376-
'password_hash' => password_hash($old_password, PASSWORD_BCRYPT),
376+
'password_hash' => models\User::passwordHash($old_password),
377377
]);
378378

379379
$response = $this->appRun('POST', '/password/edit', [
@@ -405,7 +405,7 @@ public function testUpdateResetsExistingSessionsAndLogsIn(): void
405405
$user = UserFactory::create([
406406
'email' => $email,
407407
'reset_token' => $token->token,
408-
'password_hash' => password_hash($old_password, PASSWORD_BCRYPT),
408+
'password_hash' => models\User::passwordHash($old_password),
409409
]);
410410
$session = SessionFactory::create([
411411
'user_id' => $user->id,
@@ -449,7 +449,7 @@ public function testUpdateFailsIfTokenIsNotPassed(): void
449449
$user = UserFactory::create([
450450
'email' => $email,
451451
'reset_token' => $token->token,
452-
'password_hash' => password_hash($old_password, PASSWORD_BCRYPT),
452+
'password_hash' => models\User::passwordHash($old_password),
453453
]);
454454

455455
$response = $this->appRun('POST', '/password/edit', [
@@ -475,7 +475,7 @@ public function testUpdateFailsIfTokenIsInvalid(): void
475475
$new_password = $this->fakeUnique('password');
476476
$user = UserFactory::create([
477477
'email' => $email,
478-
'password_hash' => password_hash($old_password, PASSWORD_BCRYPT),
478+
'password_hash' => models\User::passwordHash($old_password),
479479
]);
480480

481481
$response = $this->appRun('POST', '/password/edit', [
@@ -505,7 +505,7 @@ public function testUpdateFailsIfTokenIsNotAttachedToUser(): void
505505
$new_password = $this->fakeUnique('password');
506506
$user = UserFactory::create([
507507
'email' => $email,
508-
'password_hash' => password_hash($old_password, PASSWORD_BCRYPT),
508+
'password_hash' => models\User::passwordHash($old_password),
509509
]);
510510

511511
$response = $this->appRun('POST', '/password/edit', [
@@ -536,7 +536,7 @@ public function testUpdateFailsIfTokenHasExpired(): void
536536
$user = UserFactory::create([
537537
'email' => $email,
538538
'reset_token' => $token->token,
539-
'password_hash' => password_hash($old_password, PASSWORD_BCRYPT),
539+
'password_hash' => models\User::passwordHash($old_password),
540540
]);
541541

542542
$response = $this->appRun('POST', '/password/edit', [
@@ -572,7 +572,7 @@ public function testUpdateFailsIfTokenIsInvalidated(): void
572572
$user = UserFactory::create([
573573
'email' => $email,
574574
'reset_token' => $token->token,
575-
'password_hash' => password_hash($old_password, PASSWORD_BCRYPT),
575+
'password_hash' => models\User::passwordHash($old_password),
576576
]);
577577

578578
$response = $this->appRun('POST', '/password/edit', [
@@ -604,7 +604,7 @@ public function testUpdateFailsIfPasswordIsEmpty(): void
604604
$user = UserFactory::create([
605605
'email' => $email,
606606
'reset_token' => $token->token,
607-
'password_hash' => password_hash($old_password, PASSWORD_BCRYPT),
607+
'password_hash' => models\User::passwordHash($old_password),
608608
]);
609609

610610
$response = $this->appRun('POST', '/password/edit', [
@@ -637,7 +637,7 @@ public function testUpdateFailsIfCsrfIsInvalid(): void
637637
$user = UserFactory::create([
638638
'email' => $email,
639639
'reset_token' => $token->token,
640-
'password_hash' => password_hash($old_password, PASSWORD_BCRYPT),
640+
'password_hash' => models\User::passwordHash($old_password),
641641
]);
642642

643643
$response = $this->appRun('POST', '/password/edit', [

tests/controllers/SessionsTest.php

Lines changed: 12 additions & 12 deletions
Original file line numberDiff line numberDiff line change
@@ -66,7 +66,7 @@ public function testCreateLogsTheUserInAndRedirectToHome(): void
6666
$password = $this->fake('password');
6767
$user = UserFactory::create([
6868
'email' => $email,
69-
'password_hash' => password_hash($password, PASSWORD_BCRYPT),
69+
'password_hash' => models\User::passwordHash($password),
7070
]);
7171

7272
$current_user = auth\CurrentUser::get();
@@ -92,7 +92,7 @@ public function testCreateReturnsACookie(): void
9292
$password = $this->fake('password');
9393
$user = UserFactory::create([
9494
'email' => $email,
95-
'password_hash' => password_hash($password, PASSWORD_BCRYPT),
95+
'password_hash' => models\User::passwordHash($password),
9696
]);
9797

9898
$response = $this->appRun('POST', '/login', [
@@ -121,7 +121,7 @@ public function testCreateCreatesASessionValidForOneMonth(): void
121121
$password = $this->fake('password');
122122
$user = UserFactory::create([
123123
'email' => $email,
124-
'password_hash' => password_hash($password, PASSWORD_BCRYPT),
124+
'password_hash' => models\User::passwordHash($password),
125125
]);
126126

127127
$this->assertSame(0, models\Session::count());
@@ -165,7 +165,7 @@ public function testCreateDoesNotCreateASessionIfConnected(): void
165165
$password = $this->fake('password');
166166
$user = $this->login([
167167
'email' => $email,
168-
'password_hash' => password_hash($password, PASSWORD_BCRYPT),
168+
'password_hash' => models\User::passwordHash($password),
169169
]);
170170

171171
$number_tokens = models\Session::count();
@@ -188,7 +188,7 @@ public function testCreateRedirectsToRedirectTo(): void
188188
$password = $this->fake('password');
189189
$user = UserFactory::create([
190190
'email' => $email,
191-
'password_hash' => password_hash($password, PASSWORD_BCRYPT),
191+
'password_hash' => models\User::passwordHash($password),
192192
]);
193193

194194
$response = $this->appRun('POST', '/login', [
@@ -209,7 +209,7 @@ public function testCreateForcesRedirectionOnCurrentInstance(): void
209209
$password = $this->fake('password');
210210
$user = UserFactory::create([
211211
'email' => $email,
212-
'password_hash' => password_hash($password, PASSWORD_BCRYPT),
212+
'password_hash' => models\User::passwordHash($password),
213213
]);
214214
$redirect_to = 'https://example.com/about';
215215

@@ -231,7 +231,7 @@ public function testCreateIsCaseInsensitive(): void
231231
$password = $this->fake('password');
232232
$user = UserFactory::create([
233233
'email' => strtolower($email),
234-
'password_hash' => password_hash($password, PASSWORD_BCRYPT),
234+
'password_hash' => models\User::passwordHash($password),
235235
]);
236236

237237
$current_user = auth\CurrentUser::get();
@@ -257,7 +257,7 @@ public function testCreateFailsIfCsrfIsInvalid(): void
257257
$password = $this->fake('password');
258258
$user = UserFactory::create([
259259
'email' => $email,
260-
'password_hash' => password_hash($password, PASSWORD_BCRYPT),
260+
'password_hash' => models\User::passwordHash($password),
261261
]);
262262

263263
$response = $this->appRun('POST', '/login', [
@@ -279,7 +279,7 @@ public function testCreateFailsIfEmailDoesNotMatchAUser(): void
279279
$password = $this->fake('password');
280280
$user = UserFactory::create([
281281
'email' => $email,
282-
'password_hash' => password_hash($password, PASSWORD_BCRYPT),
282+
'password_hash' => models\User::passwordHash($password),
283283
]);
284284

285285
$response = $this->appRun('POST', '/login', [
@@ -300,7 +300,7 @@ public function testCreateFailsIfEmailIsSupportUserEmail(): void
300300
$password = $this->fake('password');
301301
$user = UserFactory::create([
302302
'email' => $email,
303-
'password_hash' => password_hash($password, PASSWORD_BCRYPT),
303+
'password_hash' => models\User::passwordHash($password),
304304
]);
305305

306306
$response = $this->appRun('POST', '/login', [
@@ -322,7 +322,7 @@ public function testCreateFailsIfEmailIsInvalid(): void
322322
$password = $this->fake('password');
323323
$user = UserFactory::create([
324324
'email' => $email,
325-
'password_hash' => password_hash($password, PASSWORD_BCRYPT),
325+
'password_hash' => models\User::passwordHash($password),
326326
]);
327327

328328
$response = $this->appRun('POST', '/login', [
@@ -344,7 +344,7 @@ public function testCreateFailsIfPasswordDoesNotMatch(): void
344344
$password = $this->fake('password');
345345
$user = UserFactory::create([
346346
'email' => $email,
347-
'password_hash' => password_hash($password, PASSWORD_BCRYPT),
347+
'password_hash' => models\User::passwordHash($password),
348348
]);
349349

350350
$response = $this->appRun('POST', '/login', [

tests/controllers/my/AccountTest.php

Lines changed: 6 additions & 6 deletions
Original file line numberDiff line numberDiff line change
@@ -197,7 +197,7 @@ public function testDeleteRedirectsToLoginAndDeletesTheUser(): void
197197
/** @var string */
198198
$password = $this->fake('password');
199199
$user = $this->login([
200-
'password_hash' => password_hash($password, PASSWORD_BCRYPT),
200+
'password_hash' => models\User::passwordHash($password),
201201
]);
202202

203203
$response = $this->appRun('POST', '/my/account/deletion', [
@@ -228,7 +228,7 @@ public function testDeleteDeletesAvatarIfSet(): void
228228
/** @var string */
229229
$password = $this->fake('password');
230230
$user = $this->login([
231-
'password_hash' => password_hash($password, PASSWORD_BCRYPT),
231+
'password_hash' => models\User::passwordHash($password),
232232
'avatar_filename' => $avatar_filename,
233233
]);
234234

@@ -257,7 +257,7 @@ public function testDeleteDeletesSessionsAssociatedToTheUser(): void
257257
/** @var string */
258258
$password = $this->fake('password');
259259
$user = $this->login([
260-
'password_hash' => password_hash($password, PASSWORD_BCRYPT),
260+
'password_hash' => models\User::passwordHash($password),
261261
]);
262262

263263
$this->assertSame(1, models\Session::count());
@@ -275,7 +275,7 @@ public function testDeleteFailsIfPasswordIsIncorrect(): void
275275
/** @var string */
276276
$password = $this->fake('password');
277277
$user = $this->login([
278-
'password_hash' => password_hash($password, PASSWORD_BCRYPT),
278+
'password_hash' => models\User::passwordHash($password),
279279
]);
280280

281281
$response = $this->appRun('POST', '/my/account/deletion', [
@@ -293,7 +293,7 @@ public function testDeleteFailsIfCsrfIsInvalid(): void
293293
/** @var string */
294294
$password = $this->fake('password');
295295
$user = $this->login([
296-
'password_hash' => password_hash($password, PASSWORD_BCRYPT),
296+
'password_hash' => models\User::passwordHash($password),
297297
]);
298298

299299
$response = $this->appRun('POST', '/my/account/deletion', [
@@ -314,7 +314,7 @@ public function testDeleteFailsIfTryingToDeleteDemoAccount(): void
314314
$password = $this->fake('password');
315315
$user = $this->login([
316316
'email' => models\User::DEMO_EMAIL,
317-
'password_hash' => password_hash($password, PASSWORD_BCRYPT),
317+
'password_hash' => models\User::passwordHash($password),
318318
]);
319319

320320
$response = $this->appRun('POST', '/my/account/deletion', [

0 commit comments

Comments
 (0)