Commit graph

44 commits

Author SHA1 Message Date
Koji Tanaka
b1417587ad test: Replace deprecated @expectedException* to $this->expectException*() 2023-01-11 22:45:29 +01:00
Koji Tanaka
fe34a8551c test: Replace deprecated @expectedException PHPUnit_Framework_Error 2023-01-11 22:45:29 +01:00
Koji Tanaka
75716f76bc test: Add return type declarations to overridden methods of TestCase classes. 2023-01-11 22:45:29 +01:00
Koji Tanaka
61f608abc7
Fix typo 2018-02-25 16:52:34 +09:00
chinpei215
a6b0271560 Remove Security::engine()
We disscussed and decided to avoid auto selecting which extension to use.
Instead, call Configure::write('Security.useOpenSsl', true) manually.
2018-02-24 12:17:51 +09:00
chinpei215
d7ed0339b1 Make mcrypt optional
Now Security::encrypt() and Security::decrypt() works with openssl
if the mcrypt extension is unavailable.
Note that Security::rijndael() doesn't work with openssl.
2018-01-19 23:54:53 +09:00
Marc Würth
da8414e13b Use HTTPS for the opensource.org MIT license URL 2017-06-11 00:23:22 +02:00
Marc Würth
04efc7ba50 Use HTTPS for the book.cakephp.org URL 2017-06-11 00:15:36 +02:00
Marc Würth
10b89b51a9 Use HTTPS for the cakefoundation.org URL 2017-06-11 00:10:59 +02:00
mark_story
e3221b1c38 Fix errors in php7.1
* The constructor of errors has changed in PHP 7.1
* mcrypt is no longer available in PHP 7.1 by default.
2016-12-05 16:14:33 -05:00
mark_story
8b5023282e Randomly generate a salt when the salt is '' or null.
To prevent an issue where any value is accepted as a password when '' is
provided as the hashed password.

Refs #8650
2016-04-15 21:49:17 -04:00
mark_story
7df99fff1f Backport Security::randomBytes() to 2.x
I decided to leave the warning in. People who can't upgrade their
applications should at least be aware of the risks they are taking.

I'm flexible if people are strongly opposed to a warning, but I feel
that these kinds of warnings can be supressed in production if they
really are in a jam and don't care.

Refs #8282
2016-02-22 00:14:44 -05:00
Marc Würth
1ede742d92 Various improvements to the CakePHP test files
Mostly CS, doc blocks and unused variables.
2015-09-25 17:22:00 +02:00
euromark
974ca851c2 Correct doc blocks according to cs guidelines.
Remove superfluous empty lines.
2014-07-03 15:36:42 +02:00
mark_story
de0062de77 Merge branch 'master' into 2.5 2014-04-25 22:10:02 -04:00
Stefan Dickmann
f90f718e11 change parameter order 2014-04-24 12:54:45 +02:00
ADmad
8a666fb37e Don't throw exception when trying to encrypt falsey value. 2013-12-15 19:28:56 +05:30
mark_story
95ad5f5c78 Add hmac to encrypted data.
Using an HMAC ensures that the ciphertext has not been
modified.
2013-08-29 14:40:01 -04:00
mark_story
c5092851d1 Fix compatibility with PHP 5.2 2013-08-27 23:03:08 -04:00
mark_story
215d43eb06 Add encrypt() and decrypt() methods.
These methods use AES-256 and provide a simple to use API with easy to
remember names.
2013-08-27 21:20:22 -04:00
euromark
af455b4121 correct return types in doc blocks 2013-07-05 17:19:22 +02:00
Marc Würth
4c9f0414cb Improved the DocBlocks and other code cleanup
Fixed @license tag, url comes first
Whitespace and other minor code cleanup
Added some docblocks
2013-05-31 00:11:19 +02:00
mark_story
974ac44fb4 Use random iv values in rijndael.
Using fixed iv values has a number of known problems like dictionary
attacks against the cipher key. Use a random iv value for all future
encrpyted values. Provide backwards compatibility for values encrypted
with fixed iv's, and silently upgrade values for enhanced security.
2013-02-09 20:48:27 -05:00
Graham Weldon
66d856d883 Added extra line for referencing license file for copyright 2013-02-08 21:22:51 +09:00
Graham Weldon
7b860debe4 This commit is dedicated to Mark Story, who has put in much dedicated time and effort into CakePHP over the years.
I just wanted to ruin his evening, because this change needs to be merged into CakePHP 3.0.
2013-02-08 20:59:49 +09:00
Ceeram
16be9d4990 remove unused local vars 2013-01-23 17:22:06 +01:00
Ceeram
0196c6f686 code optimizing and simplify _crypt(), see PR #853 2012-11-01 14:15:52 +01:00
mark_story
eed59a95ad Fix whitespace. 2012-09-27 21:42:15 -04:00
mark_story
76d21c6d56 Try to fix another test failure caused by blowfish.
travis ci seems to have wonky hashing with blowfish on the 5.2 boxes.
Skip tests when we know blowfish is messed up.
2012-09-26 22:25:05 -04:00
dogmatic69
26934236b1 skipping the rijndael test if mcrypt_encrypt() is not available 2012-09-15 11:43:39 +01:00
mark_story
2359fb7e2e Simplify number formatting. 2012-07-22 21:28:49 -04:00
Heath Nail
434d3a7137 Add bcrypt support to Security::hash() 2012-07-22 21:15:00 -04:00
Heath Nail
304d001dfb Implement rijndael optional cookie encryption. 2012-05-30 03:49:25 -04:00
Kyle Robinson Young
b8488b8dfe Update 1.x @link in docblocks 2012-04-26 19:49:18 -07:00
Kyle Robinson Young
90e7afbdc7 Correct parameter order of assertEquals and assertNotEquals 2012-03-22 23:37:12 -07:00
Juan Basso
3b1bd90ad6 Updated copyright to 2012. 2012-03-12 22:46:07 -04:00
Kyle Robinson Young
98f03dc6df Replacing test case compatibility functions 2011-11-16 21:07:08 -05:00
Gun.io Whitespace Robot
4742168253 Remove whitespace [Gun.io WhitespaceBot] 2011-10-28 18:25:08 -04:00
Jelle Henkens
7ba2f90b2a Refactoring expectError() calls to PHPUnit annotations 2011-09-13 19:56:37 +01:00
Juan Basso
9bc3e567c1 Removed the @access and @static. 2011-07-30 20:56:48 -04:00
Jose Lorenzo Rodriguez
cfd2d9e00b Updating all @package annotations in doc blocks 2011-07-26 01:46:14 -04:30
Juan Basso
192812ee7f Updating the copyright to 2011. 2011-05-30 22:32:43 -04:00
Renan Gonçalves
438050dcaa Adding 'public' visibility to all public methods. 2011-05-30 22:02:32 +02:00
Jose Lorenzo Rodriguez
900dfef2f7 Starting unification of casing in remaining folders 2011-05-13 01:53:49 -04:30
Renamed from lib/Cake/tests/Case/Utility/SecurityTest.php (Browse further)