fix

php/libraries/Password.class.inc

@@ -199,17 +199,25 @@ class Password
      *
      * @throws InvalidArgumentException When passsword is too short or too simple.
      */
-    public final function __construct(string $value)
-    {
-        // Ensure proposed value is well-formed.
-        $this->_validate($value);
-        // Don't store the value in the object; instead use the hashed version
-        // This mitigates the risk of accidentally revealing the plaintext.
-        $config        =& \NDB_Config::singleton();
-        $password_algo = $config->getSetting("passwordAlgorithm");
-        $this->_hash   = password_hash($value, $password_algo);
+public final function __construct(string $value, ?NDB_Config $config = null)
+{
+    // Validate the proposed value
+    $this->_validate($value);
+
+    // Use the provided config or fallback to the singleton (for backward compatibility)
+    $config = $config ?? \NDB_Config::singleton();
+
+    // Fetch password algorithm from the config
+    $password_algo = $config->getSetting("passwordAlgorithm");
+
+    if (empty($password_algo)) {
+        throw new ConfigurationException("Password algorithm is not configured in the settings.");
     }
 
+    // Hash the password using the configured algorithm
+    $this->_hash = password_hash($value, $password_algo);
+}
+
     /**
      * The hashed value of the original input.
      *

test/unittests/PasswordTest.php

@@ -142,24 +142,45 @@ public function testContructorInvalidValues($invalidValue): void
      *
      * @return void
      */
-    public function testWellFormedPassword(): void
-    {
-        $this->_configMock->method('getSetting')
-            ->will($this->returnValueMap($this->_configInfo));
-        $this->assertInstanceOf('Password', new \Password(self::VALID_PASSWORD));
-    }
+public function testWellFormedPassword(): void
+{
+    // Create a mock NDB_Config object
+    $configMock = $this->createMock(NDB_Config::class);
 
+    // Configure the mock to return a valid password algorithm
+    $configMock->method('getSetting')
+               ->with('passwordAlgorithm')
+               ->willReturn(PASSWORD_BCRYPT);
+
+    // Test instantiation with the valid password and config
+    $password = new \Password(self::VALID_PASSWORD, $configMock);
+
+    $this->assertInstanceOf(\Password::class, $password, "Password object should be successfully instantiated.");
+}
     /**
      * Ensures the toString function of Password returns a password hash
      * that can be verified.
      *
      * @return void
      */
-    public function testToString(): void
-    {
-        $password = new \Password(self::VALID_PASSWORD);
-        $this->assertTrue(
-            password_verify(self::VALID_PASSWORD, (string) $password)
-        );
-    }
+public function testToString(): void
+{
+    // Create a mock NDB_Config object
+    $configMock = $this->createMock(NDB_Config::class);
+
+    // Configure the mock to return a valid password algorithm
+    $configMock->method('getSetting')
+               ->with('passwordAlgorithm')
+               ->willReturn(PASSWORD_BCRYPT);
+
+    // Instantiate the Password object with the valid password and config
+    $password = new \Password(self::VALID_PASSWORD, $configMock);
+
+    // Assert that the password can be verified with the hashed value
+    $this->assertTrue(
+        password_verify(self::VALID_PASSWORD, (string) $password),
+        "Password string should correctly verify against the original value."
+    );
+}
+
 }