#63026 Reduce the bcrypt cost during testing

src/wp-includes/pluggable.php

@@ -2676,9 +2676,11 @@ function wp_hash_password(
 		 * - `PASSWORD_ARGON2ID`
 		 * - `PASSWORD_DEFAULT`
 		 *
+		 * The values of the algorithm constants are strings in PHP 7.4+ and integers in PHP 7.3 and earlier.
+		 *
 		 * @since 6.8.0
 		 *
-		 * @param string $algorithm The hashing algorithm. Default is the value of the `PASSWORD_BCRYPT` constant.
+		 * @param string|int $algorithm The hashing algorithm. Default is the value of the `PASSWORD_BCRYPT` constant.
 		 */
 		$algorithm = apply_filters( 'wp_hash_password_algorithm', PASSWORD_BCRYPT );
 
@@ -2688,12 +2690,14 @@ function wp_hash_password(
 		 * The default hashing algorithm is bcrypt, but this can be changed via the {@see 'wp_hash_password_algorithm'}
 		 * filter. You must ensure that the options are appropriate for the algorithm in use.
 		 *
+		 * The values of the algorithm constants are strings in PHP 7.4+ and integers in PHP 7.3 and earlier.
+		 *
 		 * @since 6.8.0
 		 *
-		 * @param array $options    Array of options to pass to the password hashing functions.
-		 *                          By default this is an empty array which means the default
-		 *                          options will be used.
-		 * @param string $algorithm The hashing algorithm in use.
+		 * @param array      $options   Array of options to pass to the password hashing functions.
+		 *                              By default this is an empty array which means the default
+		 *                              options will be used.
+		 * @param string|int $algorithm The hashing algorithm in use.
 		 */
 		$options = apply_filters( 'wp_hash_password_options', array(), $algorithm );
 

tests/phpunit/includes/abstract-testcase.php

@@ -136,6 +136,21 @@ public function set_up() {
 		$this->start_transaction();
 		$this->expectDeprecated();
 		add_filter( 'wp_die_handler', array( $this, 'get_wp_die_handler' ) );
+		add_filter( 'wp_hash_password_options', array( $this, 'wp_hash_password_options' ), 1, 2 );
+	}
+
+	/**
+	 * Sets the bcrypt cost option for password hashing during tests.
+	 *
+	 * @param array      $options   The options for password hashing.
+	 * @param string|int $algorithm The algorithm to use for hashing. This is a string in PHP 7.4+ and an integer in PHP 7.3 and earlier.
+	 */
+	public function wp_hash_password_options( array $options, $algorithm ): array {
+		if ( PASSWORD_BCRYPT === $algorithm ) {
+			$options['cost'] = 5;
+		}
+
+		return $options;
 	}
 
 	/**

tests/phpunit/tests/auth.php

@@ -2089,9 +2089,6 @@ private static function set_application_password( string $hash, int $user_id ) {
 	}
 
 	private static function get_default_bcrypt_cost(): int {
-		$hash = password_hash( 'password', PASSWORD_BCRYPT );
-		$info = password_get_info( $hash );
-
-		return $info['options']['cost'];
+		return 5;
 	}
 }