X-Git-Url: http://git.squeep.com/?a=blobdiff_plain;f=test%2Fpleroma%2Fpassword_test.exs;h=951fc810a12042043edb20fa6d898afc15670553;hb=63ce25f32c9bd0dfd5a4db9ad14b6b773c9b05a9;hp=6ed0ca82690868846b976b88c4f8118fe1d878a4;hpb=c7cd9bd5911f8393fa758e329f8786913a5c321f;p=akkoma diff --git a/test/pleroma/password_test.exs b/test/pleroma/password_test.exs index 6ed0ca826..951fc810a 100644 --- a/test/pleroma/password_test.exs +++ b/test/pleroma/password_test.exs @@ -1,35 +1,65 @@ -# Pleroma: A lightweight social networking server -# Copyright © 2017-2021 Pleroma Authors -# SPDX-License-Identifier: AGPL-3.0-only - defmodule Pleroma.PasswordTest do use Pleroma.DataCase, async: true + import Pleroma.Factory + import ExUnit.CaptureLog alias Pleroma.Password - test "it generates the same hash as pbkd2_elixir" do - # hash = Pleroma.Password.hash_pwd_salt("password") - hash = - "$pbkdf2-sha512$1$QJpEYw8iBKcnY.4Rm0eCVw$UBPeWQ91RxSv3snxsb/ZzMeG/2aa03c541bbo8vQudREGNta5t8jBQrd00fyJp8RjaqfvgdZxy2rhSwljyu21g" + describe "hash_pwd_salt/1" do + test "returns a hash" do + assert "$argon2id" <> _ = Password.hash_pwd_salt("test") + end + end - # Use the same randomly generated salt - salt = Password.decode64("QJpEYw8iBKcnY.4Rm0eCVw") + describe "maybe_update_password/2" do + test "with a bcrypt hash, it updates to an argon2 hash" do + user = insert(:user, password_hash: Bcrypt.hash_pwd_salt("123")) + assert "$2" <> _ = user.password_hash - assert hash == Password.hash_pwd_salt("password", salt: salt) - end + {:ok, user} = Password.maybe_update_password(user, "123") + assert "$argon2" <> _ = user.password_hash + end - @tag skip: "Works when Pbkd2 is present. Source: trust me bro" - test "Pleroma.Password can verify passwords generated with it" do - hash = Password.hash_pwd_salt("password") + test "with a pbkdf2 hash, it updates to an argon2 hash" do + user = insert(:user, password_hash: Pleroma.Password.Pbkdf2.hash_pwd_salt("123")) + assert "$pbkdf2" <> _ = user.password_hash - assert Pleroma.Password.verify_pass("password", hash) + {:ok, user} = Password.maybe_update_password(user, "123") + assert "$argon2" <> _ = user.password_hash + end end - test "it verifies pbkdf2_elixir hashes" do - # hash = Pleroma.Password.hash_pwd_salt("password") - hash = - "$pbkdf2-sha512$1$QJpEYw8iBKcnY.4Rm0eCVw$UBPeWQ91RxSv3snxsb/ZzMeG/2aa03c541bbo8vQudREGNta5t8jBQrd00fyJp8RjaqfvgdZxy2rhSwljyu21g" + describe "checkpw/2" do + test "check pbkdf2 hash" do + hash = + "$pbkdf2-sha512$160000$loXqbp8GYls43F0i6lEfIw$AY.Ep.2pGe57j2hAPY635sI/6w7l9Q9u9Bp02PkPmF3OrClDtJAI8bCiivPr53OKMF7ph6iHhN68Rom5nEfC2A" + + assert Password.checkpw("test-password", hash) + refute Password.checkpw("test-password1", hash) + end + + test "check bcrypt hash" do + hash = "$2a$10$uyhC/R/zoE1ndwwCtMusK.TLVzkQ/Ugsbqp3uXI.CTTz0gBw.24jS" + + assert Password.checkpw("password", hash) + refute Password.checkpw("password1", hash) + end + + test "check argon2 hash" do + hash = + "$argon2id$v=19$m=65536,t=8,p=2$zEMMsTuK5KkL5AFWbX7jyQ$VyaQD7PF6e9btz0oH1YiAkWwIGZ7WNDZP8l+a/O171g" + + assert Password.checkpw("password", hash) + refute Password.checkpw("password1", hash) + end + + test "it returns false when hash invalid" do + hash = + "psBWV8gxkGOZWBz$PmfCycChoxeJ3GgGzwvhlgacb9mUoZ.KUXNCssekER4SJ7bOK53uXrHNb2e4i8yPFgSKyzaW9CcmrDXWIEMtD1" - assert Password.verify_pass("password", hash) + assert capture_log(fn -> + refute Password.checkpw("password", hash) + end) =~ "[error] Password hash not recognized" + end end end