2019-04-24 21:52:08 +00:00
package authentication
import (
2020-03-06 01:38:02 +00:00
"fmt"
2019-04-24 21:52:08 +00:00
"testing"
2020-03-06 01:38:02 +00:00
"github.com/simia-tech/crypt"
2019-04-24 21:52:08 +00:00
"github.com/stretchr/testify/assert"
2019-12-27 16:55:00 +00:00
"github.com/stretchr/testify/require"
2020-04-05 12:37:21 +00:00
"github.com/authelia/authelia/internal/configuration/schema"
"github.com/authelia/authelia/internal/utils"
2019-04-24 21:52:08 +00:00
)
2020-03-06 01:38:02 +00:00
func TestShouldHashSHA512Password ( t * testing . T ) {
hash , err := HashPassword ( "password" , "aFr56HjK3DrB8t3S" , HashingAlgorithmSHA512 , 50000 , 0 , 0 , 0 , 16 )
assert . NoError ( t , err )
2020-04-09 01:05:17 +00:00
code , parameters , salt , hash , _ := crypt . DecodeSettings ( hash )
2020-03-06 01:38:02 +00:00
assert . Equal ( t , "6" , code )
assert . Equal ( t , "aFr56HjK3DrB8t3S" , salt )
assert . Equal ( t , "zhPQiS85cgBlNhUKKE6n/AHMlpqrvYSnSL3fEVkK0yHFQ.oFFAd8D4OhPAy18K5U61Z2eBhxQXExGU/eknXlY1" , hash )
2020-04-11 03:54:18 +00:00
assert . Equal ( t , schema . DefaultPasswordSHA512Configuration . Iterations , parameters . GetInt ( "rounds" , HashingDefaultSHA512Iterations ) )
2020-03-06 01:38:02 +00:00
}
func TestShouldHashArgon2idPassword ( t * testing . T ) {
hash , err := HashPassword ( "password" , "BpLnfgDsc2WD8F2q" , HashingAlgorithmArgon2id ,
2020-04-11 03:54:18 +00:00
schema . DefaultCIPasswordConfiguration . Iterations , schema . DefaultCIPasswordConfiguration . Memory * 1024 ,
schema . DefaultCIPasswordConfiguration . Parallelism , schema . DefaultCIPasswordConfiguration . KeyLength ,
schema . DefaultCIPasswordConfiguration . SaltLength )
2020-03-06 01:38:02 +00:00
assert . NoError ( t , err )
code , parameters , salt , key , err := crypt . DecodeSettings ( hash )
assert . NoError ( t , err )
2020-05-06 00:52:06 +00:00
assert . Equal ( t , argon2id , code )
2020-03-06 01:38:02 +00:00
assert . Equal ( t , "BpLnfgDsc2WD8F2q" , salt )
assert . Equal ( t , "O126GHPeZ5fwj7OLSs7PndXsTbje76R+QW9/EGfhkJg" , key )
2020-04-11 03:54:18 +00:00
assert . Equal ( t , schema . DefaultCIPasswordConfiguration . Iterations , parameters . GetInt ( "t" , HashingDefaultArgon2idTime ) )
assert . Equal ( t , schema . DefaultCIPasswordConfiguration . Memory * 1024 , parameters . GetInt ( "m" , HashingDefaultArgon2idMemory ) )
assert . Equal ( t , schema . DefaultCIPasswordConfiguration . Parallelism , parameters . GetInt ( "p" , HashingDefaultArgon2idParallelism ) )
assert . Equal ( t , schema . DefaultCIPasswordConfiguration . KeyLength , parameters . GetInt ( "k" , HashingDefaultArgon2idKeyLength ) )
2020-03-06 01:38:02 +00:00
}
2020-05-02 05:06:39 +00:00
// This checks the method of hashing (for argon2id) supports all the characters we allow in Authelia's hash function.
2020-03-06 01:38:02 +00:00
func TestArgon2idHashSaltValidValues ( t * testing . T ) {
2020-05-05 19:35:32 +00:00
var err error
var hash string
2020-03-06 01:38:02 +00:00
data := string ( HashingPossibleSaltCharacters )
datas := utils . SliceString ( data , 16 )
2020-05-05 19:35:32 +00:00
2020-03-06 01:38:02 +00:00
for _ , salt := range datas {
hash , err = HashPassword ( "password" , salt , HashingAlgorithmArgon2id , 1 , 8 , 1 , 32 , 16 )
assert . NoError ( t , err )
assert . Equal ( t , fmt . Sprintf ( "$argon2id$v=19$m=8,p=1$%s$" , salt ) , hash [ 0 : 40 ] )
}
}
2020-05-02 05:06:39 +00:00
// This checks the method of hashing (for sha512) supports all the characters we allow in Authelia's hash function.
2020-03-06 01:38:02 +00:00
func TestSHA512HashSaltValidValues ( t * testing . T ) {
2020-05-05 19:35:32 +00:00
var err error
var hash string
2020-03-06 01:38:02 +00:00
data := string ( HashingPossibleSaltCharacters )
datas := utils . SliceString ( data , 16 )
2020-05-05 19:35:32 +00:00
2020-03-06 01:38:02 +00:00
for _ , salt := range datas {
hash , err = HashPassword ( "password" , salt , HashingAlgorithmSHA512 , 1000 , 0 , 0 , 0 , 16 )
assert . NoError ( t , err )
assert . Equal ( t , fmt . Sprintf ( "$6$rounds=1000$%s$" , salt ) , hash [ 0 : 32 ] )
}
}
func TestShouldNotHashPasswordWithNonExistentAlgorithm ( t * testing . T ) {
hash , err := HashPassword ( "password" , "BpLnfgDsc2WD8F2q" , "bogus" ,
2020-04-11 03:54:18 +00:00
schema . DefaultCIPasswordConfiguration . Iterations , schema . DefaultCIPasswordConfiguration . Memory * 1024 ,
schema . DefaultCIPasswordConfiguration . Parallelism , schema . DefaultCIPasswordConfiguration . KeyLength ,
schema . DefaultCIPasswordConfiguration . SaltLength )
2020-03-06 01:38:02 +00:00
assert . Equal ( t , "" , hash )
2020-04-09 01:05:17 +00:00
assert . EqualError ( t , err , "Hashing algorithm input of 'bogus' is invalid, only values of argon2id and 6 are supported" )
2020-03-06 01:38:02 +00:00
}
func TestShouldNotHashArgon2idPasswordDueToMemoryParallelismMismatch ( t * testing . T ) {
hash , err := HashPassword ( "password" , "BpLnfgDsc2WD8F2q" , HashingAlgorithmArgon2id ,
2020-04-11 03:54:18 +00:00
schema . DefaultCIPasswordConfiguration . Iterations , 8 , 2 ,
schema . DefaultCIPasswordConfiguration . KeyLength , schema . DefaultCIPasswordConfiguration . SaltLength )
2020-03-06 01:38:02 +00:00
assert . Equal ( t , "" , hash )
2020-04-09 01:05:17 +00:00
assert . EqualError ( t , err , "Memory (argon2id) input of 8 is invalid with a parallelism input of 2, it must be 16 (parallelism * 8) or higher" )
2020-03-06 01:38:02 +00:00
}
func TestShouldNotHashArgon2idPasswordDueToMemoryLessThanEight ( t * testing . T ) {
hash , err := HashPassword ( "password" , "BpLnfgDsc2WD8F2q" , HashingAlgorithmArgon2id ,
2020-04-11 03:54:18 +00:00
schema . DefaultCIPasswordConfiguration . Iterations , 1 , schema . DefaultCIPasswordConfiguration . Parallelism ,
schema . DefaultCIPasswordConfiguration . KeyLength , schema . DefaultCIPasswordConfiguration . SaltLength )
2020-03-06 01:38:02 +00:00
assert . Equal ( t , "" , hash )
2020-04-09 01:05:17 +00:00
assert . EqualError ( t , err , "Memory (argon2id) input of 1 is invalid, it must be 8 or higher" )
2020-03-06 01:38:02 +00:00
}
func TestShouldNotHashArgon2idPasswordDueToKeyLengthLessThanSixteen ( t * testing . T ) {
hash , err := HashPassword ( "password" , "BpLnfgDsc2WD8F2q" , HashingAlgorithmArgon2id ,
2020-04-11 03:54:18 +00:00
schema . DefaultCIPasswordConfiguration . Iterations , schema . DefaultCIPasswordConfiguration . Memory * 1024 ,
schema . DefaultCIPasswordConfiguration . Parallelism , 5 , schema . DefaultCIPasswordConfiguration . SaltLength )
2020-03-06 01:38:02 +00:00
assert . Equal ( t , "" , hash )
2020-04-09 01:05:17 +00:00
assert . EqualError ( t , err , "Key length (argon2id) input of 5 is invalid, it must be 16 or higher" )
2020-03-06 01:38:02 +00:00
}
func TestShouldNotHashArgon2idPasswordDueParallelismLessThanOne ( t * testing . T ) {
hash , err := HashPassword ( "password" , "BpLnfgDsc2WD8F2q" , HashingAlgorithmArgon2id ,
2020-04-11 03:54:18 +00:00
schema . DefaultCIPasswordConfiguration . Iterations , schema . DefaultCIPasswordConfiguration . Memory * 1024 , - 1 ,
schema . DefaultCIPasswordConfiguration . KeyLength , schema . DefaultCIPasswordConfiguration . SaltLength )
2020-03-06 01:38:02 +00:00
assert . Equal ( t , "" , hash )
2020-04-09 01:05:17 +00:00
assert . EqualError ( t , err , "Parallelism (argon2id) input of -1 is invalid, it must be 1 or higher" )
2020-03-06 01:38:02 +00:00
}
func TestShouldNotHashArgon2idPasswordDueIterationsLessThanOne ( t * testing . T ) {
hash , err := HashPassword ( "password" , "BpLnfgDsc2WD8F2q" , HashingAlgorithmArgon2id ,
2020-04-11 03:54:18 +00:00
0 , schema . DefaultCIPasswordConfiguration . Memory * 1024 , schema . DefaultCIPasswordConfiguration . Parallelism ,
schema . DefaultCIPasswordConfiguration . KeyLength , schema . DefaultCIPasswordConfiguration . SaltLength )
2020-03-06 01:38:02 +00:00
assert . Equal ( t , "" , hash )
2020-04-09 01:05:17 +00:00
assert . EqualError ( t , err , "Iterations (argon2id) input of 0 is invalid, it must be 1 or more" )
2020-03-06 01:38:02 +00:00
}
func TestShouldNotHashPasswordDueToSaltLength ( t * testing . T ) {
hash , err := HashPassword ( "password" , "" , HashingAlgorithmArgon2id ,
2020-04-11 03:54:18 +00:00
schema . DefaultCIPasswordConfiguration . Iterations , schema . DefaultCIPasswordConfiguration . Memory * 1024 ,
schema . DefaultCIPasswordConfiguration . Parallelism , schema . DefaultCIPasswordConfiguration . KeyLength , 0 )
2020-03-06 01:38:02 +00:00
assert . Equal ( t , "" , hash )
2020-04-09 01:05:17 +00:00
assert . EqualError ( t , err , "Salt length input of 0 is invalid, it must be 2 or higher" )
2020-03-06 01:38:02 +00:00
hash , err = HashPassword ( "password" , "" , HashingAlgorithmArgon2id ,
2020-04-11 03:54:18 +00:00
schema . DefaultCIPasswordConfiguration . Iterations , schema . DefaultCIPasswordConfiguration . Memory * 1024 ,
schema . DefaultCIPasswordConfiguration . Parallelism , schema . DefaultCIPasswordConfiguration . KeyLength , 20 )
2020-03-06 01:38:02 +00:00
assert . Equal ( t , "" , hash )
2020-04-09 01:05:17 +00:00
assert . EqualError ( t , err , "Salt length input of 20 is invalid, it must be 16 or lower" )
2020-03-06 01:38:02 +00:00
}
func TestShouldNotHashPasswordDueToSaltCharLengthTooLong ( t * testing . T ) {
hash , err := HashPassword ( "password" , "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789" , HashingAlgorithmArgon2id ,
2020-04-11 03:54:18 +00:00
schema . DefaultCIPasswordConfiguration . Iterations , schema . DefaultCIPasswordConfiguration . Memory * 1024 ,
schema . DefaultCIPasswordConfiguration . Parallelism , schema . DefaultCIPasswordConfiguration . KeyLength ,
schema . DefaultCIPasswordConfiguration . SaltLength )
2020-03-06 01:38:02 +00:00
assert . Equal ( t , "" , hash )
2020-04-09 01:05:17 +00:00
assert . EqualError ( t , err , "Salt input of abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789 is invalid (62 characters), it must be 16 or fewer characters" )
2020-03-06 01:38:02 +00:00
}
func TestShouldNotHashPasswordDueToSaltCharLengthTooShort ( t * testing . T ) {
hash , err := HashPassword ( "password" , "a" , HashingAlgorithmArgon2id ,
2020-04-11 03:54:18 +00:00
schema . DefaultCIPasswordConfiguration . Iterations , schema . DefaultCIPasswordConfiguration . Memory * 1024 ,
schema . DefaultCIPasswordConfiguration . Parallelism , schema . DefaultCIPasswordConfiguration . KeyLength ,
schema . DefaultCIPasswordConfiguration . SaltLength )
2020-03-06 01:38:02 +00:00
assert . Equal ( t , "" , hash )
2020-04-09 01:05:17 +00:00
assert . EqualError ( t , err , "Salt input of a is invalid (1 characters), it must be 2 or more characters" )
2020-03-06 01:38:02 +00:00
}
func TestShouldNotHashPasswordWithNonBase64CharsInSalt ( t * testing . T ) {
hash , err := HashPassword ( "password" , "abc&123" , HashingAlgorithmArgon2id ,
2020-04-11 03:54:18 +00:00
schema . DefaultCIPasswordConfiguration . Iterations , schema . DefaultCIPasswordConfiguration . Memory * 1024 ,
schema . DefaultCIPasswordConfiguration . Parallelism , schema . DefaultCIPasswordConfiguration . KeyLength ,
schema . DefaultCIPasswordConfiguration . SaltLength )
2020-03-06 01:38:02 +00:00
assert . Equal ( t , "" , hash )
2020-04-09 01:05:17 +00:00
assert . EqualError ( t , err , "Salt input of abc&123 is invalid, only characters [a-zA-Z0-9+/] are valid for input" )
2020-03-06 01:38:02 +00:00
}
func TestShouldNotParseHashWithNoneBase64CharsInKey ( t * testing . T ) {
passwordHash , err := ParseHash ( "$argon2id$v=19$m=65536,t=3,p=2$BpLnfgDsc2WD8F2q$^^vzA4myCqZZ36bUGsDY//8mKUYNZZaR0t4MFFSs+iM" )
2020-04-09 01:05:17 +00:00
assert . EqualError ( t , err , "Hash key contains invalid base64 characters" )
2020-03-06 01:38:02 +00:00
assert . Nil ( t , passwordHash )
}
func TestShouldNotParseHashWithNoneBase64CharsInSalt ( t * testing . T ) {
passwordHash , err := ParseHash ( "$argon2id$v=19$m=65536$^^wTFoFjITudo57a$Z4NH/EKkdv6PJ01Ye1twJ61fsmRJujZZn1IXdUOyrJY" )
2020-04-09 01:05:17 +00:00
assert . EqualError ( t , err , "Salt contains invalid base64 characters" )
2020-03-06 01:38:02 +00:00
assert . Nil ( t , passwordHash )
}
func TestShouldNotParseWithMalformedHash ( t * testing . T ) {
hashExtraField := "$argon2id$v=19$m=65536,t=3,p=2$abc$BpLnfgDsc2WD8F2q$^^vzA4myCqZZ36bUGsDY//8mKUYNZZaR0t4MFFSs+iM"
hashMissingSaltAndParams := "$argon2id$v=1$2t9X8nNCN2n3/kFYJ3xWNBg5k/rO782Qr7JJoJIK7G4"
hashMissingSalt := "$argon2id$v=1$m=65536,t=3,p=2$2t9X8nNCN2n3/kFYJ3xWNBg5k/rO782Qr7JJoJIK7G4"
passwordHash , err := ParseHash ( hashExtraField )
2020-04-09 01:05:17 +00:00
assert . EqualError ( t , err , fmt . Sprintf ( "Hash key is not the last parameter, the hash is likely malformed (%s)" , hashExtraField ) )
2020-03-06 01:38:02 +00:00
assert . Nil ( t , passwordHash )
passwordHash , err = ParseHash ( hashMissingSaltAndParams )
2020-04-09 01:05:17 +00:00
assert . EqualError ( t , err , fmt . Sprintf ( "Hash key is not the last parameter, the hash is likely malformed (%s)" , hashMissingSaltAndParams ) )
2020-03-06 01:38:02 +00:00
assert . Nil ( t , passwordHash )
passwordHash , err = ParseHash ( hashMissingSalt )
2020-04-09 01:05:17 +00:00
assert . EqualError ( t , err , fmt . Sprintf ( "Hash key is not the last parameter, the hash is likely malformed (%s)" , hashMissingSalt ) )
2020-03-06 01:38:02 +00:00
assert . Nil ( t , passwordHash )
}
func TestShouldNotParseHashWithEmptyKey ( t * testing . T ) {
hash := "$argon2id$v=19$m=65536$fvwTFoFjITudo57a$"
passwordHash , err := ParseHash ( hash )
assert . EqualError ( t , err , fmt . Sprintf ( "Hash key contains no characters or the field length is invalid (%s)" , hash ) )
assert . Nil ( t , passwordHash )
}
func TestShouldNotParseArgon2idHashWithEmptyVersion ( t * testing . T ) {
hash := "$argon2id$m=65536$fvwTFoFjITudo57a$Z4NH/EKkdv6PJ01Ye1twJ61fsmRJujZZn1IXdUOyrJY"
passwordHash , err := ParseHash ( hash )
assert . EqualError ( t , err , fmt . Sprintf ( "Argon2id version parameter not found (%s)" , hash ) )
assert . Nil ( t , passwordHash )
}
func TestShouldNotParseArgon2idHashWithWrongKeyLength ( t * testing . T ) {
hash := "$argon2id$v=19$m=65536,k=50$fvwTFoFjITudo57a$Z4NH/EKkdv6PJ01Ye1twJ61fsmRJujZZn1IXdUOyrJY"
passwordHash , err := ParseHash ( hash )
2020-04-09 01:05:17 +00:00
assert . EqualError ( t , err , "Argon2id key length parameter (50) does not match the actual key length (32)" )
2020-03-06 01:38:02 +00:00
assert . Nil ( t , passwordHash )
2019-04-24 21:52:08 +00:00
}
2020-03-06 01:38:02 +00:00
func TestShouldParseArgon2idHash ( t * testing . T ) {
passwordHash , err := ParseHash ( "$argon2id$v=19$m=131072,t=1,p=8$BpLnfgDsc2WD8F2q$G4fD5nJwXHDMS+u0eEMKvU0LF23jxbSmJSxhSLTteHE" )
assert . NoError ( t , err )
2020-04-11 03:54:18 +00:00
assert . Equal ( t , schema . DefaultCIPasswordConfiguration . Iterations , passwordHash . Iterations )
assert . Equal ( t , schema . DefaultCIPasswordConfiguration . Parallelism , passwordHash . Parallelism )
assert . Equal ( t , schema . DefaultCIPasswordConfiguration . KeyLength , passwordHash . KeyLength )
assert . Equal ( t , schema . DefaultCIPasswordConfiguration . Memory * 1024 , passwordHash . Memory )
2020-03-06 01:38:02 +00:00
}
func TestShouldCheckSHA512Password ( t * testing . T ) {
2019-11-01 18:31:51 +00:00
ok , err := CheckPassword ( "password" , "$6$rounds=50000$aFr56HjK3DrB8t3S$zhPQiS85cgBlNhUKKE6n/AHMlpqrvYSnSL3fEVkK0yHFQ.oFFAd8D4OhPAy18K5U61Z2eBhxQXExGU/eknXlY1" )
2020-03-06 01:38:02 +00:00
assert . NoError ( t , err )
assert . True ( t , ok )
}
2019-04-24 21:52:08 +00:00
2020-03-06 01:38:02 +00:00
func TestShouldCheckArgon2idPassword ( t * testing . T ) {
ok , err := CheckPassword ( "password" , "$argon2id$v=19$m=65536,t=3,p=2$BpLnfgDsc2WD8F2q$o/vzA4myCqZZ36bUGsDY//8mKUYNZZaR0t4MFFSs+iM" )
2019-04-24 21:52:08 +00:00
assert . NoError ( t , err )
assert . True ( t , ok )
}
2019-12-27 16:55:00 +00:00
2020-03-06 01:38:02 +00:00
func TestCannotParseSHA512Hash ( t * testing . T ) {
2019-12-27 16:55:00 +00:00
ok , err := CheckPassword ( "password" , "$6$roSnSL3fEVkK0yHFQ.oFFAd8D4OhPAy18K5U61Z2eBhxQXExGU/eknXlY1" )
2020-04-09 01:05:17 +00:00
assert . EqualError ( t , err , "Hash key is not the last parameter, the hash is likely malformed ($6$roSnSL3fEVkK0yHFQ.oFFAd8D4OhPAy18K5U61Z2eBhxQXExGU/eknXlY1)" )
2019-12-27 16:55:00 +00:00
assert . False ( t , ok )
}
2020-03-06 01:38:02 +00:00
func TestCannotParseArgon2idHash ( t * testing . T ) {
ok , err := CheckPassword ( "password" , "$argon2id$o/vzA4myCqZZ36bUGsDY//8mKUYNZZaR0t4MFFSs+iM" )
2020-04-09 01:05:17 +00:00
assert . EqualError ( t , err , "Hash key is not the last parameter, the hash is likely malformed ($argon2id$o/vzA4myCqZZ36bUGsDY//8mKUYNZZaR0t4MFFSs+iM)" )
2020-03-06 01:38:02 +00:00
assert . False ( t , ok )
}
func TestOnlySupportSHA512AndArgon2id ( t * testing . T ) {
2019-12-27 16:55:00 +00:00
ok , err := CheckPassword ( "password" , "$8$rounds=50000$aFr56HjK3DrB8t3S$zhPQiS85cgBlNhUKKE6n/AHMlpqrvYSnSL3fEVkK0yHFQ.oFFAd8D4OhPAy18K5U61Z2eBhxQXExGU/eknXlY1" )
2020-03-06 01:38:02 +00:00
assert . EqualError ( t , err , "Authelia only supports salted SHA512 hashing ($6$) and salted argon2id ($argon2id$), not $8$" )
2019-12-27 16:55:00 +00:00
assert . False ( t , ok )
}
func TestCannotFindNumberOfRounds ( t * testing . T ) {
2020-03-06 01:38:02 +00:00
hash := "$6$rounds50000$aFr56HjK3DrB8t3S$zhPQiS85cgBlNhUKKE6n/AHMlpqrvYSnSL3fEVkK0yHFQ.oFFAd8D4OhPAy18K5U61Z2eBhxQXExGU/eknXlY1"
ok , err := CheckPassword ( "password" , hash )
2019-12-27 16:55:00 +00:00
2020-04-09 01:05:17 +00:00
assert . EqualError ( t , err , fmt . Sprintf ( "Hash key is not the last parameter, the hash is likely malformed (%s)" , hash ) )
2020-03-06 01:38:02 +00:00
assert . False ( t , ok )
}
func TestCannotMatchArgon2idParamPattern ( t * testing . T ) {
ok , err := CheckPassword ( "password" , "$argon2id$v=19$m65536,t3,p2$BpLnfgDsc2WD8F2q$o/vzA4myCqZZ36bUGsDY//8mKUYNZZaR0t4MFFSs+iM" )
2020-04-09 01:05:17 +00:00
assert . EqualError ( t , err , "Hash key is not the last parameter, the hash is likely malformed ($argon2id$v=19$m65536,t3,p2$BpLnfgDsc2WD8F2q$o/vzA4myCqZZ36bUGsDY//8mKUYNZZaR0t4MFFSs+iM)" )
2020-03-06 01:38:02 +00:00
assert . False ( t , ok )
}
func TestArgon2idVersionLessThanSupported ( t * testing . T ) {
ok , err := CheckPassword ( "password" , "$argon2id$v=18$m=65536,t=3,p=2$BpLnfgDsc2WD8F2q$o/vzA4myCqZZ36bUGsDY//8mKUYNZZaR0t4MFFSs+iM" )
2020-04-09 01:05:17 +00:00
assert . EqualError ( t , err , "Argon2id versions less than v19 are not supported (hash is version 18)" )
2020-03-06 01:38:02 +00:00
assert . False ( t , ok )
}
func TestArgon2idVersionGreaterThanSupported ( t * testing . T ) {
ok , err := CheckPassword ( "password" , "$argon2id$v=20$m=65536,t=3,p=2$BpLnfgDsc2WD8F2q$o/vzA4myCqZZ36bUGsDY//8mKUYNZZaR0t4MFFSs+iM" )
2020-04-09 01:05:17 +00:00
assert . EqualError ( t , err , "Argon2id versions greater than v19 are not supported (hash is version 20)" )
2019-12-27 16:55:00 +00:00
assert . False ( t , ok )
}
func TestNumberOfRoundsNotInt ( t * testing . T ) {
ok , err := CheckPassword ( "password" , "$6$rounds=abc$aFr56HjK3DrB8t3S$zhPQiS85cgBlNhUKKE6n/AHMlpqrvYSnSL3fEVkK0yHFQ.oFFAd8D4OhPAy18K5U61Z2eBhxQXExGU/eknXlY1" )
2020-04-09 01:05:17 +00:00
assert . EqualError ( t , err , "SHA512 iterations is not numeric (abc)" )
2019-12-27 16:55:00 +00:00
assert . False ( t , ok )
}
2020-03-06 01:38:02 +00:00
func TestShouldCheckPasswordArgon2idHashedWithAuthelia ( t * testing . T ) {
2020-05-02 16:20:40 +00:00
password := testPassword
2020-04-11 03:54:18 +00:00
hash , err := HashPassword ( password , "" , HashingAlgorithmArgon2id , schema . DefaultCIPasswordConfiguration . Iterations ,
schema . DefaultCIPasswordConfiguration . Memory * 1024 , schema . DefaultCIPasswordConfiguration . Parallelism ,
schema . DefaultCIPasswordConfiguration . KeyLength , schema . DefaultCIPasswordConfiguration . SaltLength )
2020-03-06 01:38:02 +00:00
assert . NoError ( t , err )
equal , err := CheckPassword ( password , hash )
require . NoError ( t , err )
assert . True ( t , equal )
}
func TestShouldCheckPasswordSHA512HashedWithAuthelia ( t * testing . T ) {
2020-05-02 16:20:40 +00:00
password := testPassword
2020-04-11 03:54:18 +00:00
hash , err := HashPassword ( password , "" , HashingAlgorithmSHA512 , schema . DefaultPasswordSHA512Configuration . Iterations ,
0 , 0 , 0 , schema . DefaultPasswordSHA512Configuration . SaltLength )
2020-03-06 01:38:02 +00:00
assert . NoError ( t , err )
2019-12-27 16:55:00 +00:00
equal , err := CheckPassword ( password , hash )
require . NoError ( t , err )
assert . True ( t , equal )
}