mirror of
https://github.com/hashicorp/vault.git
synced 2025-08-24 16:11:08 +02:00
93 lines
2.5 KiB
Go
93 lines
2.5 KiB
Go
// Copyright (c) HashiCorp, Inc.
|
|
// SPDX-License-Identifier: BUSL-1.1
|
|
|
|
package userpass
|
|
|
|
import (
|
|
"testing"
|
|
|
|
"github.com/stretchr/testify/require"
|
|
"golang.org/x/crypto/bcrypt"
|
|
)
|
|
|
|
// TestUserPass_ParseHash ensures that we correctly validate password hashes that
|
|
// conform to the bcrypt standard based on the prefix of the hash.
|
|
func TestUserPass_ParseHash(t *testing.T) {
|
|
t.Parallel()
|
|
|
|
tests := map[string]struct {
|
|
input string
|
|
isErrorExpected bool
|
|
expectedErrorMessage string
|
|
}{
|
|
"too-short": {
|
|
input: "too short",
|
|
isErrorExpected: true,
|
|
expectedErrorMessage: "password hash has incorrect length",
|
|
},
|
|
"60-spaces": {
|
|
input: " ",
|
|
isErrorExpected: true,
|
|
expectedErrorMessage: "password hash has incorrect prefix",
|
|
},
|
|
"jibberish": {
|
|
input: "jibberfishjibberfishjibberfishjibberfishjibberfishjibberfish",
|
|
isErrorExpected: true,
|
|
expectedErrorMessage: "password hash has incorrect prefix",
|
|
},
|
|
"non-ascii-prefix": {
|
|
input: "$2a$qwertyjibberfishjibberfishjibberfishjibberfishjibberfish",
|
|
isErrorExpected: false,
|
|
},
|
|
"truncation-prefix": {
|
|
input: "$2b$qwertyjibberfishjibberfishjibberfishjibberfishjibberfish",
|
|
isErrorExpected: false,
|
|
},
|
|
"php-only-fixed-prefix": {
|
|
input: "$2y$qwertyjibberfishjibberfishjibberfishjibberfishjibberfish",
|
|
isErrorExpected: false,
|
|
},
|
|
"php-only-existing": {
|
|
input: "$2x$qwertyjibberfishjibberfishjibberfishjibberfishjibberfish",
|
|
isErrorExpected: true,
|
|
expectedErrorMessage: "password hash has incorrect prefix",
|
|
},
|
|
}
|
|
|
|
for name, tc := range tests {
|
|
name := name
|
|
tc := tc
|
|
t.Run(name, func(t *testing.T) {
|
|
t.Parallel()
|
|
|
|
got, err := parsePasswordHash(tc.input)
|
|
switch {
|
|
case tc.isErrorExpected:
|
|
require.EqualError(t, err, tc.expectedErrorMessage)
|
|
default:
|
|
require.NoError(t, err)
|
|
require.Equal(t, tc.input, string(got))
|
|
}
|
|
})
|
|
}
|
|
}
|
|
|
|
// TestUserPass_BcryptHashLength ensures that using the bcrypt library to generate
|
|
// a hash from a password always produces the same length.
|
|
func TestUserPass_BcryptHashLength(t *testing.T) {
|
|
t.Parallel()
|
|
|
|
tests := []string{
|
|
"",
|
|
" ",
|
|
"foo",
|
|
"this is a long password woo",
|
|
}
|
|
|
|
for _, input := range tests {
|
|
hash, err := bcrypt.GenerateFromPassword([]byte(input), bcrypt.DefaultCost)
|
|
require.NoError(t, err)
|
|
require.Len(t, hash, bcryptHashLength)
|
|
}
|
|
}
|