]> git.openstreetmap.org Git - rails.git/blob - test/lib/password_hash_test.rb
Merge remote-tracking branch 'upstream/pull/4438'
[rails.git] / test / lib / password_hash_test.rb
1 require "test_helper"
2
3 class PasswordHashTest < ActiveSupport::TestCase
4   def test_md5_without_salt
5     assert PasswordHash.check("5f4dcc3b5aa765d61d8327deb882cf99", nil, "password")
6     assert_not PasswordHash.check("5f4dcc3b5aa765d61d8327deb882cf99", nil, "wrong")
7     assert PasswordHash.upgrade?("5f4dcc3b5aa765d61d8327deb882cf99", nil)
8   end
9
10   def test_md5_with_salt
11     assert PasswordHash.check("67a1e09bb1f83f5007dc119c14d663aa", "salt", "password")
12     assert_not PasswordHash.check("67a1e09bb1f83f5007dc119c14d663aa", "salt", "wrong")
13     assert_not PasswordHash.check("67a1e09bb1f83f5007dc119c14d663aa", "wrong", "password")
14     assert PasswordHash.upgrade?("67a1e09bb1f83f5007dc119c14d663aa", "salt")
15   end
16
17   def test_pbkdf2_1000_32_sha512
18     assert PasswordHash.check("ApT/28+FsTBLa/J8paWfgU84SoRiTfeY8HjKWhgHy08=", "sha512!1000!HR4z+hAvKV2ra1gpbRybtoNzm/CNKe4cf7bPKwdUNrk=", "password")
19     assert_not PasswordHash.check("ApT/28+FsTBLa/J8paWfgU84SoRiTfeY8HjKWhgHy08=", "sha512!1000!HR4z+hAvKV2ra1gpbRybtoNzm/CNKe4cf7bPKwdUNrk=", "wrong")
20     assert_not PasswordHash.check("ApT/28+FsTBLa/J8paWfgU84SoRiTfeY8HjKWhgHy08=", "sha512!1000!HR4z+hAvKV2ra1gwrongtoNzm/CNKe4cf7bPKwdUNrk=", "password")
21     assert PasswordHash.upgrade?("ApT/28+FsTBLa/J8paWfgU84SoRiTfeY8HjKWhgHy08=", "sha512!1000!HR4z+hAvKV2ra1gpbRybtoNzm/CNKe4cf7bPKwdUNrk=")
22   end
23
24   def test_pbkdf2_10000_32_sha512
25     assert PasswordHash.check("3wYbPiOxk/tU0eeIDjUhdvi8aDP3AbFtwYKKxF1IhGg=", "sha512!10000!OUQLgtM7eD8huvanFT5/WtWaCwdOdrir8QOtFwxhO0A=", "password")
26     assert_not PasswordHash.check("3wYbPiOxk/tU0eeIDjUhdvi8aDP3AbFtwYKKxF1IhGg=", "sha512!10000!OUQLgtM7eD8huvanFT5/WtWaCwdOdrir8QOtFwxhO0A=", "wrong")
27     assert_not PasswordHash.check("3wYbPiOxk/tU0eeIDjUhdvi8aDP3AbFtwYKKxF1IhGg=", "sha512!10000!OUQLgtMwronguvanFT5/WtWaCwdOdrir8QOtFwxhO0A=", "password")
28     assert PasswordHash.upgrade?("3wYbPiOxk/tU0eeIDjUhdvi8aDP3AbFtwYKKxF1IhGg=", "sha512!10000!OUQLgtM7eD8huvanFT5/WtWaCwdOdrir8QOtFwxhO0A=")
29   end
30
31   def test_argon2_t2_m16_p1
32     assert PasswordHash.check("$argon2id$v=19$m=65536,t=2,p=1$b2E7zSvjT6TC5DXrqvfxwg$P4hly807ckgYc+kfvaf3rqmJcmKStzw+kV14oMaz8PQ", nil, "password")
33     assert_not PasswordHash.check("$argon2id$v=19$m=65536,t=2,p=1$b2E7zSvjT6TC5DXrqvfxwg$P4hly807ckgYc+kfvaf3rqmJcmKStzw+kV14oMaz8PQ", nil, "wrong")
34     assert_not PasswordHash.check("$argon2id$v=19$m=65536,t=2,p=1$b2E7zSvwrong5DXrqvfxwg$P4hly807ckgYc+kfvaf3rqmJcmKStzw+kV14oMaz8PQ", nil, "password")
35     assert PasswordHash.upgrade?("$argon2id$v=19$m=65536,t=2,p=1$b2E7zSvjT6TC5DXrqvfxwg$P4hly807ckgYc+kfvaf3rqmJcmKStzw+kV14oMaz8PQ", nil)
36   end
37
38   def test_argon2_t3_m16_p4
39     assert PasswordHash.check("$argon2id$v=19$m=65536,t=3,p=4$uxzL4aYTEDTRr2+KNA1qNQ$yuNOtH+IsCwWUbE4OGu+hIC0e4iyZ2wGhaCsQY1mJpI", nil, "password")
40     assert_not PasswordHash.check("$argon2id$v=19$m=65536,t=3,p=4$uxzL4aYTEDTRr2+KNA1qNQ$yuNOtH+IsCwWUbE4OGu+hIC0e4iyZ2wGhaCsQY1mJpI", nil, "wrong")
41     assert_not PasswordHash.check("$argon2id$v=19$m=65536,t=3,p=4$uxzL4aYwrongr2+KNA1qNQ$yuNOtH+IsCwWUbE4OGu+hIC0e4iyZ2wGhaCsQY1mJpI", nil, "password")
42     assert_not PasswordHash.upgrade?("$argon2id$v=19$m=65536,t=3,p=4$uxzL4aYTEDTRr2+KNA1qNQ$yuNOtH+IsCwWUbE4OGu+hIC0e4iyZ2wGhaCsQY1mJpI", nil)
43   end
44
45   def test_default
46     hash1, salt1 = PasswordHash.create("password")
47     hash2, salt2 = PasswordHash.create("password")
48     assert_not_equal hash1, hash2
49     assert_nil salt1
50     assert_nil salt2
51     assert PasswordHash.check(hash1, salt1, "password")
52     assert_not PasswordHash.check(hash1, salt1, "wrong")
53     assert PasswordHash.check(hash2, salt2, "password")
54     assert_not PasswordHash.check(hash2, salt2, "wrong")
55     assert_not PasswordHash.upgrade?(hash1, salt1)
56     assert_not PasswordHash.upgrade?(hash2, salt2)
57   end
58
59   def test_format
60     hash, _salt = PasswordHash.create("password")
61     format = Argon2::HashFormat.new(hash)
62
63     assert_equal "argon2id", format.variant
64     assert_operator format.version, :<=, 19
65   end
66 end