X-Git-Url: https://git.openstreetmap.org./rails.git/blobdiff_plain/64b3e289ac14533c6fb2b1223b6417ad0446878c..1c3e4746b0c901c19722ee6443266de325cca668:/test/lib/password_hash_test.rb diff --git a/test/lib/password_hash_test.rb b/test/lib/password_hash_test.rb index 1440b35c4..9bfd73496 100644 --- a/test/lib/password_hash_test.rb +++ b/test/lib/password_hash_test.rb @@ -25,14 +25,29 @@ class PasswordHashTest < ActiveSupport::TestCase assert PasswordHash.check("3wYbPiOxk/tU0eeIDjUhdvi8aDP3AbFtwYKKxF1IhGg=", "sha512!10000!OUQLgtM7eD8huvanFT5/WtWaCwdOdrir8QOtFwxhO0A=", "password") assert_not PasswordHash.check("3wYbPiOxk/tU0eeIDjUhdvi8aDP3AbFtwYKKxF1IhGg=", "sha512!10000!OUQLgtM7eD8huvanFT5/WtWaCwdOdrir8QOtFwxhO0A=", "wrong") assert_not PasswordHash.check("3wYbPiOxk/tU0eeIDjUhdvi8aDP3AbFtwYKKxF1IhGg=", "sha512!10000!OUQLgtMwronguvanFT5/WtWaCwdOdrir8QOtFwxhO0A=", "password") - assert_not PasswordHash.upgrade?("3wYbPiOxk/tU0eeIDjUhdvi8aDP3AbFtwYKKxF1IhGg=", "sha512!10000!OUQLgtM7eD8huvanFT5/WtWaCwdOdrir8QOtFwxhO0A=") + assert PasswordHash.upgrade?("3wYbPiOxk/tU0eeIDjUhdvi8aDP3AbFtwYKKxF1IhGg=", "sha512!10000!OUQLgtM7eD8huvanFT5/WtWaCwdOdrir8QOtFwxhO0A=") + end + + def test_argon2_t2_m16_p1 + assert PasswordHash.check("$argon2id$v=19$m=65536,t=2,p=1$b2E7zSvjT6TC5DXrqvfxwg$P4hly807ckgYc+kfvaf3rqmJcmKStzw+kV14oMaz8PQ", nil, "password") + assert_not PasswordHash.check("$argon2id$v=19$m=65536,t=2,p=1$b2E7zSvjT6TC5DXrqvfxwg$P4hly807ckgYc+kfvaf3rqmJcmKStzw+kV14oMaz8PQ", nil, "wrong") + assert_not PasswordHash.check("$argon2id$v=19$m=65536,t=2,p=1$b2E7zSvwrong5DXrqvfxwg$P4hly807ckgYc+kfvaf3rqmJcmKStzw+kV14oMaz8PQ", nil, "password") + assert PasswordHash.upgrade?("$argon2id$v=19$m=65536,t=2,p=1$b2E7zSvjT6TC5DXrqvfxwg$P4hly807ckgYc+kfvaf3rqmJcmKStzw+kV14oMaz8PQ", nil) + end + + def test_argon2_t3_m16_p4 + assert PasswordHash.check("$argon2id$v=19$m=65536,t=3,p=4$uxzL4aYTEDTRr2+KNA1qNQ$yuNOtH+IsCwWUbE4OGu+hIC0e4iyZ2wGhaCsQY1mJpI", nil, "password") + assert_not PasswordHash.check("$argon2id$v=19$m=65536,t=3,p=4$uxzL4aYTEDTRr2+KNA1qNQ$yuNOtH+IsCwWUbE4OGu+hIC0e4iyZ2wGhaCsQY1mJpI", nil, "wrong") + assert_not PasswordHash.check("$argon2id$v=19$m=65536,t=3,p=4$uxzL4aYwrongr2+KNA1qNQ$yuNOtH+IsCwWUbE4OGu+hIC0e4iyZ2wGhaCsQY1mJpI", nil, "password") + assert_not PasswordHash.upgrade?("$argon2id$v=19$m=65536,t=3,p=4$uxzL4aYTEDTRr2+KNA1qNQ$yuNOtH+IsCwWUbE4OGu+hIC0e4iyZ2wGhaCsQY1mJpI", nil) end def test_default hash1, salt1 = PasswordHash.create("password") hash2, salt2 = PasswordHash.create("password") assert_not_equal hash1, hash2 - assert_not_equal salt1, salt2 + assert_nil salt1 + assert_nil salt2 assert PasswordHash.check(hash1, salt1, "password") assert_not PasswordHash.check(hash1, salt1, "wrong") assert PasswordHash.check(hash2, salt2, "password") @@ -40,4 +55,12 @@ class PasswordHashTest < ActiveSupport::TestCase assert_not PasswordHash.upgrade?(hash1, salt1) assert_not PasswordHash.upgrade?(hash2, salt2) end + + def test_format + hash, _salt = PasswordHash.create("password") + format = Argon2::HashFormat.new(hash) + + assert_equal "argon2id", format.variant + assert_operator format.version, :<=, 19 + end end