-
Notifications
You must be signed in to change notification settings - Fork 1
/
passwd_test.go
112 lines (89 loc) · 2.34 KB
/
passwd_test.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
package passwd_test
import (
"bytes"
"crypto/subtle"
"fmt"
"testing"
"github.com/matryer/is"
"go.sour.is/passwd"
"go.sour.is/passwd/pkg/argon2"
"go.sour.is/passwd/pkg/unix"
)
type plainPasswd struct{}
func (p *plainPasswd) Passwd(pass, check []byte) ([]byte, error) {
if check == nil {
var b bytes.Buffer
b.WriteString("$plain$")
b.Write(pass)
return b.Bytes(), nil
}
if subtle.ConstantTimeCompare([]byte(pass), []byte(bytes.TrimPrefix(check, []byte("$plain$")))) == 1 {
return check, nil
}
return check, passwd.ErrNoMatch
}
func (p *plainPasswd) ApplyPasswd(passwd *passwd.Passwd) {
passwd.Register("plain", p)
passwd.SetFallthrough(p)
}
// Example of upgrading password hash to a greater complexity.
//
// Note: This example uses very unsecure hash functions to allow for predictable output. Use of argon2.Argon2id or scrypt.Scrypt2 for greater hash security is recommended.
func Example() {
pass := []byte("my_pass")
hash := []byte("$1$81ed91e1131a3a5a50d8a68e8ef85fa0")
pwd := passwd.New(
argon2.Argon2id, // first is preferred type.
&unix.MD5{},
)
_, err := pwd.Passwd(pass, hash)
if err != nil {
fmt.Println("fail: ", err)
return
}
// Check if we want to update.
if !pwd.IsPreferred(hash) {
newHash, err := pwd.Passwd(pass, nil)
if err != nil {
fmt.Println("fail: ", err)
return
}
fmt.Println("new hash:", string(newHash)[:31], "...")
}
// Output:
// new hash: $argon2id$v=19,m=65536,t=1,p=4$ ...
}
func TestPasswdHash(t *testing.T) {
type testCase struct {
pass, hash []byte
}
tests := []testCase{
{[]byte("passwd"), []byte("passwd")},
{[]byte("passwd"), []byte("$plain$passwd")},
}
algos := []passwd.Passwder{&plainPasswd{}}
is := is.New(t)
// Generate additional test cases for each algo.
for _, algo := range algos {
hash, err := algo.Passwd([]byte("passwd"), nil)
is.NoErr(err)
tests = append(tests, testCase{[]byte("passwd"), hash})
}
pass := passwd.New(algos...)
for i, tt := range tests {
t.Run(fmt.Sprint("Test-", i), func(t *testing.T) {
is := is.New(t)
hash, err := pass.Passwd(tt.pass, tt.hash)
is.Equal(hash, tt.hash)
is.NoErr(err)
})
}
}
func TestPasswdIsPreferred(t *testing.T) {
is := is.New(t)
pass := passwd.New(&plainPasswd{})
ok := pass.IsPreferred([]byte("$plain$passwd"))
is.True(ok)
ok = pass.IsPreferred([]byte("$foo$passwd"))
is.True(!ok)
}