113 lines
2.4 KiB
Go
113 lines
2.4 KiB
Go
package passwd_test
|
|
|
|
import (
|
|
"bytes"
|
|
"crypto/subtle"
|
|
"fmt"
|
|
"testing"
|
|
|
|
"github.com/matryer/is"
|
|
"github.com/sour-is/go-passwd"
|
|
"github.com/sour-is/go-passwd/pkg/argon2"
|
|
"github.com/sour-is/go-passwd/pkg/unix"
|
|
)
|
|
|
|
type plainPasswd struct{}
|
|
|
|
func (p *plainPasswd) Passwd(pass, check []byte) ([]byte, error) {
|
|
if check == nil {
|
|
var b bytes.Buffer
|
|
b.WriteString("$plain$")
|
|
b.Write(pass)
|
|
return b.Bytes(), nil
|
|
}
|
|
|
|
if subtle.ConstantTimeCompare([]byte(pass), []byte(bytes.TrimPrefix(check, []byte("$plain$")))) == 1 {
|
|
return check, nil
|
|
}
|
|
|
|
return check, passwd.ErrNoMatch
|
|
}
|
|
|
|
func (p *plainPasswd) ApplyPasswd(passwd *passwd.Passwd) {
|
|
passwd.Register("plain", p)
|
|
passwd.SetFallthrough(p)
|
|
}
|
|
|
|
// Example of upgrading password hash to a greater complexity.
|
|
//
|
|
// Note: This example uses very unsecure hash functions to allow for predictable output. Use of argon2.Argon2id or scrypt.Scrypt2 for greater hash security is recommended.
|
|
func Example() {
|
|
pass := []byte("my_pass")
|
|
hash := []byte("$1$81ed91e1131a3a5a50d8a68e8ef85fa0")
|
|
|
|
pwd := passwd.New(
|
|
argon2.Argon2id, // first is preferred type.
|
|
&unix.MD5{},
|
|
)
|
|
|
|
_, err := pwd.Passwd(pass, hash)
|
|
if err != nil {
|
|
fmt.Println("fail: ", err)
|
|
return
|
|
}
|
|
|
|
// Check if we want to update.
|
|
if !pwd.IsPreferred(hash) {
|
|
newHash, err := pwd.Passwd(pass, nil)
|
|
if err != nil {
|
|
fmt.Println("fail: ", err)
|
|
return
|
|
}
|
|
|
|
fmt.Println("new hash:", string(newHash)[:31], "...")
|
|
}
|
|
|
|
// Output:
|
|
// new hash: $argon2id$v=19,m=65536,t=1,p=4$ ...
|
|
}
|
|
|
|
func TestPasswdHash(t *testing.T) {
|
|
type testCase struct {
|
|
pass, hash []byte
|
|
}
|
|
|
|
tests := []testCase{
|
|
{[]byte("passwd"), []byte("passwd")},
|
|
{[]byte("passwd"), []byte("$plain$passwd")},
|
|
}
|
|
algos := []passwd.Passwder{&plainPasswd{}}
|
|
|
|
is := is.New(t)
|
|
// Generate additional test cases for each algo.
|
|
for _, algo := range algos {
|
|
hash, err := algo.Passwd([]byte("passwd"), nil)
|
|
is.NoErr(err)
|
|
tests = append(tests, testCase{[]byte("passwd"), hash})
|
|
}
|
|
|
|
pass := passwd.New(algos...)
|
|
|
|
for i, tt := range tests {
|
|
t.Run(fmt.Sprint("Test-", i), func(t *testing.T) {
|
|
is := is.New(t)
|
|
|
|
hash, err := pass.Passwd(tt.pass, tt.hash)
|
|
is.Equal(hash, tt.hash)
|
|
is.NoErr(err)
|
|
})
|
|
}
|
|
}
|
|
|
|
func TestPasswdIsPreferred(t *testing.T) {
|
|
is := is.New(t)
|
|
|
|
pass := passwd.New(&plainPasswd{})
|
|
|
|
ok := pass.IsPreferred([]byte("$plain$passwd"))
|
|
is.True(ok)
|
|
|
|
ok = pass.IsPreferred([]byte("$foo$passwd"))
|
|
is.True(!ok)
|
|
}
|