Migrate to bcrypt (#8446)

* start migrating to bcrypt * added method to convert the password to bcrypt when logging in, added method to compare password without knowing the hashing algorhytm, remove default * travis: try to upgrade to container based infrastructure * travis: add deps to build bcrypt.js * travis: add deps to build bcrypt.js * travis: add deps to build bcrypt.js * travis: add deps to build bcrypt.js * use bcryptjs until bcrypt can be installed on travis, see https://github.com/kelektiv/node.bcrypt.js/issues/476 * correct sha1 unit tests * try different mongodb repo * try without mognodb services * try again with bcrypt * disable request logging in travis * migrate missing routes * simplify code * remove bcryptjs * fix typo * fix typo * fix typo in comment * add unit tests for new passwords utility emthods * travis: back to old infrastructure, containers often have timeouts * add integration test for passwordHashMethod * update shrinkwrap * clarify code and add comments * add integration tests * fix linting * fix integration tests
2025-12-18 07:07:35 +01:00 · 2017-01-24 12:28:42 +01:00
parent 04f4eb8490
commit acad3b8873
16 changed files with 1439 additions and 722 deletions
--- a/test/api/v3/integration/user/DELETE-user.test.js
+++ b/test/api/v3/integration/user/DELETE-user.test.js
@@ -11,6 +11,10 @@ import {
  map,
 } from 'lodash';
 import Bluebird from 'bluebird';
+import {
+  sha1MakeSalt,
+  sha1Encrypt as sha1EncryptPassword,
+} from '../../../../../website/server/libs/password';

 describe('DELETE /user', () => {
  let user;
@@ -67,6 +71,30 @@ describe('DELETE /user', () => {
    await expect(checkExistence('users', user._id)).to.eventually.eql(false);
  });

+  it('deletes the user with a legacy sha1 password', async () => {
+    let textPassword = 'mySecretPassword';
+    let salt = sha1MakeSalt();
+    let sha1HashedPassword = sha1EncryptPassword(textPassword, salt);
+
+    await user.update({
+      'auth.local.hashed_password': sha1HashedPassword,
+      'auth.local.passwordHashMethod': 'sha1',
+      'auth.local.salt': salt,
+    });
+
+    await user.sync();
+
+    expect(user.auth.local.passwordHashMethod).to.equal('sha1');
+    expect(user.auth.local.salt).to.equal(salt);
+    expect(user.auth.local.hashed_password).to.equal(sha1HashedPassword);
+
+    // delete the user
+    await user.del('/user', {
+      password: textPassword,
+    });
+    await expect(checkExistence('users', user._id)).to.eventually.eql(false);
+  });
+
  context('last member of a party', () => {
    let party;