mirror of
https://github.com/HabitRPG/habitica.git
synced 2025-12-17 06:37:23 +01:00
acad3b8873
* start migrating to bcrypt * added method to convert the password to bcrypt when logging in, added method to compare password without knowing the hashing algorhytm, remove default * travis: try to upgrade to container based infrastructure * travis: add deps to build bcrypt.js * travis: add deps to build bcrypt.js * travis: add deps to build bcrypt.js * travis: add deps to build bcrypt.js * use bcryptjs until bcrypt can be installed on travis, see https://github.com/kelektiv/node.bcrypt.js/issues/476 * correct sha1 unit tests * try different mongodb repo * try without mognodb services * try again with bcrypt * disable request logging in travis * migrate missing routes * simplify code * remove bcryptjs * fix typo * fix typo * fix typo in comment * add unit tests for new passwords utility emthods * travis: back to old infrastructure, containers often have timeouts * add integration test for passwordHashMethod * update shrinkwrap * clarify code and add comments * add integration tests * fix linting * fix integration tests
241 lines
7.2 KiB
JavaScript
241 lines
7.2 KiB
JavaScript
/* eslint-disable camelcase */
|
|
|
|
import {
|
|
sha1Encrypt as sha1EncryptPassword,
|
|
sha1MakeSalt,
|
|
bcryptHash,
|
|
bcryptCompare,
|
|
compare,
|
|
convertToBcrypt,
|
|
} from '../../../../../website/server/libs/password';
|
|
|
|
describe('Password Utilities', () => {
|
|
describe('compare', () => {
|
|
it('can compare a correct password hashed with SHA1', async () => {
|
|
let textPassword = 'mySecretPassword';
|
|
let salt = sha1MakeSalt();
|
|
let hashedPassword = sha1EncryptPassword(textPassword, salt);
|
|
|
|
let user = {
|
|
auth: {
|
|
local: {
|
|
hashed_password: hashedPassword,
|
|
salt,
|
|
passwordHashMethod: 'sha1',
|
|
},
|
|
},
|
|
};
|
|
|
|
let isValidPassword = await compare(user, textPassword);
|
|
expect(isValidPassword).to.eql(true);
|
|
});
|
|
|
|
it('can compare an invalid password hashed with SHA1', async () => {
|
|
let textPassword = 'mySecretPassword';
|
|
let salt = sha1MakeSalt();
|
|
let hashedPassword = sha1EncryptPassword(textPassword, salt);
|
|
|
|
let user = {
|
|
auth: {
|
|
local: {
|
|
hashed_password: hashedPassword,
|
|
salt,
|
|
passwordHashMethod: 'sha1',
|
|
},
|
|
},
|
|
};
|
|
|
|
let isValidPassword = await compare(user, 'wrongPassword');
|
|
expect(isValidPassword).to.eql(false);
|
|
});
|
|
|
|
it('can compare a correct password hashed with bcrypt', async () => {
|
|
let textPassword = 'mySecretPassword';
|
|
let hashedPassword = await bcryptHash(textPassword);
|
|
|
|
let user = {
|
|
auth: {
|
|
local: {
|
|
hashed_password: hashedPassword,
|
|
passwordHashMethod: 'bcrypt',
|
|
},
|
|
},
|
|
};
|
|
|
|
let isValidPassword = await compare(user, textPassword);
|
|
expect(isValidPassword).to.eql(true);
|
|
});
|
|
|
|
it('can compare an invalid password hashed with bcrypt', async () => {
|
|
let textPassword = 'mySecretPassword';
|
|
let hashedPassword = await bcryptHash(textPassword);
|
|
|
|
let user = {
|
|
auth: {
|
|
local: {
|
|
hashed_password: hashedPassword,
|
|
passwordHashMethod: 'bcrypt',
|
|
},
|
|
},
|
|
};
|
|
|
|
let isValidPassword = await compare(user, 'wrongPassword');
|
|
expect(isValidPassword).to.eql(false);
|
|
});
|
|
|
|
it('throws an error if user is missing', async () => {
|
|
try {
|
|
await compare(null, 'some password');
|
|
} catch (e) {
|
|
expect(e.toString()).to.equal('Error: user and passwordToCheck are required parameters.');
|
|
}
|
|
});
|
|
|
|
it('throws an error if passwordToCheck is missing', async () => {
|
|
try {
|
|
await compare({a: true});
|
|
} catch (e) {
|
|
expect(e.toString()).to.equal('Error: user and passwordToCheck are required parameters.');
|
|
}
|
|
});
|
|
|
|
it('throws an error if an invalid hashing method is used', async () => {
|
|
try {
|
|
await compare({
|
|
auth: {
|
|
local: {
|
|
passwordHashMethod: 'invalid',
|
|
},
|
|
},
|
|
}, 'pass');
|
|
} catch (e) {
|
|
expect(e.toString()).to.equal('Error: Invalid password hash method.');
|
|
}
|
|
});
|
|
|
|
it('returns true if comparing the same password', async () => {
|
|
let textPassword = 'mySecretPassword';
|
|
let hashedPassword = await bcryptHash(textPassword);
|
|
|
|
let isValidPassword = await bcryptCompare(textPassword, hashedPassword);
|
|
expect(isValidPassword).to.eql(true);
|
|
});
|
|
|
|
it('returns true if comparing a different password', async () => {
|
|
let textPassword = 'mySecretPassword';
|
|
let hashedPassword = await bcryptHash(textPassword);
|
|
|
|
let isValidPassword = await bcryptCompare('anotherPassword', hashedPassword);
|
|
expect(isValidPassword).to.eql(false);
|
|
});
|
|
});
|
|
|
|
describe('convertToBcrypt', () => {
|
|
it('converts an user password hashed with sha1 to bcrypt', async () => {
|
|
let textPassword = 'mySecretPassword';
|
|
let salt = sha1MakeSalt();
|
|
let hashedPassword = sha1EncryptPassword(textPassword, salt);
|
|
|
|
let user = {
|
|
auth: {
|
|
local: {
|
|
hashed_password: hashedPassword,
|
|
salt,
|
|
passwordHashMethod: 'sha1',
|
|
},
|
|
},
|
|
};
|
|
|
|
await convertToBcrypt(user, textPassword);
|
|
expect(user.auth.local.salt).to.be.undefined;
|
|
expect(user.auth.local.passwordHashMethod).to.equal('bcrypt');
|
|
expect(user.auth.local.hashed_password).to.be.a.string;
|
|
|
|
let isValidPassword = await compare(user, textPassword);
|
|
expect(isValidPassword).to.eql(true);
|
|
});
|
|
|
|
it('throws an error if user is missing', async () => {
|
|
try {
|
|
await convertToBcrypt(null, 'string');
|
|
} catch (e) {
|
|
expect(e.toString()).to.equal('Error: user and plainTextPassword are required parameters.');
|
|
}
|
|
});
|
|
|
|
it('throws an error if plainTextPassword is missing', async () => {
|
|
try {
|
|
await convertToBcrypt({a: true});
|
|
} catch (e) {
|
|
expect(e.toString()).to.equal('Error: user and plainTextPassword are required parameters.');
|
|
}
|
|
});
|
|
});
|
|
|
|
describe('bcrypt', () => {
|
|
describe('Hash', () => {
|
|
it('returns a hashed string', async () => {
|
|
let textPassword = 'mySecretPassword';
|
|
let hashedPassword = await bcryptHash(textPassword);
|
|
|
|
expect(hashedPassword).to.be.a.string;
|
|
});
|
|
});
|
|
|
|
describe('Compare', () => {
|
|
it('returns true if comparing the same password', async () => {
|
|
let textPassword = 'mySecretPassword';
|
|
let hashedPassword = await bcryptHash(textPassword);
|
|
|
|
let isValidPassword = await bcryptCompare(textPassword, hashedPassword);
|
|
expect(isValidPassword).to.eql(true);
|
|
});
|
|
|
|
it('returns true if comparing a different password', async () => {
|
|
let textPassword = 'mySecretPassword';
|
|
let hashedPassword = await bcryptHash(textPassword);
|
|
|
|
let isValidPassword = await bcryptCompare('anotherPassword', hashedPassword);
|
|
expect(isValidPassword).to.eql(false);
|
|
});
|
|
});
|
|
});
|
|
|
|
describe('SHA1', () => {
|
|
describe('Encrypt', () => {
|
|
it('always encrypt the same password to the same value when using the same salt', () => {
|
|
let textPassword = 'mySecretPassword';
|
|
let salt = sha1MakeSalt();
|
|
let encryptedPassword = sha1EncryptPassword(textPassword, salt);
|
|
|
|
expect(sha1EncryptPassword(textPassword, salt)).to.eql(encryptedPassword);
|
|
});
|
|
|
|
it('never encrypt the same password to the same value when using a different salt', () => {
|
|
let textPassword = 'mySecretPassword';
|
|
let aSalt = sha1MakeSalt();
|
|
let anotherSalt = sha1MakeSalt();
|
|
let anEncryptedPassword = sha1EncryptPassword(textPassword, aSalt);
|
|
let anotherEncryptedPassword = sha1EncryptPassword(textPassword, anotherSalt);
|
|
|
|
expect(anEncryptedPassword).not.to.eql(anotherEncryptedPassword);
|
|
});
|
|
});
|
|
|
|
describe('Make Salt', () => {
|
|
it('creates a salt with length 10 by default', () => {
|
|
let salt = sha1MakeSalt();
|
|
|
|
expect(salt.length).to.eql(10);
|
|
});
|
|
|
|
it('can create a salt of any length', () => {
|
|
let length = 24;
|
|
let salt = sha1MakeSalt(length);
|
|
|
|
expect(salt.length).to.eql(length);
|
|
});
|
|
});
|
|
});
|
|
});
|