luckyimnotanigger/forgejo
1
0
Fork 0
mirror of https://codeberg.org/forgejo/forgejo.git synced 2025-05-14 05:52:43 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 10

Add additional password hash algorithms (closes #5859) (#6023)

Browse source
This commit is contained in:
EpicCoder 2019-07-07 08:01:01 +02:00 committed by techknowlogick
parent 1b85b248e4
commit 8d9d6aa903
23 changed files with 2895 additions and 20 deletions
Download patch file Download diff file Expand all files Collapse all files

32
models/user_test.go
View file

@ -147,21 +147,29 @@ func TestHashPasswordDeterministic(t *testing.T) {
b := make([]byte, 16)
rand.Read(b)
u := &User{Salt: string(b)}
for i := 0; i < 50; i++ {
// generate a random password
rand.Read(b)
pass := string(b)
algos := []string{"pbkdf2", "argon2", "scrypt", "bcrypt"}
for j := 0; j < len(algos); j++ {
u.PasswdHashAlgo = algos[j]
for i := 0; i < 50; i++ {
// generate a random password
rand.Read(b)
pass := string(b)
// save the current password in the user - hash it and store the result
u.HashPassword(pass)
r1 := u.Passwd
// save the current password in the user - hash it and store the result
u.HashPassword(pass)
r1 := u.Passwd
// run again
u.HashPassword(pass)
r2 := u.Passwd
// run again
u.HashPassword(pass)
r2 := u.Passwd
// assert equal (given the same salt+pass, the same result is produced)
assert.Equal(t, r1, r2)
// assert equal (given the same salt+pass, the same result is produced) except bcrypt
if u.PasswdHashAlgo == "bcrypt" {
assert.NotEqual(t, r1, r2)
} else {
assert.Equal(t, r1, r2)
}
}
}
}