-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathtest.js
95 lines (76 loc) · 3.7 KB
/
test.js
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
const test = require('tape')
const {securePassword, defaults} = require('./index.js')
const messages = {
[securePassword.VALID]: 'valid',
[securePassword.INVALID]: 'invalid',
[securePassword.VALID_NEEDS_REHASH]: 'valid needs rehash',
[securePassword.INVALID_UNRECOGNIZED_HASH]: 'invalid unrecognized hash'
}
function verifyStatus (assert, name, expected, actual) {
if (expected === actual) return assert.ok(true, `'${name}' is ${messages[expected]}`)
assert.ok(false, `'${name}' expected to be ${messages[expected]}, but was ${messages[actual]}`)
}
test('Can hash password', async function (assert) {
const pwd = securePassword()
const userPassword = Buffer.from('my secrets')
const passwordHash = await pwd.hash(userPassword)
assert.notOk(userPassword.equals(passwordHash))
assert.end()
})
test('Can hash password simultaneous', async function (assert) {
assert.plan(2)
const pwd = securePassword()
const userPassword = Buffer.from('my secrets')
const [hash1, hash2] = await Promise.all([pwd.hash(userPassword), pwd.hash(userPassword)])
assert.notOk(userPassword.equals(hash1))
assert.notOk(userPassword.equals(hash2))
})
test('Can verify password', async function (assert) {
const pwd = securePassword()
const userPassword = Buffer.from('my secret')
const passwordHash = await pwd.hash(userPassword)
const bool = await pwd.verify(userPassword, passwordHash)
assert.ok(bool === securePassword.VALID)
assert.end()
})
test('Needs rehash async', async function (assert) {
assert.plan(7)
const weakPwd = securePassword({
memoryCost: defaults.memoryCost,
timeCost: defaults.timeCost
})
const betterPwd = securePassword({
memoryCost: defaults.memoryCost + 1024,
timeCost: defaults.timeCost + 1
})
const userPassword = Buffer.from('my secret')
const wrongPassword = Buffer.from('my secret 2')
const pass = Buffer.from('hello world')
const empty = Buffer.from('')
const argon2ipass = Buffer.from('$argon2i$v=19$m=32768,t=4,p=1$bpvGgU64uCxxNQvif+wfwA$wqyV/Q/Z/Th8U5IZxAA7DVb2U1kKHm5TxK9a6AYd9IU')
const argon2ipassempty = Buffer.from('$argon2i$v=19$m=32768,t=4,p=1$7wYWA/n0GB4ikypIcyQXzQ$Bn7zNskqm7icpTcc4izX/qkIb5FABvU4l61EBi5miaY')
const weakHash = await weakPwd.hash(userPassword)
const weakValid = await weakPwd.verify(userPassword, weakHash)
verifyStatus(assert, 'weak valid', securePassword.VALID, weakValid)
const weakInvalid = await weakPwd.verify(wrongPassword, weakHash)
verifyStatus(assert, 'weak invalid', securePassword.INVALID, weakInvalid)
const rehashValid = await betterPwd.verify(userPassword, weakHash)
verifyStatus(assert, 'weak right', securePassword.VALID_NEEDS_REHASH, rehashValid)
const rehashValidAlgo = await weakPwd.verify(pass, argon2ipass)
verifyStatus(assert, 'weak argon2idpass right', securePassword.VALID_NEEDS_REHASH, rehashValidAlgo)
const weakNotRight = await weakPwd.verify(empty, argon2ipassempty)
verifyStatus(assert, 'weak argon2ipassempty right', securePassword.VALID_NEEDS_REHASH, weakNotRight)
const betterHash = await betterPwd.hash(userPassword)
const betterValid = await betterPwd.verify(userPassword, betterHash)
verifyStatus(assert, 'better valid', securePassword.VALID, betterValid)
const betterInvalid = await betterPwd.verify(wrongPassword, betterHash)
verifyStatus(assert, 'better invalid', securePassword.INVALID, betterInvalid)
})
test('Can handle invalid hash sync', async function (assert) {
const pwd = securePassword()
const userPassword = Buffer.from('my secret')
const invalidHash = Buffer.allocUnsafe(128)
const unrecognizedHash = await pwd.verify(userPassword, invalidHash)
verifyStatus(assert, 'unrecognized hash', securePassword.INVALID_UNRECOGNIZED_HASH, unrecognizedHash)
assert.end()
})