test: [#56] new test for password verification

The application now supports two hashing methods: - "pbkdf2-sha256": the old one. Only for imported users from DB version v1.0.0. - "argon2": the new one for registered users.
torrust · Nov 30, 2022 · 38fee53 · 38fee53
1 parent b9a8bf9
commit 38fee53
Showing 1 changed file with 36 additions and 0 deletions.
diff --git a/src/routes/user.rs b/src/routes/user.rs
@@ -279,3 +279,39 @@ pub async fn ban_user(req: HttpRequest, app_data: WebAppData) -> ServiceResult<i
         data: format!("Banned user: {}", to_be_banned_username),
     }))
 }
+
+#[cfg(test)]
+mod tests {
+    use crate::models::user::UserAuthentication;
+
+    use super::verify_password;
+
+    #[test]
+    fn password_hashed_with_pbkdf2_sha256_should_be_verified() {
+        let password = "12345678".as_bytes();
+        let password_hash = "$pbkdf2-sha256$i=10000,l=32$pZIh8nilm+cg6fk5Ubf2zQ$AngLuZ+sGUragqm4bIae/W+ior0TWxYFFaTx8CulqtY".to_string();
+        let user_authentication = UserAuthentication {
+            user_id: 1i64,
+            password_hash
+        };
+
+        assert!(verify_password(password, &user_authentication).is_ok());
+        assert!(verify_password("incorrect password".as_bytes(), &user_authentication).is_err());
+    }
+
+    #[test]
+    fn password_hashed_with_argon2_should_be_verified() {
+        let password = "87654321".as_bytes();
+        let password_hash = "$argon2id$v=19$m=4096,t=3,p=1$ycK5lJ4xmFBnaJ51M1j1eA$kU3UlNiSc3JDbl48TCj7JBDKmrT92DOUAgo4Yq0+nMw".to_string();
+        let user_authentication = UserAuthentication {
+            user_id: 1i64,
+            password_hash
+        };
+
+        assert!(verify_password(password, &user_authentication).is_ok());
+        assert!(verify_password("incorrect password".as_bytes(), &user_authentication).is_err());
+    }
+}
+
+
+