1 # GNU MediaGoblin -- federated, autonomous media hosting
2 # Copyright (C) 2011 Free Software Foundation, Inc
4 # This program is free software: you can redistribute it and/or modify
5 # it under the terms of the GNU Affero General Public License as published by
6 # the Free Software Foundation, either version 3 of the License, or
7 # (at your option) any later version.
9 # This program is distributed in the hope that it will be useful,
10 # but WITHOUT ANY WARRANTY; without even the implied warranty of
11 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
12 # GNU Affero General Public License for more details.
14 # You should have received a copy of the GNU Affero General Public License
15 # along with this program. If not, see <http://www.gnu.org/licenses/>.
18 from mediagoblin
.auth
import lib
as auth_lib
21 ########################
22 # Test bcrypt auth funcs
23 ########################
25 def test_bcrypt_check_password():
26 # Check known 'lollerskates' password against check function
27 assert auth_lib
.bcrypt_check_password(
29 '$2a$12$PXU03zfrVCujBhVeICTwtOaHTUs5FFwsscvSSTJkqx/2RQ0Lhy/nO')
31 assert not auth_lib
.bcrypt_check_password(
33 '$2a$12$PXU03zfrVCujBhVeICTwtOaHTUs5FFwsscvSSTJkqx/2RQ0Lhy/nO')
36 # Same thing, but with extra fake salt.
37 assert not auth_lib
.bcrypt_check_password(
39 '$2a$12$ELVlnw3z1FMu6CEGs/L8XO8vl0BuWSlUHgh0rUrry9DUXGMUNWwl6',
43 def test_bcrypt_gen_password_hash():
44 pw
= 'youwillneverguessthis'
46 # Normal password hash generation, and check on that hash
47 hashed_pw
= auth_lib
.bcrypt_gen_password_hash(pw
)
48 assert auth_lib
.bcrypt_check_password(
50 assert not auth_lib
.bcrypt_check_password(
51 'notthepassword', hashed_pw
)
54 # Same thing, extra salt.
55 hashed_pw
= auth_lib
.bcrypt_gen_password_hash(pw
, '3><7R45417')
56 assert auth_lib
.bcrypt_check_password(
57 pw
, hashed_pw
, '3><7R45417')
58 assert not auth_lib
.bcrypt_check_password(
59 'notthepassword', hashed_pw
, '3><7R45417')