1 # GNU MediaGoblin -- federated, autonomous media hosting
2 # Copyright (C) 2011, 2012 MediaGoblin contributors. See AUTHORS.
4 # This program is free software: you can redistribute it and/or modify
5 # it under the terms of the GNU Affero General Public License as published by
6 # the Free Software Foundation, either version 3 of the License, or
7 # (at your option) any later version.
9 # This program is distributed in the hope that it will be useful,
10 # but WITHOUT ANY WARRANTY; without even the implied warranty of
11 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
12 # GNU Affero General Public License for more details.
14 # You should have received a copy of the GNU Affero General Public License
15 # along with this program. If not, see <http://www.gnu.org/licenses/>.
16 from mediagoblin
.plugins
.basic_auth
import tools
as auth_tools
17 from mediagoblin
.tools
.testing
import _activate_testing
22 ########################
23 # Test bcrypt auth funcs
24 ########################
27 def test_bcrypt_check_password():
28 # Check known 'lollerskates' password against check function
29 assert auth_tools
.bcrypt_check_password(
31 '$2a$12$PXU03zfrVCujBhVeICTwtOaHTUs5FFwsscvSSTJkqx/2RQ0Lhy/nO')
33 assert not auth_tools
.bcrypt_check_password(
35 '$2a$12$PXU03zfrVCujBhVeICTwtOaHTUs5FFwsscvSSTJkqx/2RQ0Lhy/nO')
37 # Same thing, but with extra fake salt.
38 assert not auth_tools
.bcrypt_check_password(
40 '$2a$12$ELVlnw3z1FMu6CEGs/L8XO8vl0BuWSlUHgh0rUrry9DUXGMUNWwl6',
44 def test_bcrypt_gen_password_hash():
45 pw
= 'youwillneverguessthis'
47 # Normal password hash generation, and check on that hash
48 hashed_pw
= auth_tools
.bcrypt_gen_password_hash(pw
)
49 assert auth_tools
.bcrypt_check_password(
51 assert not auth_tools
.bcrypt_check_password(
52 'notthepassword', hashed_pw
)
54 # Same thing, extra salt.
55 hashed_pw
= auth_tools
.bcrypt_gen_password_hash(pw
, '3><7R45417')
56 assert auth_tools
.bcrypt_check_password(
57 pw
, hashed_pw
, '3><7R45417')
58 assert not auth_tools
.bcrypt_check_password(
59 'notthepassword', hashed_pw
, '3><7R45417')