-
Notifications
You must be signed in to change notification settings - Fork 222
/
Copy pathTest.js
114 lines (109 loc) · 4.16 KB
/
Test.js
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
"use strict";
const assert = require('assert');
const crypto = require('crypto');
const execFile = require('child_process').execFile;
const sps = require('..');
Promise.all([
(function truncatedHashTest() {
const testPassword = crypto.randomBytes(3).toString('hex');
return sps.PasswordStorage.createHash(testPassword)
.then(hash =>
sps.PasswordStorage.verifyPassword(testPassword, hash.slice(0, hash.length - 1)))
.then(accepted => assert(false, 'Should not have accepted password'))
.catch(reason => {
if (!(reason instanceof sps.InvalidHashException))
throw reason;
});
})(),
(function basicTests() {
const testPassword = crypto.randomBytes(3).toString('hex');
const anotherPassword = crypto.randomBytes(3).toString('hex');
return Promise.all([
sps.PasswordStorage.createHash(testPassword),
sps.PasswordStorage.createHash(testPassword),
]).then(hashes => {
assert.notStrictEqual(hashes[0], hashes[1], 'Two hashes are equal');
return Promise.all([
sps.PasswordStorage.verifyPassword(anotherPassword, hashes[0]),
sps.PasswordStorage.verifyPassword(testPassword, hashes[0])
]);
}).then(accepted => {
assert.strictEqual(accepted[0], false, 'Wrong password accepted');
assert.strictEqual(accepted[1], true, 'Good password not accepted');
});
})(),
(function testHashFunctionChecking() {
const testPassword = crypto.randomBytes(3).toString('hex');
return sps.PasswordStorage.createHash(testPassword)
.then(hash =>
sps.PasswordStorage.verifyPassword(testPassword, hash.replace(/^sha1/, 'md5')))
.then(accepted => assert.strictEqual(accepted, false,
'Should not have accepted password'));
})(),
(function testGoodHashInPhp() {
const testPassword = crypto.randomBytes(3).toString('hex');
return sps.PasswordStorage.createHash(testPassword)
.then(hash => phpVerify(testPassword, hash));
})(),
(function testBadHashInPhp() {
const testPassword = crypto.randomBytes(3).toString('hex');
const errorOccurred = Symbol();
return sps.PasswordStorage.createHash(testPassword)
.then(hash => phpVerify(testPassword, hash.slice(0, hash.length - 1)))
.catch(reason => {
// Swallow this error, it is expected
return errorOccurred;
})
.then(result => assert.strictEqual(result, errorOccurred,
'Should not have accepted password'));
})(),
(function testHashFromPhp() {
return phpHashMaker()
.then(pair => sps.PasswordStorage.verifyPassword(pair.password, pair.hash))
.then(accepted => assert.strictEqual(accepted, true,
'Should have accepted password'));
})(),
(function testHashFromPhpFailsWithWrongPassword() {
const testPassword = crypto.randomBytes(3).toString('hex');
return phpHashMaker()
.then(pair => sps.PasswordStorage.verifyPassword(testPassword, pair.hash))
.then(accepted => assert.strictEqual(accepted, false,
'Should not have accepted password'));
})(),
])
.then(results => {
// Test cases can be disabled by NOT immediately invoking their function
const testCount = results.filter(x=>typeof x !== 'function').length;
console.log(`✔ ${testCount} Passed`);
})
.catch(reason => {
if(reason.name === 'AssertionError')
console.error('AssertionError:',
reason.actual, reason.operator, reason.expected);
console.error(reason.stack);
process.exit(1);
});
function phpVerify(password, hash) {
return new Promise((resolve, reject) => {
execFile('php', [ 'tests/phpVerify.php', password, hash ],
(error, stdout, stderr) => {
if(error) reject(error);
else resolve(stdout);
});
});
}
function phpHashMaker(password, hash) {
return new Promise((resolve, reject) => {
execFile('php', [ 'tests/phpHashMaker.php' ],
(error, stdout, stderr) => {
if(error) reject(error);
else {
const hashPair = stdout.trim().split(' ');
if (hashPair[1].length !== parseInt(hashPair[0], 10))
reject(new Error('Unicode test is invalid'));
else
resolve({ password: hashPair[1], hash: hashPair[2] });
}
});
});
}