lixen/auth
SHA256
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

v0.2.0 restructured and generalized to be more modular, added golang-jwt dependency

Browse Source
This commit is contained in:
Lixen Wraith
2025-11-03 15:11:40 -05:00
parent 3a662862d7
commit 3471030edd
14 changed files with 760 additions and 482 deletions
Download Patch File Download Diff File Expand all files Collapse all files

48
argon2_test.go
View File

@ -11,13 +11,10 @@ import (
)
func TestPasswordHashing(t *testing.T) {
auth, err := NewAuthenticator([]byte("test-secret-key-must-be-32-bytes"))
require.NoError(t, err, "Failed to create authenticator")
password := "testPassword123"
// Test hashing
hash, err := auth.HashPassword(password)
// Test hashing with default parameters
hash, err := HashPassword(password)
require.NoError(t, err, "Failed to hash password")
// Verify PHC format
@ -25,20 +22,30 @@ func TestPasswordHashing(t *testing.T) {
"Hash should have argon2id prefix, got: %s", hash)
// Test verification with correct password
err = auth.VerifyPassword(password, hash)
err = VerifyPassword(password, hash)
assert.NoError(t, err, "Failed to verify correct password")
// Test verification with incorrect password
err = auth.VerifyPassword("wrongPassword", hash)
err = VerifyPassword("wrongPassword", hash)
assert.Error(t, err, "Verification should fail for incorrect password")
assert.Equal(t, ErrInvalidCredentials, err)
// Test weak password
_, err = auth.HashPassword("weak")
_, err = HashPassword("weak")
assert.Equal(t, ErrWeakPassword, err, "Should reject weak password")
// Test with custom options
hash, err = HashPassword(password,
WithTime(5),
WithMemory(128*1024),
WithThreads(8))
require.NoError(t, err)
err = VerifyPassword(password, hash)
assert.NoError(t, err)
// Test malformed PHC hash
err = auth.VerifyPassword(password, "$invalid$format")
err = VerifyPassword(password, "$invalid$format")
assert.Error(t, err, "Should reject malformed hash")
// Test corrupted salt
@ -47,33 +54,27 @@ func TestPasswordHashing(t *testing.T) {
if len(parts) == 6 {
parts[4] = "invalid!base64"
corruptedHash = strings.Join(parts, "$")
err = auth.VerifyPassword(password, corruptedHash)
err = VerifyPassword(password, corruptedHash)
assert.Error(t, err, "Should reject corrupted salt")
}
}
func TestEmptyPasswordAfterValidation(t *testing.T) {
auth, err := NewAuthenticator([]byte("test-secret-key-must-be-32-bytes"))
require.NoError(t, err)
// Empty password should be rejected by length check
_, err = auth.HashPassword("")
_, err := HashPassword("")
assert.Equal(t, ErrWeakPassword, err)
// 8-character password should pass
hash, err := auth.HashPassword("12345678")
hash, err := HashPassword("12345678")
require.NoError(t, err)
err = auth.VerifyPassword("12345678", hash)
err = VerifyPassword("12345678", hash)
assert.NoError(t, err)
}
func TestConcurrentPasswordOperations(t *testing.T) {
auth, err := NewAuthenticator([]byte("test-secret-key-must-be-32-bytes"))
require.NoError(t, err)
password := "testPassword123"
hash, err := auth.HashPassword(password)
hash, err := HashPassword(password)
require.NoError(t, err)
// Test concurrent verification
@ -82,7 +83,7 @@ func TestConcurrentPasswordOperations(t *testing.T) {
wg.Add(1)
go func() {
defer wg.Done()
err := auth.VerifyPassword(password, hash)
err := VerifyPassword(password, hash)
assert.NoError(t, err)
}()
}
@ -90,14 +91,11 @@ func TestConcurrentPasswordOperations(t *testing.T) {
}
func TestPHCMigration(t *testing.T) {
auth, err := NewAuthenticator([]byte("test-secret-key-must-be-32-bytes"))
require.NoError(t, err)
password := "testPassword123"
username := "migrationUser"
// Generate PHC hash
phcHash, err := auth.HashPassword(password)
phcHash, err := HashPassword(password)
require.NoError(t, err)
// Migrate to SCRAM credential