arcanis/ahriman
1
0
Fork 0
mirror of https://github.com/arcan1s/ahriman.git synced 2025-07-16 07:19:57 +00:00
Code Issues Projects Releases Wiki Activity

feat: notify users about outdated password hashes used

Browse Source
This commit is contained in:
Evgenii Alekseev
2024-11-11 18:21:00 +02:00
parent 20e7ba3b1d
commit 8d53a59a6a
5 changed files with 65 additions and 12 deletions
Download Patch File Download Diff File Expand all files Collapse all files

12
tests/ahriman/core/auth/test_mapping.py
View File

@ -31,27 +31,27 @@ async def test_check_credentials_unknown(mapping: Mapping, user: User) -> None:
assert not await mapping.check_credentials(user.username, user.password)
def test_get_user(mapping: Mapping, user: User, mocker: MockerFixture) -> None:
async def test_get_user(mapping: Mapping, user: User, mocker: MockerFixture) -> None:
"""
must return user from storage by username
"""
mocker.patch("ahriman.core.database.SQLite.user_get", return_value=user)
assert mapping.get_user(user.username) == user
assert await mapping.get_user(user.username) == user
def test_get_user_normalized(mapping: Mapping, user: User, mocker: MockerFixture) -> None:
async def test_get_user_normalized(mapping: Mapping, user: User, mocker: MockerFixture) -> None:
"""
must return user from storage by username case-insensitive
"""
mocker.patch("ahriman.core.database.SQLite.user_get", return_value=user)
assert mapping.get_user(user.username.upper()) == user
assert await mapping.get_user(user.username.upper()) == user
def test_get_user_unknown(mapping: Mapping, user: User) -> None:
async def test_get_user_unknown(mapping: Mapping, user: User) -> None:
"""
must return None in case if no user found
"""
assert mapping.get_user(user.username) is None
assert await mapping.get_user(user.username) is None
async def test_known_username(mapping: Mapping, user: User, mocker: MockerFixture) -> None:

34
tests/ahriman/models/test_user.py
View File

@ -1,9 +1,29 @@
import pytest
from dataclasses import replace
from ahriman.models.user import User
from ahriman.models.user_access import UserAccess
def test_algo() -> None:
"""
must correctly define algorithm used
"""
assert User(username="user", password=None, access=UserAccess.Read).algo is None
assert User(username="user", password="", access=UserAccess.Read).algo is None
assert User(
username="user",
password="$6$rounds=656000$mWBiecMPrHAL1VgX$oU4Y5HH8HzlvMaxwkNEJjK13ozElyU1wAHBoO/WW5dAaE4YEfnB0X3FxbynKMl4FBdC3Ovap0jINz4LPkNADg0",
access=UserAccess.Read,
).algo == "$6$"
assert User(
username="user",
password="$2b$12$VCWKazvYxH7B0eAalDGAbu/3y1dSWs79sv/2ujjX1TMaFdVUy80hy",
access=UserAccess.Read,
).algo == "$2b$"
def test_check_credentials_hash_password(user: User) -> None:
"""
must generate and validate user password
@ -20,11 +40,23 @@ def test_check_credentials_empty_hash(user: User) -> None:
must reject any authorization if the hash is invalid
"""
current_password = user.password
assert not user.check_credentials(current_password, "salt")
user = replace(user, password="")
assert not user.check_credentials(current_password, "salt")
def test_check_credentials_sha512() -> None:
"""
must raise DeprecationWarning for sha512 hashed passwords
"""
user = User(
username="user",
password="$6$rounds=656000$mWBiecMPrHAL1VgX$oU4Y5HH8HzlvMaxwkNEJjK13ozElyU1wAHBoO/WW5dAaE4YEfnB0X3FxbynKMl4FBdC3Ovap0jINz4LPkNADg0",
access=UserAccess.Read,
)
with pytest.raises(ValueError):
assert user.check_credentials("password", "salt")
def test_hash_password_empty_hash(user: User) -> None:
"""
must return empty string after hash in case if password not set