yv01p/Umbraco-CMS
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
24abc117fe5db9fda5dc2badea49ffcd9235971f
Umbraco-CMS/tests/Umbraco.Tests.UnitTests/Umbraco.Core/Security/LegacyPasswordSecurityTests.cs
Bjarke Berg 0f1c2f7022 Ensure no management api for v12 (#14197) 
* Remove management api

* Remove actual files
2023-05-04 13:32:41 +02:00

117 lines
4.0 KiB
C#
Raw Blame History

// Copyright (c) Umbraco.
// See LICENSE for more details.
using System.Security.Cryptography;
using System.Text;
using Moq;
using NUnit.Framework;
using Umbraco.Cms.Core;
using Umbraco.Cms.Core.Configuration;
using Umbraco.Cms.Core.Security;
namespace Umbraco.Cms.Tests.UnitTests.Umbraco.Core.Security;
[TestFixture]
public class LegacyPasswordSecurityTests
{
[Test]
public void Check_Password_Hashed_Non_KeyedHashAlgorithm()
{
var passwordConfiguration = Mock.Of<IPasswordConfiguration>(x => x.HashAlgorithmType == "SHA1");
var passwordSecurity = new LegacyPasswordSecurity();
var pass = "ThisIsAHashedPassword";
var hashed = passwordSecurity.HashNewPassword(passwordConfiguration.HashAlgorithmType, pass, out var salt);
var storedPassword =
passwordSecurity.FormatPasswordForStorage(passwordConfiguration.HashAlgorithmType, hashed, salt);
var result = passwordSecurity.VerifyPassword(passwordConfiguration.HashAlgorithmType, "ThisIsAHashedPassword", storedPassword);
Assert.IsTrue(result);
}
[Test]
public void Check_Password_Hashed_KeyedHashAlgorithm()
{
var passwordConfiguration = Mock.Of<IPasswordConfiguration>(x =>
x.HashAlgorithmType == Constants.Security.AspNetUmbraco8PasswordHashAlgorithmName);
var passwordSecurity = new LegacyPasswordSecurity();
var pass = "ThisIsAHashedPassword";
var hashed = passwordSecurity.HashNewPassword(passwordConfiguration.HashAlgorithmType, pass, out var salt);
var storedPassword =
passwordSecurity.FormatPasswordForStorage(passwordConfiguration.HashAlgorithmType, hashed, salt);
var result = passwordSecurity.VerifyPassword(
passwordConfiguration.HashAlgorithmType,
"ThisIsAHashedPassword",
storedPassword);
Assert.IsTrue(result);
}
[Test]
public void Check_Password_Legacy_v4_SHA1()
{
const string clearText = "ThisIsAHashedPassword";
var clearTextUnicodeBytes = Encoding.Unicode.GetBytes(clearText);
using var algorithm = new HMACSHA1(clearTextUnicodeBytes);
var dbPassword = Convert.ToBase64String(algorithm.ComputeHash(clearTextUnicodeBytes));
var result = new LegacyPasswordSecurity().VerifyLegacyHashedPassword(clearText, dbPassword);
Assert.IsTrue(result);
}
[Test]
public void Format_Pass_For_Storage_Hashed()
{
var passwordConfiguration = Mock.Of<IPasswordConfiguration>(x =>
x.HashAlgorithmType == Constants.Security.AspNetUmbraco8PasswordHashAlgorithmName);
var passwordSecurity = new LegacyPasswordSecurity();
var salt = LegacyPasswordSecurity.GenerateSalt();
var stored = "ThisIsAHashedPassword";
var result = passwordSecurity.FormatPasswordForStorage(passwordConfiguration.HashAlgorithmType, stored, salt);
Assert.AreEqual(salt + "ThisIsAHashedPassword", result);
}
[Test]
public void Get_Stored_Password_Hashed()
{
var passwordConfiguration = Mock.Of<IPasswordConfiguration>(x =>
x.HashAlgorithmType == Constants.Security.AspNetUmbraco8PasswordHashAlgorithmName);
var passwordSecurity = new LegacyPasswordSecurity();
var salt = LegacyPasswordSecurity.GenerateSalt();
var stored = salt + "ThisIsAHashedPassword";
var result =
passwordSecurity.ParseStoredHashPassword(passwordConfiguration.HashAlgorithmType, stored, out _);
Assert.AreEqual("ThisIsAHashedPassword", result);
}
/// <summary>
/// The salt generated is always the same length
/// </summary>
[Test]
public void Check_Salt_Length()
{
var lastLength = 0;
for (var i = 0; i < 10000; i++)
{
var result = LegacyPasswordSecurity.GenerateSalt();
if (i > 0)
{
Assert.AreEqual(lastLength, result.Length);
}
lastLength = result.Length;
}
}
}
Reference in New Issue View Git Blame Copy Permalink