yv01p/Umbraco-CMS
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
9035f160fefb4350c0be15efc33c2c4c272618a8
Umbraco-CMS/tests/Umbraco.Tests.UnitTests/Umbraco.Infrastructure/Security/MemberPasswordHasherTests.cs
Andy Butland 44aa5dcf1c Provides an abstraction for creating the JavaScriptEncoder used in SystemTextConfigurationEditorJsonSerializer (#19849) 
* Provides an abstraction for creating the JavaScriptEncoder used in SystemTextConfigurationEditorJsonSerializer.

* Generalised JSON serialization encoder factory to work for all System.Tex.Json serializers.
Added the serializer's name as a parameter to allow for different encodings per serializer if required.

* Fixed tests by removing use of obsolete constructors.

* Removed name parameter and used a generic type instead.
2025-08-07 09:08:09 +02:00

114 lines
4.9 KiB
C#
Raw Blame History

using Microsoft.AspNetCore.Identity;
using Microsoft.Extensions.Logging;
using Microsoft.Extensions.Logging.Abstractions;
using Microsoft.Extensions.Options;
using NUnit.Framework;
using Umbraco.Cms.Core.Configuration.Models;
using Umbraco.Cms.Core.Security;
using Umbraco.Cms.Infrastructure.Serialization;
namespace Umbraco.Cms.Tests.Integration.Umbraco.Infrastructure.Security;
[TestFixture]
public class MemberPasswordHasherTests
{
[Test]
[TestCase(
"Password123!",
"AQAAAAIAAYagAAAAEJBorDjt+UEvw55UJVsbgAS6T2IGao+2XpCBbO3EKZoAMzoN+CNOpPdu1c0qrFcJVw==", null, ExpectedResult = PasswordVerificationResult.Success, Description = "AspNetCoreIdentityPasswordHash: Correct password")]
[TestCase("Password123!", "AQAAAAEAACcQAAAAEGF/tTVoL6ef3bQPZFYfbgKFu1CDQIAMgyY1N4EDt9jqdG/hsOX93X1U6LNvlIQ3mw==",
null,
ExpectedResult = PasswordVerificationResult.SuccessRehashNeeded,
Description = "GivenALegacyAspNetCoreIdentityPasswordHash: Correct password")]
[TestCase(
"wrongPassword",
"AQAAAAEAACcQAAAAEGF/tTVoL6ef3bQPZFYfbgKFu1CDQIAMgyY1N4EDt9jqdG/hsOX93X1U6LNvlIQ3mw==",
null,
ExpectedResult = PasswordVerificationResult.Failed,
Description = "AspNetCoreIdentityPasswordHash: Wrong password")]
[TestCase(
"Password123!",
"yDiU2YyuYZU4jz6F0fpErQ==BxNRHkXBVyJs9gwWF6ktWdfDwYf5bwm+rvV7tOcNNx8=",
null,
ExpectedResult = PasswordVerificationResult.SuccessRehashNeeded,
Description = "GivenALegacyPasswordHash: Correct password")]
[TestCase(
"wrongPassword",
"yDiU2YyuYZU4jz6F0fpErQ==BxNRHkXBVyJs9gwWF6ktWdfDwYf5bwm+rvV7tOcNNx8=",
null,
ExpectedResult = PasswordVerificationResult.Failed,
Description = "GivenALegacyPasswordHash: Wrong password")]
[TestCase(
"Password123!",
"AJszAsQqxOYbASKfL3JVUu6cjU18ouizXDfX4j7wLlir8SWj2yQaTepE9e5bIohIsQ==",
null,
ExpectedResult = PasswordVerificationResult.SuccessRehashNeeded,
Description = "GivenALegacyPasswordHash: Correct password")]
[TestCase(
"wrongPassword",
"AJszAsQqxOYbASKfL3JVUu6cjU18ouizXDfX4j7wLlir8SWj2yQaTepE9e5bIohIsQ==",
null,
ExpectedResult = PasswordVerificationResult.Failed,
Description = "GivenALegacyPasswordHash: Wrong password")]
[TestCase(
"1234567890",
"1234567890",
null,
ExpectedResult = PasswordVerificationResult.Failed,
Description = "ClearText: Correct password, but not supported")]
[TestCase(
"wrongPassword",
"1234567890",
null,
ExpectedResult = PasswordVerificationResult.Failed,
Description = "ClearText: Wrong password")]
[TestCase(
"1234567890",
"XyFRG4/xJ5JGQJYqqIFK70BjHdM=",
null,
ExpectedResult = PasswordVerificationResult.SuccessRehashNeeded,
Description = "Hashed: Correct password")]
[TestCase(
"wrongPassword",
"XyFRG4/xJ5JGQJYqqIFK70BjHdM=",
null,
ExpectedResult = PasswordVerificationResult.Failed,
Description = "Hashed: Wrong password")]
[TestCase(
"1234567890",
"K2JPOhoqNoysfnnD67QsWDSliHrjoSTRTvv9yiaKf30=",
"1D43BFA074DF6DCEF6E44A7F5B5F56CDDD60BE198FBBB0222C96A5BD696F3CAA",
ExpectedResult = PasswordVerificationResult.SuccessRehashNeeded,
Description = "Encrypted: Correct password and correct decryptionKey")]
[TestCase(
"wrongPassword",
"K2JPOhoqNoysfnnD67QsWDSliHrjoSTRTvv9yiaKf30=",
"1D43BFA074DF6DCEF6E44A7F5B5F56CDDD60BE198FBBB0222C96A5BD696F3CAA",
ExpectedResult = PasswordVerificationResult.Failed,
Description = "Encrypted: Wrong password but correct decryptionKey")]
[TestCase(
"1234567890",
"qiuwRr4K7brpTcIzLFfR3iGG9zj4/z4ewHCVZmYUDKM=",
"B491B602E0CE1D52450A8089FD2013B340743A7EFCC12B039BD11977A083ACA1",
ExpectedResult = PasswordVerificationResult.Failed,
Description = "Encrypted: Correct password but wrong decryptionKey")]
[TestCase(
"1234567890",
"qiuwRr4K7brpTcIzLFfR3iGG9zj4/z4ewHCVZmYUDKM=",
"InvalidDecryptionKey",
ExpectedResult = PasswordVerificationResult.Failed,
Description = "Encrypted: Invalid decryptionKey")]
public PasswordVerificationResult VerifyHashedPassword(string password, string encryptedPassword, string decryptionKey)
{
var member = new MemberIdentityUser { PasswordConfig = null };
var sut = new MemberPasswordHasher(
new LegacyPasswordSecurity(),
new SystemTextJsonSerializer(new DefaultJsonSerializerEncoderFactory()),
Options.Create(new LegacyPasswordMigrationSettings { MachineKeyDecryptionKey = decryptionKey }),
NullLoggerFactory.Instance.CreateLogger<MemberPasswordHasher>());
return sut.VerifyHashedPassword(member, encryptedPassword, password);
}
}
Reference in New Issue View Git Blame Copy Permalink