summaryrefslogtreecommitdiff
path: root/tests
diff options
context:
space:
mode:
Diffstat (limited to 'tests')
-rw-r--r--tests/auth_tests/test_hashers.py24
-rw-r--r--tests/auth_tests/test_views.py2
2 files changed, 25 insertions, 1 deletions
diff --git a/tests/auth_tests/test_hashers.py b/tests/auth_tests/test_hashers.py
index 8cd70d6721..8bc61bc8b2 100644
--- a/tests/auth_tests/test_hashers.py
+++ b/tests/auth_tests/test_hashers.py
@@ -74,6 +74,12 @@ class TestUtilsHashPass(SimpleTestCase):
self.assertTrue(is_password_usable(blank_encoded))
self.assertTrue(check_password('', blank_encoded))
self.assertFalse(check_password(' ', blank_encoded))
+ # Salt entropy check.
+ hasher = get_hasher('pbkdf2_sha256')
+ encoded_weak_salt = make_password('lètmein', 'iodizedsalt', 'pbkdf2_sha256')
+ encoded_strong_salt = make_password('lètmein', hasher.salt(), 'pbkdf2_sha256')
+ self.assertIs(hasher.must_update(encoded_weak_salt), True)
+ self.assertIs(hasher.must_update(encoded_strong_salt), False)
@override_settings(PASSWORD_HASHERS=['django.contrib.auth.hashers.SHA1PasswordHasher'])
def test_sha1(self):
@@ -89,6 +95,12 @@ class TestUtilsHashPass(SimpleTestCase):
self.assertTrue(is_password_usable(blank_encoded))
self.assertTrue(check_password('', blank_encoded))
self.assertFalse(check_password(' ', blank_encoded))
+ # Salt entropy check.
+ hasher = get_hasher('sha1')
+ encoded_weak_salt = make_password('lètmein', 'iodizedsalt', 'sha1')
+ encoded_strong_salt = make_password('lètmein', hasher.salt(), 'sha1')
+ self.assertIs(hasher.must_update(encoded_weak_salt), True)
+ self.assertIs(hasher.must_update(encoded_strong_salt), False)
@override_settings(PASSWORD_HASHERS=['django.contrib.auth.hashers.MD5PasswordHasher'])
def test_md5(self):
@@ -104,6 +116,12 @@ class TestUtilsHashPass(SimpleTestCase):
self.assertTrue(is_password_usable(blank_encoded))
self.assertTrue(check_password('', blank_encoded))
self.assertFalse(check_password(' ', blank_encoded))
+ # Salt entropy check.
+ hasher = get_hasher('md5')
+ encoded_weak_salt = make_password('lètmein', 'iodizedsalt', 'md5')
+ encoded_strong_salt = make_password('lètmein', hasher.salt(), 'md5')
+ self.assertIs(hasher.must_update(encoded_weak_salt), True)
+ self.assertIs(hasher.must_update(encoded_strong_salt), False)
@override_settings(PASSWORD_HASHERS=['django.contrib.auth.hashers.UnsaltedMD5PasswordHasher'])
def test_unsalted_md5(self):
@@ -537,6 +555,12 @@ class TestUtilsHashPassArgon2(SimpleTestCase):
)
self.assertIs(check_password('secret', encoded), True)
self.assertIs(check_password('wrong', encoded), False)
+ # Salt entropy check.
+ hasher = get_hasher('argon2')
+ encoded_weak_salt = make_password('lètmein', 'iodizedsalt', 'argon2')
+ encoded_strong_salt = make_password('lètmein', hasher.salt(), 'argon2')
+ self.assertIs(hasher.must_update(encoded_weak_salt), True)
+ self.assertIs(hasher.must_update(encoded_strong_salt), False)
def test_argon2_decode(self):
salt = 'abcdefghijk'
diff --git a/tests/auth_tests/test_views.py b/tests/auth_tests/test_views.py
index 9d669c5d85..4fb61b9be5 100644
--- a/tests/auth_tests/test_views.py
+++ b/tests/auth_tests/test_views.py
@@ -1269,7 +1269,7 @@ class ChangelistTests(AuthViewsTestCase):
self.assertContains(
response,
'<strong>algorithm</strong>: %s\n\n'
- '<strong>salt</strong>: %s**********\n\n'
+ '<strong>salt</strong>: %s********************\n\n'
'<strong>hash</strong>: %s**************************\n\n' % (
algo, salt[:2], hash_string[:6],
),