diff options
Diffstat (limited to 'tests')
| -rw-r--r-- | tests/auth_tests/test_hashers.py | 24 | ||||
| -rw-r--r-- | tests/auth_tests/test_views.py | 2 |
2 files changed, 25 insertions, 1 deletions
diff --git a/tests/auth_tests/test_hashers.py b/tests/auth_tests/test_hashers.py index 8cd70d6721..8bc61bc8b2 100644 --- a/tests/auth_tests/test_hashers.py +++ b/tests/auth_tests/test_hashers.py @@ -74,6 +74,12 @@ class TestUtilsHashPass(SimpleTestCase): self.assertTrue(is_password_usable(blank_encoded)) self.assertTrue(check_password('', blank_encoded)) self.assertFalse(check_password(' ', blank_encoded)) + # Salt entropy check. + hasher = get_hasher('pbkdf2_sha256') + encoded_weak_salt = make_password('lètmein', 'iodizedsalt', 'pbkdf2_sha256') + encoded_strong_salt = make_password('lètmein', hasher.salt(), 'pbkdf2_sha256') + self.assertIs(hasher.must_update(encoded_weak_salt), True) + self.assertIs(hasher.must_update(encoded_strong_salt), False) @override_settings(PASSWORD_HASHERS=['django.contrib.auth.hashers.SHA1PasswordHasher']) def test_sha1(self): @@ -89,6 +95,12 @@ class TestUtilsHashPass(SimpleTestCase): self.assertTrue(is_password_usable(blank_encoded)) self.assertTrue(check_password('', blank_encoded)) self.assertFalse(check_password(' ', blank_encoded)) + # Salt entropy check. + hasher = get_hasher('sha1') + encoded_weak_salt = make_password('lètmein', 'iodizedsalt', 'sha1') + encoded_strong_salt = make_password('lètmein', hasher.salt(), 'sha1') + self.assertIs(hasher.must_update(encoded_weak_salt), True) + self.assertIs(hasher.must_update(encoded_strong_salt), False) @override_settings(PASSWORD_HASHERS=['django.contrib.auth.hashers.MD5PasswordHasher']) def test_md5(self): @@ -104,6 +116,12 @@ class TestUtilsHashPass(SimpleTestCase): self.assertTrue(is_password_usable(blank_encoded)) self.assertTrue(check_password('', blank_encoded)) self.assertFalse(check_password(' ', blank_encoded)) + # Salt entropy check. + hasher = get_hasher('md5') + encoded_weak_salt = make_password('lètmein', 'iodizedsalt', 'md5') + encoded_strong_salt = make_password('lètmein', hasher.salt(), 'md5') + self.assertIs(hasher.must_update(encoded_weak_salt), True) + self.assertIs(hasher.must_update(encoded_strong_salt), False) @override_settings(PASSWORD_HASHERS=['django.contrib.auth.hashers.UnsaltedMD5PasswordHasher']) def test_unsalted_md5(self): @@ -537,6 +555,12 @@ class TestUtilsHashPassArgon2(SimpleTestCase): ) self.assertIs(check_password('secret', encoded), True) self.assertIs(check_password('wrong', encoded), False) + # Salt entropy check. + hasher = get_hasher('argon2') + encoded_weak_salt = make_password('lètmein', 'iodizedsalt', 'argon2') + encoded_strong_salt = make_password('lètmein', hasher.salt(), 'argon2') + self.assertIs(hasher.must_update(encoded_weak_salt), True) + self.assertIs(hasher.must_update(encoded_strong_salt), False) def test_argon2_decode(self): salt = 'abcdefghijk' diff --git a/tests/auth_tests/test_views.py b/tests/auth_tests/test_views.py index 9d669c5d85..4fb61b9be5 100644 --- a/tests/auth_tests/test_views.py +++ b/tests/auth_tests/test_views.py @@ -1269,7 +1269,7 @@ class ChangelistTests(AuthViewsTestCase): self.assertContains( response, '<strong>algorithm</strong>: %s\n\n' - '<strong>salt</strong>: %s**********\n\n' + '<strong>salt</strong>: %s********************\n\n' '<strong>hash</strong>: %s**************************\n\n' % ( algo, salt[:2], hash_string[:6], ), |
