Skip to content

Commit d5286ce

Browse files
kjetilhokjetilho
committed
add more bcrypt tests
* check for invalid salt values for all bcrypt variants * check for valid return value on glibc 2.28 I am not entirely sure this cutoff is correct, but RHEL 8 runs glibc 2.28 and supports bcrypt, and Ubuntu 18.04 Bionic has glibc 2.27 and does not. Ubuntu Focal 20.04 has glibc 2.31 and also supports bcrypt. We will see what the test harness reports :-)
1 parent f02ae8c commit d5286ce

File tree

1 file changed

+19
-0
lines changed

1 file changed

+19
-0
lines changed

spec/functions/pw_hash_spec.rb

Lines changed: 19 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -53,6 +53,9 @@
5353
context 'when the third argument contains invalid characters' do
5454
it { is_expected.to run.with_params('password', 'sha-512', 'one%').and_raise_error(ArgumentError, %r{characters in salt must be in the set}) }
5555
it { is_expected.to run.with_params('password', 'bcrypt', '1234').and_raise_error(ArgumentError, %r{characters in salt must match}) }
56+
it { is_expected.to run.with_params('password', 'bcrypt-a', '1234').and_raise_error(ArgumentError, %r{characters in salt must match}) }
57+
it { is_expected.to run.with_params('password', 'bcrypt-x', '1234').and_raise_error(ArgumentError, %r{characters in salt must match}) }
58+
it { is_expected.to run.with_params('password', 'bcrypt-y', '1234').and_raise_error(ArgumentError, %r{characters in salt must match}) }
5659
end
5760

5861
context 'when running on a platform with a weak String#crypt implementation' do
@@ -61,6 +64,22 @@
6164
it { is_expected.to run.with_params('password', 'sha-512', 'salt').and_raise_error(Puppet::ParseError, %r{system does not support enhanced salts}) }
6265
end
6366

67+
begin
68+
require 'etc'
69+
if Etc.confstr(Etc::CS_GNU_LIBC_VERSION) =~ %r{(\d+)\.(\d+)} and $1.to_i > 2 or ($1.to_i == 2 and $2.to_i >= 28)
70+
context 'when running on platform with bcrypt' do
71+
it { is_expected.to run.with_params('password', 'bcrypt', '05$salt.salt.salt.salt.sa').and_return('$2b$05$salt.salt.salt.salt.sO5QUgeeLRANZyvfNiKJW5amLo3cVD8nW') }
72+
it { is_expected.to run.with_params('password', 'bcrypt-a', '05$salt.salt.salt.salt.sa').and_return('$2a$05$salt.salt.salt.salt.sO5QUgeeLRANZyvfNiKJW5amLo3cVD8nW') }
73+
it { is_expected.to run.with_params('password', 'bcrypt-x', '05$salt.salt.salt.salt.sa').and_return('$2x$05$salt.salt.salt.salt.sO5QUgeeLRANZyvfNiKJW5amLo3cVD8nW') }
74+
it { is_expected.to run.with_params('password', 'bcrypt-y', '05$salt.salt.salt.salt.sa').and_return('$2y$05$salt.salt.salt.salt.sO5QUgeeLRANZyvfNiKJW5amLo3cVD8nW') }
75+
end
76+
else
77+
pending("Only testing bcrypt results on glibc 2.28 and later")
78+
end
79+
rescue NameError
80+
pending("Only testing bcrypt results on glibc")
81+
end
82+
6483
if RUBY_PLATFORM == 'java' || 'test'.crypt('$1$1') == '$1$1$Bp8CU9Oujr9SSEw53WV6G.'
6584
describe 'on systems with enhanced salts support' do
6685
it { is_expected.to run.with_params('password', 'md5', 'salt').and_return('$1$salt$qJH7.N4xYta3aEG/dfqo/0') }

0 commit comments

Comments
 (0)