feat(auth): argon2id пароли + session store (sha256 токена)
This commit is contained in:
@@ -0,0 +1,29 @@
|
||||
package auth
|
||||
|
||||
import "testing"
|
||||
|
||||
func TestHashVerifyRoundTrip(t *testing.T) {
|
||||
h, err := HashPassword("s3cret-pw")
|
||||
if err != nil {
|
||||
t.Fatal(err)
|
||||
}
|
||||
if h == "s3cret-pw" || len(h) < 20 {
|
||||
t.Fatalf("bad hash %q", h)
|
||||
}
|
||||
ok, err := VerifyPassword(h, "s3cret-pw")
|
||||
if err != nil || !ok {
|
||||
t.Fatalf("verify failed: %v %v", ok, err)
|
||||
}
|
||||
bad, _ := VerifyPassword(h, "wrong")
|
||||
if bad {
|
||||
t.Fatal("wrong password must not verify")
|
||||
}
|
||||
}
|
||||
|
||||
func TestHashNonDeterministic(t *testing.T) {
|
||||
a, _ := HashPassword("same")
|
||||
b, _ := HashPassword("same")
|
||||
if a == b {
|
||||
t.Fatal("salt must randomize hash")
|
||||
}
|
||||
}
|
||||
Reference in New Issue
Block a user