fix(auth): VerifyPassword валидирует параметры/версию, не паникует на битом хэше

This commit is contained in:
2026-07-03 19:58:54 +07:00
parent 12b7945efc
commit a584cf5c37
2 changed files with 103 additions and 4 deletions
+58
View File
@@ -27,3 +27,61 @@ func TestHashNonDeterministic(t *testing.T) {
t.Fatal("salt must randomize hash")
}
}
func TestVerifyPasswordBadTimeDoesNotPanic(t *testing.T) {
defer func() {
if r := recover(); r != nil {
t.Fatalf("VerifyPassword panicked: %v", r)
}
}()
encoded := "$argon2id$v=19$m=65536,t=0,p=4$c29tZXNhbHRzb21lc2FsdA$c29tZWhhc2hzb21laGFzaA"
ok, err := VerifyPassword(encoded, "anything")
if err == nil {
t.Fatal("expected error for t=0, got nil")
}
if ok {
t.Fatal("expected ok=false for t=0")
}
}
func TestVerifyPasswordBadThreadsDoesNotPanic(t *testing.T) {
defer func() {
if r := recover(); r != nil {
t.Fatalf("VerifyPassword panicked: %v", r)
}
}()
encoded := "$argon2id$v=19$m=65536,t=1,p=0$c29tZXNhbHRzb21lc2FsdA$c29tZWhhc2hzb21laGFzaA"
ok, err := VerifyPassword(encoded, "anything")
if err == nil {
t.Fatal("expected error for p=0, got nil")
}
if ok {
t.Fatal("expected ok=false for p=0")
}
}
func TestVerifyPasswordUnsupportedVersion(t *testing.T) {
encoded := "$argon2id$v=18$m=65536,t=1,p=4$c29tZXNhbHRzb21lc2FsdA$c29tZWhhc2hzb21laGFzaA"
ok, err := VerifyPassword(encoded, "anything")
if err == nil {
t.Fatal("expected error for unsupported version, got nil")
}
if ok {
t.Fatal("expected ok=false for unsupported version")
}
}
func TestVerifyPasswordGarbageFormatDoesNotPanic(t *testing.T) {
defer func() {
if r := recover(); r != nil {
t.Fatalf("VerifyPassword panicked: %v", r)
}
}()
ok, err := VerifyPassword("notahash", "anything")
if err == nil {
t.Fatal("expected error for garbage format, got nil")
}
if ok {
t.Fatal("expected ok=false for garbage format")
}
}