github/meteor
1
1
Fork 0
mirror of https://github.com/meteor/meteor.git synced 2026-05-02 03:01:46 -04:00
Code Issues Packages Projects Releases Wiki Activity

Accounts-passowrd: Adding a test case to ensure smooth migration from bcrypt to argon2

Browse Source
This commit is contained in:
Victor Parpoil
2025-01-17 18:14:53 +01:00
parent 9f0bef76c3
commit ccaeffd2d3
1 changed files with 42 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

43
packages/accounts-password/password_tests.js
View File

@@ -1871,7 +1871,7 @@ if (Meteor.isServer) (() => {
await Meteor.users.removeAsync(this.userId1);
await Meteor.users.removeAsync(userId2);
resolve();
}, 5000);
}, 1000);
return promise;
}
@@ -1928,4 +1928,45 @@ if (Meteor.isServer) (() => {
});
}, 'already exists');
});
Tinytest.addAsync("passwords - migration from bcrypt encryption to argon2", async test => {
const username = Random.id();
const email = `${username}@bcrypt.com`;
const password = "password";
const bcryptPasswordHash = "$2b$10$XIz481R/8TTXqtl9igiPmeZexiLkhy7oTk4pfO/oN5ymQnS5mWilC";// = brcypt(sha256('password'))
const userId = await Meteor.users.insertAsync({
username,
emails: [{ address: email, verified: false }],
services: {
password: {
bcrypt: bcryptPasswordHash
}
}
});
let user = await Meteor.users.findOneAsync(userId);
const isValid = await Accounts._checkPasswordAsync(user, password);
test.equal(isValid.userId, userId, "checkPassword with bcrypt - User ID should be returned");
test.equal(typeof isValid.error, "undefined", "checkPassword with bcrypt - No error should be returned");
let resolve;
const promise = new Promise(res => resolve = res);
// wait for defered execution of user update inside _checkPasswordAsync
Meteor.setTimeout(async () => {
user = await Meteor.users.findOneAsync(userId);
// bcrypt has been unset and argon2 set
test.equal(typeof user.services.password.bcrypt, "undefined", "bcrypt should be unset");
test.equal(typeof user.services.password.argon2, "string", "argon2 should be set");
// password is still valid using argon2
const isValidArgon = await Accounts._checkPasswordAsync(user, password);
test.equal(isValidArgon.userId, userId, "checkPassword with argon2 - User ID should be returned");
test.equal(typeof isValidArgon.error, "undefined", "checkPassword with argon2 - No error should be returned");
resolve();
}, 1000);
return promise
});
})();