From ccaeffd2d3fdc651a74e2a4daa0d9c6a9dd0052c Mon Sep 17 00:00:00 2001
From: Victor Parpoil <vparpoil@gmail.com>
Date: Fri, 17 Jan 2025 18:14:53 +0100
Subject: [PATCH] Accounts-passowrd: Adding a test case to ensure smooth
 migration from bcrypt to argon2

---
 packages/accounts-password/password_tests.js | 43 +++++++++++++++++++-
 1 file changed, 42 insertions(+), 1 deletion(-)

diff --git a/packages/accounts-password/password_tests.js b/packages/accounts-password/password_tests.js
index fdd466fe63..13896cf6ae 100644
--- a/packages/accounts-password/password_tests.js
+++ b/packages/accounts-password/password_tests.js
@@ -1871,7 +1871,7 @@ if (Meteor.isServer) (() => {
         await Meteor.users.removeAsync(this.userId1);
         await Meteor.users.removeAsync(userId2);
         resolve();
-      }, 5000);
+      }, 1000);
 
       return promise;
     }
@@ -1928,4 +1928,45 @@ if (Meteor.isServer) (() => {
       });
     }, 'already exists');
   });
+
+  Tinytest.addAsync("passwords - migration from bcrypt encryption to argon2", async test => {
+    const username = Random.id();
+    const email = `${username}@bcrypt.com`;
+    const password = "password";
+    const bcryptPasswordHash = "$2b$10$XIz481R/8TTXqtl9igiPmeZexiLkhy7oTk4pfO/oN5ymQnS5mWilC";// = brcypt(sha256('password'))
+    const userId = await Meteor.users.insertAsync({
+      username,
+      emails: [{ address: email, verified: false }],
+      services: {
+        password: {
+          bcrypt: bcryptPasswordHash
+        }
+      }
+    });
+    let user = await Meteor.users.findOneAsync(userId);
+    const isValid = await Accounts._checkPasswordAsync(user, password);
+    test.equal(isValid.userId, userId, "checkPassword with bcrypt - User ID should be returned");
+    test.equal(typeof isValid.error, "undefined", "checkPassword with bcrypt - No error should be returned");
+
+
+    let resolve;
+    const promise = new Promise(res => resolve = res);
+
+    // wait for defered execution of user update inside _checkPasswordAsync
+    Meteor.setTimeout(async () => {
+      user = await Meteor.users.findOneAsync(userId);
+      // bcrypt has been unset and argon2 set
+      test.equal(typeof user.services.password.bcrypt, "undefined", "bcrypt should be unset");
+      test.equal(typeof user.services.password.argon2, "string", "argon2 should be set");
+      // password is still valid using argon2
+      const isValidArgon = await Accounts._checkPasswordAsync(user, password);
+      test.equal(isValidArgon.userId, userId, "checkPassword with argon2 - User ID should be returned");
+      test.equal(typeof isValidArgon.error, "undefined", "checkPassword with argon2 - No error should be returned");
+      resolve();
+    }, 1000);
+
+    return promise
+
+
+  });
 })();