api-auth_test.go (1875B)
1 // This file is part of taler-cashless2ecash. 2 // Copyright (C) 2024 Joel Häberli 3 // 4 // taler-cashless2ecash is free software: you can redistribute it and/or modify it 5 // under the terms of the GNU Affero General Public License as published 6 // by the Free Software Foundation, either version 3 of the License, 7 // or (at your option) any later version. 8 // 9 // taler-cashless2ecash is distributed in the hope that it will be useful, but 10 // WITHOUT ANY WARRANTY; without even the implied warranty of 11 // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU 12 // Affero General Public License for more details. 13 // 14 // You should have received a copy of the GNU Affero General Public License 15 // along with this program. If not, see <http://www.gnu.org/licenses/>. 16 // 17 // SPDX-License-Identifier: AGPL3.0-or-later 18 19 package internal_api 20 21 import ( 22 internal_utils "c2ec/internal/utils" 23 "crypto/rand" 24 "encoding/base64" 25 "errors" 26 "fmt" 27 "testing" 28 29 "golang.org/x/crypto/argon2" 30 ) 31 32 func TestValidPassword(t *testing.T) { 33 34 pw := "verygoodpassword" 35 hashedEncodedPw, err := pbkdf(pw) 36 if err != nil { 37 fmt.Println("pbkdf failed") 38 t.FailNow() 39 } 40 41 if !internal_utils.ValidPassword(pw, hashedEncodedPw) { 42 fmt.Println("password check failed") 43 t.FailNow() 44 } 45 } 46 47 // copied from the cli tool. this function is used to obtain a base64 encoded password hash. 48 func pbkdf(pw string) (string, error) { 49 50 rfcTime := 3 51 rfcMemory := 32 * 1024 52 salt := make([]byte, 16) 53 _, err := rand.Read(salt) 54 if err != nil { 55 return "", err 56 } 57 key := argon2.Key([]byte(pw), salt, uint32(rfcTime), uint32(rfcMemory), 4, 32) 58 59 keyAndSalt := make([]byte, 0, 48) 60 keyAndSalt = append(keyAndSalt, key...) 61 keyAndSalt = append(keyAndSalt, salt...) 62 if len(keyAndSalt) != 48 { 63 return "", errors.New("invalid password hash and salt") 64 } 65 return base64.StdEncoding.EncodeToString(keyAndSalt), nil 66 }