X-Git-Url: http://git.freeside.biz/gitweb/?a=blobdiff_plain;f=rt%2Ft%2Fapi%2Fpassword-types.t;h=3278b488de1c5978d46070dccd4bcc870cae1b8e;hb=7322f2afedcc2f427e997d1535a503613a83f088;hp=5f253d51eddae0534c4f7ee9a39dd8e3c5a332a0;hpb=f3c4966ed1f6ec3db7accd6dcdd3a5a3821d72a7;p=freeside.git

diff --git a/rt/t/api/password-types.t b/rt/t/api/password-types.t
index 5f253d51e..3278b488d 100644
--- a/rt/t/api/password-types.t
+++ b/rt/t/api/password-types.t
@@ -1,21 +1,33 @@
-#!/usr/bin/perl -w
 use strict;
 use warnings;
 
 use RT::Test;
 use Digest::MD5;
 
-my $default = "sha512";
+my $default = "bcrypt";
 
 my $root = RT::User->new(RT->SystemUser);
 $root->Load("root");
 
-# Salted SHA-512 (default)
+# bcrypt (default)
 my $old = $root->__Value("Password");
 like($old, qr/^\!$default\!/, "Stored as salted $default");
 ok($root->IsPassword("password"));
 is($root->__Value("Password"), $old, "Unchanged after password check");
 
+# bcrypt (smaller number of rounds)
+my $rounds = RT->Config->Get("BcryptCost");
+my $salt = Crypt::Eksblowfish::Bcrypt::en_base64("a"x16);
+$root->_Set( Field => "Password", Value => RT::User->_GeneratePassword_bcrypt("smaller", 6, $salt) );
+like($root->__Value("Password"), qr/^\!$default\!06\!/, "Stored with a smaller number of rounds");
+ok($root->IsPassword("smaller"), "Smaller number of bcrypt rounds works");
+like($root->__Value("Password"), qr/^\!$default\!$rounds\!/, "And is now upgraded to $rounds rounds");
+
+# Salted SHA-512, one round
+$root->_Set( Field => "Password", Value => RT::User->_GeneratePassword_sha512("other", "salt") );
+ok($root->IsPassword("other"), "SHA-512 password works");
+like($root->__Value("Password"), qr/^\!$default\!/, "And is now upgraded to salted $default");
+
 # Crypt
 $root->_Set( Field => "Password", Value => crypt("something", "salt"));
 ok($root->IsPassword("something"), "crypt()ed password works");
@@ -39,3 +51,12 @@ my $trunc = MIME::Base64::encode_base64(
 $root->_Set( Field => "Password", Value => $trunc);
 ok($root->IsPassword("secret"), "Unsalted MD5 base64 works");
 like($root->__Value("Password"), qr/^\!$default\!/, "And is now upgraded to salted $default");
+
+# Non-ASCII salted truncated SHA-256
+my $non_ascii_trunc = MIME::Base64::encode_base64(
+    "salt" . substr(Digest::SHA::sha256("salt".Digest::MD5::md5("áěšý")),0,26),
+    ""
+);
+$root->_Set( Field => "Password", Value => $non_ascii_trunc);
+ok($root->IsPassword(Encode::decode("UTF-8", "áěšý")), "Unsalted MD5 base64 works");
+like($root->__Value("Password"), qr/^\!$default\!/, "And is now upgraded to salted $default");