147
147
func (s *UserSuite) TestSetPasswordHash(c *gc.C) {
148
148
user := s.Factory.MakeUser(c, nil)
150
err := user.SetPasswordHash(utils.UserPasswordHash("foo", utils.CompatSalt), utils.CompatSalt)
150
salt, err := utils.RandomSalt()
151
c.Assert(err, jc.ErrorIsNil)
152
err = user.SetPasswordHash(utils.UserPasswordHash("foo", salt), salt)
151
153
c.Assert(err, jc.ErrorIsNil)
153
155
c.Assert(user.PasswordValid("foo"), jc.IsTrue)
169
171
c.Assert(err, jc.ErrorIsNil)
171
173
c.Assert(user.PasswordValid("foo"), jc.IsTrue)
172
salt, hash := state.GetUserPasswordSaltAndHash(user)
174
salt, _ := state.GetUserPasswordSaltAndHash(user)
173
175
c.Assert(salt, gc.Equals, "salted")
174
c.Assert(hash, gc.Not(gc.Equals), utils.UserPasswordHash("foo", utils.CompatSalt))
177
func (s *UserSuite) TestPasswordValidUpdatesSalt(c *gc.C) {
178
user := s.Factory.MakeUser(c, nil)
180
compatHash := utils.UserPasswordHash("foo", utils.CompatSalt)
181
err := user.SetPasswordHash(compatHash, "")
182
c.Assert(err, jc.ErrorIsNil)
183
beforeSalt, beforeHash := state.GetUserPasswordSaltAndHash(user)
184
c.Assert(beforeSalt, gc.Equals, "")
185
c.Assert(beforeHash, gc.Equals, compatHash)
186
c.Assert(user.PasswordValid("bar"), jc.IsFalse)
187
// A bad password doesn't trigger a rewrite
188
afterBadSalt, afterBadHash := state.GetUserPasswordSaltAndHash(user)
189
c.Assert(afterBadSalt, gc.Equals, "")
190
c.Assert(afterBadHash, gc.Equals, compatHash)
191
// When we get a valid check, we then add a salt and rewrite the hash
192
c.Assert(user.PasswordValid("foo"), jc.IsTrue)
193
afterSalt, afterHash := state.GetUserPasswordSaltAndHash(user)
194
c.Assert(afterSalt, gc.Not(gc.Equals), "")
195
c.Assert(afterHash, gc.Not(gc.Equals), compatHash)
196
c.Assert(afterHash, gc.Equals, utils.UserPasswordHash("foo", afterSalt))
197
// running PasswordValid again doesn't trigger another rewrite
198
c.Assert(user.PasswordValid("foo"), jc.IsTrue)
199
lastSalt, lastHash := state.GetUserPasswordSaltAndHash(user)
200
c.Assert(lastSalt, gc.Equals, afterSalt)
201
c.Assert(lastHash, gc.Equals, afterHash)
204
178
func (s *UserSuite) TestCantDisableAdmin(c *gc.C) {