chore: move password related functions from AuthService to utils file

As these methods will be used in both the AuthService and the IdentityService, it makes sense to extract them and use them in this manner. Especially if one considers that they are quite standalone functions. Signed-off-by: Philip Molares <philip.molares@udo.edu>
2025-05-21 18:55:19 -04:00 · 2021-08-08 21:47:13 +02:00 · 2021-08-08 21:47:13 +02:00 · 547f2239cc
commit 547f2239cc
parent cf8f3b39ec
4 changed files with 109 additions and 63 deletions
--- a/src/utils/password.spec.ts
+++ b/src/utils/password.spec.ts
@ -0,0 +1,59 @@
+/*
+ * SPDX-FileCopyrightText: 2021 The HedgeDoc developers (see AUTHORS file)
+ *
+ * SPDX-License-Identifier: AGPL-3.0-only
+ */
+import bcrypt from 'bcrypt';
+import { randomBytes } from 'crypto';
+
+import { bufferToBase64Url, checkPassword, hashPassword } from './password';
+
+const testPassword = 'thisIsATestPassword';
+
+describe('hashPassword', () => {
+  it('output looks like a bcrypt hash with 2^12 rounds of hashing', async () => {
+    /*
+     * a bcrypt hash example with the different parts highlighted:
+     * $2a$10$N9qo8uLOickgx2ZMRZoMyeIjZAgcfl7p92ldGxad68LJZdL17lhWy
+     * \__/\/ \____________________/\_____________________________/
+     * Alg Cost      Salt                        Hash
+     * from https://en.wikipedia.org/wiki/Bcrypt#Description
+     */
+    const regexBcrypt = /^\$2[abxy]\$12\$[A-Za-z0-9/.]{53}$/;
+    const hash = await hashPassword(testPassword);
+    expect(regexBcrypt.test(hash)).toBeTruthy();
+  });
+  it('calls bcrypt.hash with the correct parameters', async () => {
+    const spy = jest.spyOn(bcrypt, 'hash');
+    await hashPassword(testPassword);
+    expect(spy).toHaveBeenCalledWith(testPassword, 12);
+  });
+});
+
+describe('checkPassword', () => {
+  it("is returning true if the inputs are a plaintext password and it's bcrypt-hashed version", async () => {
+    const hashOfTestPassword =
+      '$2a$12$WHKCq4c0rg19zyx5WgX0p.or0rjSKYpIBcHhQQGLrxrr6FfMPylIW';
+    await checkPassword(testPassword, hashOfTestPassword).then((result) =>
+      expect(result).toBeTruthy(),
+    );
+  });
+  it('fails, if secret is too short', async () => {
+    const secret = bufferToBase64Url(randomBytes(54));
+    const hash = await hashPassword(secret);
+    await checkPassword(secret, hash).then((result) =>
+      expect(result).toBeTruthy(),
+    );
+    await checkPassword(secret.substr(0, secret.length - 1), hash).then(
+      (result) => expect(result).toBeFalsy(),
+    );
+  });
+});
+
+describe('bufferToBase64Url', () => {
+  it('transforms a buffer to the correct base64url encoded string', () => {
+    expect(
+      bufferToBase64Url(Buffer.from('testsentence is a test sentence')),
+    ).toEqual('dGVzdHNlbnRlbmNlIGlzIGEgdGVzdCBzZW50ZW5jZQ');
+  });
+});