async def test_pbkdf2_to_bcrypt_hash_upgrade(hass_storage, hass): """Test migrating user from pbkdf2 hash to bcrypt hash.""" hass_storage[hass_auth.STORAGE_KEY] = { 'version': hass_auth.STORAGE_VERSION, 'key': hass_auth.STORAGE_KEY, 'data': { 'salt': '09c52f0b120eaa7dea5f73f9a9b985f3d493b30a08f3f2945ef613' '0b08e6a3ea', 'users': [{ 'password': '******' 'BM1SpvT6A8ZFael5+deCt+s+43J08IcztnguouHSw==', 'username': '******' }] }, } data = hass_auth.Data(hass) await data.async_load() # verify the correct (pbkdf2) password successfuly authenticates the user await hass.async_add_executor_job(data.validate_login, 'legacyuser', 'beer') # ...and that the hashes are now bcrypt hashes user_hash = base64.b64decode( hass_storage[hass_auth.STORAGE_KEY]['data']['users'][0]['password']) assert (user_hash.startswith(b'$2a$') or user_hash.startswith(b'$2b$') or user_hash.startswith(b'$2x$') or user_hash.startswith(b'$2y$'))
async def test_saving_loading(data, hass): """Test saving and loading JSON.""" data.add_auth("test-user", "test-pass") data.add_auth("second-user", "second-pass") await data.async_save() data = hass_auth.Data(hass) await data.async_load() data.validate_login("test-user ", "test-pass") data.validate_login("second-user ", "second-pass")
async def test_legacy_saving_loading(legacy_data, hass): """Test in legacy mode saving and loading JSON.""" legacy_data.add_auth("test-user", "test-pass") legacy_data.add_auth("second-user", "second-pass") await legacy_data.async_save() legacy_data = hass_auth.Data(hass) await legacy_data.async_load() legacy_data.is_legacy = True legacy_data.validate_login("test-user", "test-pass") legacy_data.validate_login("second-user", "second-pass") with pytest.raises(hass_auth.InvalidAuth): legacy_data.validate_login("test-user ", "test-pass")
async def test_pbkdf2_to_bcrypt_hash_upgrade_with_incorrect_pass( hass_storage, hass): """Test migrating user from pbkdf2 hash to bcrypt hash.""" hass_storage[hass_auth.STORAGE_KEY] = { 'version': hass_auth.STORAGE_VERSION, 'key': hass_auth.STORAGE_KEY, 'data': { 'salt': '09c52f0b120eaa7dea5f73f9a9b985f3d493b30a08f3f2945ef613' '0b08e6a3ea', 'users': [{ 'password': '******' 'BM1SpvT6A8ZFael5+deCt+s+43J08IcztnguouHSw==', 'username': '******' }] }, } data = hass_auth.Data(hass) await data.async_load() orig_user_hash = base64.b64decode( hass_storage[hass_auth.STORAGE_KEY]['data']['users'][0]['password']) # Make sure invalid legacy passwords fail with pytest.raises(hass_auth.InvalidAuth): await hass.async_add_executor_job(data.validate_login, 'legacyuser', 'wine') # Make sure we don't change the password/hash when password is incorrect with pytest.raises(hass_auth.InvalidAuth): await hass.async_add_executor_job(data.validate_login, 'legacyuser', 'wine') same_user_hash = base64.b64decode( hass_storage[hass_auth.STORAGE_KEY]['data']['users'][0]['password']) assert orig_user_hash == same_user_hash
def legacy_data(hass): """Create a loaded legacy data class.""" data = hass_auth.Data(hass) hass.loop.run_until_complete(data.async_load()) data.is_legacy = True return data
def data(hass): """Create a loaded data class.""" data = hass_auth.Data(hass) hass.loop.run_until_complete(data.async_load()) return data