def test_password_hash_filter_no_passlib():
with passlib_off():
assert not encrypt.PASSLIB_AVAILABLE
assert get_encrypted_password("123", "md5", salt="12345678") == "$1$12345678$tRy4cXc3kmcfRZVj4iFXr/"
with pytest.raises(AnsibleFilterError):
get_encrypted_password("123", "crypt16", salt="12")
def TestInput(input_bytes):
if len(input_bytes) < 50:
return
fdp = atheris.FuzzedDataProvider(input_bytes)
try:
for h in [ "md5", "sha512", "pbkdf2_sha256", "crypt16" ]:
get_encrypted_password(
fdp.ConsumeString(20),
h,
salt=fdp.ConsumeString(20)
)
except errors.AnsibleFilterError as e:
pass
def test_password_hash_filter_passlib():
with pytest.raises(AnsibleFilterError):
get_encrypted_password("123", "sha257", salt="12345678")
# Uses 5000 rounds by default for sha256 matching crypt behaviour
assert get_encrypted_password(
"123", "sha256", salt="12345678"
) == "$5$12345678$uAZsE3BenI2G.nA8DpTl.9Dc8JiqacI53pEqRr5ppT7"
assert get_encrypted_password(
"123", "sha256", salt="12345678", rounds=5000
) == "$5$12345678$uAZsE3BenI2G.nA8DpTl.9Dc8JiqacI53pEqRr5ppT7"
assert (
get_encrypted_password("123", "sha256", salt="12345678",
rounds=10000) ==
"$5$rounds=10000$12345678$JBinliYMFEcBeAXKZnLjenhgEhTmJBvZn3aR8l70Oy/")
assert (
get_encrypted_password("123", "sha512", salt="12345678",
rounds=6000) ==
"$6$rounds=6000$12345678$l/fC67BdJwZrJ7qneKGP1b6PcatfBr0dI7W6JLBrsv8P1wnv/0pu4WJsWq5p6WiXgZ2gt9Aoir3MeORJxg4.Z/"
)
assert (
get_encrypted_password("123", "sha512", salt="12345678",
rounds=5000) ==
"$6$12345678$LcV9LQiaPekQxZ.OfkMADjFdSO2k9zfbDQrHPVcYjSLqSdjLYpsgqviYvTEP/R41yPmhH3CCeEDqVhW1VHr3L."
)
assert get_encrypted_password("123", "crypt16",
salt="12") == "12pELHK2ME3McUFlHxel6uMM"
# Try algorithm that uses a raw salt
assert get_encrypted_password("123", "pbkdf2_sha256")
# Try algorithm with ident
assert get_encrypted_password("123",
"pbkdf2_sha256",
ident='invalid_ident')
