def test_password_hash_filter_no_passlib(): with passlib_off(): assert not encrypt.PASSLIB_AVAILABLE assert get_encrypted_password("123", "md5", salt="12345678") == "$1$12345678$tRy4cXc3kmcfRZVj4iFXr/" with pytest.raises(AnsibleFilterError): get_encrypted_password("123", "crypt16", salt="12")
def TestInput(input_bytes): if len(input_bytes) < 50: return fdp = atheris.FuzzedDataProvider(input_bytes) try: for h in [ "md5", "sha512", "pbkdf2_sha256", "crypt16" ]: get_encrypted_password( fdp.ConsumeString(20), h, salt=fdp.ConsumeString(20) ) except errors.AnsibleFilterError as e: pass
def test_password_hash_filter_passlib(): with pytest.raises(AnsibleFilterError): get_encrypted_password("123", "sha257", salt="12345678") # Uses 5000 rounds by default for sha256 matching crypt behaviour assert get_encrypted_password( "123", "sha256", salt="12345678" ) == "$5$12345678$uAZsE3BenI2G.nA8DpTl.9Dc8JiqacI53pEqRr5ppT7" assert get_encrypted_password( "123", "sha256", salt="12345678", rounds=5000 ) == "$5$12345678$uAZsE3BenI2G.nA8DpTl.9Dc8JiqacI53pEqRr5ppT7" assert ( get_encrypted_password("123", "sha256", salt="12345678", rounds=10000) == "$5$rounds=10000$12345678$JBinliYMFEcBeAXKZnLjenhgEhTmJBvZn3aR8l70Oy/") assert ( get_encrypted_password("123", "sha512", salt="12345678", rounds=6000) == "$6$rounds=6000$12345678$l/fC67BdJwZrJ7qneKGP1b6PcatfBr0dI7W6JLBrsv8P1wnv/0pu4WJsWq5p6WiXgZ2gt9Aoir3MeORJxg4.Z/" ) assert ( get_encrypted_password("123", "sha512", salt="12345678", rounds=5000) == "$6$12345678$LcV9LQiaPekQxZ.OfkMADjFdSO2k9zfbDQrHPVcYjSLqSdjLYpsgqviYvTEP/R41yPmhH3CCeEDqVhW1VHr3L." ) assert get_encrypted_password("123", "crypt16", salt="12") == "12pELHK2ME3McUFlHxel6uMM" # Try algorithm that uses a raw salt assert get_encrypted_password("123", "pbkdf2_sha256") # Try algorithm with ident assert get_encrypted_password("123", "pbkdf2_sha256", ident='invalid_ident')