public void passwords_are_unique() { IPasswordService pwd = new PasswordService( new SHA512HashingService(), ((int)conf .GetSection("Account") .GetSection("Security") .GetValue( typeof(int), "PasswordMinLength")), ((int)conf .GetSection("Account") .GetSection("Security") .GetValue( typeof(int), "PasswordMaxLength"))); byte[] salt1, salt2; byte[] correctpass1 = pwd.CreatePassword("hellothereguy123@A", out salt1), correctpass2 = pwd.CreatePassword("hellothereguy123@A", out salt2); Assert.NotNull(correctpass1); Assert.NotNull(correctpass2); Assert.NotNull(salt1); Assert.NotNull(salt2); Assert.True(correctpass1.Length == 64); Assert.True(correctpass2.Length == 64); //make sure salt is different Assert.NotEqual(correctpass1, correctpass2); Assert.NotEqual(salt1, salt2); }
public void password_service_compares_passwords_correctly() { IPasswordService ps = new PasswordService(new SHA512HashingService(), 8, 32); string rawPassword = "******"; byte[] s1, s2, s3; byte[] h1 = ps.CreatePassword(rawPassword, out s1), h2 = ps.CreatePassword(rawPassword, out s2), h3 = ps.CreatePassword(rawPassword, out s3); //passwords should match with their correct salt Assert.True(ps.ComparePasswords(rawPassword, h1, s1)); Assert.True(ps.ComparePasswords(rawPassword, h2, s2)); Assert.True(ps.ComparePasswords(rawPassword, h3, s3)); //passwords shouldn't match with incorrect salt Assert.False(ps.ComparePasswords(rawPassword, h1, s2)); Assert.False(ps.ComparePasswords(rawPassword, h1, s3)); Assert.False(ps.ComparePasswords(rawPassword, h2, s1)); Assert.False(ps.ComparePasswords(rawPassword, h2, s3)); Assert.False(ps.ComparePasswords(rawPassword, h3, s1)); Assert.False(ps.ComparePasswords(rawPassword, h3, s2)); }
public void password_follows_password_pattern_when_created() { IPasswordService ps = new PasswordService(new SHA512HashingService(), 8, 32); byte[] s; //correct character combination: number, special, upper and lower case letter Assert.True(ps.CreatePassword("Test123@bc", out s) != null); //password empty Assert.Throws <ArgumentNullException>(() => ps.CreatePassword("", out s)); //password null Assert.Throws <ArgumentNullException>(() => ps.CreatePassword(null, out s)); //too short Assert.Throws <ArgumentOutOfRangeException>(() => ps.CreatePassword("ki", out s)); //too long Assert.Throws <ArgumentOutOfRangeException>(() => ps.CreatePassword( "2314353453452345234523452345345345345345tg5446un 47j7%¤/#B&/B#B&7n67567657474756756754745", out s)); //invalid character combinations Assert.Throws <ArgumentOutOfRangeException>(() => ps.CreatePassword("abcdefg1234", out s)); Assert.Throws <ArgumentOutOfRangeException>(() => ps.CreatePassword("!QWerdggh", out s)); Assert.Throws <ArgumentOutOfRangeException>(() => ps.CreatePassword("avbcvb!!", out s)); Assert.Throws <ArgumentOutOfRangeException>(() => ps.CreatePassword("invt&&!!1", out s)); }
public void passwords_compared_correctly() { IPasswordService pwd = new PasswordService( new SHA512HashingService(), ((int)conf .GetSection("Account") .GetSection("Security") .GetValue( typeof(int), "PasswordMinLength")), ((int)conf .GetSection("Account") .GetSection("Security") .GetValue( typeof(int), "PasswordMaxLength"))); string passString = "hellothereguy123A!"; byte[] salt1 = new byte[32]; byte[] correctpass1 = pwd.CreatePassword(passString, out salt1); Assert.NotNull(correctpass1); Assert.NotNull(salt1); Assert.True(correctpass1.Length == 64); Assert.True(pwd.ComparePasswords(passString, correctpass1, salt1)); Assert.False(pwd.ComparePasswords("notthesamepassword?A1", correctpass1, salt1)); }
public void passwordservice_returns_correct_hash() { IPasswordService pwd = new PasswordService( new SHA512HashingService(), ((int)conf .GetSection("Account") .GetSection("Security") .GetValue( typeof(int), "PasswordMinLength")), ((int)conf .GetSection("Account") .GetSection("Security") .GetValue( typeof(int), "PasswordMaxLength"))); byte[] salt1, salt2, salt3; //correct passwords byte[] correctpass1 = pwd.CreatePassword("he1llothereguy!Q", out salt1); byte[] correctpass2 = pwd.CreatePassword("helloth!@Sereguy2", out salt2); //incorrect length Assert.Throws <ArgumentOutOfRangeException>(() => pwd.CreatePassword("hel1!", out salt3)); //incorrect character set (no A-Z) Assert.Throws <ArgumentOutOfRangeException>(() => pwd.CreatePassword("hel1!rrrrrr", out salt3)); Assert.NotNull(correctpass1); Assert.NotNull(correctpass2); Assert.NotNull(salt1); Assert.NotNull(salt2); Assert.True(correctpass1.Length == 64); Assert.True(correctpass2.Length == 64); Assert.NotEqual(correctpass1, correctpass2); }
public void testdb_can_create_user() { ClearTestDB(); string connectionString = conf.GetSection("ConnectionStrings")["mariaTest"]; IPasswordService pwd = new PasswordService( new SHA512HashingService(), ((int)conf .GetSection("Account") .GetSection("Security") .GetValue( typeof(int), "PasswordMinLength")), ((int)conf .GetSection("Account") .GetSection("Security") .GetValue( typeof(int), "PasswordMaxLength"))); IRepository <Customer, CustomerParams> repo = new CustomerRepository( new MySqlConnection(connectionString), new EmptyLogger()); byte[] p, s = new byte[32]; p = pwd.CreatePassword("goodpassword12@B", out s); Customer cust = repo.Insert( new CustomerParams { Key = null, Customer = new Customer( "*****@*****.**", "guy", "man", 4100, "road", "road number", p, s) }); Assert.NotNull(cust); Assert.True(cust.FirstName.Equals("guy")); Assert.True(cust.LastName.Equals("man")); Assert.True(cust.Email.Equals($"*****@*****.**")); Assert.True(cust.Street.Equals("road")); Assert.True(cust.StreetNumber.Equals("road number")); }
public void password_service_generates_random_salt() { IPasswordService ps = new PasswordService(new SHA512HashingService(), 8, 32); byte[][] salts = new byte[100][]; //generate salts for (int i = 0; i < 100; i++) { ps.CreatePassword("Test123@", out salts[i]); } //compare all salt values bool saltsMatch = false; for (int i = 0; i < 100; i++) { for (int s = 0; s < 100; s++) { //salt on the same index will be the same of course, so skip this if (i == s) { continue; } for (int a = 0; a < 32; a++) { //find different salt byte if (salts[i][a] != salts[s][a]) { break; } //if salt is the same, set to true if (a == 31) { saltsMatch = true; } } } } Assert.False(saltsMatch); }