public void passwords_are_unique()
{
IPasswordService pwd =
new PasswordService(
new SHA512HashingService(),
((int)conf
.GetSection("Account")
.GetSection("Security")
.GetValue(
typeof(int),
"PasswordMinLength")),
((int)conf
.GetSection("Account")
.GetSection("Security")
.GetValue(
typeof(int),
"PasswordMaxLength")));
byte[] salt1, salt2;
byte[] correctpass1 = pwd.CreatePassword("hellothereguy123@A", out salt1),
correctpass2 = pwd.CreatePassword("hellothereguy123@A", out salt2);
Assert.NotNull(correctpass1);
Assert.NotNull(correctpass2);
Assert.NotNull(salt1);
Assert.NotNull(salt2);
Assert.True(correctpass1.Length == 64);
Assert.True(correctpass2.Length == 64);
//make sure salt is different
Assert.NotEqual(correctpass1, correctpass2);
Assert.NotEqual(salt1, salt2);
}
public void password_service_compares_passwords_correctly()
{
IPasswordService ps = new PasswordService(new SHA512HashingService(), 8, 32);
string rawPassword = "******";
byte[]
s1,
s2,
s3;
byte[]
h1 = ps.CreatePassword(rawPassword, out s1),
h2 = ps.CreatePassword(rawPassword, out s2),
h3 = ps.CreatePassword(rawPassword, out s3);
//passwords should match with their correct salt
Assert.True(ps.ComparePasswords(rawPassword, h1, s1));
Assert.True(ps.ComparePasswords(rawPassword, h2, s2));
Assert.True(ps.ComparePasswords(rawPassword, h3, s3));
//passwords shouldn't match with incorrect salt
Assert.False(ps.ComparePasswords(rawPassword, h1, s2));
Assert.False(ps.ComparePasswords(rawPassword, h1, s3));
Assert.False(ps.ComparePasswords(rawPassword, h2, s1));
Assert.False(ps.ComparePasswords(rawPassword, h2, s3));
Assert.False(ps.ComparePasswords(rawPassword, h3, s1));
Assert.False(ps.ComparePasswords(rawPassword, h3, s2));
}
public void password_follows_password_pattern_when_created()
{
IPasswordService ps = new PasswordService(new SHA512HashingService(), 8, 32);
byte[] s;
//correct character combination: number, special, upper and lower case letter
Assert.True(ps.CreatePassword("Test123@bc", out s) != null);
//password empty
Assert.Throws <ArgumentNullException>(() => ps.CreatePassword("", out s));
//password null
Assert.Throws <ArgumentNullException>(() => ps.CreatePassword(null, out s));
//too short
Assert.Throws <ArgumentOutOfRangeException>(() => ps.CreatePassword("ki", out s));
//too long
Assert.Throws <ArgumentOutOfRangeException>(() =>
ps.CreatePassword(
"2314353453452345234523452345345345345345tg5446un 47j7%¤/#B&/B#B&7n67567657474756756754745",
out s));
//invalid character combinations
Assert.Throws <ArgumentOutOfRangeException>(() => ps.CreatePassword("abcdefg1234", out s));
Assert.Throws <ArgumentOutOfRangeException>(() => ps.CreatePassword("!QWerdggh", out s));
Assert.Throws <ArgumentOutOfRangeException>(() => ps.CreatePassword("avbcvb!!", out s));
Assert.Throws <ArgumentOutOfRangeException>(() => ps.CreatePassword("invt&&!!1", out s));
}
public void passwords_compared_correctly()
{
IPasswordService pwd =
new PasswordService(
new SHA512HashingService(),
((int)conf
.GetSection("Account")
.GetSection("Security")
.GetValue(
typeof(int),
"PasswordMinLength")),
((int)conf
.GetSection("Account")
.GetSection("Security")
.GetValue(
typeof(int),
"PasswordMaxLength")));
string passString = "hellothereguy123A!";
byte[] salt1 = new byte[32];
byte[] correctpass1 = pwd.CreatePassword(passString, out salt1);
Assert.NotNull(correctpass1);
Assert.NotNull(salt1);
Assert.True(correctpass1.Length == 64);
Assert.True(pwd.ComparePasswords(passString, correctpass1, salt1));
Assert.False(pwd.ComparePasswords("notthesamepassword?A1", correctpass1, salt1));
}
public void passwordservice_returns_correct_hash()
{
IPasswordService pwd =
new PasswordService(
new SHA512HashingService(),
((int)conf
.GetSection("Account")
.GetSection("Security")
.GetValue(
typeof(int),
"PasswordMinLength")),
((int)conf
.GetSection("Account")
.GetSection("Security")
.GetValue(
typeof(int),
"PasswordMaxLength")));
byte[] salt1,
salt2,
salt3;
//correct passwords
byte[] correctpass1 = pwd.CreatePassword("he1llothereguy!Q", out salt1);
byte[] correctpass2 = pwd.CreatePassword("helloth!@Sereguy2", out salt2);
//incorrect length
Assert.Throws <ArgumentOutOfRangeException>(() => pwd.CreatePassword("hel1!", out salt3));
//incorrect character set (no A-Z)
Assert.Throws <ArgumentOutOfRangeException>(() => pwd.CreatePassword("hel1!rrrrrr", out salt3));
Assert.NotNull(correctpass1);
Assert.NotNull(correctpass2);
Assert.NotNull(salt1);
Assert.NotNull(salt2);
Assert.True(correctpass1.Length == 64);
Assert.True(correctpass2.Length == 64);
Assert.NotEqual(correctpass1, correctpass2);
}
public void testdb_can_create_user()
{
ClearTestDB();
string connectionString = conf.GetSection("ConnectionStrings")["mariaTest"];
IPasswordService pwd =
new PasswordService(
new SHA512HashingService(),
((int)conf
.GetSection("Account")
.GetSection("Security")
.GetValue(
typeof(int),
"PasswordMinLength")),
((int)conf
.GetSection("Account")
.GetSection("Security")
.GetValue(
typeof(int),
"PasswordMaxLength")));
IRepository <Customer, CustomerParams> repo =
new CustomerRepository(
new MySqlConnection(connectionString),
new EmptyLogger());
byte[] p, s = new byte[32];
p = pwd.CreatePassword("goodpassword12@B", out s);
Customer cust = repo.Insert(
new CustomerParams
{
Key = null,
Customer = new Customer(
"*****@*****.**",
"guy",
"man",
4100,
"road",
"road number",
p,
s)
});
Assert.NotNull(cust);
Assert.True(cust.FirstName.Equals("guy"));
Assert.True(cust.LastName.Equals("man"));
Assert.True(cust.Email.Equals($"*****@*****.**"));
Assert.True(cust.Street.Equals("road"));
Assert.True(cust.StreetNumber.Equals("road number"));
}
public void password_service_generates_random_salt()
{
IPasswordService ps = new PasswordService(new SHA512HashingService(), 8, 32);
byte[][] salts = new byte[100][];
//generate salts
for (int i = 0; i < 100; i++)
{
ps.CreatePassword("Test123@", out salts[i]);
}
//compare all salt values
bool saltsMatch = false;
for (int i = 0; i < 100; i++)
{
for (int s = 0; s < 100; s++)
{
//salt on the same index will be the same of course, so skip this
if (i == s)
{
continue;
}
for (int a = 0; a < 32; a++)
{
//find different salt byte
if (salts[i][a] != salts[s][a])
{
break;
}
//if salt is the same, set to true
if (a == 31)
{
saltsMatch = true;
}
}
}
}
Assert.False(saltsMatch);
}
