From 5a10a9494f4c1c8db23c4c322149bfe7e5caf84c Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Matej=20Ba=C4=8Do?= <matejbaco2000@gmail.com>
Date: Fri, 24 Jun 2022 14:30:39 +0200
Subject: [PATCH] Update SCrypt tests

---
 app/controllers/api/users.php | 38 +++++++++++------------------------
 tests/unit/Auth/AuthTest.php  |  5 +++--
 2 files changed, 15 insertions(+), 28 deletions(-)

diff --git a/app/controllers/api/users.php b/app/controllers/api/users.php
index 149aca5420..892ad774d4 100644
--- a/app/controllers/api/users.php
+++ b/app/controllers/api/users.php
@@ -256,38 +256,24 @@ App::post('/v1/users/import/scrypt')
     ->param('userId', '', new CustomId(), 'User ID. Choose your own unique ID or pass the string "unique()" to auto generate it. Valid chars are a-z, A-Z, 0-9, period, hyphen, and underscore. Can\'t start with a special char. Max length is 36 chars.')
     ->param('email', '', new Email(), 'User email.')
     ->param('password', '', new Password(), 'User password hashed using Scrypt.')
-    ->param('passwordSalt', '', new Text(128), 'Optional salt used to hash password.', true)
-    ->param('passwordCpu', '', new Integer(), 'Optional CPU cost used to hash password.', true)
-    ->param('passwordMemory', '', new Integer(), 'Optional memory cost used to hash password.', true)
-    ->param('passwordParallel', '', new Integer(), 'Optional parallelization cost used to hash password.', true)
-    ->param('passwordLength', '', new Integer(), 'Optional hash length used to hash password.', true)
+    ->param('passwordSalt', '', new Text(128), 'Optional salt used to hash password.')
+    ->param('passwordCpu', '', new Integer(), 'Optional CPU cost used to hash password.')
+    ->param('passwordMemory', '', new Integer(), 'Optional memory cost used to hash password.')
+    ->param('passwordParallel', '', new Integer(), 'Optional parallelization cost used to hash password.')
+    ->param('passwordLength', '', new Integer(), 'Optional hash length used to hash password.')
     ->param('name', '', new Text(128), 'User name. Max length: 128 chars.', true)
     ->inject('response')
     ->inject('dbForProject')
     ->inject('usage')
     ->inject('events')
     ->action(function (string $userId, string $email, string $password, string $passwordSalt, int $passwordCpu, int $passwordMemory, int $passwordParallel, int $passwordLength, string $name, Response $response, Database $dbForProject, Stats $usage, Event $events) {
-        $options = [];
-
-        if (!empty($passwordSalt)) {
-            $options['salt'] = $passwordSalt;
-        }
-
-        if (!empty($passwordCpu)) {
-            $options['costCpu'] = $passwordCpu;
-        }
-
-        if (!empty($passwordMemory)) {
-            $options['costMemory'] = $passwordMemory;
-        }
-
-        if (!empty($passwordParallel)) {
-            $options['costParallel'] = $passwordParallel;
-        }
-
-        if (!empty($passwordLength)) {
-            $options['length'] = $passwordLength;
-        }
+        $options = [
+            'salt' => $passwordSalt,
+            'costCpu' => $passwordCpu,
+            'costMemory' => $passwordMemory,
+            'costParallel' => $passwordParallel,
+            'length' => $passwordLength
+        ];
 
         $user = createUser('scrypt', \json_encode($options), $userId, $email, $password, $name, $dbForProject, $usage, $events);
 
diff --git a/tests/unit/Auth/AuthTest.php b/tests/unit/Auth/AuthTest.php
index 2f201a59ee..8cf1384c1c 100644
--- a/tests/unit/Auth/AuthTest.php
+++ b/tests/unit/Auth/AuthTest.php
@@ -129,8 +129,9 @@ class AuthTest extends TestCase
         $hash = '2bc477f4160e7dc0e6bc6849ffa38a7062fec3800d937ce251cdf552609b94919c623cd07cc36ad600bc8caea8399e6f815a6d7ed96995d495ed70890d359d6d';
         $generatedHash = Auth::passwordHash($plain, 'scrypt');
         $this->assertEquals(true, Auth::passwordVerify($plain, $generatedHash, 'scrypt'));
-        $this->assertEquals(true, Auth::passwordVerify($plain, $hash, 'scrypt', ['length' => 64, 'costCpu' => 16384, 'costMemory' => 12, 'costParallel' => 2]));
-        $this->assertEquals(false, Auth::passwordVerify($plain, $hash, 'scrypt', ['length' => 64, 'costCpu' => 16384, 'costMemory' => 10, 'costParallel' => 2]));
+        $this->assertEquals(true, Auth::passwordVerify($plain, $hash, 'scrypt', [ 'salt' => 'some-salt', 'length' => 64, 'costCpu' => 16384, 'costMemory' => 12, 'costParallel' => 2]));
+        $this->assertEquals(true, Auth::passwordVerify($plain, $hash, 'scrypt', [ 'salt' => 'some-wrong-salt', 'length' => 64, 'costCpu' => 16384, 'costMemory' => 12, 'costParallel' => 2]));
+        $this->assertEquals(false, Auth::passwordVerify($plain, $hash, 'scrypt', [ 'salt' => 'some-salt', 'length' => 64, 'costCpu' => 16384, 'costMemory' => 10, 'costParallel' => 2]));
         $this->assertEquals(false, Auth::passwordVerify('wrongPassword', $hash, 'scrypt', ['length' => 64, 'costCpu' => 16384, 'costMemory' => 12, 'costParallel' => 2]));
 
         // ScryptModified tested are in provider-specific tests below