Merge pull request #3880 from appwrite/fix-improve-rehash-tests

Fix: Improve password hashing e2e tests
2024-06-29 11:40:45 +12:00 · 2022-09-23 00:35:03 +05:30 · 2022-09-23 00:35:03 +05:30 · 9caeb62695
parent f39ed010c7 215c02ac47
commit 9caeb62695
2 changed files with 45 additions and 83 deletions
--- a/composer.lock
+++ b/composer.lock
@ -4124,16 +4124,16 @@
        },
        {
            "name": "sebastian/comparator",
-            "version": "4.0.7",
+            "version": "4.0.8",
            "source": {
                "type": "git",
                "url": "https://github.com/sebastianbergmann/comparator.git",
-                "reference": "7fa545db548c90bdebeb9da0583001a252be5578"
+                "reference": "fa0f136dd2334583309d32b62544682ee972b51a"
            },
            "dist": {
                "type": "zip",
-                "url": "https://api.github.com/repos/sebastianbergmann/comparator/zipball/7fa545db548c90bdebeb9da0583001a252be5578",
-                "reference": "7fa545db548c90bdebeb9da0583001a252be5578",
+                "url": "https://api.github.com/repos/sebastianbergmann/comparator/zipball/fa0f136dd2334583309d32b62544682ee972b51a",
+                "reference": "fa0f136dd2334583309d32b62544682ee972b51a",
                "shasum": ""
            },
            "require": {
@ -4186,7 +4186,7 @@
            ],
            "support": {
                "issues": "https://github.com/sebastianbergmann/comparator/issues",
-                "source": "https://github.com/sebastianbergmann/comparator/tree/4.0.7"
+                "source": "https://github.com/sebastianbergmann/comparator/tree/4.0.8"
            },
            "funding": [
                {
@ -4194,7 +4194,7 @@
                    "type": "github"
                }
            ],
-            "time": "2022-09-14T06:33:43+00:00"
+            "time": "2022-09-14T12:41:17+00:00"
        },
        {
            "name": "sebastian/complexity",
--- a/tests/e2e/Services/Users/UsersBase.php
+++ b/tests/e2e/Services/Users/UsersBase.php
@ -180,89 +180,51 @@ trait UsersBase
     */
    public function testCreateUserSessionHashed(array $data): void
    {
-        $response = $this->client->call(Client::METHOD_POST, '/account/sessions/email', array_merge([
-            'origin' => 'http://localhost',
-            'content-type' => 'application/json',
-            'x-appwrite-project' => $this->getProject()['$id'],
-        ]), [
-            'email' => 'md5@appwrite.io',
-            'password' => 'appwrite',
-        ]);
+        $userIds = [ 'md5', 'bcrypt', 'argon2', 'sha512', 'scrypt', 'phpass', 'scrypt-modified' ];

-        $this->assertEquals($response['headers']['status-code'], 201);
-        $this->assertEquals($response['body']['userId'], 'md5');
+        foreach ($userIds as $userId) {
+            // Ensure sessions can be created with hashed passwords
+            $response = $this->client->call(Client::METHOD_POST, '/account/sessions/email', array_merge([
+                'origin' => 'http://localhost',
+                'content-type' => 'application/json',
+                'x-appwrite-project' => $this->getProject()['$id'],
+            ]), [
+                'email' => $userId . '@appwrite.io',
+                'password' => 'appwrite',
+            ]);

-        $response = $this->client->call(Client::METHOD_POST, '/account/sessions/email', array_merge([
-            'origin' => 'http://localhost',
-            'content-type' => 'application/json',
-            'x-appwrite-project' => $this->getProject()['$id'],
-        ]), [
-            'email' => 'bcrypt@appwrite.io',
-            'password' => 'appwrite',
-        ]);
+            $this->assertEquals(201, $response['headers']['status-code']);
+            $this->assertEquals($userId, $response['body']['userId']);
+        }

-        $this->assertEquals($response['headers']['status-code'], 201);
-        $this->assertEquals($response['body']['userId'], 'bcrypt');
+        foreach ($userIds as $userId) {
+            // Ensure all passwords were re-hashed
+            $response = $this->client->call(Client::METHOD_GET, '/users/' . $userId, array_merge([
+                'content-type' => 'application/json',
+                'x-appwrite-project' => $this->getProject()['$id'],
+            ], $this->getHeaders()), []);

-        $response = $this->client->call(Client::METHOD_POST, '/account/sessions/email', array_merge([
-            'origin' => 'http://localhost',
-            'content-type' => 'application/json',
-            'x-appwrite-project' => $this->getProject()['$id'],
-        ]), [
-            'email' => 'argon2@appwrite.io',
-            'password' => 'appwrite',
-        ]);
+            $this->assertEquals(200, $response['headers']['status-code']);
+            $this->assertEquals($userId, $response['body']['$id']);
+            $this->assertEquals($userId . '@appwrite.io', $response['body']['email']);
+            $this->assertEquals('argon2', $response['body']['hash']);
+            $this->assertStringStartsWith('$argon2', $response['body']['password']);
+        }

-        $this->assertEquals($response['headers']['status-code'], 201);
-        $this->assertEquals($response['body']['userId'], 'argon2');
+        foreach ($userIds as $userId) {
+            // Ensure sessions can be created after re-hashing of passwords
+            $response = $this->client->call(Client::METHOD_POST, '/account/sessions/email', array_merge([
+                'origin' => 'http://localhost',
+                'content-type' => 'application/json',
+                'x-appwrite-project' => $this->getProject()['$id'],
+            ]), [
+                'email' => $userId . '@appwrite.io',
+                'password' => 'appwrite',
+            ]);

-        $response = $this->client->call(Client::METHOD_POST, '/account/sessions/email', array_merge([
-            'origin' => 'http://localhost',
-            'content-type' => 'application/json',
-            'x-appwrite-project' => $this->getProject()['$id'],
-        ]), [
-            'email' => 'sha512@appwrite.io',
-            'password' => 'appwrite',
-        ]);
-
-        $this->assertEquals($response['headers']['status-code'], 201);
-        $this->assertEquals($response['body']['userId'], 'sha512');
-
-        $response = $this->client->call(Client::METHOD_POST, '/account/sessions/email', array_merge([
-            'origin' => 'http://localhost',
-            'content-type' => 'application/json',
-            'x-appwrite-project' => $this->getProject()['$id'],
-        ]), [
-            'email' => 'scrypt@appwrite.io',
-            'password' => 'appwrite',
-        ]);
-
-        $this->assertEquals($response['headers']['status-code'], 201);
-        $this->assertEquals($response['body']['userId'], 'scrypt');
-
-        $response = $this->client->call(Client::METHOD_POST, '/account/sessions/email', array_merge([
-            'origin' => 'http://localhost',
-            'content-type' => 'application/json',
-            'x-appwrite-project' => $this->getProject()['$id'],
-        ]), [
-            'email' => 'phpass@appwrite.io',
-            'password' => 'appwrite',
-        ]);
-
-        $this->assertEquals($response['headers']['status-code'], 201);
-        $this->assertEquals($response['body']['userId'], 'phpass');
-
-        $response = $this->client->call(Client::METHOD_POST, '/account/sessions/email', array_merge([
-            'origin' => 'http://localhost',
-            'content-type' => 'application/json',
-            'x-appwrite-project' => $this->getProject()['$id'],
-        ]), [
-            'email' => 'scrypt-modified@appwrite.io',
-            'password' => 'appwrite',
-        ]);
-
-        $this->assertEquals($response['headers']['status-code'], 201);
-        $this->assertEquals($response['body']['userId'], 'scrypt-modified');
+            $this->assertEquals(201, $response['headers']['status-code']);
+            $this->assertEquals($userId, $response['body']['userId']);
+        }
    }

    /**