1 package club.wpia.gigi.util;
3 import static org.hamcrest.CoreMatchers.*;
4 import static org.junit.Assert.*;
6 import java.io.IOException;
11 import club.wpia.gigi.database.GigiPreparedStatement;
12 import club.wpia.gigi.database.GigiResultSet;
13 import club.wpia.gigi.testUtils.ManagedTest;
14 import club.wpia.gigi.testUtils.RegisteredUser;
16 public class TestPasswordMigration extends ManagedTest {
19 public RegisteredUser ru = new RegisteredUser();
22 * Gigi used to support plain SHA-1 password hashes, for compatibility with
23 * legacy software. Since there currently is only one accepted hash format,
24 * this test now verifies that plain SHA-1 hashes are no longer accepted nor
25 * migrated to more recent hash formats.
27 * @see PasswordHash.verifyHash
28 * @see PasswordHash.hash
32 public void testNoSHA1PasswordMigration() throws IOException {
33 try (GigiPreparedStatement stmt = new GigiPreparedStatement("UPDATE users SET `password`=? WHERE id=?")) {
34 stmt.setString(1, "86f7e437faa5a7fce15d1ddcb9eaeaea377667b8"); // sha1("a")
35 stmt.setInt(2, ru.getUser().getId());
39 String cookie = login(ru.getUser().getEmail(), "a");
40 assertFalse(isLoggedin(cookie));
42 try (GigiPreparedStatement stmt = new GigiPreparedStatement("SELECT `password` FROM users WHERE id=?")) {
43 stmt.setInt(1, ru.getUser().getId());
44 GigiResultSet res = stmt.executeQuery();
45 assertTrue(res.next());
46 String newHash = res.getString(1);
47 assertThat(newHash, not(containsString("$")));