X-Git-Url: https://code.wpia.club/?a=blobdiff_plain;ds=sidebyside;f=tests%2Fclub%2Fwpia%2Fgigi%2Futil%2FTestPasswordMigration.java;h=1ad8ae8a04a55ad829a1f8b78bc7509a35dc0575;hb=438fd561b46bfcfd28ad29ffd13a38d22fe21462;hp=17544a0bdc610737aa0af8be9771f3c5f2de614d;hpb=bccd4cc0dba0f89aa045b113bac46eb8cc1dab4e;p=gigi.git

diff --git a/tests/club/wpia/gigi/util/TestPasswordMigration.java b/tests/club/wpia/gigi/util/TestPasswordMigration.java
index 17544a0b..1ad8ae8a 100644
--- a/tests/club/wpia/gigi/util/TestPasswordMigration.java
+++ b/tests/club/wpia/gigi/util/TestPasswordMigration.java
@@ -12,29 +12,39 @@ import club.wpia.gigi.database.GigiPreparedStatement;
 import club.wpia.gigi.database.GigiResultSet;
 import club.wpia.gigi.testUtils.ManagedTest;
 import club.wpia.gigi.testUtils.RegisteredUser;
-import club.wpia.gigi.util.PasswordHash;
 
 public class TestPasswordMigration extends ManagedTest {
 
     @Rule
     public RegisteredUser ru = new RegisteredUser();
 
+    /**
+     * Gigi used to support plain SHA-1 password hashes, for compatibility with
+     * legacy software. Since there currently is only one accepted hash format,
+     * this test now verifies that plain SHA-1 hashes are no longer accepted nor
+     * migrated to more recent hash formats.
+     *
+     * @see PasswordHash.verifyHash
+     * @see PasswordHash.hash
+     * @throws IOException
+     */
     @Test
-    public void testPasswordMigration() throws IOException {
+    public void testNoSHA1PasswordMigration() throws IOException {
         try (GigiPreparedStatement stmt = new GigiPreparedStatement("UPDATE users SET `password`=? WHERE id=?")) {
-            stmt.setString(1, PasswordHash.sha1("a"));
+            stmt.setString(1, "86f7e437faa5a7fce15d1ddcb9eaeaea377667b8"); // sha1("a")
             stmt.setInt(2, ru.getUser().getId());
             stmt.execute();
         }
+
         String cookie = login(ru.getUser().getEmail(), "a");
-        assertTrue(isLoggedin(cookie));
+        assertFalse(isLoggedin(cookie));
 
         try (GigiPreparedStatement stmt = new GigiPreparedStatement("SELECT `password` FROM users WHERE id=?")) {
             stmt.setInt(1, ru.getUser().getId());
             GigiResultSet res = stmt.executeQuery();
             assertTrue(res.next());
             String newHash = res.getString(1);
-            assertThat(newHash, containsString("$"));
+            assertThat(newHash, not(containsString("$")));
         }
     }
 }