| 1 | require 'spec_helper'
|
|---|
| 2 |
|
|---|
| 3 | describe 'pw_hash' do
|
|---|
| 4 |
|
|---|
| 5 | it { is_expected.not_to eq(nil) }
|
|---|
| 6 |
|
|---|
| 7 | context 'when there are less than 3 arguments' do
|
|---|
| 8 | it { is_expected.to run.with_params().and_raise_error(ArgumentError, /wrong number of arguments/i) }
|
|---|
| 9 | it { is_expected.to run.with_params('password').and_raise_error(ArgumentError, /wrong number of arguments/i) }
|
|---|
| 10 | it { is_expected.to run.with_params('password', 'sha-256').and_raise_error(ArgumentError, /wrong number of arguments/i) }
|
|---|
| 11 | end
|
|---|
| 12 |
|
|---|
| 13 | context 'when there are more than 3 arguments' do
|
|---|
| 14 | it { is_expected.to run.with_params('password', 'sha-256', 'salt', 'extra').and_raise_error(ArgumentError, /wrong number of arguments/i) }
|
|---|
| 15 | it { is_expected.to run.with_params('password', 'sha-256', 'salt', 'extra', 'extra').and_raise_error(ArgumentError, /wrong number of arguments/i) }
|
|---|
| 16 | end
|
|---|
| 17 |
|
|---|
| 18 | context 'when the first argument is not a string' do
|
|---|
| 19 | it { is_expected.to run.with_params([], 'sha-256', 'salt').and_raise_error(ArgumentError, /first argument must be a string/) }
|
|---|
| 20 | it { is_expected.to run.with_params({}, 'sha-256', 'salt').and_raise_error(ArgumentError, /first argument must be a string/) }
|
|---|
| 21 | it { is_expected.to run.with_params(1, 'sha-256', 'salt').and_raise_error(ArgumentError, /first argument must be a string/) }
|
|---|
| 22 | it { is_expected.to run.with_params(true, 'sha-256', 'salt').and_raise_error(ArgumentError, /first argument must be a string/) }
|
|---|
| 23 | end
|
|---|
| 24 |
|
|---|
| 25 | context 'when the first argument is undefined' do
|
|---|
| 26 | it { is_expected.to run.with_params('', 'sha-256', 'salt').and_return(nil) }
|
|---|
| 27 | it { is_expected.to run.with_params(nil, 'sha-256', 'salt').and_return(nil) }
|
|---|
| 28 | end
|
|---|
| 29 |
|
|---|
| 30 | context 'when the second argument is not a string' do
|
|---|
| 31 | it { is_expected.to run.with_params('password', [], 'salt').and_raise_error(ArgumentError, /second argument must be a string/) }
|
|---|
| 32 | it { is_expected.to run.with_params('password', {}, 'salt').and_raise_error(ArgumentError, /second argument must be a string/) }
|
|---|
| 33 | it { is_expected.to run.with_params('password', 1, 'salt').and_raise_error(ArgumentError, /second argument must be a string/) }
|
|---|
| 34 | it { is_expected.to run.with_params('password', true, 'salt').and_raise_error(ArgumentError, /second argument must be a string/) }
|
|---|
| 35 | end
|
|---|
| 36 |
|
|---|
| 37 | context 'when the second argument is not one of the supported hashing algorithms' do
|
|---|
| 38 | it { is_expected.to run.with_params('password', 'no such algo', 'salt').and_raise_error(ArgumentError, /is not a valid hash type/) }
|
|---|
| 39 | end
|
|---|
| 40 |
|
|---|
| 41 | context 'when the third argument is not a string' do
|
|---|
| 42 | it { is_expected.to run.with_params('password', 'sha-256', []).and_raise_error(ArgumentError, /third argument must be a string/) }
|
|---|
| 43 | it { is_expected.to run.with_params('password', 'sha-256', {}).and_raise_error(ArgumentError, /third argument must be a string/) }
|
|---|
| 44 | it { is_expected.to run.with_params('password', 'sha-256', 1).and_raise_error(ArgumentError, /third argument must be a string/) }
|
|---|
| 45 | it { is_expected.to run.with_params('password', 'sha-256', true).and_raise_error(ArgumentError, /third argument must be a string/) }
|
|---|
| 46 | end
|
|---|
| 47 |
|
|---|
| 48 | context 'when the third argument is empty' do
|
|---|
| 49 | it { is_expected.to run.with_params('password', 'sha-512', '').and_raise_error(ArgumentError, /third argument must not be empty/) }
|
|---|
| 50 | end
|
|---|
| 51 |
|
|---|
| 52 | context 'when the third argument contains invalid characters' do
|
|---|
| 53 | it { is_expected.to run.with_params('password', 'sha-512', 'one%').and_raise_error(ArgumentError, /characters in salt must be in the set/) }
|
|---|
| 54 | end
|
|---|
| 55 |
|
|---|
| 56 | context 'when running on a platform with a weak String#crypt implementation' do
|
|---|
| 57 | before(:each) { allow_any_instance_of(String).to receive(:crypt).with('$1$1').and_return('a bad hash') }
|
|---|
| 58 |
|
|---|
| 59 | it { is_expected.to run.with_params('password', 'sha-512', 'salt').and_raise_error(Puppet::ParseError, /system does not support enhanced salts/) }
|
|---|
| 60 | end
|
|---|
| 61 |
|
|---|
| 62 | if RUBY_PLATFORM == 'java' or 'test'.crypt('$1$1') == '$1$1$Bp8CU9Oujr9SSEw53WV6G.'
|
|---|
| 63 | describe "on systems with enhanced salts support" do
|
|---|
| 64 | it { is_expected.to run.with_params('password', 'md5', 'salt').and_return('$1$salt$qJH7.N4xYta3aEG/dfqo/0') }
|
|---|
| 65 | it { is_expected.to run.with_params('password', 'sha-256', 'salt').and_return('$5$salt$Gcm6FsVtF/Qa77ZKD.iwsJlCVPY0XSMgLJL0Hnww/c1') }
|
|---|
| 66 | it { is_expected.to run.with_params('password', 'sha-512', 'salt').and_return('$6$salt$IxDD3jeSOb5eB1CX5LBsqZFVkJdido3OUILO5Ifz5iwMuTS4XMS130MTSuDDl3aCI6WouIL9AjRbLCelDCy.g.') }
|
|---|
| 67 | end
|
|---|
| 68 | end
|
|---|
| 69 | end
|
|---|
