1 | require 'spec_helper'
|
---|
2 |
|
---|
3 | describe 'pw_hash' do
|
---|
4 |
|
---|
5 | it { is_expected.not_to eq(nil) }
|
---|
6 |
|
---|
7 | context 'when there are less than 3 arguments' do
|
---|
8 | it { is_expected.to run.with_params().and_raise_error(ArgumentError, /wrong number of arguments/i) }
|
---|
9 | it { is_expected.to run.with_params('password').and_raise_error(ArgumentError, /wrong number of arguments/i) }
|
---|
10 | it { is_expected.to run.with_params('password', 'sha-256').and_raise_error(ArgumentError, /wrong number of arguments/i) }
|
---|
11 | end
|
---|
12 |
|
---|
13 | context 'when there are more than 3 arguments' do
|
---|
14 | it { is_expected.to run.with_params('password', 'sha-256', 'salt', 'extra').and_raise_error(ArgumentError, /wrong number of arguments/i) }
|
---|
15 | it { is_expected.to run.with_params('password', 'sha-256', 'salt', 'extra', 'extra').and_raise_error(ArgumentError, /wrong number of arguments/i) }
|
---|
16 | end
|
---|
17 |
|
---|
18 | context 'when the first argument is not a string' do
|
---|
19 | it { is_expected.to run.with_params([], 'sha-256', 'salt').and_raise_error(ArgumentError, /first argument must be a string/) }
|
---|
20 | it { is_expected.to run.with_params({}, 'sha-256', 'salt').and_raise_error(ArgumentError, /first argument must be a string/) }
|
---|
21 | it { is_expected.to run.with_params(1, 'sha-256', 'salt').and_raise_error(ArgumentError, /first argument must be a string/) }
|
---|
22 | it { is_expected.to run.with_params(true, 'sha-256', 'salt').and_raise_error(ArgumentError, /first argument must be a string/) }
|
---|
23 | end
|
---|
24 |
|
---|
25 | context 'when the first argument is undefined' do
|
---|
26 | it { is_expected.to run.with_params('', 'sha-256', 'salt').and_return(nil) }
|
---|
27 | it { is_expected.to run.with_params(nil, 'sha-256', 'salt').and_return(nil) }
|
---|
28 | end
|
---|
29 |
|
---|
30 | context 'when the second argument is not a string' do
|
---|
31 | it { is_expected.to run.with_params('password', [], 'salt').and_raise_error(ArgumentError, /second argument must be a string/) }
|
---|
32 | it { is_expected.to run.with_params('password', {}, 'salt').and_raise_error(ArgumentError, /second argument must be a string/) }
|
---|
33 | it { is_expected.to run.with_params('password', 1, 'salt').and_raise_error(ArgumentError, /second argument must be a string/) }
|
---|
34 | it { is_expected.to run.with_params('password', true, 'salt').and_raise_error(ArgumentError, /second argument must be a string/) }
|
---|
35 | end
|
---|
36 |
|
---|
37 | context 'when the second argument is not one of the supported hashing algorithms' do
|
---|
38 | it { is_expected.to run.with_params('password', 'no such algo', 'salt').and_raise_error(ArgumentError, /is not a valid hash type/) }
|
---|
39 | end
|
---|
40 |
|
---|
41 | context 'when the third argument is not a string' do
|
---|
42 | it { is_expected.to run.with_params('password', 'sha-256', []).and_raise_error(ArgumentError, /third argument must be a string/) }
|
---|
43 | it { is_expected.to run.with_params('password', 'sha-256', {}).and_raise_error(ArgumentError, /third argument must be a string/) }
|
---|
44 | it { is_expected.to run.with_params('password', 'sha-256', 1).and_raise_error(ArgumentError, /third argument must be a string/) }
|
---|
45 | it { is_expected.to run.with_params('password', 'sha-256', true).and_raise_error(ArgumentError, /third argument must be a string/) }
|
---|
46 | end
|
---|
47 |
|
---|
48 | context 'when the third argument is empty' do
|
---|
49 | it { is_expected.to run.with_params('password', 'sha-512', '').and_raise_error(ArgumentError, /third argument must not be empty/) }
|
---|
50 | end
|
---|
51 |
|
---|
52 | context 'when the third argument contains invalid characters' do
|
---|
53 | it { is_expected.to run.with_params('password', 'sha-512', 'one%').and_raise_error(ArgumentError, /characters in salt must be in the set/) }
|
---|
54 | end
|
---|
55 |
|
---|
56 | context 'when running on a platform with a weak String#crypt implementation' do
|
---|
57 | before(:each) { allow_any_instance_of(String).to receive(:crypt).with('$1$1').and_return('a bad hash') }
|
---|
58 |
|
---|
59 | it { is_expected.to run.with_params('password', 'sha-512', 'salt').and_raise_error(Puppet::ParseError, /system does not support enhanced salts/) }
|
---|
60 | end
|
---|
61 |
|
---|
62 | if RUBY_PLATFORM == 'java' or 'test'.crypt('$1$1') == '$1$1$Bp8CU9Oujr9SSEw53WV6G.'
|
---|
63 | describe "on systems with enhanced salts support" do
|
---|
64 | it { is_expected.to run.with_params('password', 'md5', 'salt').and_return('$1$salt$qJH7.N4xYta3aEG/dfqo/0') }
|
---|
65 | it { is_expected.to run.with_params('password', 'sha-256', 'salt').and_return('$5$salt$Gcm6FsVtF/Qa77ZKD.iwsJlCVPY0XSMgLJL0Hnww/c1') }
|
---|
66 | it { is_expected.to run.with_params('password', 'sha-512', 'salt').and_return('$6$salt$IxDD3jeSOb5eB1CX5LBsqZFVkJdido3OUILO5Ifz5iwMuTS4XMS130MTSuDDl3aCI6WouIL9AjRbLCelDCy.g.') }
|
---|
67 | end
|
---|
68 | end
|
---|
69 | end
|
---|