const chai = require('chai') chai.use(require('chai-as-promised')) chai.should() const { expect } = chai const scrypt = require('..') describe('hashing and verification', function () { it('works', async function () { const pass = 'b4dpa$s' const derived = await scrypt.hash(pass) const [cost, salt, key] = derived.split('.') cost.should.eq('e') salt.length.should.eq(32) key.length.should.eq(86) Buffer.from(key, 'base64url').length.should.eq(64) scrypt.verify(derived, pass).should.eventually.be.true }) }) describe('hashSync() and sync verification', function () { it('works', function () { const pass = 'b4dpa$s' const derived = scrypt.hashSync(pass) const [cost, salt, key] = derived.split('.') cost.should.eq('e') salt.length.should.eq(32) key.length.should.eq(86) Buffer.from(key, 'base64url').length.should.eq(64) scrypt.verifySync(derived, pass).should.be.true }) }) describe('hash() error cases', function () { it('throws an error when it receives an invalid cost value', async function () { scrypt.hash('bad password', { cost: 2.3 }).should.be.rejectedWith(scrypt.InvalidOptions) scrypt.hash('bad password', { cost: 2 /* too small */ }).should.be.rejectedWith(scrypt.InvalidOptions) }) it('throws an error when it receives an invalid keyLength value', async function () { scrypt.hash('bad password', { keyLength: 2.3 }).should.be.rejectedWith(scrypt.InvalidOptions) }) it('throws an error when it receives an invalid saltLength value', async function () { scrypt.hash('bad password', { saltLength: 2.3 }).should.be.rejectedWith(scrypt.InvalidOptions) scrypt.hash('bad password', { saltLength: 15 /* too small */ }).should.be.rejectedWith(scrypt.InvalidOptions) }) it('throws an error when the password is not the right thing', function () { scrypt.hash(undefined).should.eventually.be.rejected scrypt.hash(null).should.eventually.be.rejected scrypt.hash(123.4).should.eventually.be.rejected scrypt.hash(NaN).should.eventually.be.rejected scrypt.hash(['some', 'arbitrary', 'values']).should.eventually.be.rejected scrypt.hash({ some: 'arbitrary values' }).should.eventually.be.rejected scrypt.hash(Symbol('something else')).should.eventually.be.rejected scrypt.hash(() => "no, you can't do this either").should.eventually.be.rejected }) }) describe('hashSync() error cases', function () { it('throws an error when it receives an invalid cost value', async function () { scrypt.hashSync.bind(undefined, 'bad password', { cost: 2.3 }).should.throw(scrypt.InvalidOptions) scrypt.hashSync.bind(undefined, 'bad password', { cost: 2 /* too small */ }).should.throw(scrypt.InvalidOptions) }) it('throws an error when it receives an invalid keyLength value', async function () { scrypt.hashSync.bind(undefined, 'bad password', { keyLength: 2.3 }).should.throw(scrypt.InvalidOptions) }) it('throws an error when it receives an invalid saltLength value', async function () { scrypt.hashSync.bind(undefined, 'bad password', { saltLength: 2.3 }).should.throw(scrypt.InvalidOptions) scrypt.hashSync.bind(undefined, 'bad password', { saltLength: 15 }).should.throw(scrypt.InvalidOptions) }) it('throws an error when the password is not the right thing', function () { scrypt.hashSync.bind(undefined, undefined).should.throw() scrypt.hashSync.bind(undefined, null).should.throw() scrypt.hashSync.bind(undefined, 123.4).should.throw() scrypt.hashSync.bind(undefined, NaN).should.throw() scrypt.hashSync.bind(undefined, ['some', 'arbitrary', 'values']).should.throw() scrypt.hashSync.bind(undefined, { some: 'arbitrary values' }).should.throw() scrypt.hashSync.bind(undefined, Symbol('something else')).should.throw() scrypt.hashSync.bind(undefined, () => "no, you can't do this either").should.throw() }) }) describe('verify() error cases', function () { it('throws an error when the password is not the right thing', function () { const validHash = 'e.WCu8zB9FHLhXaAf5Svn7NE4ySqB5X45X.ZLpxVwLz1816kmshqXHn12X_4_lZD_0Yl-27KSLLzdhXJ0Fr2huSD7BvoMlBMOMUQBKyKXPzhKI01_Ot-C_w8g' scrypt.verify(validHash, undefined).should.eventually.be.rejected scrypt.verify(validHash, null).should.eventually.be.rejected scrypt.verify(validHash, 123.4).should.eventually.be.rejected scrypt.verify(validHash, NaN).should.eventually.be.rejected scrypt.verify(validHash, ['some', 'arbitrary', 'values']).should.eventually.be.rejected scrypt.verify(validHash, { some: 'arbitrary values' }).should.eventually.be.rejected scrypt.verify(validHash, Symbol('something else')).should.eventually.be.rejected scrypt.verify(validHash, () => "no, you can't do this either").should.eventually.be.rejected }) it('throws an error when the hash is not the expected format', async function () { const validHash = 'e.WCu8zB9FHLhXaAf5Svn7NE4ySqB5X45X.ZLpxVwLz1816kmshqXHn12X_4_lZD_0Yl-27KSLLzdhXJ0Fr2huSD7BvoMlBMOMUQBKyKXPzhKI01_Ot-C_w8g' const hashParts = validHash.split('.') async function checkThrows(value, cause) { let thrown try { await scrypt.verify(value, 'bad password') thrown = false } catch (e) { thrown = true e.should.be.an.instanceof(scrypt.ParseError) expect(e.malformedString).to.eq(value) if (cause) expect(e.cause).to.be.an.instanceof(cause) else expect(e.cause).to.be.undefined } thrown.should.be.true } await checkThrows(undefined, TypeError) await checkThrows(1234, TypeError) await checkThrows(null, TypeError) await checkThrows([1, 2, 3], TypeError) scrypt.verify({ // This is technically valid, why try to prevent it? 🤷 split: () => hashParts }, 'bad password').should.eventually.be.true await checkThrows({}, TypeError) await checkThrows(validHash.substring(1)) // No cost // no salt await checkThrows('e..' + hashParts[2]) // no key await checkThrows(hashParts[0] + '.' + hashParts[1]) await checkThrows('...') await checkThrows('') }) }) describe('verifySync() error cases', function () { it('throws an error when the password is not the right thing', function () { const validHash = 'e.WCu8zB9FHLhXaAf5Svn7NE4ySqB5X45X.ZLpxVwLz1816kmshqXHn12X_4_lZD_0Yl-27KSLLzdhXJ0Fr2huSD7BvoMlBMOMUQBKyKXPzhKI01_Ot-C_w8g' scrypt.verifySync.bind(undefined, validHash, undefined).should.throw() scrypt.verifySync.bind(undefined, validHash, null).should.throw() scrypt.verifySync.bind(undefined, validHash, 123.4).should.throw() scrypt.verifySync.bind(undefined, validHash, NaN).should.throw() scrypt.verifySync.bind(undefined, validHash, ['some', 'arbitrary', 'values']).should.throw() scrypt.verifySync.bind(undefined, validHash, { some: 'arbitrary values' }).should.throw() scrypt.verifySync.bind(undefined, validHash, Symbol('something else')).should.throw() scrypt.verifySync.bind(undefined, validHash, () => "no, you can't do this either").should.throw() scrypt.verifySync.bind(undefined, validHash, Promise.resolve("no, you can't do this either")).should.throw() }) it('throws an error when the hash is not the expected format', function () { const validHash = 'e.WCu8zB9FHLhXaAf5Svn7NE4ySqB5X45X.ZLpxVwLz1816kmshqXHn12X_4_lZD_0Yl-27KSLLzdhXJ0Fr2huSD7BvoMlBMOMUQBKyKXPzhKI01_Ot-C_w8g' const hashParts = validHash.split('.') function checkThrows(value, cause) { let thrown try { scrypt.verifySync(value, 'bad password') thrown = false } catch (e) { thrown = true e.should.be.an.instanceof(scrypt.ParseError) expect(e.malformedString).to.eq(value) if (cause) expect(e.cause).to.be.an.instanceof(cause) else expect(e.cause).to.be.undefined } thrown.should.be.true } checkThrows(undefined, TypeError) checkThrows(1234, TypeError) checkThrows(null, TypeError) checkThrows([1, 2, 3], TypeError) scrypt.verify({ // This is technically valid, why try to prevent it? 🤷 split: () => hashParts }, 'bad password').should.eventually.be.true checkThrows({}, TypeError) checkThrows(validHash.substring(1)) // No cost // no salt checkThrows('e..' + hashParts[2]) // no key checkThrows(hashParts[0] + '.' + hashParts[1]) checkThrows('...') checkThrows('') }) })