diff --git a/dwctl/src/api/handlers/auth.rs b/dwctl/src/api/handlers/auth.rs index 9963489d6..d0241b474 100644 --- a/dwctl/src/api/handlers/auth.rs +++ b/dwctl/src/api/handlers/auth.rs @@ -528,7 +528,7 @@ fn create_session_cookie(token: &str, config: &crate::config::Config) -> String #[cfg(test)] mod tests { use super::*; - use crate::{db::models::credits::CreditTransactionType, test_utils::create_test_config}; + use crate::{db::models::credits::CreditTransactionType, test_utils::{create_test_config, test_argon2_params}}; use axum_test::TestServer; use sqlx::PgPool; @@ -839,11 +839,7 @@ mod tests { // Create a user using the repository // Use weak params for fast testing - let test_params = password::Argon2Params { - memory_kib: 128, - iterations: 1, - parallelism: 1, - }; + let test_params = test_argon2_params(); let password_hash = password::hash_string_with_params("testpassword", Some(test_params)).unwrap(); let mut conn = pool.acquire().await.unwrap(); let mut user_repo = Users::new(&mut conn); @@ -947,11 +943,7 @@ mod tests { // Create a user using the repository let password_hash = password::hash_string_with_params( "correctpassword", - Some(password::Argon2Params { - memory_kib: 128, - iterations: 1, - parallelism: 1, - }), + Some(test_argon2_params()), ) .unwrap(); let mut conn = pool.acquire().await.unwrap(); @@ -1088,11 +1080,7 @@ mod tests { password_hash: Some( password::hash_string_with_params( "password", - Some(password::Argon2Params { - memory_kib: 128, - iterations: 1, - parallelism: 1, - }), + Some(test_argon2_params()), ) .unwrap(), ), @@ -1400,7 +1388,7 @@ mod tests { #[sqlx::test] async fn test_password_reset_full_flow(pool: PgPool) { - use crate::test_utils::create_test_config; + use crate::test_utils::{create_test_config, test_argon2_params}; // Create a custom config with native auth enabled let mut config = create_test_config(); @@ -1422,11 +1410,7 @@ mod tests { // Create a user with a password let old_password_hash = password::hash_string_with_params( "oldpassword123", - Some(password::Argon2Params { - memory_kib: 128, - iterations: 1, - parallelism: 1, - }), + Some(test_argon2_params()), ) .unwrap(); let mut conn = pool.acquire().await.unwrap(); @@ -1559,7 +1543,7 @@ mod tests { #[sqlx::test] async fn test_change_password_success_full(pool: PgPool) { - use crate::test_utils::create_test_config; + use crate::test_utils::{create_test_config, test_argon2_params}; // Create a custom config with native auth enabled let mut config = create_test_config(); @@ -1574,11 +1558,7 @@ mod tests { // Create a user with a password let old_password_hash = password::hash_string_with_params( "oldpassword123", - Some(password::Argon2Params { - memory_kib: 128, - iterations: 1, - parallelism: 1, - }), + Some(test_argon2_params()), ) .unwrap(); let mut conn = pool.acquire().await.unwrap(); @@ -1641,7 +1621,7 @@ mod tests { #[sqlx::test] async fn test_change_password_wrong_current(pool: PgPool) { - use crate::test_utils::create_test_config; + use crate::test_utils::{create_test_config, test_argon2_params}; let mut config = create_test_config(); config.auth.native.enabled = true; @@ -1655,11 +1635,7 @@ mod tests { // Create a user with a password let password_hash = password::hash_string_with_params( "correctpassword", - Some(password::Argon2Params { - memory_kib: 128, - iterations: 1, - parallelism: 1, - }), + Some(test_argon2_params()), ) .unwrap(); let mut conn = pool.acquire().await.unwrap(); @@ -1752,7 +1728,7 @@ mod tests { #[sqlx::test] async fn test_change_password_too_short(pool: PgPool) { - use crate::test_utils::create_test_config; + use crate::test_utils::{create_test_config, test_argon2_params}; let mut config = create_test_config(); config.auth.native.enabled = true; @@ -1767,11 +1743,7 @@ mod tests { // Create a user with a password let password_hash = password::hash_string_with_params( "oldpassword123", - Some(password::Argon2Params { - memory_kib: 128, - iterations: 1, - parallelism: 1, - }), + Some(test_argon2_params()), ) .unwrap(); let mut conn = pool.acquire().await.unwrap(); @@ -1813,7 +1785,7 @@ mod tests { #[sqlx::test] async fn test_change_password_too_long(pool: PgPool) { - use crate::test_utils::create_test_config; + use crate::test_utils::{create_test_config, test_argon2_params}; let mut config = create_test_config(); config.auth.native.enabled = true; @@ -1828,11 +1800,7 @@ mod tests { // Create a user with a password let password_hash = password::hash_string_with_params( "oldpassword", - Some(password::Argon2Params { - memory_kib: 128, - iterations: 1, - parallelism: 1, - }), + Some(test_argon2_params()), ) .unwrap(); let mut conn = pool.acquire().await.unwrap(); @@ -1874,7 +1842,7 @@ mod tests { #[sqlx::test] async fn test_change_password_when_disabled(pool: PgPool) { - use crate::test_utils::create_test_config; + use crate::test_utils::{create_test_config, test_argon2_params}; let mut config = create_test_config(); config.auth.native.enabled = false; // Disabled! @@ -1888,11 +1856,7 @@ mod tests { // Create a user with a password let password_hash = password::hash_string_with_params( "oldpassword", - Some(password::Argon2Params { - memory_kib: 128, - iterations: 1, - parallelism: 1, - }), + Some(test_argon2_params()), ) .unwrap(); let mut conn = pool.acquire().await.unwrap(); diff --git a/dwctl/src/lib.rs b/dwctl/src/lib.rs index 95f4bfad4..8a5ab927f 100644 --- a/dwctl/src/lib.rs +++ b/dwctl/src/lib.rs @@ -1733,11 +1733,7 @@ mod test { let user_id = create_initial_admin_user( test_email, None, - password::Argon2Params { - memory_kib: 128, - iterations: 1, - parallelism: 1, - }, + test_argon2_params(), &pool, ) .await @@ -1776,11 +1772,7 @@ mod test { let returned_user_id = create_initial_admin_user( test_email, None, - password::Argon2Params { - memory_kib: 128, - iterations: 1, - parallelism: 1, - }, + test_argon2_params(), &pool, ) .await diff --git a/dwctl/src/test_utils.rs b/dwctl/src/test_utils.rs index 21dbb805e..7a9bb63a0 100644 --- a/dwctl/src/test_utils.rs +++ b/dwctl/src/test_utils.rs @@ -1,5 +1,6 @@ //! Test utilities for integration testing (available with `test-utils` feature). +use crate::auth::password; use crate::config::{ BatchConfig, DaemonConfig, DaemonEnabled, FilesConfig, LeaderElectionConfig, NativeAuthConfig, OnwardsSyncConfig, PasswordConfig, PoolSettings, ProbeSchedulerConfig, ProxyHeaderAuthConfig, SecurityConfig, @@ -128,6 +129,17 @@ pub fn create_test_config() -> crate::config::Config { } } +/// Returns ultra-weak Argon2 parameters for fast testing. +/// Uses 128 KiB memory, 1 iteration, and 1 parallelism. +/// DO NOT USE IN PRODUCTION - these parameters are intentionally weak. +pub fn test_argon2_params() -> password::Argon2Params { + password::Argon2Params { + memory_kib: 128, + iterations: 1, + parallelism: 1, + } +} + pub async fn create_test_user(pool: &PgPool, role: Role) -> UserResponse { let mut conn = pool.acquire().await.expect("Failed to acquire connection"); let mut users_repo = Users::new(&mut conn);