stackoom
  简体   繁体   中英

Unit testing of BCryptPasswordEncoder hashed password

 原文  2020-02-28 09:28:42       java/ spring-security/ junit4/ password-encryption

Question

In spring 5, I am using BCryptPasswordEncoder for password hashing. My code looks like below

@Autowired
private BCryptPasswordEncoder passwordEncoder;

and I am checking my code for password equals like

String hashedPassword = userRepository.findById(101L).orElse(null).getPassword();
assertEquals(passwordEncoder.encode("myPassword"), hashedPassword);

The testcase is getting failed. Does anyone have idea how to check 'assertEquals' for 'BCryptPasswordEncoder'?

Stackstrace:

org.junit.ComparisonFailure: expected:<$2[a$10$EulgXiN/bEwjJZc2IqRgoOyTcJWNZp0STtgY0fZv9XSIWigMHiBN2]> but was:<$2[y$12$Q3BUtijkUb.HdXsYbS9rCuaCcQE0/VdU2YC.N18uZB7jZ4/r0DSzO]>
at org.junit.Assert.assertEquals(Assert.java:115)
at org.junit.Assert.assertEquals(Assert.java:144)
at com.home.practice.MessageControllerTest.hello(MessageControllerTest.java:172)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.lang.reflect.Method.invoke(Method.java:498)
at org.junit.runners.model.FrameworkMethod$1.runReflectiveCall(FrameworkMethod.java:50)
at org.junit.internal.runners.model.ReflectiveCallable.run(ReflectiveCallable.java:12)
at org.junit.runners.model.FrameworkMethod.invokeExplosively(FrameworkMethod.java:47)
at org.junit.internal.runners.statements.InvokeMethod.evaluate(InvokeMethod.java:17)
at org.springframework.test.context.junit4.statements.RunBeforeTestExecutionCallbacks.evaluate(RunBeforeTestExecutionCallbacks.java:73)
at org.springframework.test.context.junit4.statements.RunAfterTestExecutionCallbacks.evaluate(RunAfterTestExecutionCallbacks.java:83)
at org.junit.internal.runners.statements.RunBefores.evaluate(RunBefores.java:26)
at org.springframework.test.context.junit4.statements.RunBeforeTestMethodCallbacks.evaluate(RunBeforeTestMethodCallbacks.java:75)
at org.junit.internal.runners.statements.RunAfters.evaluate(RunAfters.java:27)
at org.springframework.test.context.junit4.statements.RunAfterTestMethodCallbacks.evaluate(RunAfterTestMethodCallbacks.java:86)
at org.springframework.test.context.junit4.statements.SpringRepeat.evaluate(SpringRepeat.java:84)
at org.junit.runners.ParentRunner.runLeaf(ParentRunner.java:325)
at org.springframework.test.context.junit4.SpringJUnit4ClassRunner.runChild(SpringJUnit4ClassRunner.java:251)
at org.springframework.test.context.junit4.SpringJUnit4ClassRunner.runChild(SpringJUnit4ClassRunner.java:97)
at org.junit.runners.ParentRunner$3.run(ParentRunner.java:290)
at org.junit.runners.ParentRunner$1.schedule(ParentRunner.java:71)
at org.junit.runners.ParentRunner.runChildren(ParentRunner.java:288)
at org.junit.runners.ParentRunner.access$000(ParentRunner.java:58)
at org.junit.runners.ParentRunner$2.evaluate(ParentRunner.java:268)
at org.springframework.test.context.junit4.statements.RunBeforeTestClassCallbacks.evaluate(RunBeforeTestClassCallbacks.java:61)
at org.springframework.test.context.junit4.statements.RunAfterTestClassCallbacks.evaluate(RunAfterTestClassCallbacks.java:70)
at org.junit.runners.ParentRunner.run(ParentRunner.java:363)
at org.springframework.test.context.junit4.SpringJUnit4ClassRunner.run(SpringJUnit4ClassRunner.java:190)
at org.eclipse.jdt.internal.junit4.runner.JUnit4TestReference.run(JUnit4TestReference.java:86)
at org.eclipse.jdt.internal.junit.runner.TestExecution.run(TestExecution.java:38)
at org.eclipse.jdt.internal.junit.runner.RemoteTestRunner.runTests(RemoteTestRunner.java:538)
at org.eclipse.jdt.internal.junit.runner.RemoteTestRunner.runTests(RemoteTestRunner.java:760)
at org.eclipse.jdt.internal.junit.runner.RemoteTestRunner.run(RemoteTestRunner.java:460)
at org.eclipse.jdt.internal.junit.runner.RemoteTestRunner.main(RemoteTestRunner.java:206)

2 answers

solution1
 1  2020-02-28 10:30:58

The user you are getting from your repository has a different password. See the org.junit.ComparisonFailure message.

passwordEncoder.encode("myPassword") returns $2[a$10$EulgXiN/bEwjJZc2IqRgoOyTcJWNZp0STtgY0fZv9XSIWigMHiBN2]

while your user has $2[y$12$Q3BUtijkUb.HdXsYbS9rCuaCcQE0/VdU2YC.N18uZB7jZ4/r0DSzO]

solution2
 1 ACCPTED  2020-11-01 10:19:05

BCryptPasswordEncoder#encode isn't deterministic. A hash will include a random salt, so your hashedPassword and the subsequent passwordEncoder.encode won't match*.

Firstly, you probably shouldn't test the class itself. spring-security has BCryptPasswordEncoderTests.java . To allow testing your use of it, use NoOpPasswordEncoder , or a similar mock.

If you really want to test BCryptPasswordEncoder , you could change your code to use a provided SecureRandom , and then mock that , so you can control the output of encode in your tests.

* BCRYPT_SALT_LEN is 16 bytes , so there's a non-zero possibility that two calls use the same salt.

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question Check if a password is hashed in Java Unit test Retrieving password salt with BCryptPasswordEncoder in Spring hashed password Using BCryptPasswordEncoder in Unit Test returns a null value How to get original password from BCryptPasswordEncoder Hashed Database Password [Hibernate] JCIFS authenticate with hashed password Spring TokenBasedRememberMeServices with hashed password Storing hashed password BCryptPasswordEncoder not matching hashes when password has arabic characters
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM