diff --git a/package.json b/package.json index c193f44..0d9c1be 100644 --- a/package.json +++ b/package.json @@ -8,6 +8,7 @@ "test": "bun test" }, "dependencies": { + "argon2": "^0.40.1", "jose": "^5.2.3", "log": "^6.3.1", "result": "git+git@git.pband.ch:typescript/result.git", @@ -15,6 +16,7 @@ }, "devDependencies": { "@happy-dom/global-registrator": "^14.10.2", + "@types/argon2": "^0.15.0", "@types/bun": "^1.1.2", "@types/zxcvbn": "^4.4.4" }, diff --git a/src/pwd.ts b/src/pwd.ts index 4e0d313..3566cc2 100644 --- a/src/pwd.ts +++ b/src/pwd.ts @@ -1,6 +1,13 @@ -export function hash(pwd: string) : string { - throw "todo" +import argon from 'argon2' + +export function hash(pwd: string): Promise { + return argon.hash(pwd) } -export function verify(pwd: string, hash: string) : boolean { - throw "todo" + +export async function verify(pwd: string, hash: string): Promise { + try { + return await argon.verify(hash, pwd) + } catch (_) {} + + return false } diff --git a/test/pwd.test.ts b/test/pwd.test.ts new file mode 100644 index 0000000..3e58eb1 --- /dev/null +++ b/test/pwd.test.ts @@ -0,0 +1,35 @@ +import {test, expect} from 'bun:test' + +import {pwd} from '../index' + +test('base case', async () => { + const password = "AwesomePassword123!" + const hash = await pwd.hash(password) + const verification = await pwd.verify(password, hash) + expect(verification).toBe(true) +}) + +test('wrong password', async () => { + const password1 = "AwesomePassword123!" + const password2 = "AwesomePassword321!" + expect(password1).not.toEqual(password2) + + const hash = await pwd.hash(password1) + const verification = await pwd.verify(password2, hash) + expect(verification).toBe(false) +}) + +test('salt changes', async () => { + const password = "AwesomePassword123!" + const hash1 = await pwd.hash(password) + const hash2 = await pwd.hash(password) + expect(hash1).not.toEqual(hash2) +}) + +test('tampered hash', async () => { + const password = "AwesomePassword123" + const hash = await pwd.hash(password) + const tamperedHash = hash.replace('a', 'b') + const verification = await pwd.verify(password, tamperedHash) + expect(verification).toBe(false) +})