feat(password): Password hashing with bcrypt (#290)

* feat(password): add configurable password hashing with md5 and bcrypt * docs: add password hashing algorithm configuration (bcrypt/md5) * feat(password): better bcrypt fallback and minor refactoring * feat(password): handle errors in password encryption and verification * feat(password): remove password hashing algorithm configuration
2025-11-30 17:13:17 +00:00 · 2025-06-24 12:23:36 +03:00
parent aa04b225b9
commit 9d2b589faa
6 changed files with 116 additions and 15 deletions
--- a/utils/password_test.go
+++ b/utils/password_test.go
@@ -0,0 +1,40 @@
+package utils
+
+import (
+	"testing"
+
+	"golang.org/x/crypto/bcrypt"
+)
+
+func TestVerifyPasswordMD5(t *testing.T) {
+	hash := Md5("secret" + "rustdesk-api")
+	ok, newHash, err := VerifyPassword(hash, "secret")
+	if err != nil {
+		t.Fatalf("md5 verify failed: %v", err)
+	}
+	if !ok || newHash == "" {
+		t.Fatalf("md5 migration failed")
+	}
+	if bcrypt.CompareHashAndPassword([]byte(newHash), []byte("secret")) != nil {
+		t.Fatalf("invalid rehash")
+	}
+}
+
+func TestVerifyPasswordBcrypt(t *testing.T) {
+	b, _ := bcrypt.GenerateFromPassword([]byte("pass"), bcrypt.DefaultCost)
+	ok, newHash, err := VerifyPassword(string(b), "pass")
+	if err != nil || !ok || newHash != "" {
+		t.Fatalf("bcrypt verify failed")
+	}
+}
+
+func TestVerifyPasswordMigrate(t *testing.T) {
+	md5hash := Md5("mypass" + "rustdesk-api")
+	ok, newHash, err := VerifyPassword(md5hash, "mypass")
+	if err != nil || !ok || newHash == "" {
+		t.Fatalf("expected bcrypt rehash")
+	}
+	if bcrypt.CompareHashAndPassword([]byte(newHash), []byte("mypass")) != nil {
+		t.Fatalf("rehash not valid bcrypt")
+	}
+}