BCryptPasswordEncoder 散列密码的单元测试
Unit testing of BCryptPasswordEncoder hashed password
在 spring 5 中,我使用 BCryptPasswordEncoder 进行密码哈希处理。我的代码如下所示
@Autowired
private BCryptPasswordEncoder passwordEncoder;
我正在检查我的密码代码是否等于
String hashedPassword = userRepository.findById(101L).orElse(null).getPassword();
assertEquals(passwordEncoder.encode("myPassword"), hashedPassword);
测试用例失败。有谁知道如何检查 'assertEquals' 是否为 'BCryptPasswordEncoder'?
堆栈跟踪:
org.junit.ComparisonFailure: expected:<[a$EulgXiN/bEwjJZc2IqRgoOyTcJWNZp0STtgY0fZv9XSIWigMHiBN2]> but was:<[y$Q3BUtijkUb.HdXsYbS9rCuaCcQE0/VdU2YC.N18uZB7jZ4/r0DSzO]>
at org.junit.Assert.assertEquals(Assert.java:115)
at org.junit.Assert.assertEquals(Assert.java:144)
at com.home.practice.MessageControllerTest.hello(MessageControllerTest.java:172)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.lang.reflect.Method.invoke(Method.java:498)
at org.junit.runners.model.FrameworkMethod.runReflectiveCall(FrameworkMethod.java:50)
at org.junit.internal.runners.model.ReflectiveCallable.run(ReflectiveCallable.java:12)
at org.junit.runners.model.FrameworkMethod.invokeExplosively(FrameworkMethod.java:47)
at org.junit.internal.runners.statements.InvokeMethod.evaluate(InvokeMethod.java:17)
at org.springframework.test.context.junit4.statements.RunBeforeTestExecutionCallbacks.evaluate(RunBeforeTestExecutionCallbacks.java:73)
at org.springframework.test.context.junit4.statements.RunAfterTestExecutionCallbacks.evaluate(RunAfterTestExecutionCallbacks.java:83)
at org.junit.internal.runners.statements.RunBefores.evaluate(RunBefores.java:26)
at org.springframework.test.context.junit4.statements.RunBeforeTestMethodCallbacks.evaluate(RunBeforeTestMethodCallbacks.java:75)
at org.junit.internal.runners.statements.RunAfters.evaluate(RunAfters.java:27)
at org.springframework.test.context.junit4.statements.RunAfterTestMethodCallbacks.evaluate(RunAfterTestMethodCallbacks.java:86)
at org.springframework.test.context.junit4.statements.SpringRepeat.evaluate(SpringRepeat.java:84)
at org.junit.runners.ParentRunner.runLeaf(ParentRunner.java:325)
at org.springframework.test.context.junit4.SpringJUnit4ClassRunner.runChild(SpringJUnit4ClassRunner.java:251)
at org.springframework.test.context.junit4.SpringJUnit4ClassRunner.runChild(SpringJUnit4ClassRunner.java:97)
at org.junit.runners.ParentRunner.run(ParentRunner.java:290)
at org.junit.runners.ParentRunner.schedule(ParentRunner.java:71)
at org.junit.runners.ParentRunner.runChildren(ParentRunner.java:288)
at org.junit.runners.ParentRunner.access[=12=]0(ParentRunner.java:58)
at org.junit.runners.ParentRunner.evaluate(ParentRunner.java:268)
at org.springframework.test.context.junit4.statements.RunBeforeTestClassCallbacks.evaluate(RunBeforeTestClassCallbacks.java:61)
at org.springframework.test.context.junit4.statements.RunAfterTestClassCallbacks.evaluate(RunAfterTestClassCallbacks.java:70)
at org.junit.runners.ParentRunner.run(ParentRunner.java:363)
at org.springframework.test.context.junit4.SpringJUnit4ClassRunner.run(SpringJUnit4ClassRunner.java:190)
at org.eclipse.jdt.internal.junit4.runner.JUnit4TestReference.run(JUnit4TestReference.java:86)
at org.eclipse.jdt.internal.junit.runner.TestExecution.run(TestExecution.java:38)
at org.eclipse.jdt.internal.junit.runner.RemoteTestRunner.runTests(RemoteTestRunner.java:538)
at org.eclipse.jdt.internal.junit.runner.RemoteTestRunner.runTests(RemoteTestRunner.java:760)
at org.eclipse.jdt.internal.junit.runner.RemoteTestRunner.run(RemoteTestRunner.java:460)
at org.eclipse.jdt.internal.junit.runner.RemoteTestRunner.main(RemoteTestRunner.java:206)
您从存储库中获取的用户有不同的密码。请参阅 org.junit.ComparisonFailure 消息。
passwordEncoder.encode("myPassword") returns [a$EulgXiN/bEwjJZc2IqRgoOyTcJWNZp0STtgY0fZv9XSIWigMHiBN2]
而您的用户有 [y$Q3BUtijkUb.HdXsYbS9rCuaCcQE0/VdU2YC.N18uZB7jZ4/r0DSzO]
BCryptPasswordEncoder#encode 不是确定性的。哈希将包含随机盐,因此您的 hashedPassword 和随后的 passwordEncoder.encode 将不匹配*。
首先,您可能不应该测试 class 本身。 spring-security 有 BCryptPasswordEncoderTests.java. To allow testing your use of it, use NoOpPasswordEncoder 或类似的模拟。
如果您真的想要测试BCryptPasswordEncoder,您可以更改您的代码以使用提供的SecureRandom,然后然后 mock that,因此您可以在测试中控制 encode 的输出。
* BCRYPT_SALT_LEN is 16 bytes,所以有 non-zero 两个调用使用相同盐的可能性。
在 spring 5 中,我使用 BCryptPasswordEncoder 进行密码哈希处理。我的代码如下所示
@Autowired
private BCryptPasswordEncoder passwordEncoder;
我正在检查我的密码代码是否等于
String hashedPassword = userRepository.findById(101L).orElse(null).getPassword();
assertEquals(passwordEncoder.encode("myPassword"), hashedPassword);
测试用例失败。有谁知道如何检查 'assertEquals' 是否为 'BCryptPasswordEncoder'?
堆栈跟踪:
org.junit.ComparisonFailure: expected:<[a$EulgXiN/bEwjJZc2IqRgoOyTcJWNZp0STtgY0fZv9XSIWigMHiBN2]> but was:<[y$Q3BUtijkUb.HdXsYbS9rCuaCcQE0/VdU2YC.N18uZB7jZ4/r0DSzO]>
at org.junit.Assert.assertEquals(Assert.java:115)
at org.junit.Assert.assertEquals(Assert.java:144)
at com.home.practice.MessageControllerTest.hello(MessageControllerTest.java:172)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.lang.reflect.Method.invoke(Method.java:498)
at org.junit.runners.model.FrameworkMethod.runReflectiveCall(FrameworkMethod.java:50)
at org.junit.internal.runners.model.ReflectiveCallable.run(ReflectiveCallable.java:12)
at org.junit.runners.model.FrameworkMethod.invokeExplosively(FrameworkMethod.java:47)
at org.junit.internal.runners.statements.InvokeMethod.evaluate(InvokeMethod.java:17)
at org.springframework.test.context.junit4.statements.RunBeforeTestExecutionCallbacks.evaluate(RunBeforeTestExecutionCallbacks.java:73)
at org.springframework.test.context.junit4.statements.RunAfterTestExecutionCallbacks.evaluate(RunAfterTestExecutionCallbacks.java:83)
at org.junit.internal.runners.statements.RunBefores.evaluate(RunBefores.java:26)
at org.springframework.test.context.junit4.statements.RunBeforeTestMethodCallbacks.evaluate(RunBeforeTestMethodCallbacks.java:75)
at org.junit.internal.runners.statements.RunAfters.evaluate(RunAfters.java:27)
at org.springframework.test.context.junit4.statements.RunAfterTestMethodCallbacks.evaluate(RunAfterTestMethodCallbacks.java:86)
at org.springframework.test.context.junit4.statements.SpringRepeat.evaluate(SpringRepeat.java:84)
at org.junit.runners.ParentRunner.runLeaf(ParentRunner.java:325)
at org.springframework.test.context.junit4.SpringJUnit4ClassRunner.runChild(SpringJUnit4ClassRunner.java:251)
at org.springframework.test.context.junit4.SpringJUnit4ClassRunner.runChild(SpringJUnit4ClassRunner.java:97)
at org.junit.runners.ParentRunner.run(ParentRunner.java:290)
at org.junit.runners.ParentRunner.schedule(ParentRunner.java:71)
at org.junit.runners.ParentRunner.runChildren(ParentRunner.java:288)
at org.junit.runners.ParentRunner.access[=12=]0(ParentRunner.java:58)
at org.junit.runners.ParentRunner.evaluate(ParentRunner.java:268)
at org.springframework.test.context.junit4.statements.RunBeforeTestClassCallbacks.evaluate(RunBeforeTestClassCallbacks.java:61)
at org.springframework.test.context.junit4.statements.RunAfterTestClassCallbacks.evaluate(RunAfterTestClassCallbacks.java:70)
at org.junit.runners.ParentRunner.run(ParentRunner.java:363)
at org.springframework.test.context.junit4.SpringJUnit4ClassRunner.run(SpringJUnit4ClassRunner.java:190)
at org.eclipse.jdt.internal.junit4.runner.JUnit4TestReference.run(JUnit4TestReference.java:86)
at org.eclipse.jdt.internal.junit.runner.TestExecution.run(TestExecution.java:38)
at org.eclipse.jdt.internal.junit.runner.RemoteTestRunner.runTests(RemoteTestRunner.java:538)
at org.eclipse.jdt.internal.junit.runner.RemoteTestRunner.runTests(RemoteTestRunner.java:760)
at org.eclipse.jdt.internal.junit.runner.RemoteTestRunner.run(RemoteTestRunner.java:460)
at org.eclipse.jdt.internal.junit.runner.RemoteTestRunner.main(RemoteTestRunner.java:206)
您从存储库中获取的用户有不同的密码。请参阅 org.junit.ComparisonFailure 消息。
passwordEncoder.encode("myPassword") returns [a$EulgXiN/bEwjJZc2IqRgoOyTcJWNZp0STtgY0fZv9XSIWigMHiBN2]
而您的用户有 [y$Q3BUtijkUb.HdXsYbS9rCuaCcQE0/VdU2YC.N18uZB7jZ4/r0DSzO]
BCryptPasswordEncoder#encode 不是确定性的。哈希将包含随机盐,因此您的 hashedPassword 和随后的 passwordEncoder.encode 将不匹配*。
首先,您可能不应该测试 class 本身。 spring-security 有 BCryptPasswordEncoderTests.java. To allow testing your use of it, use NoOpPasswordEncoder 或类似的模拟。
如果您真的想要测试BCryptPasswordEncoder,您可以更改您的代码以使用提供的SecureRandom,然后然后 mock that,因此您可以在测试中控制 encode 的输出。
* BCRYPT_SALT_LEN is 16 bytes,所以有 non-zero 两个调用使用相同盐的可能性。