// PasswordValid returns whether the given password is valid
// for the given unit.
func (u *Unit) PasswordValid(password string) bool {
agentHash := utils.AgentPasswordHash(password)
if agentHash == u.doc.PasswordHash {
return true
}
// In Juju 1.16 and older we used the slower password hash for unit
// agents. So check to see if the supplied password matches the old
// path, and if so, update it to the new mechanism.
// We ignore any error in setting the password hash, as we'll just try
// again next time
if utils.UserPasswordHash(password, utils.CompatSalt) == u.doc.PasswordHash {
logger.Debugf("%s logged in with old password hash, changing to AgentPasswordHash",
u.Tag())
u.setPasswordHash(agentHash)
return true
}
return false
}
func (s *UserSuite) TestSetPasswordHash(c *gc.C) {
u, err := s.State.AddUser("someuser", "password")
c.Assert(err, gc.IsNil)
err = u.SetPasswordHash(utils.UserPasswordHash("foo", utils.CompatSalt), utils.CompatSalt)
c.Assert(err, gc.IsNil)
c.Assert(u.PasswordValid("foo"), jc.IsTrue)
c.Assert(u.PasswordValid("bar"), jc.IsFalse)
// User passwords should *not* use the fast PasswordHash function
hash := utils.AgentPasswordHash("foo-12345678901234567890")
c.Assert(err, gc.IsNil)
err = u.SetPasswordHash(hash, "")
c.Assert(err, gc.IsNil)
c.Assert(u.PasswordValid("foo-12345678901234567890"), jc.IsFalse)
}
// SetPassword sets the password for the machine's agent.
func (u *Unit) SetPassword(password string) error {
if len(password) < utils.MinAgentPasswordLength {
return fmt.Errorf("password is only %d bytes long, and is not a valid Agent password", len(password))
}
return u.setPasswordHash(utils.AgentPasswordHash(password))
}