htauth 2.3.0 → 3.0.0

data/spec/cli/passwd_spec.rb

@@ -1,346 +0,0 @@
-require 'spec_helper'
-require 'htauth/cli/passwd'
-require 'tempfile'
-
-describe HTAuth::CLI::Passwd do
-
-  before(:each) do
-
-    # existing 
-    @tf = Tempfile.new("rpasswrd-passwd-test")
-    @tf.write(IO.read(PASSWD_ORIGINAL_TEST_FILE))
-    @tf.close
-    @htauth = HTAuth::CLI::Passwd.new
-
-    # new file
-    @new_file = File.join(File.dirname(@tf.path), "new-testfile")
-
-    # rework stdout and stderr
-    @stdout = ConsoleIO.new
-    @old_stdout = $stdout
-    $stdout = @stdout
-
-    @stderr = ConsoleIO.new
-    @old_stderr = $stderr
-    $stderr = @stderr
-
-    @stdin = ConsoleIO.new
-    @old_stdin = $stdin
-    $stdin = @stdin
-  end
-
-  after(:each) do
-    @tf.close(true)
-    $stderr = @old_stderr
-    $stdout = @old_stdout
-    $stdin = @old_stdin
-    File.unlink(@new_file) if File.exist?(@new_file)
-  end
-
-  it "displays help appropriately" do
-    begin
-      @htauth.run([ "-h" ])
-    rescue SystemExit => se
-      _(se.status).must_equal 1
-      _(@stdout.string).must_match( /passwordfile username/m )
-    end
-  end
-
-  it "displays the version appropriately" do
-    begin
-      @htauth.run([ "--version" ])
-    rescue SystemExit => se
-      _(se.status).must_equal 1
-      _(@stdout.string).must_match( /version #{HTAuth::VERSION}/)
-    end
-  end
-
-  it "creates a new file with one md5 entry" do
-    begin
-      @stdin.puts "a secret"
-      @stdin.puts "a secret"
-      @stdin.rewind
-      @htauth.run([ "-m", "-c", @new_file, "alice" ])
-    rescue SystemExit => se
-      _(se.status).must_equal 0
-      l = IO.readlines(@new_file)
-      fields = l.first.split(':')
-      _(fields.first).must_equal "alice"
-      _(fields.last).must_match( /^\$apr1\$/ )
-    end
-  end
-
-  it "creates a new file with one bcrypt entry" do
-    begin
-      @stdin.puts "b secret"
-      @stdin.puts "b secret"
-      @stdin.rewind
-      @htauth.run([ "-B", "-c", @new_file, "brenda" ])
-    rescue SystemExit => se
-      _(se.status).must_equal 0
-      l = IO.readlines(@new_file)
-      fields = l.first.split(':')
-      _(fields.first).must_equal "brenda"
-      bcrypt_hash = fields.last
-
-      _(::BCrypt::Password.valid_hash?(bcrypt_hash)).wont_be_nil
-    end
-  end
-
-  it "allows the bcrypt cost to be set" do
-    begin
-      cost = 12
-      @stdin.puts "b secret"
-      @stdin.puts "b secret"
-      @stdin.rewind
-      @htauth.run([ "-C", "#{cost}", "-B", "-c", @new_file, "brenda" ])
-    rescue SystemExit => se
-      _(se.status).must_equal 0
-      l = IO.readlines(@new_file)
-      fields = l.first.split(':')
-      _(fields.first).must_equal "brenda"
-      bcrypt_hash = fields.last
-      _(::BCrypt::Password.valid_hash?(bcrypt_hash)).wont_be_nil
-
-      _, _version, count, _rest = bcrypt_hash.split("$")
-      _(count).must_equal ("%02d" % cost)
-    end
-  end
-
-  it "raises an error if the bcrypt cost is out of range" do
-    begin
-      @stdin.puts "b secret"
-      @stdin.puts "b secret"
-      @stdin.rewind
-      @htauth.run([ "-C", "42", "-B", "-c", @new_file, "brenda" ])
-    rescue SystemExit => se
-      _(@stderr.string).must_match( /ERROR:/m )
-      _(se.status).must_equal 1
-    end
-  end
-
-  it "raises an error if the bcrypt cost is not an integer" do
-    begin
-      @stdin.puts "b secret"
-      @stdin.puts "b secret"
-      @stdin.rewind
-      @htauth.run([ "-C", "forty-two", "-B", "-c", @new_file, "brenda" ])
-    rescue SystemExit => se
-      _(@stderr.string).must_match( /ERROR:/m )
-      _(se.status).must_equal 1
-    end
-  end
-
-  it "creates a new file with one argon2 entry" do
-    begin
-      @stdin.puts "a secret"
-      @stdin.puts "a secret"
-      @stdin.rewind
-      @htauth.run([ "--argon", "-c", @new_file, "agatha" ])
-    rescue SystemExit => se
-      _(se.status).must_equal 0
-      l = IO.readlines(@new_file)
-      fields = l.first.split(':')
-      _(fields.first).must_equal "agatha"
-      argon2_hash = fields.last
-
-      _(::Argon2::Password.valid_hash?(argon2_hash)).wont_be_nil
-    end
-  end
-
-  it "does not verify the password from stdin on -i option" do
-    begin
-      @stdin.puts "b secret"
-      @stdin.rewind
-      @htauth.run([ "-i", "-B", "-c", @new_file, "brenda" ])
-    rescue SystemExit => se
-      _(se.status).must_equal 0
-      l = IO.readlines(@new_file)
-      fields = l.first.split(':')
-      _(fields.first).must_equal "brenda"
-      bcrypt_hash = fields.last
-
-      _(::BCrypt::Password.valid_hash?(bcrypt_hash)).wont_be_nil
-    end
-  end
-
-  it "does not allow options -i and -b to both be set" do
-    begin
-      @stdin.puts "b secret"
-      @stdin.rewind
-      @htauth.run([ "-i", "-b", "-B", "-c", @new_file, "brenda", "b-secret" ])
-    rescue SystemExit => se
-      _(@stderr.string).must_match( /ERROR:/m )
-      _(se.status).must_equal 1
-    end
-  end
-
-  it "truncates an exiting file if told to create a new file" do
-    before_lines = IO.readlines(@tf.path)
-    begin
-      @stdin.puts "b secret"
-      @stdin.puts "b secret"
-      @stdin.rewind
-      @htauth.run([ "-c", @tf.path, "bob"])
-    rescue SystemExit => se
-      _(se.status).must_equal 0
-      after_lines = IO.readlines(@tf.path)
-      _(after_lines.size).must_equal 1
-      _(before_lines.size).must_equal 2
-    end
-  end
-
-  it "adds an entry to an existing file and force SHA" do
-    begin
-      @stdin.puts "c secret"
-      @stdin.puts "c secret"
-      @stdin.rewind
-      @htauth.run([ "-s", @tf.path, "charlie" ])
-    rescue SystemExit => se
-      _(se.status).must_equal 0
-      after_lines = IO.readlines(@tf.path)
-      _(after_lines.size).must_equal 3
-      al = after_lines.last.split(':')
-      _(al.first).must_equal "charlie"
-      _(al.last).must_match( /\{SHA\}/ )
-    end
-  end
-
-  it "can create a plaintext encrypted file" do
-    begin
-      @stdin.puts "a bad password"
-      @stdin.puts "a bad password"
-      @stdin.rewind
-      @htauth.run(["-c", "-p", @tf.path, "bradley"])
-    rescue SystemExit => se
-      _(se.status).must_equal 0
-      _(IO.read(@tf.path).strip).must_equal "bradley:a bad password"
-    end
-  end
-
-  it "has a batch mode for command line passwords" do
-    begin
-      @htauth.run(["-c", "-p", "-b", @tf.path, "bradley", "a bad password"])
-    rescue SystemExit => se
-      _(se.status).must_equal 0
-      _(IO.read(@tf.path).strip).must_equal "bradley:a bad password"
-    end
-  end
-
-  it "updates an entry in an existing file and force crypt" do
-    before_lines = IO.readlines(@tf.path)
-    begin
-      @stdin.puts "a new secret"
-      @stdin.puts "a new secret"
-      @stdin.rewind
-      @htauth.run([ "-d", @tf.path, "alice" ])
-    rescue SystemExit => se
-      _(@stderr.string).must_equal ""
-      _(se.status).must_equal 0
-      after_lines = IO.readlines(@tf.path)
-      _(after_lines.size).must_equal before_lines.size
-
-      a_b = before_lines.first.split(":")
-      a_a = after_lines.first.split(":")
-
-      _(a_b.first).must_equal a_a.first
-      _(a_b.last).wont_equal a_a.last
-    end
-  end
-
-  it "deletes an entry in an existing file" do
-    begin
-      @htauth.run([ "-D", @tf.path, "bob" ])
-    rescue SystemExit => se
-      _(@stderr.string).must_equal ""
-      _(se.status).must_equal 0
-      _(IO.read(@tf.path)).must_equal IO.read(PASSWD_DELETE_TEST_FILE)
-    end
-  end
-
-  it "sends to STDOUT when the -n option is used" do
-    begin
-      @htauth.run(["-n", "-p", "-b", "bradley", "a bad password"])
-    rescue SystemExit => se
-      _(se.status).must_equal 0
-      _(@stdout.string.strip).must_equal "bradley:a bad password"
-    end
-  end
-
-  it "verifies a password when --verify is used - valid" do
-    begin
-      @htauth.run(["--verify", "-b", @tf.path, "alice", "a secret"])
-    rescue SystemExit => se
-      _(@stderr.string.strip).must_equal "Password for user alice correct."
-      _(se.status).must_equal 0
-    end
-  end
-
-  it "verifies a password when --verify is used - invalid" do
-    begin
-      @htauth.run(["--verify", "-b", @tf.path, "alice", "the wrong secret"])
-    rescue SystemExit => se
-      _(@stderr.string.strip).must_equal "Password verification for user alice failed."
-      _(se.status).must_equal 1
-    end
-  end
-
-  it "has an error if it does not have permissions on the file" do
-    begin
-      @stdin.puts "a secret"
-      @stdin.puts "a secret"
-      @stdin.rewind
-      @htauth.run([ "-c", "/etc/you-cannot-create-me", "alice"])
-    rescue SystemExit => se
-      _(@stderr.string).must_match( %r{Password file failure \(/etc/you-cannot-create-me\)}m )
-      _(se.status).must_equal 1
-    end
-  end
-
-  it "has an error if the input passwords do not match" do
-    begin
-      @stdin.puts "a secret"
-      @stdin.puts "a bad secret"
-      @stdin.rewind
-      @htauth.run([ @tf.path, "alice"])
-    rescue SystemExit => se
-      _(@stderr.string).must_match( /They don't match, sorry./m )
-      _(se.status).must_equal 1
-    end
-  end
-
-  it "has an error if the options are incorrect" do
-    begin
-      @htauth.run(["--blah"])
-    rescue SystemExit => se
-      _(@stderr.string).must_match( /ERROR:/m )
-      _(se.status).must_equal 1
-    end
-  end
-
-  it "errors if send to stdout and create a new file options are both used" do
-    begin
-      @htauth.run(["-c", "-n"])
-    rescue SystemExit => se
-      _(@stderr.string).must_match( /ERROR:/m )
-      _(se.status).must_equal 1
-    end
-  end
-
-  it "errors if multiple types of operations are attmpted to be used at once" do
-    begin
-      @htauth.run(["-n", "-D"])
-    rescue SystemExit => se
-      _(@stderr.string).must_match( /ERROR:/m )
-      _(se.status).must_equal 1
-    end
-
-    begin
-      @htauth.run(["--verify", "-D"])
-    rescue SystemExit => se
-      _(@stderr.string).must_match( /ERROR:/m )
-      _(se.status).must_equal 1
-    end
- 
-  end
-end

data/spec/crypt_spec.rb

@@ -1,11 +0,0 @@
-require 'spec_helper'
-
-describe HTAuth::Crypt do
-  it "encrypts the same way that apache does" do
-    apache_salt = "L0LDd/.."
-    apache_result = "L0ekWYm59LT1M"
-    crypt = HTAuth::Crypt.new({ :salt => apache_salt} )
-    _(crypt.encode("a secret")).must_equal apache_result
-  end
-end
-

data/spec/digest_entry_spec.rb

@@ -1,59 +0,0 @@
-require 'spec_helper'
-
-describe HTAuth::DigestEntry do
-  before(:each) do
-    @alice = HTAuth::DigestEntry.new("alice", "htauth")
-    @bob   = HTAuth::DigestEntry.new("bob", "htauth", "b secret")
-  end
-
-  it "initializes with a user and realm" do
-    _(@alice.user).must_equal "alice"
-    _(@alice.realm).must_equal "htauth"
-  end
-
-  it "has the correct digest for a password" do
-    @alice.password = "digit"
-    _(@alice.digest).must_equal "4ed9e5744c6747af8f292d28afd6372e"
-  end
-
-  it "returns username:realm for a key" do
-    _(@alice.key).must_equal "alice:htauth"
-  end
-
-  it "checks the password correctly" do
-    _(@bob.authenticated?("b secret")).must_equal true
-  end
-
-  it "formats correctly when put to a string" do
-    _(@bob.to_s).must_equal "bob:htauth:fcbeab6821d2ab3b00934c958db0fd1e"
-  end
-
-  it "parses an input line" do
-    @bob_new = HTAuth::DigestEntry.from_line("bob:htauth:fcbeab6821d2ab3b00934c958db0fd1e")
-    _(@bob.user).must_equal @bob_new.user
-    _(@bob.digest).must_equal @bob_new.digest
-    _(@bob.realm).must_equal @bob_new.realm
-  end
-
-  it "knows if an input line is a possible entry and raises an exception" do
-    _ { HTAuth::DigestEntry.is_entry!("#stuff") }.must_raise(HTAuth::InvalidDigestEntry)
-    _ { HTAuth::DigestEntry.is_entry!("this:that:other:stuff") }.must_raise(HTAuth::InvalidDigestEntry)
-    _ { HTAuth::DigestEntry.is_entry!("this:that:other") }.must_raise(HTAuth::InvalidDigestEntry)
-    _ { HTAuth::DigestEntry.is_entry!("this:that:0a90549e8ffb2dd62f98252a95d88xyz") }.must_raise(HTAuth::InvalidDigestEntry)
-  end
-
-  it "knows if an input line is a possible entry and returns false" do
-    _(HTAuth::DigestEntry.is_entry?("#stuff")).must_equal false
-    _(HTAuth::DigestEntry.is_entry?("this:that:other:stuff")).must_equal false 
-    _(HTAuth::DigestEntry.is_entry?("this:that:other")).must_equal false 
-    _(HTAuth::DigestEntry.is_entry?("this:that:0a90549e8ffb2dd62f98252a95d88xyz")).must_equal false
-  end
-
-  it "knows if an input line is a possible entry and returns true" do
-    _(HTAuth::DigestEntry.is_entry?("bob:htauth:0a90549e8ffb2dd62f98252a95d88697")).must_equal true
-  end
-
-  it "duplicates itself" do
-    _(@alice.dup.to_s).must_equal @alice.to_s
-  end
-end

data/spec/digest_file_spec.rb

@@ -1,64 +0,0 @@
-require 'spec_helper'
-require 'tempfile'
-
-describe HTAuth::DigestFile do
-
-  before(:each) do
-    @tf             = Tempfile.new("rpasswrd-digest")
-    @tf.write(IO.read(DIGEST_ORIGINAL_TEST_FILE))
-    @tf.close
-    @digest_file    = HTAuth::DigestFile.new(@tf.path)
-
-    @tf2                = Tempfile.new("rpasswrd-digest-empty")
-    @tf2.close
-    @empty_digest_file  = HTAuth::DigestFile.new(@tf2.path)
-  end
-
-  after(:each) do
-    @tf2.close(true)
-    @tf.close(true)
-  end
-
-  it "can add a new entry to an already existing digest file" do
-    @digest_file.add_or_update("charlie", "htauth-new", "c secret")
-    _(@digest_file.contents).must_equal IO.read(DIGEST_ADD_TEST_FILE)
-  end
-
-  it "can tell if an entry already exists in the digest file" do
-    _(@digest_file.has_entry?("alice", "htauth")).must_equal true
-    _(@digest_file.has_entry?("alice", "some other realm")).must_equal false
-  end
-
-  it "can update an entry in an already existing digest file" do
-    @digest_file.add_or_update("alice", "htauth", "a new secret")
-    _(@digest_file.contents).must_equal IO.read(DIGEST_UPDATE_TEST_FILE)
-  end
-
-  it "fetches a copy of an entry" do
-    _(@digest_file.fetch("alice", "htauth").to_s).must_equal "alice:htauth:2f361db93147d84831eb34f19d05bfbb"
-  end
-
-  it "raises an error if an attempt is made to alter a non-existenet file" do
-    _ { HTAuth::DigestFile.new("some-file") }.must_raise(HTAuth::FileAccessError)
-  end
-
-  # this test will only work on systems that have /etc/ssh_host_rsa_key 
-  it "raises an error if an attempt is made to open a file where no permissions are granted" do
-    _ { HTAuth::DigestFile.new("/etc/ssh_host_rsa_key") }.must_raise(HTAuth::FileAccessError)
-  end
-
-  it "deletes an entry" do
-    @digest_file.delete("alice", "htauth")
-    _(@digest_file.contents).must_equal IO.read(DIGEST_DELETE_TEST_FILE)
-  end
-
-  it "is usable in a ruby manner and yeilds itself when opened" do
-    HTAuth::DigestFile.open(@tf.path) do |pf|
-      pf.add_or_update("alice", "htauth", "a secret")
-      pf.delete('bob', 'htauth')
-    end
-    lines = IO.readlines(@tf.path)
-    _(lines.size).must_equal 1
-    _(lines.first.strip).must_equal "alice:htauth:2f361db93147d84831eb34f19d05bfbb"
-  end
-end

data/spec/md5_spec.rb

@@ -1,11 +0,0 @@
-require 'spec_helper'
-
-describe HTAuth::Md5 do
-  it "encrypts the same way that apache does" do
-    apache_salt = "L0LDd/.."
-    apache_result = "$apr1$L0LDd/..$yhUzDjpxam5F1kWdtwMco1"
-    md5 = HTAuth::Md5.new({ 'salt' => apache_salt })
-    _(md5.encode("a secret")).must_equal apache_result
-  end
-end
-

data/spec/passwd_entry_spec.rb

@@ -1,172 +0,0 @@
-require 'spec_helper'
-
-describe HTAuth::PasswdEntry do
-  before(:each) do
-    @alice = HTAuth::PasswdEntry.new("alice", "a secret", "crypt", { :salt => "mD" })
-    @bob   = HTAuth::PasswdEntry.new("bob", "b secret", "crypt", { :salt => "b8"})
-    @salt  = "lo1tk/.."
-  end
-
-  it "initializes with a user and realm" do
-    _(@alice.user).must_equal "alice"
-  end
-
-  it "has the correct crypt password" do
-    @alice.password = "a secret"
-    _(@alice.digest).must_equal "mDwdZuXalQ5zk"
-  end
-
-  it "encrypts correctly for md5" do
-    bob = HTAuth::PasswdEntry.new("bob", "b secret", "md5", { :salt => @salt })
-    _(bob.digest).must_equal "$apr1$lo1tk/..$CarApvZPee0F6Wj1U0GxZ1"
-  end
-
-  it "encrypts correctly for sha1" do
-    bob = HTAuth::PasswdEntry.new("bob", "b secret", "sha1", { :salt => @salt })
-    _(bob.digest).must_equal "{SHA}b/tjGXbX80MEKVnF200S43ca4hY="
-  end
-
-  it "encrypts correctly for plaintext" do
-    bob = HTAuth::PasswdEntry.new("bob", "b secret", "plaintext", { :salt => @salt })
-    _(bob.digest).must_equal "b secret"
-  end
-
-  it "encypts correctly for argon2" do
-    # Don't do this in real life, do not pass in a salt, let the algorithm generate it internally
-    salt = ";L\xCDMRO\v\x13;\x012\x9B'\xEE\\i"
-    agatha = HTAuth::PasswdEntry.new("agatha","ag secret", "argon2", {salt_do_not_supply: salt} )
-    expected = "$argon2id$v=19$m=65536,t=3,p=4$O0zNTVJPCxM7ATKbJ+5caQ$e7wIsl7AY+uIbN+1StYOKkVCJhOrvX7BxAlQ+sPC+Nc"
-    _(agatha.digest).must_equal expected
-  end
-
-  it "encrypts with crypt as a default, when parsed from crypt()'d line" do
-    bob2 = HTAuth::PasswdEntry.from_line(@bob.to_s)
-    _(bob2.algorithm).must_be_instance_of(HTAuth::Crypt)
-    bob2.password = "another secret"
-    _(bob2.algorithm).must_be_instance_of(HTAuth::Crypt)
-  end
-
-  it "encrypts with crypt as a default, when parsed from plaintext line" do
-    p = HTAuth::PasswdEntry.new('paul', 'p secret', 'plaintext')
-    p2 = HTAuth::PasswdEntry.from_line(p.to_s)
-    _(p2.algorithm).must_be_instance_of(HTAuth::Plaintext)
-    p2.password = "another secret"
-    _(p2.algorithm).must_be_instance_of(HTAuth::Crypt)
-  end
-
-  it "encrypts with md5 as default, when parsed from an md5 line" do
-    m = HTAuth::PasswdEntry.new("mary", "m secret", "md5") 
-    m2 = HTAuth::PasswdEntry.from_line(m.to_s)
-    _(m2.algorithm).must_be_instance_of(HTAuth::Md5)
-  end
-
-  it "encrypts with sha1 as default, when parsed from an sha1 line" do
-    s = HTAuth::PasswdEntry.new("steve", "s secret", "sha1") 
-    s2 = HTAuth::PasswdEntry.from_line(s.to_s)
-    _(s2.algorithm).must_be_instance_of(HTAuth::Sha1)
-  end
-
-  it "encrypts with bcrypt as default when parsed from a bcrypt line" do
-    b = HTAuth::PasswdEntry.new("brenda", "b secret", "bcrypt")
-    b2 = HTAuth::PasswdEntry.from_line(b.to_s)
-    _(b2.algorithm).must_be_instance_of(HTAuth::Bcrypt)
-  end
-
-  it "determins the algorithm to be crypt when checking a password" do
-    bob2 = HTAuth::PasswdEntry.from_line(@bob.to_s)
-    _(bob2.algorithm).must_be_instance_of(HTAuth::Crypt)
-    _(bob2.authenticated?("b secret")).must_equal true
-    _(bob2.algorithm).must_be_instance_of(HTAuth::Crypt)
-  end
-
-  it "determins the algorithm to be plain when checking a password" do
-    bob2 = HTAuth::PasswdEntry.from_line("bob:b secret")
-    _(bob2.algorithm).must_be_instance_of(HTAuth::Plaintext)
-    _(bob2.authenticated?("b secret")).must_equal true
-    _(bob2.algorithm).must_be_instance_of(HTAuth::Plaintext)
-  end
-
-  it "authenticates correctly against md5" do
-    m = HTAuth::PasswdEntry.new("mary", "m secret", "md5") 
-    m2 = HTAuth::PasswdEntry.from_line(m.to_s)
-    _(m2.authenticated?("m secret")).must_equal true
-  end
-
-  it "authenticates correctly against sha1" do
-    s = HTAuth::PasswdEntry.new("steve", "s secret", "sha1") 
-    s2 = HTAuth::PasswdEntry.from_line(s.to_s)
-    _(s2.authenticated?("s secret")).must_equal true
-  end
-
-  it "authenticates correctly against bcrypt" do
-    s = HTAuth::PasswdEntry.new("brenda", "b secret", "bcrypt")
-    s2 = HTAuth::PasswdEntry.from_line(s.to_s)
-    _(s2.authenticated?("b secret")).must_equal true
-  end
-
-  it "authenticates correctly against argon2" do
-    s = HTAuth::PasswdEntry.new("agatha", "ag secret", "argon2")
-    s2 = HTAuth::PasswdEntry.from_line(s.to_s)
-    _(s2.authenticated?("ag secret")).must_equal true
-  end
-
-  it "can update the cost of an entry after initialization before encoding password" do
-    s = HTAuth::PasswdEntry.new("brenda", "b secret", "bcrypt")
-    _(s.algorithm.cost).must_equal(::HTAuth::Bcrypt::DEFAULT_APACHE_COST)
-
-    s2 = HTAuth::PasswdEntry.from_line(s.to_s)
-    s2.algorithm_args = { :cost => 12 }
-    s2.password = "b secret" # forces recalculation
-
-    _(s2.algorithm.cost).must_equal(12)
-  end
-
-  it "raises an error if assigning an invalid algorithm" do
-    b = HTAuth::PasswdEntry.new("brenda", "b secret", "bcrypt")
-    _ { b.algorithm = 42 }.must_raise(HTAuth::InvalidAlgorithmError)
-  end
-
-  it "returns username for a key" do
-    _(@alice.key).must_equal "alice"
-  end
-
-  it "checks the password correctly" do
-    _(@bob.authenticated?("b secret")).must_equal true
-  end
-
-  it "formats correctly when put to a string" do
-    _(@bob.to_s).must_equal "bob:b8Ml4Jp9I0N8E"
-  end
-
-  it "parses an input line" do
-    @bob_new = HTAuth::PasswdEntry.from_line("bob:b8Ml4Jp9I0N8E")
-    _(@bob.user).must_equal @bob_new.user
-    _(@bob.digest).must_equal @bob_new.digest
-  end
-
-  it "knows if an input line is a possible entry and raises an exception" do
-    _ { HTAuth::PasswdEntry.is_entry!("#stuff") }.must_raise(HTAuth::InvalidPasswdEntry)
-    _ { HTAuth::PasswdEntry.is_entry!("this:that:other:stuff") }.must_raise(HTAuth::InvalidPasswdEntry)
-    _ { HTAuth::PasswdEntry.is_entry!("this:that:other") }.must_raise(HTAuth::InvalidPasswdEntry)
-    _ { HTAuth::PasswdEntry.is_entry!("this:that:0a90549e8ffb2dd62f98252a95d88xyz") }.must_raise(HTAuth::InvalidPasswdEntry)
-  end
-
-  it "knows if an input line is a possible entry and returns false" do
-    _(HTAuth::PasswdEntry.is_entry?("#stuff")).must_equal false
-    _(HTAuth::PasswdEntry.is_entry?("this:that:other:stuff")).must_equal false 
-    _(HTAuth::PasswdEntry.is_entry?("this:that:other")).must_equal false 
-    _(HTAuth::PasswdEntry.is_entry?("this:that:0a90549e8ffb2dd62f98252a95d88xyz")).must_equal false
-  end
-
-  it "knows if an input line is a possible entry and returns true" do
-    _(HTAuth::PasswdEntry.is_entry?("bob:irRm0g.SDfCyI")).must_equal true
-    _(HTAuth::PasswdEntry.is_entry?("bob:b secreat")).must_equal true
-    _(HTAuth::PasswdEntry.is_entry?("bob:{SHA}b/tjGXbX80MEKVnF200S43ca4hY=")).must_equal true
-    _(HTAuth::PasswdEntry.is_entry?("bob:$apr1$lo1tk/..$CarApvZPee0F6Wj1U0GxZ1")).must_equal true
-    _(HTAuth::PasswdEntry.is_entry?("bob:$2y$05$ts3k1r.t0Cne6j6DLt0/SepT5X4qthDFEdfqHBBMO5MhqzyMz34j2")).must_equal true
-  end
-
-  it "duplicates itself" do
-    _(@alice.dup.to_s).must_equal @alice.to_s
-  end
-end