From 2b25522a5e6e57c7ea31a2f7e4db043a1db8fdca Mon Sep 17 00:00:00 2001 From: FloatingGhost Date: Fri, 30 Dec 2022 02:19:44 +0000 Subject: [PATCH] Fix tests for argon2 --- lib/mix/tasks/pleroma/config.ex | 16 +++---- lib/pleroma/password.ex | 4 +- lib/pleroma/web/auth/pleroma_authenticator.ex | 5 +-- lib/pleroma/web/auth/totp_authenticator.ex | 3 +- lib/pleroma/web/common_api/utils.ex | 3 +- .../web/mongoose_im/mongoose_im_controller.ex | 3 +- lib/pleroma/web/plugs/authentication_plug.ex | 42 +++---------------- test/pleroma/mfa_test.exs | 4 +- test/pleroma/web/auth/basic_auth_test.exs | 2 +- .../web/auth/pleroma_authenticator_test.exs | 4 +- .../web/auth/totp_authenticator_test.exs | 2 +- .../web/mongoose_im_controller_test.exs | 4 +- .../web/o_auth/ldap_authorization_test.exs | 4 +- .../web/o_auth/mfa_controller_test.exs | 4 +- .../web/o_auth/o_auth_controller_test.exs | 18 ++++---- .../web/plugs/authentication_plug_test.exs | 6 ++- .../twitter_api/password_controller_test.exs | 2 +- .../web/twitter_api/util_controller_test.exs | 2 +- test/support/builders/user_builder.ex | 2 +- test/support/factory.ex | 6 ++- 20 files changed, 55 insertions(+), 81 deletions(-) diff --git a/lib/mix/tasks/pleroma/config.ex b/lib/mix/tasks/pleroma/config.ex index dfde6520d..8661d8d7c 100644 --- a/lib/mix/tasks/pleroma/config.ex +++ b/lib/mix/tasks/pleroma/config.ex @@ -87,13 +87,15 @@ defmodule Mix.Tasks.Pleroma.Config do key = maybe_atomize(key) config = ConfigDB.get_by_group_and_key(group, key) - json = %{ - group: ConfigDB.to_json_types(config.group), - key: ConfigDB.to_json_types(config.key), - value: ConfigDB.to_json_types(config.value), - } - |> Jason.encode!() - |> Jason.Formatter.pretty_print() + + json = + %{ + group: ConfigDB.to_json_types(config.group), + key: ConfigDB.to_json_types(config.key), + value: ConfigDB.to_json_types(config.value) + } + |> Jason.encode!() + |> Jason.Formatter.pretty_print() File.write(fname, json) shell_info("Wrote #{group}_#{key}.json") diff --git a/lib/pleroma/password.ex b/lib/pleroma/password.ex index 4bf817bee..2ce07bd9b 100644 --- a/lib/pleroma/password.ex +++ b/lib/pleroma/password.ex @@ -7,10 +7,12 @@ defmodule Pleroma.Password do alias Pleroma.User alias Pleroma.Password.Pbkdf2 + require Logger @hashing_module Argon2 - defdelegate hash_pwd_salt, to: @hashing_module + @spec hash_pwd_salt(String.t()) :: String.t() + defdelegate hash_pwd_salt(pass), to: @hashing_module @spec checkpw(String.t(), String.t()) :: boolean() def checkpw(password, "$2" <> _ = password_hash) do diff --git a/lib/pleroma/web/auth/pleroma_authenticator.ex b/lib/pleroma/web/auth/pleroma_authenticator.ex index bb377d686..01b54037c 100644 --- a/lib/pleroma/web/auth/pleroma_authenticator.ex +++ b/lib/pleroma/web/auth/pleroma_authenticator.ex @@ -6,7 +6,6 @@ defmodule Pleroma.Web.Auth.PleromaAuthenticator do alias Pleroma.Registration alias Pleroma.Repo alias Pleroma.User - alias Pleroma.Web.Plugs.AuthenticationPlug import Pleroma.Web.Auth.Helpers, only: [fetch_credentials: 1, fetch_user: 1] @@ -15,8 +14,8 @@ defmodule Pleroma.Web.Auth.PleromaAuthenticator do def get_user(%Plug.Conn{} = conn) do with {:ok, {name, password}} <- fetch_credentials(conn), {_, %User{} = user} <- {:user, fetch_user(name)}, - {_, true} <- {:checkpw, AuthenticationPlug.checkpw(password, user.password_hash)}, - {:ok, user} <- AuthenticationPlug.maybe_update_password(user, password) do + {_, true} <- {:checkpw, Pleroma.Password.checkpw(password, user.password_hash)}, + {:ok, user} <- Pleroma.Password.maybe_update_password(user, password) do {:ok, user} else {:error, _reason} = error -> error diff --git a/lib/pleroma/web/auth/totp_authenticator.ex b/lib/pleroma/web/auth/totp_authenticator.ex index 5947cd8c9..e6f839e6e 100644 --- a/lib/pleroma/web/auth/totp_authenticator.ex +++ b/lib/pleroma/web/auth/totp_authenticator.ex @@ -6,7 +6,6 @@ defmodule Pleroma.Web.Auth.TOTPAuthenticator do alias Pleroma.MFA alias Pleroma.MFA.TOTP alias Pleroma.User - alias Pleroma.Web.Plugs.AuthenticationPlug @doc "Verify code or check backup code." @spec verify(String.t(), User.t()) :: @@ -31,7 +30,7 @@ defmodule Pleroma.Web.Auth.TOTPAuthenticator do code ) when is_list(codes) and is_binary(code) do - hash_code = Enum.find(codes, fn hash -> AuthenticationPlug.checkpw(code, hash) end) + hash_code = Enum.find(codes, fn hash -> Pleroma.Password.checkpw(code, hash) end) if hash_code do MFA.invalidate_backup_code(user, hash_code) diff --git a/lib/pleroma/web/common_api/utils.ex b/lib/pleroma/web/common_api/utils.ex index bf03b0a82..22594be46 100644 --- a/lib/pleroma/web/common_api/utils.ex +++ b/lib/pleroma/web/common_api/utils.ex @@ -17,7 +17,6 @@ defmodule Pleroma.Web.CommonAPI.Utils do alias Pleroma.Web.ActivityPub.Visibility alias Pleroma.Web.CommonAPI.ActivityDraft alias Pleroma.Web.MediaProxy - alias Pleroma.Web.Plugs.AuthenticationPlug alias Pleroma.Web.Utils.Params require Logger @@ -356,7 +355,7 @@ defmodule Pleroma.Web.CommonAPI.Utils do @spec confirm_current_password(User.t(), String.t()) :: {:ok, User.t()} | {:error, String.t()} def confirm_current_password(user, password) do with %User{local: true} = db_user <- User.get_cached_by_id(user.id), - true <- AuthenticationPlug.checkpw(password, db_user.password_hash) do + true <- Pleroma.Password.checkpw(password, db_user.password_hash) do {:ok, db_user} else _ -> {:error, dgettext("errors", "Invalid password.")} diff --git a/lib/pleroma/web/mongoose_im/mongoose_im_controller.ex b/lib/pleroma/web/mongoose_im/mongoose_im_controller.ex index 6ace3e0b5..85b75190b 100644 --- a/lib/pleroma/web/mongoose_im/mongoose_im_controller.ex +++ b/lib/pleroma/web/mongoose_im/mongoose_im_controller.ex @@ -7,7 +7,6 @@ defmodule Pleroma.Web.MongooseIM.MongooseIMController do alias Pleroma.Repo alias Pleroma.User - alias Pleroma.Web.Plugs.AuthenticationPlug alias Pleroma.Web.Plugs.RateLimiter plug(RateLimiter, [name: :authentication] when action in [:user_exists, :check_password]) @@ -28,7 +27,7 @@ defmodule Pleroma.Web.MongooseIM.MongooseIMController do def check_password(conn, %{"user" => username, "pass" => password}) do with %User{password_hash: password_hash, is_active: true} <- Repo.get_by(User, nickname: username, local: true), - true <- AuthenticationPlug.checkpw(password, password_hash) do + true <- Pleroma.Password.checkpw(password, password_hash) do conn |> json(true) else diff --git a/lib/pleroma/web/plugs/authentication_plug.ex b/lib/pleroma/web/plugs/authentication_plug.ex index 9e29859a7..894a1067e 100644 --- a/lib/pleroma/web/plugs/authentication_plug.ex +++ b/lib/pleroma/web/plugs/authentication_plug.ex @@ -7,6 +7,7 @@ defmodule Pleroma.Web.Plugs.AuthenticationPlug do alias Pleroma.Helpers.AuthHelper alias Pleroma.User + alias Pleroma.Password import Plug.Conn @@ -25,8 +26,8 @@ defmodule Pleroma.Web.Plugs.AuthenticationPlug do } = conn, _ ) do - if checkpw(password, password_hash) do - {:ok, auth_user} = maybe_update_password(auth_user, password) + if Password.checkpw(password, password_hash) do + {:ok, auth_user} = Password.maybe_update_password(auth_user, password) conn |> assign(:user, auth_user) @@ -38,39 +39,6 @@ defmodule Pleroma.Web.Plugs.AuthenticationPlug do def call(conn, _), do: conn - def checkpw(password, "$2" <> _ = password_hash) do - # Handle bcrypt passwords for Mastodon migration - Bcrypt.verify_pass(password, password_hash) - end - - def checkpw(password, "$pbkdf2" <> _ = password_hash) do - Pleroma.Password.Pbkdf2.verify_pass(password, password_hash) - end - - def checkpw(password, "$argon2" <> _ = password_hash) do - Argon2.verify_pass(password, password_hash) - end - - def checkpw(_password, _password_hash) do - Logger.error("Password hash not recognized") - false - end - - def maybe_update_password(%User{password_hash: "$2" <> _} = user, password) do - do_update_password(user, password) - end - - def maybe_update_password(%User{password_hash: "$6" <> _} = user, password) do - do_update_password(user, password) - end - - def maybe_update_password(%User{password_hash: "$pbkdf2" <> _} = user, password) do - do_update_password(user, password) - end - - def maybe_update_password(user, _), do: {:ok, user} - - defp do_update_password(user, password) do - User.reset_password(user, %{password: password, password_confirmation: password}) - end + @spec checkpw(String.t(), String.t()) :: boolean + defdelegate checkpw(password, hash), to: Password end diff --git a/test/pleroma/mfa_test.exs b/test/pleroma/mfa_test.exs index 76ba1a99d..66660d97e 100644 --- a/test/pleroma/mfa_test.exs +++ b/test/pleroma/mfa_test.exs @@ -30,8 +30,8 @@ defmodule Pleroma.MFATest do {:ok, [code1, code2]} = MFA.generate_backup_codes(user) updated_user = refresh_record(user) [hash1, hash2] = updated_user.multi_factor_authentication_settings.backup_codes - assert Pleroma.Password.Pbkdf2.verify_pass(code1, hash1) - assert Pleroma.Password.Pbkdf2.verify_pass(code2, hash2) + assert Pleroma.Password.checkpw(code1, hash1) + assert Pleroma.Password.checkpw(code2, hash2) end end diff --git a/test/pleroma/web/auth/basic_auth_test.exs b/test/pleroma/web/auth/basic_auth_test.exs index 2816aae4c..a357ba4a5 100644 --- a/test/pleroma/web/auth/basic_auth_test.exs +++ b/test/pleroma/web/auth/basic_auth_test.exs @@ -11,7 +11,7 @@ defmodule Pleroma.Web.Auth.BasicAuthTest do conn: conn } do user = insert(:user) - assert Pleroma.Password.Pbkdf2.verify_pass("test", user.password_hash) + assert Pleroma.Password.checkpw("test", user.password_hash) basic_auth_contents = (URI.encode_www_form(user.nickname) <> ":" <> URI.encode_www_form("test")) diff --git a/test/pleroma/web/auth/pleroma_authenticator_test.exs b/test/pleroma/web/auth/pleroma_authenticator_test.exs index b1397c523..fb3c47417 100644 --- a/test/pleroma/web/auth/pleroma_authenticator_test.exs +++ b/test/pleroma/web/auth/pleroma_authenticator_test.exs @@ -15,7 +15,7 @@ defmodule Pleroma.Web.Auth.PleromaAuthenticatorTest do user = insert(:user, nickname: name, - password_hash: Pleroma.Password.Pbkdf2.hash_pwd_salt(password) + password_hash: Pleroma.Password.hash_pwd_salt(password) ) {:ok, [user: user, name: name, password: password]} @@ -30,7 +30,7 @@ defmodule Pleroma.Web.Auth.PleromaAuthenticatorTest do assert {:ok, returned_user} = res assert returned_user.id == user.id - assert "$pbkdf2" <> _ = returned_user.password_hash + assert "$argon2" <> _ = returned_user.password_hash end test "get_user/authorization with invalid password", %{name: name} do diff --git a/test/pleroma/web/auth/totp_authenticator_test.exs b/test/pleroma/web/auth/totp_authenticator_test.exs index ac4209f2d..6d2646b61 100644 --- a/test/pleroma/web/auth/totp_authenticator_test.exs +++ b/test/pleroma/web/auth/totp_authenticator_test.exs @@ -34,7 +34,7 @@ defmodule Pleroma.Web.Auth.TOTPAuthenticatorTest do hashed_codes = backup_codes - |> Enum.map(&Pleroma.Password.Pbkdf2.hash_pwd_salt(&1)) + |> Enum.map(&Pleroma.Password.hash_pwd_salt(&1)) user = insert(:user, diff --git a/test/pleroma/web/mongoose_im_controller_test.exs b/test/pleroma/web/mongoose_im_controller_test.exs index 43c4dfa33..73473ccf5 100644 --- a/test/pleroma/web/mongoose_im_controller_test.exs +++ b/test/pleroma/web/mongoose_im_controller_test.exs @@ -41,13 +41,13 @@ defmodule Pleroma.Web.MongooseIMControllerTest do end test "/check_password", %{conn: conn} do - user = insert(:user, password_hash: Pleroma.Password.Pbkdf2.hash_pwd_salt("cool")) + user = insert(:user, password_hash: Pleroma.Password.hash_pwd_salt("cool")) _deactivated_user = insert(:user, nickname: "konata", is_active: false, - password_hash: Pleroma.Password.Pbkdf2.hash_pwd_salt("cool") + password_hash: Pleroma.Password.hash_pwd_salt("cool") ) res = diff --git a/test/pleroma/web/o_auth/ldap_authorization_test.exs b/test/pleroma/web/o_auth/ldap_authorization_test.exs index c8a1d65ab..502ee0918 100644 --- a/test/pleroma/web/o_auth/ldap_authorization_test.exs +++ b/test/pleroma/web/o_auth/ldap_authorization_test.exs @@ -18,7 +18,7 @@ defmodule Pleroma.Web.OAuth.LDAPAuthorizationTest do @tag @skip test "authorizes the existing user using LDAP credentials" do password = "testpassword" - user = insert(:user, password_hash: Pleroma.Password.Pbkdf2.hash_pwd_salt(password)) + user = insert(:user, password_hash: Pleroma.Password.hash_pwd_salt(password)) app = insert(:oauth_app, scopes: ["read", "write"]) host = Pleroma.Config.get([:ldap, :host]) |> to_charlist @@ -101,7 +101,7 @@ defmodule Pleroma.Web.OAuth.LDAPAuthorizationTest do @tag @skip test "disallow authorization for wrong LDAP credentials" do password = "testpassword" - user = insert(:user, password_hash: Pleroma.Password.Pbkdf2.hash_pwd_salt(password)) + user = insert(:user, password_hash: Pleroma.Password.hash_pwd_salt(password)) app = insert(:oauth_app, scopes: ["read", "write"]) host = Pleroma.Config.get([:ldap, :host]) |> to_charlist diff --git a/test/pleroma/web/o_auth/mfa_controller_test.exs b/test/pleroma/web/o_auth/mfa_controller_test.exs index 17bbde85b..dacf03b2b 100644 --- a/test/pleroma/web/o_auth/mfa_controller_test.exs +++ b/test/pleroma/web/o_auth/mfa_controller_test.exs @@ -20,7 +20,7 @@ defmodule Pleroma.Web.OAuth.MFAControllerTest do insert(:user, multi_factor_authentication_settings: %MFA.Settings{ enabled: true, - backup_codes: [Pleroma.Password.Pbkdf2.hash_pwd_salt("test-code")], + backup_codes: [Pleroma.Password.hash_pwd_salt("test-code")], totp: %MFA.Settings.TOTP{secret: otp_secret, confirmed: true} } ) @@ -246,7 +246,7 @@ defmodule Pleroma.Web.OAuth.MFAControllerTest do hashed_codes = backup_codes - |> Enum.map(&Pleroma.Password.Pbkdf2.hash_pwd_salt(&1)) + |> Enum.map(&Pleroma.Password.hash_pwd_salt(&1)) user = insert(:user, diff --git a/test/pleroma/web/o_auth/o_auth_controller_test.exs b/test/pleroma/web/o_auth/o_auth_controller_test.exs index 7240624ef..303bc2cf2 100644 --- a/test/pleroma/web/o_auth/o_auth_controller_test.exs +++ b/test/pleroma/web/o_auth/o_auth_controller_test.exs @@ -316,7 +316,7 @@ defmodule Pleroma.Web.OAuth.OAuthControllerTest do app: app, conn: conn } do - user = insert(:user, password_hash: Pleroma.Password.Pbkdf2.hash_pwd_salt("testpassword")) + user = insert(:user, password_hash: Pleroma.Password.hash_pwd_salt("testpassword")) registration = insert(:registration, user: nil) redirect_uri = OAuthController.default_redirect_uri(app) @@ -347,7 +347,7 @@ defmodule Pleroma.Web.OAuth.OAuthControllerTest do app: app, conn: conn } do - user = insert(:user, password_hash: Pleroma.Password.Pbkdf2.hash_pwd_salt("testpassword")) + user = insert(:user, password_hash: Pleroma.Password.hash_pwd_salt("testpassword")) registration = insert(:registration, user: nil) unlisted_redirect_uri = "http://cross-site-request.com" @@ -917,7 +917,7 @@ defmodule Pleroma.Web.OAuth.OAuthControllerTest do test "issues a token for `password` grant_type with valid credentials, with full permissions by default" do password = "testpassword" - user = insert(:user, password_hash: Pleroma.Password.Pbkdf2.hash_pwd_salt(password)) + user = insert(:user, password_hash: Pleroma.Password.hash_pwd_salt(password)) app = insert(:oauth_app, scopes: ["read", "write"]) @@ -947,7 +947,7 @@ defmodule Pleroma.Web.OAuth.OAuthControllerTest do user = insert(:user, - password_hash: Pleroma.Password.Pbkdf2.hash_pwd_salt(password), + password_hash: Pleroma.Password.hash_pwd_salt(password), multi_factor_authentication_settings: %MFA.Settings{ enabled: true, totp: %MFA.Settings.TOTP{secret: otp_secret, confirmed: true} @@ -1056,7 +1056,7 @@ defmodule Pleroma.Web.OAuth.OAuthControllerTest do password = "testpassword" {:ok, user} = - insert(:user, password_hash: Pleroma.Password.Pbkdf2.hash_pwd_salt(password)) + insert(:user, password_hash: Pleroma.Password.hash_pwd_salt(password)) |> User.confirmation_changeset(set_confirmation: false) |> User.update_and_set_cache() @@ -1084,7 +1084,7 @@ defmodule Pleroma.Web.OAuth.OAuthControllerTest do user = insert(:user, - password_hash: Pleroma.Password.Pbkdf2.hash_pwd_salt(password), + password_hash: Pleroma.Password.hash_pwd_salt(password), is_active: false ) @@ -1112,7 +1112,7 @@ defmodule Pleroma.Web.OAuth.OAuthControllerTest do user = insert(:user, - password_hash: Pleroma.Password.Pbkdf2.hash_pwd_salt(password), + password_hash: Pleroma.Password.hash_pwd_salt(password), password_reset_pending: true ) @@ -1141,7 +1141,7 @@ defmodule Pleroma.Web.OAuth.OAuthControllerTest do user = insert(:user, - password_hash: Pleroma.Password.Pbkdf2.hash_pwd_salt(password), + password_hash: Pleroma.Password.hash_pwd_salt(password), is_confirmed: false ) @@ -1169,7 +1169,7 @@ defmodule Pleroma.Web.OAuth.OAuthControllerTest do user = insert(:user, - password_hash: Pleroma.Password.Pbkdf2.hash_pwd_salt(password), + password_hash: Pleroma.Password.hash_pwd_salt(password), is_approved: false ) diff --git a/test/pleroma/web/plugs/authentication_plug_test.exs b/test/pleroma/web/plugs/authentication_plug_test.exs index 911208ec7..1fbc17a92 100644 --- a/test/pleroma/web/plugs/authentication_plug_test.exs +++ b/test/pleroma/web/plugs/authentication_plug_test.exs @@ -17,7 +17,7 @@ defmodule Pleroma.Web.Plugs.AuthenticationPlugTest do user = %User{ id: 1, name: "dude", - password_hash: Pleroma.Password.Pbkdf2.hash_pwd_salt("guy") + password_hash: Pleroma.Password.hash_pwd_salt("guy") } conn = @@ -105,7 +105,9 @@ defmodule Pleroma.Web.Plugs.AuthenticationPlugTest do end test "check argon2 hash" do - hash = "$argon2id$v=19$m=65536,t=8,p=2$zEMMsTuK5KkL5AFWbX7jyQ$VyaQD7PF6e9btz0oH1YiAkWwIGZ7WNDZP8l+a/O171g" + hash = + "$argon2id$v=19$m=65536,t=8,p=2$zEMMsTuK5KkL5AFWbX7jyQ$VyaQD7PF6e9btz0oH1YiAkWwIGZ7WNDZP8l+a/O171g" + assert AuthenticationPlug.checkpw("password", hash) refute AuthenticationPlug.checkpw("password1", hash) end diff --git a/test/pleroma/web/twitter_api/password_controller_test.exs b/test/pleroma/web/twitter_api/password_controller_test.exs index 05c3561bf..4ff792dc8 100644 --- a/test/pleroma/web/twitter_api/password_controller_test.exs +++ b/test/pleroma/web/twitter_api/password_controller_test.exs @@ -96,7 +96,7 @@ defmodule Pleroma.Web.TwitterAPI.PasswordControllerTest do assert response =~ "

Password changed!

" user = refresh_record(user) - assert Pleroma.Password.Pbkdf2.verify_pass("test", user.password_hash) + assert Pleroma.Password.checkpw("test", user.password_hash) assert Enum.empty?(Token.get_user_tokens(user)) end diff --git a/test/pleroma/web/twitter_api/util_controller_test.exs b/test/pleroma/web/twitter_api/util_controller_test.exs index 3f839568d..51f216bf1 100644 --- a/test/pleroma/web/twitter_api/util_controller_test.exs +++ b/test/pleroma/web/twitter_api/util_controller_test.exs @@ -553,7 +553,7 @@ defmodule Pleroma.Web.TwitterAPI.UtilControllerTest do assert json_response_and_validate_schema(conn, 200) == %{"status" => "success"} fetched_user = User.get_cached_by_id(user.id) - assert Pleroma.Password.Pbkdf2.verify_pass("newpass", fetched_user.password_hash) == true + assert Pleroma.Password.checkpw("newpass", fetched_user.password_hash) == true end end diff --git a/test/support/builders/user_builder.ex b/test/support/builders/user_builder.ex index 6bccbb35a..27470498d 100644 --- a/test/support/builders/user_builder.ex +++ b/test/support/builders/user_builder.ex @@ -7,7 +7,7 @@ defmodule Pleroma.Builders.UserBuilder do email: "test@example.org", name: "Test Name", nickname: "testname", - password_hash: Pleroma.Password.Pbkdf2.hash_pwd_salt("test"), + password_hash: Pleroma.Password.hash_pwd_salt("test"), bio: "A tester.", ap_id: "some id", last_digest_emailed_at: NaiveDateTime.truncate(NaiveDateTime.utc_now(), :second), diff --git a/test/support/factory.ex b/test/support/factory.ex index 411295462..42c940c52 100644 --- a/test/support/factory.ex +++ b/test/support/factory.ex @@ -47,12 +47,16 @@ defmodule Pleroma.Factory do def user_factory(attrs \\ %{}) do pem = Enum.random(@rsa_keys) + # Argon2.hash_pwd_salt("test") + # it really eats CPU time, so we use a precomputed hash + password_hash = + "$argon2id$v=19$m=65536,t=8,p=2$FEAarFuiOsROO24NHIHMYw$oxdaz2fTPpuU+dYCl60FsqE65T1Tjy6lGikKfmql4xo" user = %User{ name: sequence(:name, &"Test ใƒ†ใ‚นใƒˆ User #{&1}"), email: sequence(:email, &"user#{&1}@example.com"), nickname: sequence(:nickname, &"nick#{&1}"), - password_hash: Argon2.hash_pwd_salt("test"), + password_hash: password_hash, bio: sequence(:bio, &"Tester Number #{&1}"), is_discoverable: true, last_digest_emailed_at: NaiveDateTime.utc_now(),