2021-12-25 02:16:58 +01:00
|
|
|
package auth
|
|
|
|
|
|
|
|
import (
|
|
|
|
"testing"
|
|
|
|
)
|
|
|
|
|
2022-07-28 01:45:09 +02:00
|
|
|
func TestAuthNewAuthToken(t *testing.T) {
|
2022-06-08 01:30:18 +02:00
|
|
|
auth := Auth{}
|
2022-07-28 01:45:09 +02:00
|
|
|
authToken, err := auth.NewAuthToken(234, "dId", "my-scope")
|
2022-06-08 01:30:18 +02:00
|
|
|
|
|
|
|
if err != nil {
|
|
|
|
t.Fatalf("Error creating new token")
|
|
|
|
}
|
2021-12-25 02:16:58 +01:00
|
|
|
|
2022-06-08 01:30:18 +02:00
|
|
|
if authToken.UserId != 234 ||
|
|
|
|
authToken.DeviceId != "dId" ||
|
|
|
|
authToken.Scope != "my-scope" {
|
|
|
|
t.Fatalf("authToken fields don't match expected values")
|
|
|
|
}
|
|
|
|
|
2022-07-28 01:45:09 +02:00
|
|
|
// result.Token is in hex, TokenLength is bytes in the original
|
|
|
|
expectedTokenLength := TokenLength * 2
|
2022-06-08 01:30:18 +02:00
|
|
|
if len(authToken.Token) != expectedTokenLength {
|
2022-07-29 15:14:25 +02:00
|
|
|
t.Fatalf("authToken token string isn't the expected length")
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
func TestAuthNewVerifyTokenString(t *testing.T) {
|
|
|
|
auth := Auth{}
|
|
|
|
verifyTokenString, err := auth.NewVerifyTokenString()
|
|
|
|
|
|
|
|
if err != nil {
|
|
|
|
t.Fatalf("Error creating new token")
|
|
|
|
}
|
|
|
|
|
|
|
|
// result.Token is in hex, TokenLength is bytes in the original
|
|
|
|
expectedTokenLength := TokenLength * 2
|
|
|
|
if len(verifyTokenString) != expectedTokenLength {
|
|
|
|
t.Fatalf("verifyTokenString isn't the expected length")
|
2022-06-08 01:30:18 +02:00
|
|
|
}
|
2021-12-25 02:16:58 +01:00
|
|
|
}
|
|
|
|
|
|
|
|
func TestAuthScopeValid(t *testing.T) {
|
2022-06-08 00:41:32 +02:00
|
|
|
fullAuthToken := AuthToken{Scope: "*"}
|
|
|
|
if !fullAuthToken.ScopeValid("*") {
|
|
|
|
t.Fatalf("Expected * to be a valid scope for *")
|
|
|
|
}
|
|
|
|
if !fullAuthToken.ScopeValid("banana") {
|
|
|
|
t.Fatalf("Expected * to be a valid scope for banana")
|
|
|
|
}
|
|
|
|
|
|
|
|
bananaAuthToken := AuthToken{Scope: "banana"}
|
|
|
|
if !bananaAuthToken.ScopeValid("banana") {
|
|
|
|
t.Fatalf("Expected banana to be a valid scope for banana")
|
|
|
|
}
|
2021-12-25 02:16:58 +01:00
|
|
|
}
|
|
|
|
|
|
|
|
func TestAuthScopeInvalid(t *testing.T) {
|
2022-06-08 00:41:32 +02:00
|
|
|
bananaAuthToken := AuthToken{Scope: "banana"}
|
|
|
|
|
|
|
|
if bananaAuthToken.ScopeValid("*") {
|
|
|
|
t.Fatalf("Expected banana to be an invalid scope for *")
|
|
|
|
}
|
2022-06-22 17:04:26 +02:00
|
|
|
|
|
|
|
if bananaAuthToken.ScopeValid("carrot") {
|
|
|
|
t.Fatalf("Expected banana to be an invalid scope for carrot")
|
|
|
|
}
|
2021-12-25 02:16:58 +01:00
|
|
|
}
|
2022-07-13 18:32:48 +02:00
|
|
|
|
|
|
|
func TestCreatePassword(t *testing.T) {
|
|
|
|
// Since the salt is randomized, there's really not much we can do to test
|
|
|
|
// the create function other than to check the length of the outputs and that
|
|
|
|
// they're different each time.
|
|
|
|
|
|
|
|
const password = Password("password")
|
|
|
|
|
|
|
|
key1, salt1, err := password.Create()
|
|
|
|
if err != nil {
|
|
|
|
t.Error("Error creating password")
|
|
|
|
}
|
|
|
|
if len(key1) != 64 {
|
|
|
|
t.Error("Key has wrong length", key1)
|
|
|
|
}
|
2022-07-15 21:36:11 +02:00
|
|
|
if len(salt1) != 32 {
|
2022-07-13 18:32:48 +02:00
|
|
|
t.Error("Salt has wrong length", salt1)
|
|
|
|
}
|
|
|
|
|
|
|
|
key2, salt2, err := password.Create()
|
|
|
|
if err != nil {
|
|
|
|
t.Error("Error creating password")
|
|
|
|
}
|
|
|
|
if key1 == key2 {
|
|
|
|
t.Error("Key is not random", key1)
|
|
|
|
}
|
|
|
|
if salt1 == salt2 {
|
|
|
|
t.Error("Salt is not random", key1)
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
func TestCheckPassword(t *testing.T) {
|
|
|
|
const password = Password("password 1")
|
2022-07-15 21:36:11 +02:00
|
|
|
const key = KDFKey("83a832b55ba28616c91e0b514d3f297bc12d43fbc69ff7e7a72ec15f90613858")
|
|
|
|
const salt = ServerSalt("080cbdf6d247c665080cbdf6d247c665")
|
2022-07-13 18:32:48 +02:00
|
|
|
|
|
|
|
match, err := password.Check(key, salt)
|
|
|
|
if err != nil {
|
|
|
|
t.Error("Error checking password")
|
|
|
|
}
|
|
|
|
if !match {
|
|
|
|
t.Error("Expected password to match correct key and salt")
|
|
|
|
}
|
|
|
|
|
2022-07-15 21:36:11 +02:00
|
|
|
const wrongKey = KDFKey("000000000ba28616c91e0b514d3f297bc12d43fbc69ff7e7a72ec15f90613858")
|
2022-07-13 18:32:48 +02:00
|
|
|
match, err = password.Check(wrongKey, salt)
|
|
|
|
if err != nil {
|
|
|
|
t.Error("Error checking password")
|
|
|
|
}
|
|
|
|
if match {
|
|
|
|
t.Error("Expected password to not match incorrect key")
|
|
|
|
}
|
|
|
|
|
2022-07-15 21:36:11 +02:00
|
|
|
const wrongSalt = ServerSalt("00000000d247c66500000000d247c665")
|
2022-07-13 18:32:48 +02:00
|
|
|
match, err = password.Check(key, wrongSalt)
|
|
|
|
if err != nil {
|
|
|
|
t.Error("Error checking password")
|
|
|
|
}
|
|
|
|
if match {
|
|
|
|
t.Error("Expected password to not match incorrect salt")
|
|
|
|
}
|
|
|
|
|
2022-07-15 21:36:11 +02:00
|
|
|
const invalidSalt = ServerSalt("Whoops")
|
2022-07-13 18:32:48 +02:00
|
|
|
match, err = password.Check(key, invalidSalt)
|
|
|
|
if err == nil {
|
|
|
|
// It does a decode of salt inside the function but not the key so we won't
|
|
|
|
// test invalid hex string with that
|
|
|
|
t.Error("Expected password check to fail with invalid salt")
|
|
|
|
}
|
|
|
|
}
|
2022-07-22 03:19:24 +02:00
|
|
|
|
|
|
|
func TestEmailNormalize(t *testing.T) {
|
|
|
|
if got, want := Email("aBc@eXaMpLe.CoM").Normalize(), NormalizedEmail("abc@example.com"); got != want {
|
|
|
|
t.Errorf("Email normalization failed. got: %s want: %s", got, want)
|
|
|
|
}
|
|
|
|
}
|