mirror of
https://github.com/kopia/kopia.git
synced 2025-12-23 22:57:50 -05:00
666899cefc
- Fixes: #4257 - Fix: Handle case when the hash version is unset in the user profile - Add tests for default password hash - Fix failing authenticator test: When the password hashing version is not set, then the default one is used, so verifying the password works. Refactor authenticator tests: - Nit: rename test variable - Check error when calling SetPassword - Add comments for test cases - Nit: user assert.Equal in verifyRepoAuthenticator - Split repository authenticator tests to test invariants separately
132 lines
3.0 KiB
Go
132 lines
3.0 KiB
Go
package user_test
|
|
|
|
import (
|
|
"testing"
|
|
|
|
"github.com/stretchr/testify/require"
|
|
|
|
"github.com/kopia/kopia/internal/user"
|
|
)
|
|
|
|
func TestUserProfile(t *testing.T) {
|
|
p := &user.Profile{
|
|
PasswordHashVersion: user.ScryptHashVersion,
|
|
}
|
|
|
|
isValid, err := p.IsValidPassword("bar")
|
|
|
|
require.False(t, isValid, "password unexpectedly valid!")
|
|
require.NoError(t, err)
|
|
|
|
p.SetPassword("foo")
|
|
|
|
isValid, err = p.IsValidPassword("foo")
|
|
|
|
require.True(t, isValid, "password not valid!")
|
|
require.NoError(t, err)
|
|
|
|
isValid, err = p.IsValidPassword("bar")
|
|
|
|
require.False(t, isValid, "password unexpectedly valid!")
|
|
require.NoError(t, err)
|
|
}
|
|
|
|
func TestBadPasswordHashVersionWithSCrypt(t *testing.T) {
|
|
// mock a valid password
|
|
p := &user.Profile{
|
|
PasswordHashVersion: user.ScryptHashVersion,
|
|
}
|
|
|
|
p.SetPassword("foo")
|
|
|
|
isValid, err := p.IsValidPassword("foo")
|
|
|
|
require.True(t, isValid, "password not valid!")
|
|
require.NoError(t, err)
|
|
|
|
// A password hashing algorithm different from the original should fail
|
|
p.PasswordHashVersion = user.Pbkdf2HashVersion
|
|
isValid, err = p.IsValidPassword("foo")
|
|
|
|
require.False(t, isValid, "password unexpectedly valid!")
|
|
require.NoError(t, err)
|
|
}
|
|
|
|
func TestBadPasswordHashVersionWithPbkdf2(t *testing.T) {
|
|
const dummyTestPassword = "foo"
|
|
|
|
p := &user.Profile{
|
|
PasswordHashVersion: user.Pbkdf2HashVersion,
|
|
}
|
|
|
|
p.SetPassword(dummyTestPassword)
|
|
|
|
isValid, err := p.IsValidPassword(dummyTestPassword)
|
|
|
|
require.True(t, isValid, "password not valid!")
|
|
require.NoError(t, err)
|
|
|
|
// A password hashing algorithm different from the original should fail
|
|
p.PasswordHashVersion = user.ScryptHashVersion
|
|
isValid, err = p.IsValidPassword(dummyTestPassword)
|
|
|
|
require.False(t, isValid, "password unexpectedly valid!")
|
|
require.NoError(t, err)
|
|
|
|
p.PasswordHashVersion = 0
|
|
isValid, err = p.IsValidPassword(dummyTestPassword)
|
|
|
|
require.False(t, isValid, "password unexpectedly valid!")
|
|
require.NoError(t, err)
|
|
}
|
|
|
|
func TestUnsetPasswordHashVersion(t *testing.T) {
|
|
const dummyTestPassword = "foo"
|
|
|
|
p := &user.Profile{
|
|
PasswordHashVersion: user.ScryptHashVersion,
|
|
}
|
|
|
|
p.SetPassword(dummyTestPassword)
|
|
|
|
isValid, err := p.IsValidPassword(dummyTestPassword)
|
|
|
|
require.True(t, isValid, "password not valid!")
|
|
require.NoError(t, err)
|
|
|
|
// Unset password hashing algorithm
|
|
p.PasswordHashVersion = 0
|
|
|
|
isValid, err = p.IsValidPassword(dummyTestPassword)
|
|
|
|
require.True(t, isValid, "password unexpectedly invalid!")
|
|
require.NoError(t, err)
|
|
}
|
|
|
|
func TestNilUserProfile(t *testing.T) {
|
|
var p *user.Profile
|
|
|
|
isValid, err := p.IsValidPassword("bar")
|
|
|
|
require.False(t, isValid, "password unexpectedly valid!")
|
|
require.NoError(t, err)
|
|
}
|
|
|
|
func TestInvalidPasswordHash(t *testing.T) {
|
|
cases := [][]byte{
|
|
[]byte("**invalid*base64*"),
|
|
[]byte(""),
|
|
}
|
|
|
|
for _, tc := range cases {
|
|
p := &user.Profile{
|
|
PasswordHash: tc,
|
|
PasswordHashVersion: user.ScryptHashVersion,
|
|
}
|
|
isValid, err := p.IsValidPassword("some-password")
|
|
|
|
require.False(t, isValid, "password unexpectedly valid for %v", tc)
|
|
require.NoError(t, err)
|
|
}
|
|
}
|