git.squeep.com Git - akkoma/blob - test/plugs/authentication_plug_test.exs

   1 # Pleroma: A lightweight social networking server
   2 # Copyright © 2017-2020 Pleroma Authors <https://pleroma.social/>
   3 # SPDX-License-Identifier: AGPL-3.0-only
   4
   5 defmodule Pleroma.Plugs.AuthenticationPlugTest do
   6   use Pleroma.Web.ConnCase, async: true
   7
   8   alias Pleroma.Plugs.AuthenticationPlug
   9   alias Pleroma.Plugs.OAuthScopesPlug
  10   alias Pleroma.Plugs.PlugHelper
  11   alias Pleroma.User
  12
  13   import ExUnit.CaptureLog
  14   import Pleroma.Factory
  15
  16   setup %{conn: conn} do
  17     user = %User{
  18       id: 1,
  19       name: "dude",
  20       password_hash: Pbkdf2.hash_pwd_salt("guy")
  21     }
  22
  23     conn =
  24       conn
  25       |> assign(:auth_user, user)
  26
  27     %{user: user, conn: conn}
  28   end
  29
  30   test "it does nothing if a user is assigned", %{conn: conn} do
  31     conn =
  32       conn
  33       |> assign(:user, %User{})
  34
  35     ret_conn =
  36       conn
  37       |> AuthenticationPlug.call(%{})
  38
  39     assert ret_conn == conn
  40   end
  41
  42   test "with a correct password in the credentials, " <>
  43          "it assigns the auth_user and marks OAuthScopesPlug as skipped",
  44        %{conn: conn} do
  45     conn =
  46       conn
  47       |> assign(:auth_credentials, %{password: "guy"})
  48       |> AuthenticationPlug.call(%{})
  49
  50     assert conn.assigns.user == conn.assigns.auth_user
  51     assert PlugHelper.plug_skipped?(conn, OAuthScopesPlug)
  52   end
  53
  54   test "with a bcrypt hash, it updates to a pkbdf2 hash", %{conn: conn} do
  55     user = insert(:user, password_hash: Bcrypt.hash_pwd_salt("123"))
  56     assert "$2" <> _ = user.password_hash
  57
  58     conn =
  59       conn
  60       |> assign(:auth_user, user)
  61       |> assign(:auth_credentials, %{password: "123"})
  62       |> AuthenticationPlug.call(%{})
  63
  64     assert conn.assigns.user.id == conn.assigns.auth_user.id
  65     assert PlugHelper.plug_skipped?(conn, OAuthScopesPlug)
  66
  67     user = User.get_by_id(user.id)
  68     assert "$pbkdf2" <> _ = user.password_hash
  69   end
  70
  71   describe "checkpw/2" do
  72     test "check pbkdf2 hash" do
  73       hash =
  74         "$pbkdf2-sha512$160000$loXqbp8GYls43F0i6lEfIw$AY.Ep.2pGe57j2hAPY635sI/6w7l9Q9u9Bp02PkPmF3OrClDtJAI8bCiivPr53OKMF7ph6iHhN68Rom5nEfC2A"
  75
  76       assert AuthenticationPlug.checkpw("test-password", hash)
  77       refute AuthenticationPlug.checkpw("test-password1", hash)
  78     end
  79
  80     @tag :skip_on_mac
  81     test "check sha512-crypt hash" do
  82       hash =
  83         "$6$9psBWV8gxkGOZWBz$PmfCycChoxeJ3GgGzwvhlgacb9mUoZ.KUXNCssekER4SJ7bOK53uXrHNb2e4i8yPFgSKyzaW9CcmrDXWIEMtD1"
  84
  85       assert AuthenticationPlug.checkpw("password", hash)
  86     end
  87
  88     test "check bcrypt hash" do
  89       hash = "$2a$10$uyhC/R/zoE1ndwwCtMusK.TLVzkQ/Ugsbqp3uXI.CTTz0gBw.24jS"
  90
  91       assert AuthenticationPlug.checkpw("password", hash)
  92       refute AuthenticationPlug.checkpw("password1", hash)
  93     end
  94
  95     test "it returns false when hash invalid" do
  96       hash =
  97         "psBWV8gxkGOZWBz$PmfCycChoxeJ3GgGzwvhlgacb9mUoZ.KUXNCssekER4SJ7bOK53uXrHNb2e4i8yPFgSKyzaW9CcmrDXWIEMtD1"
  98
  99       assert capture_log(fn ->
 100                refute Pleroma.Plugs.AuthenticationPlug.checkpw("password", hash)
 101              end) =~ "[error] Password hash not recognized"
 102     end
 103   end
 104 end