+ describe('isValidIdentifierCredential', function () {
+ it('succeeds', async function () {
+ _authMechanismRequired(authenticator, 'argon2');
+ authenticator.db.authenticationGet.resolves({
+ identifier,
+ credential,
+ });
+ const result = await authenticator.isValidIdentifierCredential(identifier, password, ctx);
+ assert.strictEqual(result, true);
+ assert.strictEqual(ctx.authenticationId, identifier);
+ });
+ it('fails', async function () {
+ _authMechanismRequired(authenticator, 'argon2');
+ authenticator.db.authenticationGet.resolves({
+ identifier,
+ credential,
+ });
+ const result = await authenticator.isValidIdentifierCredential(identifier, 'wrongPassword', ctx);
+ assert.strictEqual(result, false);
+ assert.strictEqual(ctx.authenticationId, undefined);
+ });
+ it('covers no entry', async function() {
+ authenticator.db.authenticationGet.resolves();
+ const result = await authenticator.isValidIdentifierCredential(identifier, 'wrongPassword', ctx);
+ assert.strictEqual(result, false);
+ assert.strictEqual(ctx.authenticationId, undefined);
+ });
+ it('covers unknown password hash', async function () {
+ authenticator.db.authenticationGet.resolves({
+ identifier,
+ credential: '$other$kind_of_credential',
+ });
+ const result = await authenticator.isValidIdentifierCredential(identifier, 'wrongPassword', ctx);
+ assert.strictEqual(result, false);
+ assert.strictEqual(ctx.authenticationId, undefined);
+ });
+ it('covers PAM', async function () {
+ _authMechanismRequired(authenticator, 'pam');
+ sinon.stub(authenticator, '_isValidPAMIdentifier').resolves(true);
+ authenticator.db.authenticationGet.resolves({
+ identifier,
+ credential: '$PAM$',
+ });
+ const result = await authenticator.isValidIdentifierCredential(identifier, password, ctx);
+ assert.strictEqual(result, true);
+ assert.strictEqual(ctx.authenticationId, identifier);
+ });
+ it('covers debug', async function () {
+ authenticator.authnEnabled = ['DEBUG_ANY'];
+ const result = await authenticator.isValidIdentifierCredential(identifier, password, ctx);
+ assert.strictEqual(result, true);
+ assert.strictEqual(ctx.authenticationId, identifier);
+ });
+ }); // isValidIdentifierCredential
+
+ describe('_isValidPAMIdentifier', function () {
+ beforeEach(function () {
+ _authMechanismRequired(authenticator, 'pam');
+ sinon.stub(authenticator.authn.pam, 'pamAuthenticatePromise');
+ });
+ it('covers success', async function () {
+ authenticator.authn.pam.pamAuthenticatePromise.resolves(true);
+ const result = await authenticator._isValidPAMIdentifier(identifier, credential);
+ assert.strictEqual(result, true);
+ });
+ it('covers failure', async function () {
+ _authMechanismRequired(authenticator, 'pam');
+ authenticator.authn.pam.pamAuthenticatePromise.rejects(new authenticator.authn.pam.PamError());
+ const result = await authenticator._isValidPAMIdentifier(identifier, credential);
+ assert.strictEqual(result, false);
+ });
+ it('covers error', async function () {
+ _authMechanismRequired(authenticator, 'pam');
+ const expected = new Error('blah');
+ authenticator.authn.pam.pamAuthenticatePromise.rejects(expected);
+ try {
+ await authenticator._isValidPAMIdentifier(identifier, credential);
+ assert.fail(noExpectedException);
+ } catch (e) {
+ assert.deepStrictEqual(e, expected);
+ }
+ });
+ it('covers forbidden', async function () {
+ identifier = 'root';
+ const result = await authenticator._isValidPAMIdentifier(identifier, credential);
+ assert.strictEqual(result, false);
+ });
+ }); // _isValidPAMIdentifier
+