git.squeep.com Git - akkoma/blob - test/plugs/authentication_plug_test.exs

   1 # Pleroma: A lightweight social networking server
   2 # Copyright © 2017-2020 Pleroma Authors <https://pleroma.social/>
   3 # SPDX-License-Identifier: AGPL-3.0-only
   4
   5 defmodule Pleroma.Plugs.AuthenticationPlugTest do
   6   use Pleroma.Web.ConnCase, async: true
   7
   8   alias Pleroma.Plugs.AuthenticationPlug
   9   alias Pleroma.Plugs.OAuthScopesPlug
  10   alias Pleroma.Plugs.PlugHelper
  11   alias Pleroma.User
  12
  13   import ExUnit.CaptureLog
  14
  15   setup %{conn: conn} do
  16     user = %User{
  17       id: 1,
  18       name: "dude",
  19       password_hash: Pbkdf2.hash_pwd_salt("guy")
  20     }
  21
  22     conn =
  23       conn
  24       |> assign(:auth_user, user)
  25
  26     %{user: user, conn: conn}
  27   end
  28
  29   test "it does nothing if a user is assigned", %{conn: conn} do
  30     conn =
  31       conn
  32       |> assign(:user, %User{})
  33
  34     ret_conn =
  35       conn
  36       |> AuthenticationPlug.call(%{})
  37
  38     assert ret_conn == conn
  39   end
  40
  41   test "with a correct password in the credentials, " <>
  42          "it assigns the auth_user and marks OAuthScopesPlug as skipped",
  43        %{conn: conn} do
  44     conn =
  45       conn
  46       |> assign(:auth_credentials, %{password: "guy"})
  47       |> AuthenticationPlug.call(%{})
  48
  49     assert conn.assigns.user == conn.assigns.auth_user
  50     assert PlugHelper.plug_skipped?(conn, OAuthScopesPlug)
  51   end
  52
  53   test "with a wrong password in the credentials, it does nothing", %{conn: conn} do
  54     conn =
  55       conn
  56       |> assign(:auth_credentials, %{password: "wrong"})
  57
  58     ret_conn =
  59       conn
  60       |> AuthenticationPlug.call(%{})
  61
  62     assert conn == ret_conn
  63   end
  64
  65   describe "checkpw/2" do
  66     test "check pbkdf2 hash" do
  67       hash =
  68         "$pbkdf2-sha512$160000$loXqbp8GYls43F0i6lEfIw$AY.Ep.2pGe57j2hAPY635sI/6w7l9Q9u9Bp02PkPmF3OrClDtJAI8bCiivPr53OKMF7ph6iHhN68Rom5nEfC2A"
  69
  70       assert AuthenticationPlug.checkpw("test-password", hash)
  71       refute AuthenticationPlug.checkpw("test-password1", hash)
  72     end
  73
  74     @tag :skip_on_mac
  75     test "check sha512-crypt hash" do
  76       hash =
  77         "$6$9psBWV8gxkGOZWBz$PmfCycChoxeJ3GgGzwvhlgacb9mUoZ.KUXNCssekER4SJ7bOK53uXrHNb2e4i8yPFgSKyzaW9CcmrDXWIEMtD1"
  78
  79       assert AuthenticationPlug.checkpw("password", hash)
  80     end
  81
  82     test "it returns false when hash invalid" do
  83       hash =
  84         "psBWV8gxkGOZWBz$PmfCycChoxeJ3GgGzwvhlgacb9mUoZ.KUXNCssekER4SJ7bOK53uXrHNb2e4i8yPFgSKyzaW9CcmrDXWIEMtD1"
  85
  86       assert capture_log(fn ->
  87                refute Pleroma.Plugs.AuthenticationPlug.checkpw("password", hash)
  88              end) =~ "[error] Password hash not recognized"
  89     end
  90   end
  91 end