git.squeep.com Git - akkoma/blob - test/plugs/authentication_plug_test.exs

   1 # Pleroma: A lightweight social networking server
   2 # Copyright © 2017-2020 Pleroma Authors <https://pleroma.social/>
   3 # SPDX-License-Identifier: AGPL-3.0-only
   4
   5 defmodule Pleroma.Plugs.AuthenticationPlugTest do
   6   use Pleroma.Web.ConnCase, async: true
   7
   8   alias Pleroma.Plugs.AuthenticationPlug
   9   alias Pleroma.User
  10
  11   import ExUnit.CaptureLog
  12
  13   setup %{conn: conn} do
  14     user = %User{
  15       id: 1,
  16       name: "dude",
  17       password_hash: Comeonin.Pbkdf2.hashpwsalt("guy")
  18     }
  19
  20     conn =
  21       conn
  22       |> assign(:auth_user, user)
  23
  24     %{user: user, conn: conn}
  25   end
  26
  27   test "it does nothing if a user is assigned", %{conn: conn} do
  28     conn =
  29       conn
  30       |> assign(:user, %User{})
  31
  32     ret_conn =
  33       conn
  34       |> AuthenticationPlug.call(%{})
  35
  36     assert ret_conn == conn
  37   end
  38
  39   test "with a correct password in the credentials, it assigns the auth_user", %{conn: conn} do
  40     conn =
  41       conn
  42       |> assign(:auth_credentials, %{password: "guy"})
  43       |> AuthenticationPlug.call(%{})
  44
  45     assert conn.assigns.user == conn.assigns.auth_user
  46   end
  47
  48   test "with a wrong password in the credentials, it does nothing", %{conn: conn} do
  49     conn =
  50       conn
  51       |> assign(:auth_credentials, %{password: "wrong"})
  52
  53     ret_conn =
  54       conn
  55       |> AuthenticationPlug.call(%{})
  56
  57     assert conn == ret_conn
  58   end
  59
  60   describe "checkpw/2" do
  61     test "check pbkdf2 hash" do
  62       hash =
  63         "$pbkdf2-sha512$160000$loXqbp8GYls43F0i6lEfIw$AY.Ep.2pGe57j2hAPY635sI/6w7l9Q9u9Bp02PkPmF3OrClDtJAI8bCiivPr53OKMF7ph6iHhN68Rom5nEfC2A"
  64
  65       assert AuthenticationPlug.checkpw("test-password", hash)
  66       refute AuthenticationPlug.checkpw("test-password1", hash)
  67     end
  68
  69     @tag :skip_on_mac
  70     test "check sha512-crypt hash" do
  71       hash =
  72         "$6$9psBWV8gxkGOZWBz$PmfCycChoxeJ3GgGzwvhlgacb9mUoZ.KUXNCssekER4SJ7bOK53uXrHNb2e4i8yPFgSKyzaW9CcmrDXWIEMtD1"
  73
  74       assert AuthenticationPlug.checkpw("password", hash)
  75     end
  76
  77     test "it returns false when hash invalid" do
  78       hash =
  79         "psBWV8gxkGOZWBz$PmfCycChoxeJ3GgGzwvhlgacb9mUoZ.KUXNCssekER4SJ7bOK53uXrHNb2e4i8yPFgSKyzaW9CcmrDXWIEMtD1"
  80
  81       assert capture_log(fn ->
  82                refute Pleroma.Plugs.AuthenticationPlug.checkpw("password", hash)
  83              end) =~ "[error] Password hash not recognized"
  84     end
  85   end
  86 end