logo

pleroma

My custom branche(s) on git.pleroma.social/pleroma/pleroma git clone https://hacktivis.me/git/pleroma.git

authentication_plug_test.exs (2866B)

    

  1. # Pleroma: A lightweight social networking server
  2. # Copyright © 2017-2022 Pleroma Authors <https://pleroma.social/>
  3. # SPDX-License-Identifier: AGPL-3.0-only
  5. defmodule Pleroma.Web.Plugs.AuthenticationPlugTest do
  6.   use Pleroma.Web.ConnCase, async: true
  8.   alias Pleroma.User
  9.   alias Pleroma.Web.Plugs.AuthenticationPlug
  10.   alias Pleroma.Web.Plugs.OAuthScopesPlug
  11.   alias Pleroma.Web.Plugs.PlugHelper
  13.   import ExUnit.CaptureLog
  14.   import Pleroma.Factory
  16.   setup %{conn: conn} do
  17.     user = %User{
  18.       id: 1,
  19.       name: "dude",
  20.       password_hash: Pleroma.Password.Pbkdf2.hash_pwd_salt("guy")
  21.     }
  23.     conn =
  24.       conn
  25.       |> assign(:auth_user, user)
  27.     %{user: user, conn: conn}
  28.   end
  30.   test "it does nothing if a user is assigned", %{conn: conn} do
  31.     conn =
  32.       conn
  33.       |> assign(:user, %User{})
  35.     ret_conn =
  36.       conn
  37.       |> AuthenticationPlug.call(%{})
  39.     assert ret_conn == conn
  40.   end
  42.   test "with a correct password in the credentials, " <>
  43.          "it assigns the auth_user and marks OAuthScopesPlug as skipped",
  44.        %{conn: conn} do
  45.     conn =
  46.       conn
  47.       |> assign(:auth_credentials, %{password: "guy"})
  48.       |> AuthenticationPlug.call(%{})
  50.     assert conn.assigns.user == conn.assigns.auth_user
  51.     assert conn.assigns.token == nil
  52.     assert PlugHelper.plug_skipped?(conn, OAuthScopesPlug)
  53.   end
  55.   test "with a bcrypt hash, it updates to a pkbdf2 hash", %{conn: conn} do
  56.     user = insert(:user, password_hash: Bcrypt.hash_pwd_salt("123"))
  57.     assert "$2" <> _ = user.password_hash
  59.     conn =
  60.       conn
  61.       |> assign(:auth_user, user)
  62.       |> assign(:auth_credentials, %{password: "123"})
  63.       |> AuthenticationPlug.call(%{})
  65.     assert conn.assigns.user.id == conn.assigns.auth_user.id
  66.     assert conn.assigns.token == nil
  67.     assert PlugHelper.plug_skipped?(conn, OAuthScopesPlug)
  69.     user = User.get_by_id(user.id)
  70.     assert "$pbkdf2" <> _ = user.password_hash
  71.   end
  73.   describe "checkpw/2" do
  74.     test "check pbkdf2 hash" do
  75.       hash =
  76.         "$pbkdf2-sha512$160000$loXqbp8GYls43F0i6lEfIw$AY.Ep.2pGe57j2hAPY635sI/6w7l9Q9u9Bp02PkPmF3OrClDtJAI8bCiivPr53OKMF7ph6iHhN68Rom5nEfC2A"
  78.       assert AuthenticationPlug.checkpw("test-password", hash)
  79.       refute AuthenticationPlug.checkpw("test-password1", hash)
  80.     end
  82.     test "check bcrypt hash" do
  83.       hash = "$2a$10$uyhC/R/zoE1ndwwCtMusK.TLVzkQ/Ugsbqp3uXI.CTTz0gBw.24jS"
  85.       assert AuthenticationPlug.checkpw("password", hash)
  86.       refute AuthenticationPlug.checkpw("password1", hash)
  87.     end
  89.     test "it returns false when hash invalid" do
  90.       hash =
  91.         "psBWV8gxkGOZWBz$PmfCycChoxeJ3GgGzwvhlgacb9mUoZ.KUXNCssekER4SJ7bOK53uXrHNb2e4i8yPFgSKyzaW9CcmrDXWIEMtD1"
  93.       assert capture_log(fn ->
  94.                refute AuthenticationPlug.checkpw("password", hash)
  95.              end) =~ "[error] Password hash not recognized"
  96.     end
  97.   end
  98. end