diff options
Diffstat (limited to 'test/plugs')
| -rw-r--r-- | test/plugs/authentication_plug_test.exs | 44 | ||||
| -rw-r--r-- | test/plugs/ensure_authenticated_plug_test.exs | 29 | ||||
| -rw-r--r-- | test/plugs/http_security_plug_test.exs | 2 |
3 files changed, 67 insertions, 8 deletions
diff --git a/test/plugs/authentication_plug_test.exs b/test/plugs/authentication_plug_test.exs index 646bda9d3..777ae15ae 100644 --- a/test/plugs/authentication_plug_test.exs +++ b/test/plugs/authentication_plug_test.exs @@ -11,12 +11,13 @@ defmodule Pleroma.Plugs.AuthenticationPlugTest do alias Pleroma.User import ExUnit.CaptureLog + import Pleroma.Factory setup %{conn: conn} do user = %User{ id: 1, name: "dude", - password_hash: Comeonin.Pbkdf2.hashpwsalt("guy") + password_hash: Pbkdf2.hash_pwd_salt("guy") } conn = @@ -50,16 +51,42 @@ defmodule Pleroma.Plugs.AuthenticationPlugTest do assert PlugHelper.plug_skipped?(conn, OAuthScopesPlug) end - test "with a wrong password in the credentials, it does nothing", %{conn: conn} do + test "with a bcrypt hash, it updates to a pkbdf2 hash", %{conn: conn} do + user = insert(:user, password_hash: Bcrypt.hash_pwd_salt("123")) + assert "$2" <> _ = user.password_hash + conn = conn - |> assign(:auth_credentials, %{password: "wrong"}) + |> assign(:auth_user, user) + |> assign(:auth_credentials, %{password: "123"}) + |> AuthenticationPlug.call(%{}) - ret_conn = + assert conn.assigns.user.id == conn.assigns.auth_user.id + assert PlugHelper.plug_skipped?(conn, OAuthScopesPlug) + + user = User.get_by_id(user.id) + assert "$pbkdf2" <> _ = user.password_hash + end + + @tag :skip_on_mac + test "with a crypt hash, it updates to a pkbdf2 hash", %{conn: conn} do + user = + insert(:user, + password_hash: + "$6$9psBWV8gxkGOZWBz$PmfCycChoxeJ3GgGzwvhlgacb9mUoZ.KUXNCssekER4SJ7bOK53uXrHNb2e4i8yPFgSKyzaW9CcmrDXWIEMtD1" + ) + + conn = conn + |> assign(:auth_user, user) + |> assign(:auth_credentials, %{password: "password"}) |> AuthenticationPlug.call(%{}) - assert conn == ret_conn + assert conn.assigns.user.id == conn.assigns.auth_user.id + assert PlugHelper.plug_skipped?(conn, OAuthScopesPlug) + + user = User.get_by_id(user.id) + assert "$pbkdf2" <> _ = user.password_hash end describe "checkpw/2" do @@ -79,6 +106,13 @@ defmodule Pleroma.Plugs.AuthenticationPlugTest do assert AuthenticationPlug.checkpw("password", hash) end + test "check bcrypt hash" do + hash = "$2a$10$uyhC/R/zoE1ndwwCtMusK.TLVzkQ/Ugsbqp3uXI.CTTz0gBw.24jS" + + assert AuthenticationPlug.checkpw("password", hash) + refute AuthenticationPlug.checkpw("password1", hash) + end + test "it returns false when hash invalid" do hash = "psBWV8gxkGOZWBz$PmfCycChoxeJ3GgGzwvhlgacb9mUoZ.KUXNCssekER4SJ7bOK53uXrHNb2e4i8yPFgSKyzaW9CcmrDXWIEMtD1" diff --git a/test/plugs/ensure_authenticated_plug_test.exs b/test/plugs/ensure_authenticated_plug_test.exs index 689fe757f..a0667c5e0 100644 --- a/test/plugs/ensure_authenticated_plug_test.exs +++ b/test/plugs/ensure_authenticated_plug_test.exs @@ -24,11 +24,36 @@ defmodule Pleroma.Plugs.EnsureAuthenticatedPlugTest do end end + test "it halts if user is assigned and MFA enabled", %{conn: conn} do + conn = + conn + |> assign(:user, %User{multi_factor_authentication_settings: %{enabled: true}}) + |> assign(:auth_credentials, %{password: "xd-42"}) + |> EnsureAuthenticatedPlug.call(%{}) + + assert conn.status == 403 + assert conn.halted == true + + assert conn.resp_body == + "{\"error\":\"Two-factor authentication enabled, you must use a access token.\"}" + end + + test "it continues if user is assigned and MFA disabled", %{conn: conn} do + conn = + conn + |> assign(:user, %User{multi_factor_authentication_settings: %{enabled: false}}) + |> assign(:auth_credentials, %{password: "xd-42"}) + |> EnsureAuthenticatedPlug.call(%{}) + + refute conn.status == 403 + refute conn.halted + end + describe "with :if_func / :unless_func options" do setup do %{ - true_fn: fn -> true end, - false_fn: fn -> false end + true_fn: fn _conn -> true end, + false_fn: fn _conn -> false end } end diff --git a/test/plugs/http_security_plug_test.exs b/test/plugs/http_security_plug_test.exs index 84e4c274f..63b4d3f31 100644 --- a/test/plugs/http_security_plug_test.exs +++ b/test/plugs/http_security_plug_test.exs @@ -67,7 +67,7 @@ defmodule Pleroma.Web.Plugs.HTTPSecurityPlugTest do [csp] = Conn.get_resp_header(conn, "content-security-policy") - assert csp =~ ~r|report-uri https://endpoint.com; report-to csp-endpoint;| + assert csp =~ ~r|report-uri https://endpoint.com;report-to csp-endpoint;| [reply_to] = Conn.get_resp_header(conn, "reply-to") |