tovi
/
Envelope
1
0
Fork 0
Code Issues 0 Pull Requests 0 Projects 0 Releases 0 Wiki Activity
Encrypted messaging app
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
39 Commits
3 Branches
16 MiB
Tree: ee3de6a1a5
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from 'ee3de6a1a5'
${ noResults }
Envelope/Backend/Api/Auth/ChangePassword_test.go

306 lines
6.7 KiB
Raw Normal View History

Add more tests for Api/Auth routes
2 years ago
 
  1. package Auth_test
  2. 

  3. import (
  4. 	"bytes"
  5. 	"encoding/base64"
  6. 	"encoding/json"
  7. 	"io/ioutil"
  8. 	"log"
  9. 	"net/http"
  10. 	"net/http/cookiejar"
  11. 	"net/http/httptest"
  12. 	"net/url"
  13. 	"testing"
  14. 	"time"
  15. 

  16. 	"git.tovijaeschke.xyz/tovi/Capsule/Backend/Api"
  17. 	"git.tovijaeschke.xyz/tovi/Capsule/Backend/Api/Auth"
  18. 	"git.tovijaeschke.xyz/tovi/Capsule/Backend/Database"
  19. 	"git.tovijaeschke.xyz/tovi/Capsule/Backend/Database/Seeder"
  20. 	"git.tovijaeschke.xyz/tovi/Capsule/Backend/Models"
  21. 	"github.com/gorilla/mux"
  22. )
  23. 

  24. func Test_ChangePassword(t *testing.T) {
  25. 	log.SetOutput(ioutil.Discard)
  26. 	Database.InitTest()
  27. 

  28. 	r := mux.NewRouter()
  29. 	Api.InitAPIEndpoints(r)
  30. 	ts := httptest.NewServer(r)
  31. 	defer ts.Close()
  32. 

  33. 	userKey, _ := Seeder.GenerateAesKey()
  34. 	pubKey := Seeder.GetPubKey()
  35. 

  36. 	p, _ := Auth.HashPassword("password")
  37. 

  38. 	u := Models.User{
  39. 		Username:             "test",
  40. 		Password:             p,
  41. 		AsymmetricPublicKey:  Seeder.PublicKey,
  42. 		AsymmetricPrivateKey: Seeder.EncryptedPrivateKey,
  43. 		SymmetricKey: base64.StdEncoding.EncodeToString(
  44. 			Seeder.EncryptWithPublicKey(userKey.Key, pubKey),
  45. 		),
  46. 	}
  47. 

  48. 	err := Database.CreateUser(&u)
  49. 	if err != nil {
  50. 		t.Errorf("Expected nil, recieved %s", err.Error())
  51. 		return
  52. 	}
  53. 

  54. 	session := Models.Session{
  55. 		UserID: u.ID,
  56. 		Expiry: time.Now().Add(12 * time.Hour),
  57. 	}
  58. 

  59. 	err = Database.CreateSession(&session)
  60. 	if err != nil {
  61. 		t.Errorf("Expected nil, recieved %s", err.Error())
  62. 		return
  63. 	}
  64. 

  65. 	jar, err := cookiejar.New(nil)
  66. 	if err != nil {
  67. 		t.Errorf("Expected nil, recieved %s", err.Error())
  68. 		return
  69. 	}
  70. 

  71. 	url, _ := url.Parse(ts.URL)
  72. 

  73. 	jar.SetCookies(
  74. 		url,
  75. 		[]*http.Cookie{
  76. 			{
  77. 				Name:   "session_token",
  78. 				Value:  session.ID.String(),
  79. 				MaxAge: 300,
  80. 			},
  81. 		},
  82. 	)
  83. 

  84. 	d := struct {
  85. 		OldPassword        string `json:"old_password"`
  86. 		NewPassword        string `json:"new_password"`
  87. 		NewPasswordConfirm string `json:"new_password_confirm"`
  88. 		PrivateKey         string `json:"private_key"`
  89. 	}{
  90. 		OldPassword:        "password",
  91. 		NewPassword:        "password1",
  92. 		NewPasswordConfirm: "password1",
  93. 		PrivateKey:         "",
  94. 	}
  95. 

  96. 	jsonStr, _ := json.Marshal(d)
  97. 	req, _ := http.NewRequest("POST", ts.URL+"/api/v1/auth/change_password", bytes.NewBuffer(jsonStr))
  98. 	req.Header.Set("Content-Type", "application/json")
  99. 

  100. 	client := &http.Client{
  101. 		Jar: jar,
  102. 	}
  103. 

  104. 	resp, err := client.Do(req)
  105. 	if err != nil {
  106. 		t.Errorf("Expected nil, recieved %s", err.Error())
  107. 		return
  108. 	}
  109. 

  110. 	if resp.StatusCode != http.StatusNoContent {
  111. 		t.Errorf("Expected %d, recieved %d", http.StatusNoContent, resp.StatusCode)
  112. 		return
  113. 	}
  114. 

  115. 	u, err = Database.GetUserById(u.ID.String())
  116. 	if err != nil {
  117. 		t.Errorf("Expected nil, recieved %s", err.Error())
  118. 		return
  119. 	}
  120. 

  121. 	if !Auth.CheckPasswordHash("password1", u.Password) {
  122. 		t.Errorf("Failed to verify the password has been changed")
  123. 	}
  124. }
  125. 

  126. func Test_ChangePasswordMismatchConfirmFails(t *testing.T) {
  127. 	log.SetOutput(ioutil.Discard)
  128. 	Database.InitTest()
  129. 

  130. 	r := mux.NewRouter()
  131. 	Api.InitAPIEndpoints(r)
  132. 	ts := httptest.NewServer(r)
  133. 	defer ts.Close()
  134. 

  135. 	userKey, _ := Seeder.GenerateAesKey()
  136. 	pubKey := Seeder.GetPubKey()
  137. 

  138. 	p, _ := Auth.HashPassword("password")
  139. 

  140. 	u := Models.User{
  141. 		Username:             "test",
  142. 		Password:             p,
  143. 		AsymmetricPublicKey:  Seeder.PublicKey,
  144. 		AsymmetricPrivateKey: Seeder.EncryptedPrivateKey,
  145. 		SymmetricKey: base64.StdEncoding.EncodeToString(
  146. 			Seeder.EncryptWithPublicKey(userKey.Key, pubKey),
  147. 		),
  148. 	}
  149. 

  150. 	err := Database.CreateUser(&u)
  151. 	if err != nil {
  152. 		t.Errorf("Expected nil, recieved %s", err.Error())
  153. 		return
  154. 	}
  155. 

  156. 	session := Models.Session{
  157. 		UserID: u.ID,
  158. 		Expiry: time.Now().Add(12 * time.Hour),
  159. 	}
  160. 

  161. 	err = Database.CreateSession(&session)
  162. 	if err != nil {
  163. 		t.Errorf("Expected nil, recieved %s", err.Error())
  164. 		return
  165. 	}
  166. 

  167. 	jar, err := cookiejar.New(nil)
  168. 	if err != nil {
  169. 		t.Errorf("Expected nil, recieved %s", err.Error())
  170. 		return
  171. 	}
  172. 

  173. 	url, _ := url.Parse(ts.URL)
  174. 

  175. 	jar.SetCookies(
  176. 		url,
  177. 		[]*http.Cookie{
  178. 			{
  179. 				Name:   "session_token",
  180. 				Value:  session.ID.String(),
  181. 				MaxAge: 300,
  182. 			},
  183. 		},
  184. 	)
  185. 

  186. 	d := struct {
  187. 		OldPassword        string `json:"old_password"`
  188. 		NewPassword        string `json:"new_password"`
  189. 		NewPasswordConfirm string `json:"new_password_confirm"`
  190. 		PrivateKey         string `json:"private_key"`
  191. 	}{
  192. 		OldPassword:        "password",
  193. 		NewPassword:        "password1",
  194. 		NewPasswordConfirm: "password2",
  195. 		PrivateKey:         "",
  196. 	}
  197. 

  198. 	jsonStr, _ := json.Marshal(d)
  199. 	req, _ := http.NewRequest("POST", ts.URL+"/api/v1/auth/change_password", bytes.NewBuffer(jsonStr))
  200. 	req.Header.Set("Content-Type", "application/json")
  201. 

  202. 	client := &http.Client{
  203. 		Jar: jar,
  204. 	}
  205. 

  206. 	resp, err := client.Do(req)
  207. 	if err != nil {
  208. 		t.Errorf("Expected nil, recieved %s", err.Error())
  209. 		return
  210. 	}
  211. 

  212. 	if resp.StatusCode != http.StatusUnprocessableEntity {
  213. 		t.Errorf("Expected %d, recieved %d", http.StatusUnprocessableEntity, resp.StatusCode)
  214. 	}
  215. }
  216. 

  217. func Test_ChangePasswordInvalidCurrentPasswordFails(t *testing.T) {
  218. 	log.SetOutput(ioutil.Discard)
  219. 	Database.InitTest()
  220. 

  221. 	r := mux.NewRouter()
  222. 	Api.InitAPIEndpoints(r)
  223. 	ts := httptest.NewServer(r)
  224. 	defer ts.Close()
  225. 

  226. 	userKey, _ := Seeder.GenerateAesKey()
  227. 	pubKey := Seeder.GetPubKey()
  228. 

  229. 	p, _ := Auth.HashPassword("password")
  230. 

  231. 	u := Models.User{
  232. 		Username:             "test",
  233. 		Password:             p,
  234. 		AsymmetricPublicKey:  Seeder.PublicKey,
  235. 		AsymmetricPrivateKey: Seeder.EncryptedPrivateKey,
  236. 		SymmetricKey: base64.StdEncoding.EncodeToString(
  237. 			Seeder.EncryptWithPublicKey(userKey.Key, pubKey),
  238. 		),
  239. 	}
  240. 

  241. 	err := Database.CreateUser(&u)
  242. 	if err != nil {
  243. 		t.Errorf("Expected nil, recieved %s", err.Error())
  244. 		return
  245. 	}
  246. 

  247. 	session := Models.Session{
  248. 		UserID: u.ID,
  249. 		Expiry: time.Now().Add(12 * time.Hour),
  250. 	}
  251. 

  252. 	err = Database.CreateSession(&session)
  253. 	if err != nil {
  254. 		t.Errorf("Expected nil, recieved %s", err.Error())
  255. 		return
  256. 	}
  257. 

  258. 	jar, err := cookiejar.New(nil)
  259. 	if err != nil {
  260. 		t.Errorf("Expected nil, recieved %s", err.Error())
  261. 		return
  262. 	}
  263. 

  264. 	url, _ := url.Parse(ts.URL)
  265. 

  266. 	jar.SetCookies(
  267. 		url,
  268. 		[]*http.Cookie{
  269. 			{
  270. 				Name:   "session_token",
  271. 				Value:  session.ID.String(),
  272. 				MaxAge: 300,
  273. 			},
  274. 		},
  275. 	)
  276. 

  277. 	d := struct {
  278. 		OldPassword        string `json:"old_password"`
  279. 		NewPassword        string `json:"new_password"`
  280. 		NewPasswordConfirm string `json:"new_password_confirm"`
  281. 		PrivateKey         string `json:"private_key"`
  282. 	}{
  283. 		OldPassword:        "password2",
  284. 		NewPassword:        "password1",
  285. 		NewPasswordConfirm: "password1",
  286. 		PrivateKey:         "",
  287. 	}
  288. 

  289. 	jsonStr, _ := json.Marshal(d)
  290. 	req, _ := http.NewRequest("POST", ts.URL+"/api/v1/auth/change_password", bytes.NewBuffer(jsonStr))
  291. 	req.Header.Set("Content-Type", "application/json")
  292. 

  293. 	client := &http.Client{
  294. 		Jar: jar,
  295. 	}
  296. 

  297. 	resp, err := client.Do(req)
  298. 	if err != nil {
  299. 		t.Errorf("Expected nil, recieved %s", err.Error())
  300. 		return
  301. 	}
  302. 

  303. 	if resp.StatusCode != http.StatusForbidden {
  304. 		t.Errorf("Expected %d, recieved %d", http.StatusForbidden, resp.StatusCode)
  305. 	}
  306. }