Encrypted messaging app
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.

306 lines
6.7 KiB

package Auth_test
import (
"bytes"
"encoding/base64"
"encoding/json"
"io/ioutil"
"log"
"net/http"
"net/http/cookiejar"
"net/http/httptest"
"net/url"
"testing"
"time"
"git.tovijaeschke.xyz/tovi/Capsule/Backend/Api"
"git.tovijaeschke.xyz/tovi/Capsule/Backend/Api/Auth"
"git.tovijaeschke.xyz/tovi/Capsule/Backend/Database"
"git.tovijaeschke.xyz/tovi/Capsule/Backend/Database/Seeder"
"git.tovijaeschke.xyz/tovi/Capsule/Backend/Models"
"github.com/gorilla/mux"
)
func Test_ChangePassword(t *testing.T) {
log.SetOutput(ioutil.Discard)
Database.InitTest()
r := mux.NewRouter()
Api.InitAPIEndpoints(r)
ts := httptest.NewServer(r)
defer ts.Close()
userKey, _ := Seeder.GenerateAesKey()
pubKey := Seeder.GetPubKey()
p, _ := Auth.HashPassword("password")
u := Models.User{
Username: "test",
Password: p,
AsymmetricPublicKey: Seeder.PublicKey,
AsymmetricPrivateKey: Seeder.EncryptedPrivateKey,
SymmetricKey: base64.StdEncoding.EncodeToString(
Seeder.EncryptWithPublicKey(userKey.Key, pubKey),
),
}
err := Database.CreateUser(&u)
if err != nil {
t.Errorf("Expected nil, recieved %s", err.Error())
return
}
session := Models.Session{
UserID: u.ID,
Expiry: time.Now().Add(12 * time.Hour),
}
err = Database.CreateSession(&session)
if err != nil {
t.Errorf("Expected nil, recieved %s", err.Error())
return
}
jar, err := cookiejar.New(nil)
if err != nil {
t.Errorf("Expected nil, recieved %s", err.Error())
return
}
url, _ := url.Parse(ts.URL)
jar.SetCookies(
url,
[]*http.Cookie{
{
Name: "session_token",
Value: session.ID.String(),
MaxAge: 300,
},
},
)
d := struct {
OldPassword string `json:"old_password"`
NewPassword string `json:"new_password"`
NewPasswordConfirm string `json:"new_password_confirm"`
PrivateKey string `json:"private_key"`
}{
OldPassword: "password",
NewPassword: "password1",
NewPasswordConfirm: "password1",
PrivateKey: "",
}
jsonStr, _ := json.Marshal(d)
req, _ := http.NewRequest("POST", ts.URL+"/api/v1/auth/change_password", bytes.NewBuffer(jsonStr))
req.Header.Set("Content-Type", "application/json")
client := &http.Client{
Jar: jar,
}
resp, err := client.Do(req)
if err != nil {
t.Errorf("Expected nil, recieved %s", err.Error())
return
}
if resp.StatusCode != http.StatusNoContent {
t.Errorf("Expected %d, recieved %d", http.StatusNoContent, resp.StatusCode)
return
}
u, err = Database.GetUserById(u.ID.String())
if err != nil {
t.Errorf("Expected nil, recieved %s", err.Error())
return
}
if !Auth.CheckPasswordHash("password1", u.Password) {
t.Errorf("Failed to verify the password has been changed")
}
}
func Test_ChangePasswordMismatchConfirmFails(t *testing.T) {
log.SetOutput(ioutil.Discard)
Database.InitTest()
r := mux.NewRouter()
Api.InitAPIEndpoints(r)
ts := httptest.NewServer(r)
defer ts.Close()
userKey, _ := Seeder.GenerateAesKey()
pubKey := Seeder.GetPubKey()
p, _ := Auth.HashPassword("password")
u := Models.User{
Username: "test",
Password: p,
AsymmetricPublicKey: Seeder.PublicKey,
AsymmetricPrivateKey: Seeder.EncryptedPrivateKey,
SymmetricKey: base64.StdEncoding.EncodeToString(
Seeder.EncryptWithPublicKey(userKey.Key, pubKey),
),
}
err := Database.CreateUser(&u)
if err != nil {
t.Errorf("Expected nil, recieved %s", err.Error())
return
}
session := Models.Session{
UserID: u.ID,
Expiry: time.Now().Add(12 * time.Hour),
}
err = Database.CreateSession(&session)
if err != nil {
t.Errorf("Expected nil, recieved %s", err.Error())
return
}
jar, err := cookiejar.New(nil)
if err != nil {
t.Errorf("Expected nil, recieved %s", err.Error())
return
}
url, _ := url.Parse(ts.URL)
jar.SetCookies(
url,
[]*http.Cookie{
{
Name: "session_token",
Value: session.ID.String(),
MaxAge: 300,
},
},
)
d := struct {
OldPassword string `json:"old_password"`
NewPassword string `json:"new_password"`
NewPasswordConfirm string `json:"new_password_confirm"`
PrivateKey string `json:"private_key"`
}{
OldPassword: "password",
NewPassword: "password1",
NewPasswordConfirm: "password2",
PrivateKey: "",
}
jsonStr, _ := json.Marshal(d)
req, _ := http.NewRequest("POST", ts.URL+"/api/v1/auth/change_password", bytes.NewBuffer(jsonStr))
req.Header.Set("Content-Type", "application/json")
client := &http.Client{
Jar: jar,
}
resp, err := client.Do(req)
if err != nil {
t.Errorf("Expected nil, recieved %s", err.Error())
return
}
if resp.StatusCode != http.StatusUnprocessableEntity {
t.Errorf("Expected %d, recieved %d", http.StatusUnprocessableEntity, resp.StatusCode)
}
}
func Test_ChangePasswordInvalidCurrentPasswordFails(t *testing.T) {
log.SetOutput(ioutil.Discard)
Database.InitTest()
r := mux.NewRouter()
Api.InitAPIEndpoints(r)
ts := httptest.NewServer(r)
defer ts.Close()
userKey, _ := Seeder.GenerateAesKey()
pubKey := Seeder.GetPubKey()
p, _ := Auth.HashPassword("password")
u := Models.User{
Username: "test",
Password: p,
AsymmetricPublicKey: Seeder.PublicKey,
AsymmetricPrivateKey: Seeder.EncryptedPrivateKey,
SymmetricKey: base64.StdEncoding.EncodeToString(
Seeder.EncryptWithPublicKey(userKey.Key, pubKey),
),
}
err := Database.CreateUser(&u)
if err != nil {
t.Errorf("Expected nil, recieved %s", err.Error())
return
}
session := Models.Session{
UserID: u.ID,
Expiry: time.Now().Add(12 * time.Hour),
}
err = Database.CreateSession(&session)
if err != nil {
t.Errorf("Expected nil, recieved %s", err.Error())
return
}
jar, err := cookiejar.New(nil)
if err != nil {
t.Errorf("Expected nil, recieved %s", err.Error())
return
}
url, _ := url.Parse(ts.URL)
jar.SetCookies(
url,
[]*http.Cookie{
{
Name: "session_token",
Value: session.ID.String(),
MaxAge: 300,
},
},
)
d := struct {
OldPassword string `json:"old_password"`
NewPassword string `json:"new_password"`
NewPasswordConfirm string `json:"new_password_confirm"`
PrivateKey string `json:"private_key"`
}{
OldPassword: "password2",
NewPassword: "password1",
NewPasswordConfirm: "password1",
PrivateKey: "",
}
jsonStr, _ := json.Marshal(d)
req, _ := http.NewRequest("POST", ts.URL+"/api/v1/auth/change_password", bytes.NewBuffer(jsonStr))
req.Header.Set("Content-Type", "application/json")
client := &http.Client{
Jar: jar,
}
resp, err := client.Do(req)
if err != nil {
t.Errorf("Expected nil, recieved %s", err.Error())
return
}
if resp.StatusCode != http.StatusForbidden {
t.Errorf("Expected %d, recieved %d", http.StatusForbidden, resp.StatusCode)
}
}