mirror of
https://github.com/therootcompany/golib.git
synced 2025-10-07 09:38:19 +00:00
136 lines
3.5 KiB
Go
136 lines
3.5 KiB
Go
package envauth
|
|
|
|
import (
|
|
"crypto/pbkdf2"
|
|
"crypto/sha256"
|
|
"testing"
|
|
)
|
|
|
|
var salt = []byte("buzzword")
|
|
|
|
func TestBasicCredentials_Verify(t *testing.T) {
|
|
tests := []struct {
|
|
name string
|
|
creds BasicCredentials
|
|
username string
|
|
password string
|
|
want error
|
|
}{
|
|
{
|
|
name: "empty username, correct password",
|
|
creds: BasicCredentials{Username: "", Password: "secret"},
|
|
username: "",
|
|
password: "secret",
|
|
want: nil,
|
|
},
|
|
{
|
|
name: "correct username, correct password",
|
|
creds: BasicCredentials{Username: "user", Password: "secret"},
|
|
username: "user",
|
|
password: "secret",
|
|
want: nil,
|
|
},
|
|
{
|
|
name: "incorrect username, correct password",
|
|
creds: BasicCredentials{Username: "user", Password: "secret"},
|
|
username: "wrong",
|
|
password: "secret",
|
|
want: ErrUnauthorized,
|
|
},
|
|
{
|
|
name: "correct username, incorrect password",
|
|
creds: BasicCredentials{Username: "user", Password: "secret"},
|
|
username: "user",
|
|
password: "wrong",
|
|
want: ErrUnauthorized,
|
|
},
|
|
{
|
|
name: "correct username, empty password",
|
|
creds: BasicCredentials{Username: "user", Password: "secret"},
|
|
username: "user",
|
|
password: "",
|
|
want: ErrUnauthorized,
|
|
},
|
|
}
|
|
|
|
for _, tt := range tests {
|
|
t.Run(tt.name, func(t *testing.T) {
|
|
err := tt.creds.Verify(tt.username, tt.password)
|
|
if err != tt.want {
|
|
t.Errorf("Verify(%q, %q) = %v; want %v", tt.username, tt.password, err, tt.want)
|
|
}
|
|
})
|
|
}
|
|
}
|
|
|
|
func TestPBKDF2Credentials_Verify(t *testing.T) {
|
|
secretDigest, err := pbkdf2.Key(sha256.New, "secret", salt, 1000, 16)
|
|
if err != nil {
|
|
t.Errorf("pbkdf2.Key(sha256.New, \"secret\", salt, 1000, 16) = %v", err)
|
|
}
|
|
emptyDigest, err := pbkdf2.Key(sha256.New, "", salt, 1000, 16)
|
|
if err != nil {
|
|
t.Errorf("pbkdf2.Key(sha256.New, \"\", salt, 1000, 16) = %v", err)
|
|
}
|
|
|
|
tests := []struct {
|
|
name string
|
|
creds PBKDF2Credentials
|
|
username string
|
|
password string
|
|
want error
|
|
}{
|
|
{
|
|
name: "empty username, correct password",
|
|
creds: PBKDF2Credentials{Username: "", DerivedKey: secretDigest, Salt: salt, Iterations: 1000},
|
|
username: "",
|
|
password: "secret",
|
|
want: nil,
|
|
},
|
|
{
|
|
name: "correct username, correct password",
|
|
creds: PBKDF2Credentials{Username: "user", DerivedKey: secretDigest, Salt: salt, Iterations: 1000},
|
|
username: "user",
|
|
password: "secret",
|
|
want: nil,
|
|
},
|
|
{
|
|
name: "incorrect username, correct password",
|
|
creds: PBKDF2Credentials{Username: "user", DerivedKey: secretDigest, Salt: salt, Iterations: 1000},
|
|
username: "wrong",
|
|
password: "secret",
|
|
want: ErrUnauthorized,
|
|
},
|
|
{
|
|
name: "correct username, incorrect password",
|
|
creds: PBKDF2Credentials{Username: "user", DerivedKey: secretDigest, Salt: salt, Iterations: 1000},
|
|
username: "user",
|
|
password: "wrong",
|
|
want: ErrUnauthorized,
|
|
},
|
|
{
|
|
name: "correct username, empty password",
|
|
creds: PBKDF2Credentials{Username: "user", DerivedKey: secretDigest, Salt: salt, Iterations: 1000},
|
|
username: "user",
|
|
password: "",
|
|
want: ErrUnauthorized,
|
|
},
|
|
{
|
|
name: "empty username, empty pre-computed digest",
|
|
creds: PBKDF2Credentials{Username: "", DerivedKey: emptyDigest, Salt: salt, Iterations: 1000},
|
|
username: "",
|
|
password: "",
|
|
want: ErrUnauthorized,
|
|
},
|
|
}
|
|
|
|
for _, tt := range tests {
|
|
t.Run(tt.name, func(t *testing.T) {
|
|
err := tt.creds.Verify(tt.username, tt.password)
|
|
if err != tt.want {
|
|
t.Errorf("Verify(%q, %q) = %v; want %v", tt.username, tt.password, err, tt.want)
|
|
}
|
|
})
|
|
}
|
|
}
|