84 lines
2.8 KiB
Perl
84 lines
2.8 KiB
Perl
# t/blobstore.t
|
|
#
|
|
# Test some DW::Auth::Password functionality.
|
|
#
|
|
# Authors:
|
|
# Mark Smith <mark@dreamwidth.org>
|
|
#
|
|
# Copyright (c) 2020 by Dreamwidth Studios, LLC.
|
|
#
|
|
# This program is free software; you may redistribute it and/or modify it under
|
|
# the same terms as Perl itself. For a copy of the license, please reference
|
|
# 'perldoc perlartistic' or 'perldoc perlgpl'.
|
|
#
|
|
|
|
use strict;
|
|
use warnings;
|
|
|
|
use Test::More;
|
|
|
|
BEGIN { $LJ::_T_CONFIG = 1; require "$ENV{LJHOME}/cgi-bin/ljlib.pl"; }
|
|
|
|
plan tests => 19;
|
|
|
|
use Digest::MD5 qw/ md5_hex /;
|
|
|
|
use DW::API::Key;
|
|
use DW::Auth::Password;
|
|
use LJ::Test qw/ temp_user /;
|
|
|
|
my $u = temp_user();
|
|
|
|
# Test public APIs work
|
|
ok( $u->dversion == 10, 'New user is on dversion 10.' );
|
|
ok( DW::Auth::Password->set( $u, 'test' ), 'Able to set password.' );
|
|
ok( DW::Auth::Password->check( $u, 'test' ), 'Password validates.' );
|
|
ok( !DW::Auth::Password->check( $u, 'test?' ), 'Password fails validation.' );
|
|
|
|
# Looks like a bcrypt hash (not quite base64)
|
|
my $hash1 = DW::Auth::Password->_get_password_token($u);
|
|
ok( $hash1 =~ m!^\$2a\$$LJ::BCRYPT_COST\$[a-zA-Z0-9./]+$!, 'Appropriate bcrypt hash.' );
|
|
|
|
# Same password results in different hash
|
|
ok( DW::Auth::Password->set( $u, 'test' ), 'Able to set password.' );
|
|
ok( $hash1 ne DW::Auth::Password->_get_password_token($u), 'Same password uses new hash.' );
|
|
ok( DW::Auth::Password->check( $u, 'test' ), 'Password validates.' );
|
|
ok( !DW::Auth::Password->check( $u, 'test?' ), 'Password fails validation.' );
|
|
|
|
# Now let's test some compatibility layers, let's give the user an API key
|
|
# and test that auth works
|
|
my $key = DW::API::Key->new_for_user($u);
|
|
ok( !DW::Auth::Password->check( $u, $key->hash ), 'API key is not valid without options.' );
|
|
ok( DW::Auth::Password->check( $u, $key->hash, allow_api_keys => 1 ),
|
|
'API key is valid with options.' );
|
|
|
|
# And test that hpassword does not work for password
|
|
ok( !DW::Auth::Password->check( $u, md5_hex('test'), allow_hpassword => 1 ),
|
|
'hpassword does not work for d10.' );
|
|
ok( !DW::Auth::Password->check( $u, md5_hex('test'), allow_hpassword => 1, allow_api_keys => 1 ),
|
|
'hpassword does not work for d10 (w/API keys).' );
|
|
|
|
# And now it does (when we pass an API key hashed)
|
|
ok(
|
|
DW::Auth::Password->check(
|
|
$u, md5_hex( $key->hash ),
|
|
allow_hpassword => 1,
|
|
allow_api_keys => 1
|
|
),
|
|
'API key is valid with options w/hpassword.'
|
|
);
|
|
|
|
# Roll the user back to d9
|
|
$u->update_self( { dversion => 9 } );
|
|
|
|
# Test password flow again
|
|
ok( $u->dversion == 9, 'New user is on dversion 10.' );
|
|
ok( DW::Auth::Password->set( $u, 'test' ), 'Able to set password.' );
|
|
ok( DW::Auth::Password->check( $u, 'test' ), 'Password validates.' );
|
|
ok( !DW::Auth::Password->check( $u, 'test?' ), 'Password fails validation.' );
|
|
|
|
# Test hpassword works now
|
|
ok( DW::Auth::Password->check( $u, md5_hex('test'), allow_hpassword => 1 ),
|
|
'hpassword does work for d9.' );
|
|
|
|
1;
|