68 lines
2.3 KiB
Perl
68 lines
2.3 KiB
Perl
# t/blobstore.t
|
|
#
|
|
# Test some DW::Auth::TOTP functionality.
|
|
#
|
|
# Authors:
|
|
# Mark Smith <mark@dreamwidth.org>
|
|
#
|
|
# Copyright (c) 2020 by Dreamwidth Studios, LLC.
|
|
#
|
|
# This program is free software; you may redistribute it and/or modify it under
|
|
# the same terms as Perl itself. For a copy of the license, please reference
|
|
# 'perldoc perlartistic' or 'perldoc perlgpl'.
|
|
#
|
|
|
|
use strict;
|
|
use warnings;
|
|
|
|
use Test::More;
|
|
|
|
BEGIN { $LJ::_T_CONFIG = 1; require "$ENV{LJHOME}/cgi-bin/ljlib.pl"; }
|
|
|
|
plan tests => 17;
|
|
|
|
use DW::Auth::Password;
|
|
use DW::Auth::TOTP;
|
|
use LJ::Test qw/ temp_user /;
|
|
|
|
my $u = temp_user();
|
|
|
|
# Test public APIs work
|
|
ok( !DW::Auth::TOTP->is_enabled($u), 'New user does not have TOTP.' );
|
|
ok( scalar( DW::Auth::TOTP->get_recovery_codes($u) ) == 0,
|
|
'New user does not have recovery codes.' );
|
|
|
|
# Enable
|
|
my $secret = DW::Auth::TOTP->generate_secret;
|
|
ok( DW::Auth::TOTP->enable( $u, $secret ), 'Enable works.' );
|
|
ok( DW::Auth::TOTP->is_enabled($u), 'User has TOTP now.' );
|
|
ok( scalar( DW::Auth::TOTP->get_recovery_codes($u) ) == 10, 'User has 10 codes.' );
|
|
|
|
# Get some codes and check validation
|
|
my @codes = DW::Auth::TOTP->_get_codes($u);
|
|
ok( scalar @codes == 2, 'Got 2 codes.' );
|
|
ok( DW::Auth::TOTP->check_code( $u, $codes[0] ), 'Older code works.' );
|
|
ok( DW::Auth::TOTP->check_code( $u, $codes[0] ), 'Newer code works.' );
|
|
ok( !DW::Auth::TOTP->check_code( $u, '000000' ), 'Bad code fails.' );
|
|
|
|
# TODO: maybe we care, but there is _technicaly_ a race condition since we're
|
|
# using time based authentication, and we could just implement a way to set
|
|
# the time for tests, but I'm not yet (since adding functionality to set time
|
|
# in a TOTP system seems spooky)
|
|
|
|
# Disable
|
|
ok( DW::Auth::Password->set( $u, 'test' ), 'Changed user password.' );
|
|
ok( !DW::Auth::TOTP->disable( $u, 'fail' ), 'Fail to disable without password.' );
|
|
ok( DW::Auth::TOTP->disable( $u, 'test' ), 'Disable works.' );
|
|
ok( !DW::Auth::TOTP->is_enabled($u), 'Disabled user does not have TOTP.' );
|
|
ok(
|
|
scalar( DW::Auth::TOTP->get_recovery_codes($u) ) == 0,
|
|
'Disabled user does not have recovery codes.'
|
|
);
|
|
|
|
# Codes fail now
|
|
ok( !DW::Auth::TOTP->check_code( $u, $codes[0] ), 'Older code fails.' );
|
|
ok( !DW::Auth::TOTP->check_code( $u, $codes[0] ), 'Newer code fails.' );
|
|
ok( !DW::Auth::TOTP->check_code( $u, '000000' ), 'Bad code still fails.' );
|
|
|
|
1;
|