Merge branch 'develop' of https://git.pleroma.social/pleroma/pleroma into develop

Merge branch 'tests/authentication_plug' into 'develop'
tests for Plugs.AuthenticationPlug See merge request pleroma/pleroma!1450
2019-07-18 19:00:06 -04:00 · 2019-07-18 20:29:51 +00:00 · 2019-07-18 20:29:51 +00:00
2 changed files with 35 additions and 13 deletions
--- a/lib/pleroma/plugs/authentication_plug.ex
+++ b/lib/pleroma/plugs/authentication_plug.ex
@ -8,22 +8,19 @@ defmodule Pleroma.Plugs.AuthenticationPlug do
  alias Pleroma.User
  require Logger

-  def init(options) do
-    options
+  def init(options), do: options
+
+  def checkpw(password, "$6" <> _ = password_hash) do
+    :crypt.crypt(password, password_hash) == password_hash
  end

-  def checkpw(password, password_hash) do
-    cond do
-      String.starts_with?(password_hash, "$pbkdf2") ->
-        Pbkdf2.checkpw(password, password_hash)
+  def checkpw(password, "$pbkdf2" <> _ = password_hash) do
+    Pbkdf2.checkpw(password, password_hash)
+  end

-      String.starts_with?(password_hash, "$6") ->
-        :crypt.crypt(password, password_hash) == password_hash
-
-      true ->
-        Logger.error("Password hash not recognized")
-        false
-    end
+  def checkpw(_password, _password_hash) do
+    Logger.error("Password hash not recognized")
+    false
  end

  def call(%{assigns: %{user: %User{}}} = conn, _), do: conn
--- a/test/plugs/authentication_plug_test.exs
+++ b/test/plugs/authentication_plug_test.exs
@ -54,4 +54,29 @@ defmodule Pleroma.Plugs.AuthenticationPlugTest do

    assert conn == ret_conn
  end
+
+  describe "checkpw/2" do
+    test "check pbkdf2 hash" do
+      hash =
+        "$pbkdf2-sha512$160000$loXqbp8GYls43F0i6lEfIw$AY.Ep.2pGe57j2hAPY635sI/6w7l9Q9u9Bp02PkPmF3OrClDtJAI8bCiivPr53OKMF7ph6iHhN68Rom5nEfC2A"
+
+      assert AuthenticationPlug.checkpw("test-password", hash)
+      refute AuthenticationPlug.checkpw("test-password1", hash)
+    end
+
+    test "check sha512-crypt hash" do
+      hash =
+        "$6$9psBWV8gxkGOZWBz$PmfCycChoxeJ3GgGzwvhlgacb9mUoZ.KUXNCssekER4SJ7bOK53uXrHNb2e4i8yPFgSKyzaW9CcmrDXWIEMtD1"
+
+      assert AuthenticationPlug.checkpw("password", hash)
+      refute AuthenticationPlug.checkpw("password1", hash)
+    end
+
+    test "it returns false when hash invalid" do
+      hash =
+        "psBWV8gxkGOZWBz$PmfCycChoxeJ3GgGzwvhlgacb9mUoZ.KUXNCssekER4SJ7bOK53uXrHNb2e4i8yPFgSKyzaW9CcmrDXWIEMtD1"
+
+      refute Pleroma.Plugs.AuthenticationPlug.checkpw("password", hash)
+    end
+  end
 end
Author	SHA1	Message	Date
Rachel Fae Fox (foxiepaws)	1c3633f8e2	Merge branch 'develop' of https://git.pleroma.social/pleroma/pleroma into develop	2019-07-18 19:00:06 -04:00
kaniini	16cfee708e	Merge branch 'tests/authentication_plug' into 'develop' tests for Plugs.AuthenticationPlug See merge request pleroma/pleroma!1450	2019-07-18 20:29:51 +00:00
Maksim	f435217e50	tests for Plugs.AuthenticationPlug	2019-07-18 20:29:51 +00:00