more customer
This commit is contained in:
@@ -0,0 +1,95 @@
|
||||
package customerauth
|
||||
|
||||
import (
|
||||
"path/filepath"
|
||||
"testing"
|
||||
"time"
|
||||
)
|
||||
|
||||
func TestPasswordRoundTrip(t *testing.T) {
|
||||
h, err := HashPassword("correct horse battery staple")
|
||||
if err != nil {
|
||||
t.Fatalf("hash: %v", err)
|
||||
}
|
||||
if !VerifyPassword("correct horse battery staple", h) {
|
||||
t.Fatal("correct password did not verify")
|
||||
}
|
||||
if VerifyPassword("wrong", h) {
|
||||
t.Fatal("wrong password verified")
|
||||
}
|
||||
}
|
||||
|
||||
func TestPasswordHashesAreSalted(t *testing.T) {
|
||||
a, _ := HashPassword("hunter2hunter2")
|
||||
b, _ := HashPassword("hunter2hunter2")
|
||||
if a == b {
|
||||
t.Fatal("two hashes of the same password are identical — not salted")
|
||||
}
|
||||
}
|
||||
|
||||
func TestVerifyRejectsMalformed(t *testing.T) {
|
||||
for _, bad := range []string{"", "x", "pbkdf2-sha256$abc$salt$hash", "md5$1$a$b"} {
|
||||
if VerifyPassword("whatever", bad) {
|
||||
t.Fatalf("malformed hash %q verified", bad)
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
func TestSessionRoundTrip(t *testing.T) {
|
||||
s := NewSigner([]byte("test-secret"))
|
||||
tok := s.Issue(12345, time.Hour)
|
||||
id, err := s.Parse(tok)
|
||||
if err != nil {
|
||||
t.Fatalf("parse: %v", err)
|
||||
}
|
||||
if id != 12345 {
|
||||
t.Fatalf("got id %d, want 12345", id)
|
||||
}
|
||||
}
|
||||
|
||||
func TestSessionExpired(t *testing.T) {
|
||||
s := NewSigner([]byte("test-secret"))
|
||||
tok := s.Issue(1, -time.Second)
|
||||
if _, err := s.Parse(tok); err != ErrExpiredToken {
|
||||
t.Fatalf("got %v, want ErrExpiredToken", err)
|
||||
}
|
||||
}
|
||||
|
||||
func TestSessionTamperAndWrongKey(t *testing.T) {
|
||||
s := NewSigner([]byte("test-secret"))
|
||||
tok := s.Issue(7, time.Hour)
|
||||
if _, err := s.Parse(tok + "x"); err != ErrInvalidToken {
|
||||
t.Fatalf("tampered token: got %v, want ErrInvalidToken", err)
|
||||
}
|
||||
other := NewSigner([]byte("different-secret"))
|
||||
if _, err := other.Parse(tok); err != ErrInvalidToken {
|
||||
t.Fatalf("wrong key: got %v, want ErrInvalidToken", err)
|
||||
}
|
||||
}
|
||||
|
||||
func TestStoreRegisterDuplicateAndReload(t *testing.T) {
|
||||
path := filepath.Join(t.TempDir(), "credentials.json")
|
||||
store, err := LoadCredentialStore(path)
|
||||
if err != nil {
|
||||
t.Fatalf("load: %v", err)
|
||||
}
|
||||
if err := store.Register("User@Example.com", 42, "hash1", "ts"); err != nil {
|
||||
t.Fatalf("register: %v", err)
|
||||
}
|
||||
// Duplicate (case-insensitive) is rejected.
|
||||
if err := store.Register("user@example.com", 99, "hash2", "ts"); err != ErrEmailExists {
|
||||
t.Fatalf("duplicate: got %v, want ErrEmailExists", err)
|
||||
}
|
||||
// Reload from disk and confirm the record persisted.
|
||||
reloaded, err := LoadCredentialStore(path)
|
||||
if err != nil {
|
||||
t.Fatalf("reload: %v", err)
|
||||
}
|
||||
rec, ok := reloaded.Get("USER@EXAMPLE.COM")
|
||||
if !ok {
|
||||
t.Fatal("record not found after reload")
|
||||
}
|
||||
if rec.ProfileID != 42 || rec.Hash != "hash1" {
|
||||
t.Fatalf("unexpected record: %+v", rec)
|
||||
}
|
||||
}
|
||||
Reference in New Issue
Block a user