Files

61 lines
1.6 KiB
Go

package app
import (
"crypto/rand"
"crypto/rsa"
"crypto/sha256"
"crypto/x509"
"encoding/base64"
"encoding/pem"
"testing"
sharedauth "github.com/geo-platform/tenant-api/internal/shared/auth"
"github.com/geo-platform/tenant-api/internal/shared/response"
"github.com/stretchr/testify/require"
)
func TestOpsAuthLoginPasswordDecryptsEncryptedPassword(t *testing.T) {
t.Parallel()
key, err := rsa.GenerateKey(rand.Reader, 2048)
require.NoError(t, err)
privatePEM := string(pem.EncodeToMemory(&pem.Block{
Type: "RSA PRIVATE KEY",
Bytes: x509.MarshalPKCS1PrivateKey(key),
}))
cipher, err := sharedauth.NewPasswordCipher(privatePEM, "ops-test-key")
require.NoError(t, err)
encrypted, err := rsa.EncryptOAEP(sha256.New(), rand.Reader, &key.PublicKey, []byte("Ops@1234"), nil)
require.NoError(t, err)
svc := (&AuthService{}).WithPasswordCipher(cipher)
got, err := svc.loginPassword(LoginInput{
EncryptedPassword: base64.StdEncoding.EncodeToString(encrypted),
PasswordKeyID: "ops-test-key",
})
require.NoError(t, err)
require.Equal(t, "Ops@1234", got)
}
func TestOpsAuthLoginPasswordAllowsPlainPasswordCompatibility(t *testing.T) {
t.Parallel()
got, err := (&AuthService{}).loginPassword(LoginInput{Password: "Ops@1234"})
require.NoError(t, err)
require.Equal(t, "Ops@1234", got)
}
func TestOpsAuthLoginPasswordRejectsEncryptedWhenCipherMissing(t *testing.T) {
t.Parallel()
_, err := (&AuthService{}).loginPassword(LoginInput{EncryptedPassword: "abc"})
require.Error(t, err)
appErr, ok := err.(*response.AppError)
require.True(t, ok)
require.Equal(t, "password_cipher_unavailable", appErr.Message)
}