61 lines
1.6 KiB
Go
61 lines
1.6 KiB
Go
package app
|
|
|
|
import (
|
|
"crypto/rand"
|
|
"crypto/rsa"
|
|
"crypto/sha256"
|
|
"crypto/x509"
|
|
"encoding/base64"
|
|
"encoding/pem"
|
|
"testing"
|
|
|
|
"github.com/geo-platform/tenant-api/internal/shared/auth"
|
|
"github.com/geo-platform/tenant-api/internal/shared/response"
|
|
"github.com/stretchr/testify/require"
|
|
)
|
|
|
|
func TestAuthServiceLoginPasswordDecryptsEncryptedPassword(t *testing.T) {
|
|
t.Parallel()
|
|
|
|
key, err := rsa.GenerateKey(rand.Reader, 2048)
|
|
require.NoError(t, err)
|
|
privatePEM := string(pem.EncodeToMemory(&pem.Block{
|
|
Type: "RSA PRIVATE KEY",
|
|
Bytes: x509.MarshalPKCS1PrivateKey(key),
|
|
}))
|
|
cipher, err := auth.NewPasswordCipher(privatePEM, "tenant-test-key")
|
|
require.NoError(t, err)
|
|
|
|
encrypted, err := rsa.EncryptOAEP(sha256.New(), rand.Reader, &key.PublicKey, []byte("Test@123"), nil)
|
|
require.NoError(t, err)
|
|
|
|
svc := (&AuthService{}).WithPasswordCipher(cipher)
|
|
got, err := svc.loginPassword(LoginRequest{
|
|
EncryptedPassword: base64.StdEncoding.EncodeToString(encrypted),
|
|
PasswordKeyID: "tenant-test-key",
|
|
})
|
|
|
|
require.NoError(t, err)
|
|
require.Equal(t, "Test@123", got)
|
|
}
|
|
|
|
func TestAuthServiceLoginPasswordAllowsPlainPasswordCompatibility(t *testing.T) {
|
|
t.Parallel()
|
|
|
|
got, err := (&AuthService{}).loginPassword(LoginRequest{Password: "Test@123"})
|
|
|
|
require.NoError(t, err)
|
|
require.Equal(t, "Test@123", got)
|
|
}
|
|
|
|
func TestAuthServiceLoginPasswordRejectsEncryptedWhenCipherMissing(t *testing.T) {
|
|
t.Parallel()
|
|
|
|
_, err := (&AuthService{}).loginPassword(LoginRequest{EncryptedPassword: "abc"})
|
|
|
|
require.Error(t, err)
|
|
appErr, ok := err.(*response.AppError)
|
|
require.True(t, ok)
|
|
require.Equal(t, "password_cipher_unavailable", appErr.Message)
|
|
}
|