0
Fork 0
mirror of https://github.com/verdaccio/verdaccio.git synced 2024-12-30 22:34:10 -05:00

add a bunch of tests for htpasswd

This commit is contained in:
Alex Kocharin 2014-07-23 01:45:28 +04:00
parent 490340fbb0
commit 3809d6eb32
10 changed files with 115 additions and 7 deletions

1
.gitignore vendored
View file

@ -5,5 +5,6 @@ sinopia-*.tgz
### ###
bin/storage* bin/storage*
bin/htpasswd
bin/*.yaml bin/*.yaml
test-storage* test-storage*

View file

@ -5,6 +5,7 @@ sinopia-*.tgz
### ###
bin/storage* bin/storage*
bin/htpasswd
bin/*.yaml bin/*.yaml
test-storage* test-storage*

View file

@ -171,7 +171,7 @@ Config.prototype.authenticate = function(user, password, cb) {
Config.prototype.add_user = function(user, password, cb) { Config.prototype.add_user = function(user, password, cb) {
if (this.users && this.users[user]) return cb(new UError({ if (this.users && this.users[user]) return cb(new UError({
status: 409, status: 403,
message: 'this user already exists', message: 'this user already exists',
})) }))

View file

@ -66,12 +66,12 @@ module.exports = function(path) {
function sanity_check() { function sanity_check() {
if (users[user]) { if (users[user]) {
return new UError({ return new UError({
status: 409, status: 403,
message: 'this user already exists', message: 'this user already exists',
}) })
} else if (Object.keys(users).length >= maxusers) { } else if (Object.keys(users).length >= maxusers) {
return new UError({ return new UError({
status: 409, status: 403,
message: 'maximum amount of users reached', message: 'maximum amount of users reached',
}) })
} }
@ -135,3 +135,7 @@ module.exports = function(path) {
return result return result
} }
// exports for unit tests
module.exports._parse_htpasswd = parse_htpasswd
module.exports._verify_password = verify_password
module.exports._add_user_to_htpasswd = add_user_to_htpasswd

View file

@ -31,14 +31,14 @@ dependencies:
optionalDependencies: optionalDependencies:
fs-ext: '>= 0.3.2' fs-ext: '>= 0.3.2'
crypt3: 'sendanor/node-crypt3' crypt3: '*'
devDependencies: devDependencies:
rimraf: '>= 2.2.5' rimraf: '>= 2.2.5'
mocha: '>= 1.17.0' mocha: '>= 1.17.0'
# linting tools # linting tools
eslint: '>= 0.6' eslint: '~ 0.6.0'
# for debugging memory leaks, it'll be require()'d if # for debugging memory leaks, it'll be require()'d if
# installed, but I don't want it to be installed everytime # installed, but I don't want it to be installed everytime
@ -56,7 +56,7 @@ keywords:
scripts: scripts:
test: mocha ./test/functional ./test/unit test: mocha ./test/functional ./test/unit
lint: eslint -c ./.eslint.yaml ./lib lint: eslint -c ./.eslint.yaml ./lib
prepublish: js-yaml package.yaml > package.json #prepublish: js-yaml package.yaml > package.json
# we depend on streams2 stuff # we depend on streams2 stuff
# it can be replaced with isaacs/readable-stream, ask if you need to use 0.8 # it can be replaced with isaacs/readable-stream, ask if you need to use 0.8

View file

@ -0,0 +1,36 @@
var assert = require('assert')
var Server = require('./lib/server')
module.exports = function() {
var server = new Server('http://localhost:55551/')
describe('adduser', function() {
var user = String(Math.random())
var pass = String(Math.random())
before(function(cb) {
server.auth(user, pass, function(res, body) {
assert.equal(res.statusCode, 201)
assert(body.ok.match(/user .* created/))
cb()
})
})
it('creating new user', function(){})
it('should log in', function(cb) {
server.auth(user, pass, function(res, body) {
assert.equal(res.statusCode, 201)
assert(body.ok.match(/you are authenticated as/))
cb()
})
})
it('should not register more users', function(cb) {
server.auth(String(Math.random()), String(Math.random()), function(res, body) {
assert.equal(res.statusCode, 403)
assert(body.error.match(/maximum amount of users reached/))
cb()
})
})
})
}

View file

@ -4,6 +4,9 @@ users:
test: test:
password: a94a8fe5ccb19ba61c4c0873d391e987982fbbd3 password: a94a8fe5ccb19ba61c4c0873d391e987982fbbd3
users_file: ./test-storage/htpasswd
max_users: 1
uplinks: uplinks:
express: express:
url: http://localhost:55550/ url: http://localhost:55550/

View file

@ -46,6 +46,7 @@ describe('Func', function() {
require('./race')() require('./race')()
require('./racycrash')() require('./racycrash')()
require('./security')() require('./security')()
require('./adduser')()
require('./addtag')() require('./addtag')()
}) })

View file

@ -36,7 +36,13 @@ Server.prototype.auth = function(user, pass, cb) {
uri: '/-/user/org.couchdb.user:'+encodeURIComponent(user)+'/-rev/undefined', uri: '/-/user/org.couchdb.user:'+encodeURIComponent(user)+'/-rev/undefined',
method: 'PUT', method: 'PUT',
json: { json: {
content: "doesn't matter, 'cause sinopia uses info from Authorization header anywayz", name: user,
password: pass,
email: 'test@example.com',
_id: 'org.couchdb.user:' + user,
type: 'user',
roles: [],
date: new Date(),
} }
}, prep(cb)) }, prep(cb))
} }

56
test/unit/htpasswd.js Normal file
View file

@ -0,0 +1,56 @@
var assert = require('assert')
, parse_htpasswd = require('../../lib/htpasswd')._parse_htpasswd
, verify_password = require('../../lib/htpasswd')._verify_password
, add_user_to_htpasswd = require('../../lib/htpasswd')._add_user_to_htpasswd
describe('parse_htpasswd', function() {
// TODO
})
describe('verify_password', function() {
it('should verify plain', function() {
assert(verify_password('user', 'pass', '{PLAIN}pass'))
assert(!verify_password('user', 'p', '{PLAIN}pass'))
})
it('should verify sha', function() {
assert(verify_password('user', 'pass', '{SHA}nU4eI71bcnBGqeO0t9tXvY1u5oQ='))
assert(!verify_password('user', 'p', '{SHA}nU4eI71bcnBGqeO0t9tXvY1u5oQ='))
})
it('should verify crypt', function() {
assert(verify_password('user', 'pass', 'ulINxGnqObi36'))
assert(!verify_password('user', 'p', 'ulINxGnqObi36'))
})
it('should verify crypt-sha', function() {
assert(verify_password('user', 'pass', '$6$Qx0eNSKPbxocgA==$ugjO0.z9yOFiaJXJK4ulvGYIxF/KZBV4lGqasArYPqPPT4orZ6NlnIE5KhtiOVs.5EoWxLg1sjp318G8RpI2x1'))
assert(!verify_password('user', 'p', '$6$Qx0eNSKPbxocgA==$ugjO0.z9yOFiaJXJK4ulvGYIxF/KZBV4lGqasArYPqPPT4orZ6NlnIE5KhtiOVs.5EoWxLg1sjp318G8RpI2x1'))
})
})
describe('add_user_to_htpasswd', function() {
it('should add user to empty file', function() {
var res = add_user_to_htpasswd('', 'user', 'passwd')
assert(res.match(/^user:[^:\n]+:autocreated [^\n]+\n$/))
})
it('should append user / newline checks', function() {
var res = add_user_to_htpasswd('testtest', 'user', 'passwd')
assert(res.match(/^testtest\nuser:[^:\n]+:autocreated [^\n]+\n$/))
var res = add_user_to_htpasswd('testtest\n', 'user', 'passwd')
assert(res.match(/^testtest\nuser:[^:\n]+:autocreated [^\n]+\n$/))
var res = add_user_to_htpasswd('testtest\n\n', 'user', 'passwd')
assert(res.match(/^testtest\n\nuser:[^:\n]+:autocreated [^\n]+\n$/))
})
it('should not append invalid users', function() {
assert.throws(function() {
add_user_to_htpasswd('', 'us:er', 'passwd')
}, /non-uri-safe/)
assert.throws(function() {
add_user_to_htpasswd('', 'us\ner', 'passwd')
}, /non-uri-safe/)
assert.throws(function() {
add_user_to_htpasswd('', 'us#er', 'passwd')
}, /non-uri-safe/)
})
})