mirror of
https://github.com/verdaccio/verdaccio.git
synced 2025-01-06 22:40:26 -05:00
aeff267d94
feat: add a new configuration value named 'slow_verify_ms' to the htpasswd plugin that when exceeded during password verification will log a warning message chore: update README.md for htpasswd plugin to add additional information about the 'rounds' configuration value and also include the new 'slow_verify_ms' configuration value
344 lines
11 KiB
TypeScript
344 lines
11 KiB
TypeScript
/* eslint-disable jest/no-mocks-import */
|
|
// @ts-ignore: Module has no default export
|
|
import bcrypt from 'bcryptjs';
|
|
// @ts-ignore: Module has no default export
|
|
import crypto from 'crypto';
|
|
// @ts-ignore: Module has no default export
|
|
import fs from 'fs';
|
|
import MockDate from 'mockdate';
|
|
|
|
import { PluginOptions } from '@verdaccio/types';
|
|
|
|
import HTPasswd, { DEFAULT_SLOW_VERIFY_MS, HTPasswdConfig } from '../src/htpasswd';
|
|
import { HtpasswdHashAlgorithm } from '../src/utils';
|
|
import Config from './__mocks__/Config';
|
|
|
|
const options = {
|
|
logger: { warn: jest.fn() },
|
|
config: new Config(),
|
|
} as any as PluginOptions<HTPasswdConfig>;
|
|
|
|
const config = {
|
|
file: './htpasswd',
|
|
max_users: 1000,
|
|
} as HTPasswdConfig;
|
|
|
|
describe('HTPasswd', () => {
|
|
let wrapper;
|
|
|
|
beforeEach(() => {
|
|
wrapper = new HTPasswd(config, options);
|
|
jest.resetModules();
|
|
jest.clearAllMocks();
|
|
|
|
crypto.randomBytes = jest.fn(() => {
|
|
return {
|
|
toString: (): string => '$6',
|
|
};
|
|
});
|
|
});
|
|
|
|
describe('constructor()', () => {
|
|
const emptyPluginOptions = { config: {} } as any as PluginOptions<HTPasswdConfig>;
|
|
|
|
test('should ensure file path configuration exists', () => {
|
|
expect(function () {
|
|
new HTPasswd({} as HTPasswdConfig, emptyPluginOptions);
|
|
}).toThrow(/should specify "file" in config/);
|
|
});
|
|
|
|
test('should throw error about incorrect algorithm', () => {
|
|
expect(function () {
|
|
let invalidConfig = { algorithm: 'invalid', ...config } as HTPasswdConfig;
|
|
new HTPasswd(invalidConfig, emptyPluginOptions);
|
|
}).toThrow(/Invalid algorithm "invalid"/);
|
|
});
|
|
});
|
|
|
|
describe('authenticate()', () => {
|
|
test('it should authenticate user with given credentials', (done) => {
|
|
const users = [
|
|
{ username: 'test', password: 'test' },
|
|
{ username: 'username', password: 'password' },
|
|
{ username: 'bcrypt', password: 'password' },
|
|
];
|
|
let usersAuthenticated = 0;
|
|
const generateCallback = (username) => (error, userGroups) => {
|
|
usersAuthenticated += 1;
|
|
expect(error).toBeNull();
|
|
expect(userGroups).toContain(username);
|
|
usersAuthenticated === users.length && done();
|
|
};
|
|
users.forEach(({ username, password }) =>
|
|
wrapper.authenticate(username, password, generateCallback(username))
|
|
);
|
|
});
|
|
|
|
test('it should not authenticate user with given credentials', (done) => {
|
|
const users = ['test', 'username', 'bcrypt'];
|
|
let usersAuthenticated = 0;
|
|
const generateCallback = () => (error, userGroups) => {
|
|
usersAuthenticated += 1;
|
|
expect(error).toBeNull();
|
|
expect(userGroups).toBeFalsy();
|
|
usersAuthenticated === users.length && done();
|
|
};
|
|
users.forEach((username) =>
|
|
wrapper.authenticate(username, 'somerandompassword', generateCallback())
|
|
);
|
|
});
|
|
|
|
test('it should warn on slow password verification', (done) => {
|
|
bcrypt.compare = jest.fn((passwd, hash, callback) => {
|
|
setTimeout(() => callback(null, true), DEFAULT_SLOW_VERIFY_MS + 1);
|
|
});
|
|
const callback = (a, b): void => {
|
|
expect(a).toBeNull();
|
|
expect(b).toContain('bcrypt');
|
|
const mockWarn = options.logger.warn as jest.MockedFn<jest.MockableFunction>;
|
|
expect(mockWarn.mock.calls.length).toBe(1);
|
|
const [{ user, durationMs }, message] = mockWarn.mock.calls[0];
|
|
expect(user).toEqual('bcrypt');
|
|
expect(durationMs).toBeGreaterThan(DEFAULT_SLOW_VERIFY_MS);
|
|
expect(message).toEqual('Password for user "@{user}" took @{durationMs}ms to verify');
|
|
done();
|
|
};
|
|
wrapper.authenticate('bcrypt', 'password', callback);
|
|
});
|
|
});
|
|
|
|
describe('addUser()', () => {
|
|
test('it should not pass sanity check', (done) => {
|
|
const callback = (a): void => {
|
|
expect(a.message).toEqual('unauthorized access');
|
|
done();
|
|
};
|
|
wrapper.adduser('test', 'somerandompassword', callback);
|
|
});
|
|
|
|
test('it should add the user', (done) => {
|
|
let dataToWrite;
|
|
// @ts-ignore
|
|
fs.writeFile = jest.fn((name, data, callback) => {
|
|
dataToWrite = data;
|
|
callback();
|
|
});
|
|
|
|
MockDate.set('2018-01-14T11:17:40.712Z');
|
|
|
|
const callback = (a, b): void => {
|
|
expect(a).toBeNull();
|
|
expect(b).toBeTruthy();
|
|
expect(fs.writeFile).toHaveBeenCalled();
|
|
expect(dataToWrite.indexOf('usernotpresent')).not.toEqual(-1);
|
|
done();
|
|
};
|
|
wrapper.adduser('usernotpresent', 'somerandompassword', callback);
|
|
});
|
|
|
|
describe('addUser() error handling', () => {
|
|
test('sanityCheck should return an Error', (done) => {
|
|
jest.doMock('../src/utils.ts', () => {
|
|
return {
|
|
sanityCheck: (): Error => Error('some error'),
|
|
HtpasswdHashAlgorithm,
|
|
};
|
|
});
|
|
|
|
const HTPasswd = require('../src/htpasswd.ts').default;
|
|
const wrapper = new HTPasswd(config, options);
|
|
wrapper.adduser('sanityCheck', 'test', (sanity) => {
|
|
expect(sanity.message).toBeDefined();
|
|
expect(sanity.message).toMatch('some error');
|
|
done();
|
|
});
|
|
});
|
|
|
|
test('lockAndRead should return an Error', (done) => {
|
|
jest.doMock('../src/utils.ts', () => {
|
|
return {
|
|
sanityCheck: (): any => null,
|
|
lockAndRead: (_a, b): any => b(new Error('lock error')),
|
|
HtpasswdHashAlgorithm,
|
|
};
|
|
});
|
|
|
|
const HTPasswd = require('../src/htpasswd.ts').default;
|
|
const wrapper = new HTPasswd(config, options);
|
|
wrapper.adduser('lockAndRead', 'test', (sanity) => {
|
|
expect(sanity.message).toBeDefined();
|
|
expect(sanity.message).toMatch('lock error');
|
|
done();
|
|
});
|
|
});
|
|
|
|
test('addUserToHTPasswd should return an Error', (done) => {
|
|
jest.doMock('../src/utils.ts', () => {
|
|
return {
|
|
sanityCheck: (): any => null,
|
|
parseHTPasswd: (): void => {},
|
|
lockAndRead: (_a, b): any => b(null, ''),
|
|
unlockFile: (_a, b): any => b(),
|
|
HtpasswdHashAlgorithm,
|
|
};
|
|
});
|
|
|
|
const HTPasswd = require('../src/htpasswd.ts').default;
|
|
const wrapper = new HTPasswd(config, options);
|
|
wrapper.adduser('addUserToHTPasswd', 'test', () => {
|
|
done();
|
|
});
|
|
});
|
|
|
|
test('writeFile should return an Error', (done) => {
|
|
jest.doMock('../src/utils.ts', () => {
|
|
return {
|
|
sanityCheck: (): any => null,
|
|
parseHTPasswd: (): void => {},
|
|
lockAndRead: (_a, b): any => b(null, ''),
|
|
addUserToHTPasswd: (): void => {},
|
|
HtpasswdHashAlgorithm,
|
|
};
|
|
});
|
|
jest.doMock('fs', () => {
|
|
const original = jest.requireActual('fs');
|
|
return {
|
|
...original,
|
|
writeFile: jest.fn((_name, _data, callback) => {
|
|
callback(new Error('write error'));
|
|
}),
|
|
};
|
|
});
|
|
|
|
const HTPasswd = require('../src/htpasswd.ts').default;
|
|
const wrapper = new HTPasswd(config, options);
|
|
wrapper.adduser('addUserToHTPasswd', 'test', (err) => {
|
|
expect(err).not.toBeNull();
|
|
expect(err.message).toMatch('write error');
|
|
done();
|
|
});
|
|
});
|
|
});
|
|
|
|
describe('reload()', () => {
|
|
test('it should read the file and set the users', (done) => {
|
|
const output = {
|
|
test: '$6FrCaT/v0dwE',
|
|
username: '$66to3JK5RgZM',
|
|
bcrypt: '$2y$04$K2Cn3StiXx4CnLmcTW/ymekOrj7WlycZZF9xgmoJ/U0zGPqSLPVBe',
|
|
};
|
|
const callback = (): void => {
|
|
expect(wrapper.users).toEqual(output);
|
|
done();
|
|
};
|
|
wrapper.reload(callback);
|
|
});
|
|
|
|
test('reload should fails on check file', (done) => {
|
|
jest.doMock('fs', () => {
|
|
return {
|
|
readFile: (_name, callback): void => {
|
|
callback(new Error('stat error'), null);
|
|
},
|
|
stat: (_name, callback): void => {
|
|
callback(new Error('stat error'), null);
|
|
},
|
|
};
|
|
});
|
|
const callback = (err): void => {
|
|
expect(err).not.toBeNull();
|
|
expect(err.message).toMatch('stat error');
|
|
done();
|
|
};
|
|
|
|
const HTPasswd = require('../src/htpasswd.ts').default;
|
|
const wrapper = new HTPasswd(config, options);
|
|
wrapper.reload(callback);
|
|
});
|
|
|
|
test('reload times match', (done) => {
|
|
jest.doMock('fs', () => {
|
|
return {
|
|
readFile: (_name, callback): void => {
|
|
callback(new Error('stat error'), null);
|
|
},
|
|
stat: (_name, callback): void => {
|
|
callback(null, {
|
|
mtime: null,
|
|
});
|
|
},
|
|
};
|
|
});
|
|
const callback = (err): void => {
|
|
expect(err).toBeUndefined();
|
|
done();
|
|
};
|
|
|
|
const HTPasswd = require('../src/htpasswd.ts').default;
|
|
const wrapper = new HTPasswd(config, options);
|
|
wrapper.reload(callback);
|
|
});
|
|
|
|
test('reload should fails on read file', (done) => {
|
|
jest.doMock('fs', () => {
|
|
return {
|
|
stat: jest.requireActual('fs').stat,
|
|
readFile: (_name, _format, callback): void => {
|
|
callback(new Error('read error'), null);
|
|
},
|
|
};
|
|
});
|
|
const callback = (err): void => {
|
|
expect(err).not.toBeNull();
|
|
expect(err.message).toMatch('read error');
|
|
done();
|
|
};
|
|
|
|
const HTPasswd = require('../src/htpasswd.ts').default;
|
|
const wrapper = new HTPasswd(config, options);
|
|
wrapper.reload(callback);
|
|
});
|
|
});
|
|
});
|
|
|
|
test('changePassword - it should throw an error for user not found', (done) => {
|
|
const callback = (error, isSuccess): void => {
|
|
expect(error).not.toBeNull();
|
|
expect(error.message).toBe(
|
|
`Unable to change password for user 'usernotpresent': user does not currently exist`
|
|
);
|
|
expect(isSuccess).toBeFalsy();
|
|
done();
|
|
};
|
|
wrapper.changePassword('usernotpresent', 'oldPassword', 'newPassword', callback);
|
|
});
|
|
|
|
test('changePassword - it should throw an error for wrong password', (done) => {
|
|
const callback = (error, isSuccess): void => {
|
|
expect(error).not.toBeNull();
|
|
expect(error.message).toBe(
|
|
`Unable to change password for user 'username': invalid old password`
|
|
);
|
|
expect(isSuccess).toBeFalsy();
|
|
done();
|
|
};
|
|
wrapper.changePassword('username', 'wrongPassword', 'newPassword', callback);
|
|
});
|
|
|
|
test('changePassword - it should change password', (done) => {
|
|
let dataToWrite;
|
|
// @ts-ignore
|
|
fs.writeFile = jest.fn((_name, data, callback) => {
|
|
dataToWrite = data;
|
|
callback();
|
|
});
|
|
const callback = (error, isSuccess): void => {
|
|
expect(error).toBeNull();
|
|
expect(isSuccess).toBeTruthy();
|
|
expect(fs.writeFile).toHaveBeenCalled();
|
|
expect(dataToWrite.indexOf('username')).not.toEqual(-1);
|
|
done();
|
|
};
|
|
wrapper.changePassword('username', 'password', 'newPassword', callback);
|
|
});
|
|
});
|