From 3463d906e9a8b4a158c3424c68d7b7350b6c1694 Mon Sep 17 00:00:00 2001 From: David Norton Date: Fri, 26 Jun 2015 16:44:04 -0400 Subject: [PATCH] fix #3102: add unit test for authentication --- meta/store.go | 1 - meta/store_test.go | 55 ++++++++++++++++++++++++++++++++++++++++++++++ 2 files changed, 55 insertions(+), 1 deletion(-) diff --git a/meta/store.go b/meta/store.go index 2d0a7ff066..df8cc10328 100644 --- a/meta/store.go +++ b/meta/store.go @@ -1003,7 +1003,6 @@ func (s *Store) Authenticate(username, password string) (ui *UserInfo, err error ui = u return nil } - // Compare password with user hash. if err := bcrypt.CompareHashAndPassword([]byte(u.Hash), []byte(password)); err != nil { return err diff --git a/meta/store_test.go b/meta/store_test.go index c249ca11e7..b26bef6dda 100644 --- a/meta/store_test.go +++ b/meta/store_test.go @@ -17,6 +17,7 @@ import ( "github.com/influxdb/influxdb/meta" "github.com/influxdb/influxdb/tcp" "github.com/influxdb/influxdb/toml" + "golang.org/x/crypto/bcrypt" ) func init() { @@ -656,6 +657,60 @@ func TestStore_UpdateUser(t *testing.T) { } } +// Ensure Authentication works. +func TestStore_Authentication(t *testing.T) { + t.Parallel() + + if testing.Short() { + t.SkipNow() + } + + s := MustOpenStore() + defer s.Close() + + // Set the hash function back to the real thing for this test. + oldHashFn := meta.HashPassword + meta.HashPassword = func(password string) ([]byte, error) { + return bcrypt.GenerateFromPassword([]byte(password), 4) + } + defer func() { meta.HashPassword = oldHashFn }() + + // Create user. + s.CreateUser("susy", "pass", true) + + // Authenticate user. + if ui, err := s.Authenticate("susy", "pass"); err != nil { + t.Fatal(err) + } else if ui.Name != "susy" { + t.Fatalf(`expected "susy", got "%s"`, ui.Name) + } + + // Update user's password. + s.UpdateUser("susy", "pass2") + + // Make sure authentication with old password does NOT work. + if _, err := s.Authenticate("susy", "pass"); err == nil { + t.Fatal("expected authentication error") + } + + // Authenticate user with new password + if ui, err := s.Authenticate("susy", "pass2"); err != nil { + t.Fatal(err) + } else if ui.Name != "susy" { + t.Fatalf(`expected "susy", got "%s"`, ui.Name) + } + + // Drop user. + s.DropUser("susy") + + // Make sure authentication with both old passwords does NOT work. + if _, err := s.Authenticate("susy", "pass"); err == nil { + t.Fatal("expected authentication error") + } else if _, err := s.Authenticate("susy", "pass2"); err == nil { + t.Fatal("expected authentication error") + } +} + // Ensure the store can return the count of users in it. func TestStore_UserCount(t *testing.T) { t.Parallel()