mirror of
https://github.com/jech/galene.git
synced 2024-11-23 00:55:58 +01:00
c4e26b65b7
Don't allow a user with a wildcard password entry to use the same username as a user with a specific entry even at the same privilege level.
149 lines
2.8 KiB
Go
149 lines
2.8 KiB
Go
package group
|
|
|
|
import (
|
|
"encoding/json"
|
|
"reflect"
|
|
"testing"
|
|
"time"
|
|
)
|
|
|
|
func TestJSTime(t *testing.T) {
|
|
tm := time.Now()
|
|
js := ToJSTime(tm)
|
|
tm2 := FromJSTime(js)
|
|
js2 := ToJSTime(tm2)
|
|
|
|
if js != js2 {
|
|
t.Errorf("%v != %v", js, js2)
|
|
}
|
|
|
|
delta := tm.Sub(tm2)
|
|
if delta < -time.Millisecond/2 || delta > time.Millisecond/2 {
|
|
t.Errorf("Delta %v, %v, %v", delta, tm, tm2)
|
|
}
|
|
}
|
|
|
|
var descJSON = `
|
|
{
|
|
"op": [{"username": "jch","password": "topsecret"}],
|
|
"max-history-age": 10,
|
|
"allow-subgroups": true,
|
|
"presenter": [
|
|
{"username": "john", "password": "secret"},
|
|
{"username": "john", "password": "secret2"}
|
|
],
|
|
"other": [
|
|
{"username": "james", "password": "secret3"},
|
|
{"username": "peter", "password": "secret4"},
|
|
{}
|
|
]
|
|
|
|
}`
|
|
|
|
func TestDescriptionJSON(t *testing.T) {
|
|
var d description
|
|
err := json.Unmarshal([]byte(descJSON), &d)
|
|
if err != nil {
|
|
t.Fatalf("unmarshal: %v", err)
|
|
}
|
|
|
|
dd, err := json.Marshal(d)
|
|
if err != nil {
|
|
t.Fatalf("marshal: %v", err)
|
|
}
|
|
|
|
var ddd description
|
|
err = json.Unmarshal([]byte(dd), &ddd)
|
|
if err != nil {
|
|
t.Fatalf("unmarshal: %v", err)
|
|
}
|
|
|
|
if !reflect.DeepEqual(d, ddd) {
|
|
t.Errorf("Got %v, expected %v", ddd, d)
|
|
}
|
|
}
|
|
|
|
type testClient struct {
|
|
username string
|
|
password string
|
|
}
|
|
|
|
func (c testClient) Username() string {
|
|
return c.username
|
|
}
|
|
|
|
func (c testClient) Challenge(g string, creds ClientCredentials) bool {
|
|
if creds.Password == nil {
|
|
return true
|
|
}
|
|
m, err := creds.Password.Match(c.password)
|
|
if err != nil {
|
|
return false
|
|
}
|
|
return m
|
|
}
|
|
|
|
type testClientPerm struct {
|
|
c testClient
|
|
p ClientPermissions
|
|
}
|
|
|
|
var badClients = []testClient{
|
|
testClient{"jch", "foo"},
|
|
testClient{"john", "foo"},
|
|
testClient{"james", "foo"},
|
|
}
|
|
|
|
var goodClients = []testClientPerm{
|
|
{
|
|
testClient{"jch", "topsecret"},
|
|
ClientPermissions{true, true, false},
|
|
},
|
|
{
|
|
testClient{"john", "secret"},
|
|
ClientPermissions{false, true, false},
|
|
},
|
|
{
|
|
testClient{"john", "secret2"},
|
|
ClientPermissions{false, true, false},
|
|
},
|
|
{
|
|
testClient{"james", "secret3"},
|
|
ClientPermissions{false, false, false},
|
|
},
|
|
{
|
|
testClient{"paul", "secret3"},
|
|
ClientPermissions{false, false, false},
|
|
},
|
|
}
|
|
|
|
|
|
func TestPermissions(t *testing.T) {
|
|
var d description
|
|
err := json.Unmarshal([]byte(descJSON), &d)
|
|
if err != nil {
|
|
t.Fatalf("unmarshal: %v", err)
|
|
}
|
|
|
|
for _, c := range badClients {
|
|
t.Run("bad " + c.Username(), func(t *testing.T) {
|
|
p, err := d.GetPermission("test", c)
|
|
if err != ErrNotAuthorised {
|
|
t.Errorf("GetPermission %v: %v %v", c, err, p)
|
|
}
|
|
})
|
|
}
|
|
|
|
for _, cp := range goodClients {
|
|
t.Run("good " + cp.c.Username(), func(t *testing.T) {
|
|
p, err := d.GetPermission("test", cp.c)
|
|
if err != nil {
|
|
t.Errorf("GetPermission %v: %v", cp.c, err)
|
|
} else if !reflect.DeepEqual(p, cp.p) {
|
|
t.Errorf("%v: got %v, expected %v",
|
|
cp.c, p, cp.p)
|
|
}
|
|
})
|
|
}
|
|
|
|
}
|