Files

 master

/

digest_md5_test.go

Copy path

Blame

Blame

Latest commit

 

History

History

169 lines (137 loc) · 5.57 KB

 master

/

digest_md5_test.go

Top

File metadata and controls

• Code
• Blame

169 lines (137 loc) · 5.57 KB

Raw

1

2

3

4

5

6

7

8

9

10

11

12

13

14

15

16

17

18

19

20

21

22

23

24

25

26

27

28

29

30

31

32

33

34

35

36

37

38

39

40

41

42

43

44

45

46

47

48

49

50

51

52

53

54

55

56

57

58

59

60

61

62

63

64

65

66

67

68

69

70

71

72

73

74

75

76

77

78

79

80

81

82

83

84

85

86

87

88

89

90

91

92

93

94

95

96

97

98

99

100

101

102

103

104

105

106

107

108

109

110

111

112

113

114

115

116

117

118

119

120

121

122

123

124

125

126

127

128

129

130

131

132

133

134

135

136

137

138

139

140

141

142

143

144

145

146

147

148

149

150

151

152

153

154

155

156

157

158

159

160

161

162

163

164

165

166

167

168

169

/*

* Copyright (c) 2018 Miguel Ángel Ortuño.

* See the LICENSE file for more information.

*/

package auth

import (

"encoding/base64"

"encoding/hex"

"fmt"

"testing"

"github.com/ortuman/jackal/model"

"github.com/ortuman/jackal/storage/memstorage"

"github.com/ortuman/jackal/stream"

"github.com/ortuman/jackal/util"

"github.com/ortuman/jackal/xmpp"

"github.com/stretchr/testify/require"

)

type digestMD5AuthTestHelper struct {

t *testing.T

testStrm stream.C2S

authr *DigestMD5

}

func (h *digestMD5AuthTestHelper) clientParamsFromChallenge(challenge string) *digestMD5Parameters {

b, err := base64.StdEncoding.DecodeString(challenge)

require.Nil(h.t, err)

srvParams := h.authr.parseParameters(string(b))

clParams := *srvParams

clParams.setParameter("cnonce=" + hex.EncodeToString(util.RandomBytes(16)))

clParams.setParameter("username=" + h.testStrm.Username())

clParams.setParameter("realm=" + h.testStrm.Domain())

clParams.setParameter("nc=00000001")

clParams.setParameter("qop=auth")

clParams.setParameter("digest-uri=" + fmt.Sprintf("xmpp/%s", h.testStrm.Domain()))

clParams.setParameter("charset=utf-8")

clParams.setParameter("authzid=test")

return &clParams

}

func (h *digestMD5AuthTestHelper) sendClientParamsResponse(params *digestMD5Parameters) error {

response := xmpp.NewElementNamespace("response", "urn:ietf:params:xml:ns:xmpp-sasl")

response.SetText(h.serializeParams(params))

return h.authr.ProcessElement(response)

}

func (h *digestMD5AuthTestHelper) serializeParams(params *digestMD5Parameters) string {

fmtStr := `username="%s",realm="%s",nonce="%s",cnonce="%s",nc=%s,qop=%s,digest-uri="%s",response=%s,charset=%s`

str := fmt.Sprintf(fmtStr, params.username, params.realm, params.nonce, params.cnonce, params.nc, params.qop,

params.digestURI, params.response, params.charset)

if len(params.servType) > 0 {

str += ",serv-type=" + params.servType

}

if len(params.authID) > 0 {

str += ",authzid=" + params.authID

}

return base64.StdEncoding.EncodeToString([]byte(str))

}

func TestDigesMD5Authentication(t *testing.T) {

user := &model.User{Username: "mariana", Password: "1234"}

testStm, s := authTestSetup(user)

defer authTestTeardown()

authr := NewDigestMD5(testStm)

require.Equal(t, authr.Mechanism(), "DIGEST-MD5")

require.False(t, authr.UsesChannelBinding())

// test garbage input...

require.Equal(t, authr.ProcessElement(xmpp.NewElementName("garbage")), ErrSASLNotAuthorized)

helper := digestMD5AuthTestHelper{t: t, testStrm: testStm, authr: authr}

auth := xmpp.NewElementNamespace("auth", "urn:ietf:params:xml:ns:xmpp-sasl")

auth.SetAttribute("mechanism", "DIGEST-MD5")

authr.ProcessElement(auth)

challenge := testStm.ReceiveElement()

require.Equal(t, challenge.Name(), "challenge")

clParams := helper.clientParamsFromChallenge(challenge.Text())

clientResp := authr.computeResponse(clParams, user, true)

clParams.setParameter("response=" + clientResp)

clParams.response = clientResp

// empty payload

response := xmpp.NewElementNamespace("response", "urn:ietf:params:xml:ns:xmpp-sasl")

response.SetText("")

require.Equal(t, ErrSASLMalformedRequest, authr.ProcessElement(response))

// incorrect payload encoding

response.SetText("bad_payload")

require.Equal(t, ErrSASLIncorrectEncoding, authr.ProcessElement(response))

// invalid username...

cl0 := *clParams

cl0.setParameter("username=mariana-inv")

require.Equal(t, ErrSASLNotAuthorized, helper.sendClientParamsResponse(&cl0))

// invalid realm...

cl1 := *clParams

cl1.setParameter("realm=localhost-inv")

require.Equal(t, ErrSASLNotAuthorized, helper.sendClientParamsResponse(&cl1))

// invalid nc...

cl2 := *clParams

cl2.setParameter("nc=00000001-inv")

require.Equal(t, ErrSASLNotAuthorized, helper.sendClientParamsResponse(&cl2))

// invalid nc...

cl3 := *clParams

cl3.setParameter("qop=auth-inv")

require.Equal(t, ErrSASLNotAuthorized, helper.sendClientParamsResponse(&cl3))

// invalid serv-type...

cl4 := *clParams

cl4.setParameter("serv-type=http")

require.Equal(t, ErrSASLNotAuthorized, helper.sendClientParamsResponse(&cl4))

// invalid digest-uri...

cl5 := *clParams

cl5.setParameter("digest-uri=http/localhost")

require.Equal(t, ErrSASLNotAuthorized, helper.sendClientParamsResponse(&cl5))

cl6 := *clParams

cl6.setParameter("digest-uri=xmpp/localhost-inv")

require.Equal(t, ErrSASLNotAuthorized, helper.sendClientParamsResponse(&cl6))

// invalid password...

cl7 := *clParams

user2 := &model.User{Username: "mariana", Password: "bad_password"}

badClientResp := authr.computeResponse(&cl7, user2, true)

cl7.setParameter("response=" + badClientResp)

require.Equal(t, ErrSASLNotAuthorized, helper.sendClientParamsResponse(&cl7))

// storage error...

s.EnableMockedError()

require.Equal(t, memstorage.ErrMockedError, helper.sendClientParamsResponse(clParams))

s.DisableMockedError()

// successful authentication...

require.Nil(t, helper.sendClientParamsResponse(clParams))

challenge = testStm.ReceiveElement()

serverResp := authr.computeResponse(clParams, user, false)

require.Equal(t, base64.StdEncoding.EncodeToString([]byte(fmt.Sprintf("rspauth=%s", serverResp))), challenge.Text())

response.SetText("")

authr.ProcessElement(response)

success := testStm.ReceiveElement()

require.Equal(t, "success", success.Name())

// successfully authenticated

require.True(t, authr.Authenticated())

require.Equal(t, "mariana", authr.Username())

// already authenticated...

require.Nil(t, authr.ProcessElement(auth))

// test reset

authr.Reset()

require.Equal(t, authr.state, startDigestMD5State)

require.False(t, authr.Authenticated())

require.Equal(t, "", authr.Username())

}