-
Notifications
You must be signed in to change notification settings - Fork 92
/
auth_test.ts
108 lines (99 loc) · 3.36 KB
/
auth_test.ts
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
import { assertEquals, assertNotEquals, assertRejects } from "./test_deps.ts";
import { Client as ScramClient, Reason } from "../connection/scram.ts";
Deno.test("Scram client reproduces RFC 7677 example", async () => {
// Example seen in https://tools.ietf.org/html/rfc7677
const client = new ScramClient("user", "pencil", "rOprNGfwEbeRWgbNEkqO");
assertEquals(
client.composeChallenge(),
"n,,n=user,r=rOprNGfwEbeRWgbNEkqO",
);
await client.receiveChallenge(
"r=rOprNGfwEbeRWgbNEkqO%hvYDpWUa2RaTCAfuxFIlj)hNlF$k0," +
"s=W22ZaJ0SNY7soEsUEjb6gQ==,i=4096",
);
assertEquals(
await client.composeResponse(),
"c=biws,r=rOprNGfwEbeRWgbNEkqO%hvYDpWUa2RaTCAfuxFIlj)hNlF$k0," +
"p=dHzbZapWIk4jUhN+Ute9ytag9zjfMHgsqmmiz7AndVQ=",
);
await client.receiveResponse(
"v=6rriTRBi23WpRR/wtup+mMhUZUn/dB5nLTJRsjl95G4=",
);
});
Deno.test("Scram client catches bad server nonce", async () => {
const testCases = [
"s=c2FsdA==,i=4096", // no server nonce
"r=,s=c2FsdA==,i=4096", // empty
"r=nonce2,s=c2FsdA==,i=4096", // not prefixed with client nonce
];
for (const testCase of testCases) {
const client = new ScramClient("user", "password", "nonce1");
client.composeChallenge();
await assertRejects(
() => client.receiveChallenge(testCase),
Error,
Reason.BadServerNonce,
);
}
});
Deno.test("Scram client catches bad salt", async () => {
const testCases = [
"r=nonce12,i=4096", // no salt
"r=nonce12,s=*,i=4096", // ill-formed base-64 string
];
for (const testCase of testCases) {
const client = new ScramClient("user", "password", "nonce1");
client.composeChallenge();
await assertRejects(
() => client.receiveChallenge(testCase),
Error,
Reason.BadSalt,
);
}
});
Deno.test("Scram client catches bad iteration count", async () => {
const testCases = [
"r=nonce12,s=c2FsdA==", // no iteration count
"r=nonce12,s=c2FsdA==,i=", // empty
"r=nonce12,s=c2FsdA==,i=*", // not a number
"r=nonce12,s=c2FsdA==,i=0", // non-positive integer
"r=nonce12,s=c2FsdA==,i=-1", // non-positive integer
];
for (const testCase of testCases) {
const client = new ScramClient("user", "password", "nonce1");
client.composeChallenge();
await assertRejects(
() => client.receiveChallenge(testCase),
Error,
Reason.BadIterationCount,
);
}
});
Deno.test("Scram client catches bad verifier", async () => {
const client = new ScramClient("user", "password", "nonce1");
client.composeChallenge();
await client.receiveChallenge("r=nonce12,s=c2FsdA==,i=4096");
await client.composeResponse();
await assertRejects(
() => client.receiveResponse("v=xxxx"),
Error,
Reason.BadVerifier,
);
});
Deno.test("Scram client catches server rejection", async () => {
const client = new ScramClient("user", "password", "nonce1");
client.composeChallenge();
await client.receiveChallenge("r=nonce12,s=c2FsdA==,i=4096");
await client.composeResponse();
const message = "auth error";
await assertRejects(
() => client.receiveResponse(`e=${message}`),
Error,
message,
);
});
Deno.test("Scram client generates unique challenge", () => {
const challenge1 = new ScramClient("user", "password").composeChallenge();
const challenge2 = new ScramClient("user", "password").composeChallenge();
assertNotEquals(challenge1, challenge2);
});