fix #3102: add unit test for authentication

influxdata · Jun 30, 2015 · 0eedfef · 0eedfef
1 parent d76b363
commit 0eedfef
Show file tree

Hide file tree

Showing 2 changed files with 55 additions and 1 deletion.
diff --git a/meta/store.go b/meta/store.go
@@ -989,7 +989,6 @@ func (s *Store) Authenticate(username, password string) (ui *UserInfo, err error
 			ui = u
 			return nil
 		}
-
 		// Compare password with user hash.
 		if err := bcrypt.CompareHashAndPassword([]byte(u.Hash), []byte(password)); err != nil {
 			return err

diff --git a/meta/store_test.go b/meta/store_test.go
@@ -16,6 +16,7 @@ import (
 	"github.com/influxdb/influxdb/meta"
 	"github.com/influxdb/influxdb/tcp"
 	"github.com/influxdb/influxdb/toml"
+	"golang.org/x/crypto/bcrypt"
 )
 
 func init() {
@@ -586,6 +587,60 @@ func TestStore_UpdateUser(t *testing.T) {
 	}
 }
 
+// Ensure Authentication works.
+func TestStore_Authentication(t *testing.T) {
+	t.Parallel()
+
+	if testing.Short() {
+		t.SkipNow()
+	}
+
+	s := MustOpenStore()
+	defer s.Close()
+
+	// Set the hash function back to the real thing for this test.
+	oldHashFn := meta.HashPassword
+	meta.HashPassword = func(password string) ([]byte, error) {
+		return bcrypt.GenerateFromPassword([]byte(password), 4)
+	}
+	defer func() { meta.HashPassword = oldHashFn }()
+
+	// Create user.
+	s.CreateUser("susy", "pass", true)
+
+	// Authenticate user.
+	if ui, err := s.Authenticate("susy", "pass"); err != nil {
+		t.Fatal(err)
+	} else if ui.Name != "susy" {
+		t.Fatalf(`expected "susy", got "%s"`, ui.Name)
+	}
+
+	// Update user's password.
+	s.UpdateUser("susy", "pass2")
+
+	// Make sure authentication with old password does NOT work.
+	if _, err := s.Authenticate("susy", "pass"); err == nil {
+		t.Fatal("expected authentication error")
+	}
+
+	// Authenticate user with new password
+	if ui, err := s.Authenticate("susy", "pass2"); err != nil {
+		t.Fatal(err)
+	} else if ui.Name != "susy" {
+		t.Fatalf(`expected "susy", got "%s"`, ui.Name)
+	}
+
+	// Drop user.
+	s.DropUser("susy")
+
+	// Make sure authentication with both old passwords does NOT work.
+	if _, err := s.Authenticate("susy", "pass"); err == nil {
+		t.Fatal("expected authentication error")
+	} else if _, err := s.Authenticate("susy", "pass2"); err == nil {
+		t.Fatal("expected authentication error")
+	}
+}
+
 // Ensure the store can return the count of users in it.
 func TestStore_UserCount(t *testing.T) {
 	t.Parallel()