Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

AP/WIFI check password validity for encryption type #792

Merged
merged 4 commits into from
Aug 18, 2016
Merged

AP/WIFI check password validity for encryption type #792

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
4 commits
Select commit Hold shift + click to select a range
9b80539
Remove WPA Enterprise options from controller.js
laiedwin Jul 10, 2016
ec1da0a
Add network passphrase validation to controller.js
laiedwin Jul 10, 2016
3910809
Add tests for network passphrase validation
laiedwin Jul 10, 2016
405acec
Review comments: change hex regex to isNaN, add definition of hex dig…
laiedwin Jul 17, 2016
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Jump to
Jump to file
Failed to load files.
Diff view
Diff view
27 changes: 26 additions & 1 deletion lib/controller.js
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -664,7 +664,7 @@ controller.connectToNetwork = function(opts) {
var ssid = opts.ssid;
var password = opts.password;
var security = opts.security;
var securityOptions = ['none', 'wep', 'psk', 'psk2', 'wpa', 'wpa2'];
var securityOptions = ['none', 'wep', 'psk', 'psk2'];
return new Promise(function(resolve, reject) {
if (!ssid) {
return reject('Invalid credentials: must set SSID with the -n or --ssid option.');
Expand All @@ -677,6 +677,31 @@ controller.connectToNetwork = function(opts) {
if (security && securityOptions.indexOf(security) < 0) {
return reject(`"${security}" is not a valid security option. Please choose on of the following: ${securityOptions.join(', ')}`);
}

if (security === 'wep') {
// WEP passphrases can be 10, 26, or 58 hexadecimal digits long.
// Match for hexadecimal characters:
if (isNaN(`0x${password}`)) {
return reject('Invalid passphrase: WEP keys must consist of hexadecimal digits, i.e. 0 through 9 and "a" through "f".');
}
// Then test for length:
const length = password.length;
if (length !== 10 || length !== 26 || length !== 58) {
return reject('Invalid passphrase: WEP keys must be 10, 26, or 58 digits long for 64-, 128-, and 256-bit WEP.');
}
}

if (security === 'psk' || security === 'psk2') {
// WPA/WPA2-PSK passphrases can be 8-63 ASCII characters, or 64 hexadecimal digits.
// Match ASCII codes for all 127 printable ASCII characters:
const asciiRegex = /^[\x00-\x7F]{8,63}$/;
// Match exactly 64 hexadecimal digits:
const hexTest = !isNaN(`0x${password}`) && password.length === 64;
// Reject if both tests fail.
if (!asciiRegex.test(password) && !hexTest) {
return reject('Invalid passphrase: WPA/WPA2-PSK passkeys must be 8-63 ASCII characters, or 64 hexadecimal digits.');
}
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I'm not going to block on this, but it would be awesome if the comments for each set of criteria included links to canonical "sources of truth".

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Good point. This can be added before merging. 👍

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Specifically, I'd like to see links to the published protocols, in which things like if (length !== 10 || length !== 26 || length !== 58) { are clearly defined. Thanks!!

}
resolve();
})
.then(() => {
Expand Down
98 changes: 98 additions & 0 deletions test/unit/controller.js
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -1065,6 +1065,104 @@ exports['controller.closeTesselConnections'] = {
test.done();
});
},

invalidAccessPointWEPPasswordCharacters: function(test) {
test.expect(1);

controller.createAccessPoint({
ssid: 'test',
password: 'nothexdigits',
security: 'wep'
})
.catch(error => {
test.ok(error);
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

For the error tests, I would copy this pattern already used -> https://github.com/tessel/t2-cli/pull/792/files#diff-579f2a5c7de143123729e47453faf76bR1064

.catch(error => {
  test.ok(true, error.toString());
  test.done();
});

test.done();
});
},

invalidAccessPointWEPPasswordLength: function(test) {
test.expect(1);

controller.createAccessPoint({
ssid: 'test',
password: '0123456789ABCDEF',
security: 'wep'
})
.catch(error => {
test.ok(error);
test.done();
});
},

invalidAccessPointPSKPasswordCharacters: function(test) {
test.expect(1);

controller.createAccessPoint({
ssid: 'test',
password: 'Password™',
security: 'psk'
})
.catch(error => {
test.ok(error);
test.done();
});
},

invalidAccessPointPSKASCIIPasswordTooShort: function(test) {
test.expect(1);

controller.createAccessPoint({
ssid: 'test',
password: 'short',
security: 'psk'
})
.catch(error => {
test.ok(error);
test.done();
});
},

invalidAccessPointPSKASCIIPasswordTooLong: function(test) {
test.expect(1);

controller.createAccessPoint({
ssid: 'test',
password: 'this is a very long passphrase. in fact, it is over 63 characters, which makes it invalid.',
security: 'psk'
})
.catch(error => {
test.ok(error);
test.done();
});
},

invalidAccessPointPSKHexPasswordTooShort: function(test) {
test.expect(1);

controller.createAccessPoint({
ssid: 'test',
password: 'DEAD',
security: 'psk'
})
.catch(error => {
test.ok(error);
test.done();
});
},

invalidAccessPointPSKHexPasswordTooLong: function(test) {
test.expect(1);

controller.createAccessPoint({
ssid: 'test',
password: 'DEADDEADDEADDEADDEADDEADDEADDEADDEADDEADDEADDEADDEADDEADDEADDEADDEAD',
security: 'psk'
})
.catch(error => {
test.ok(error);
test.done();
});
},
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Great tests!

};

exports['controller.root'] = {
Expand Down