1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
|
package main
import (
"testing"
"golang.org/x/crypto/bcrypt"
_ "github.com/mattn/go-sqlite3"
)
var passwords = []struct {
description string
username string
password string
}{
{"basic", "testuser", "mypassword"},
{"password-characterset", "testuser", "mypSDFäÖ$🚧"},
{"user-characterset", "mypSDFäÖ$🚧", "mypassword"},
}
func TestRegister(t *testing.T) {
for _, p := range passwords {
t.Run(p.description, func(t *testing.T) {
db, _ := emptyDB(t)
err := MigrateToLatest(db)
if err != nil {
t.Fatalf("Could not execute function to test: %v", err)
}
err = Register(db, p.username, p.password)
if err != nil {
t.Fatalf("Could not register user: %v", err)
}
row := db.QueryRow(
`SELECT password_bcrypt FROM users WHERE username=?;`,
p.username,
)
var hash []byte
err = row.Scan(&hash)
if err != nil {
t.Fatalf("Could not scan for password: %v", err)
}
err = bcrypt.CompareHashAndPassword(hash, []byte(p.password))
if err != nil {
t.Fatalf("Password not valid after registration: %v", err)
}
err = bcrypt.CompareHashAndPassword(hash, []byte(""))
if err == nil {
t.Fatalf("Empty password is valid after registration.")
}
})
}
}
func TestAuthenticate(t *testing.T) {
for _, p := range passwords {
t.Run(p.description, func(t *testing.T) {
db, _ := emptyDB(t)
err := MigrateToLatest(db)
if err != nil {
t.Fatalf("Could not execute function to test: %v", err)
}
hash, err := bcrypt.GenerateFromPassword([]byte(p.password), bcryptCost)
if err != nil {
t.Fatalf("Failed to generate test password hash: %v", err)
}
_, err = db.Exec(
`INSERT INTO users (username, password_bcrypt) VALUES(?, ?);`,
p.username,
hash,
)
if err != nil {
t.Fatalf("Failed to insert password hash: %v", err)
}
err = Authenticate(db, p.username, p.password)
if err != nil {
t.Fatalf("Failed to authenticate: %v", err)
}
})
}
}
func TestRegisterAuthenticate(t *testing.T) {
for _, p := range passwords {
t.Run(p.description, func(t *testing.T) {
db, _ := emptyDB(t)
err := MigrateToLatest(db)
if err != nil {
t.Fatalf("Could not execute function to test: %v", err)
}
err = Register(db, p.username, p.password)
if err != nil {
t.Fatalf("Could not register user: %v", err)
}
err = Authenticate(db, p.username, p.password)
if err != nil {
t.Fatalf("Failed to authenticate: %v", err)
}
})
}
}
|