password_test.go (3507B)
1 // GoToSocial 2 // Copyright (C) GoToSocial Authors admin@gotosocial.org 3 // SPDX-License-Identifier: AGPL-3.0-or-later 4 // 5 // This program is free software: you can redistribute it and/or modify 6 // it under the terms of the GNU Affero General Public License as published by 7 // the Free Software Foundation, either version 3 of the License, or 8 // (at your option) any later version. 9 // 10 // This program is distributed in the hope that it will be useful, 11 // but WITHOUT ANY WARRANTY; without even the implied warranty of 12 // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 13 // GNU Affero General Public License for more details. 14 // 15 // You should have received a copy of the GNU Affero General Public License 16 // along with this program. If not, see <http://www.gnu.org/licenses/>. 17 18 package user_test 19 20 import ( 21 "context" 22 "net/http" 23 "testing" 24 25 "github.com/stretchr/testify/suite" 26 "github.com/superseriousbusiness/gotosocial/internal/gtsmodel" 27 "golang.org/x/crypto/bcrypt" 28 ) 29 30 type ChangePasswordTestSuite struct { 31 UserStandardTestSuite 32 } 33 34 func (suite *ChangePasswordTestSuite) TestChangePasswordOK() { 35 user := suite.testUsers["local_account_1"] 36 37 errWithCode := suite.user.PasswordChange(context.Background(), user, "password", "verygoodnewpassword") 38 suite.NoError(errWithCode) 39 40 err := bcrypt.CompareHashAndPassword([]byte(user.EncryptedPassword), []byte("verygoodnewpassword")) 41 suite.NoError(err) 42 43 // get user from the db again 44 dbUser := >smodel.User{} 45 err = suite.db.GetByID(context.Background(), user.ID, dbUser) 46 suite.NoError(err) 47 48 // check the password has changed 49 err = bcrypt.CompareHashAndPassword([]byte(dbUser.EncryptedPassword), []byte("verygoodnewpassword")) 50 suite.NoError(err) 51 } 52 53 func (suite *ChangePasswordTestSuite) TestChangePasswordIncorrectOld() { 54 user := suite.testUsers["local_account_1"] 55 56 errWithCode := suite.user.PasswordChange(context.Background(), user, "ooooopsydoooopsy", "verygoodnewpassword") 57 suite.EqualError(errWithCode, "crypto/bcrypt: hashedPassword is not the hash of the given password") 58 suite.Equal(http.StatusUnauthorized, errWithCode.Code()) 59 suite.Equal("Unauthorized: old password was incorrect", errWithCode.Safe()) 60 61 // get user from the db again 62 dbUser := >smodel.User{} 63 err := suite.db.GetByID(context.Background(), user.ID, dbUser) 64 suite.NoError(err) 65 66 // check the password has not changed 67 err = bcrypt.CompareHashAndPassword([]byte(dbUser.EncryptedPassword), []byte("password")) 68 suite.NoError(err) 69 } 70 71 func (suite *ChangePasswordTestSuite) TestChangePasswordWeakNew() { 72 user := suite.testUsers["local_account_1"] 73 74 errWithCode := suite.user.PasswordChange(context.Background(), user, "password", "1234") 75 suite.EqualError(errWithCode, "password is only 11% strength, try including more special characters, using lowercase letters, using uppercase letters or using a longer password") 76 suite.Equal(http.StatusBadRequest, errWithCode.Code()) 77 suite.Equal("Bad Request: password is only 11% strength, try including more special characters, using lowercase letters, using uppercase letters or using a longer password", errWithCode.Safe()) 78 79 // get user from the db again 80 dbUser := >smodel.User{} 81 err := suite.db.GetByID(context.Background(), user.ID, dbUser) 82 suite.NoError(err) 83 84 // check the password has not changed 85 err = bcrypt.CompareHashAndPassword([]byte(dbUser.EncryptedPassword), []byte("password")) 86 suite.NoError(err) 87 } 88 89 func TestChangePasswordTestSuite(t *testing.T) { 90 suite.Run(t, &ChangePasswordTestSuite{}) 91 }