prosody-modules
d0ca211e1b0e
mod_auth_token/test_token_auth.lua
Software / code / prosody-modules
Comparison
mod_auth_token/test_token_auth.lua @ 2956:d0ca211e1b0e
New HMAC token authentication module for Prosody.
| author | JC Brand <jc@opkode.com> |
|---|---|
| date | Tue, 27 Mar 2018 10:48:04 +0200 |
comparison
equal
deleted
inserted
replaced
| 2938:f000ba14d531 | 2956:d0ca211e1b0e |
|---|---|
| 1 local base64 = require "util.encodings".base64; | |
| 2 local hmac = require "openssl.hmac"; | |
| 3 local luatz = require "luatz"; | |
| 4 local luaunit = require "luaunit"; | |
| 5 local uuid = require "uuid"; | |
| 6 local otp = require "otp"; | |
| 7 local mock = require "mock"; | |
| 8 local pkey = require "openssl.pkey"; | |
| 9 local token_utils = dofile("token_auth_utils.lib.lua"); | |
| 10 | |
| 11 math.randomseed(os.time()) | |
| 12 | |
| 13 local OTP_SEED = 'E3W374VRSFO4NVKE'; | |
| 14 | |
| 15 | |
| 16 function generate_token(jid, key) | |
| 17 local nonce = ''; | |
| 18 for i=1,32 do | |
| 19 nonce = nonce..math.random(9); | |
| 20 end | |
| 21 local utc_time_table = luatz.gmtime(luatz.time()); | |
| 22 local totp = otp.new_totp_from_key( | |
| 23 OTP_SEED, | |
| 24 token_utils.OTP_DIGITS, | |
| 25 token_utils.OTP_INTERVAL | |
| 26 ):generate(0, utc_time_table); | |
| 27 | |
| 28 local hmac_ctx = hmac.new(key, token_utils.DIGEST_TYPE) | |
| 29 local signature = hmac_ctx:final(totp..nonce..jid) | |
| 30 return totp..nonce..' '..base64.encode(signature) | |
| 31 end | |
| 32 | |
| 33 | |
| 34 function test_token_verification() | |
| 35 -- Test verification of a valid token | |
| 36 local key = uuid(); | |
| 37 local result = token_utils.verify_token( | |
| 38 'root', | |
| 39 generate_token('root@localhost', key), | |
| 40 'localhost', | |
| 41 OTP_SEED, | |
| 42 key | |
| 43 ) | |
| 44 luaunit.assert_is(result, true) | |
| 45 end | |
| 46 | |
| 47 | |
| 48 function test_token_is_valid_only_once() | |
| 49 local key = uuid(); | |
| 50 local token = generate_token('root@localhost', key); | |
| 51 local result = token_utils.verify_token( | |
| 52 'root', | |
| 53 token, | |
| 54 'localhost', | |
| 55 OTP_SEED, | |
| 56 key | |
| 57 ) | |
| 58 luaunit.assert_is(result, true) | |
| 59 | |
| 60 result = token_utils.verify_token( | |
| 61 'root', | |
| 62 token, | |
| 63 'localhost', | |
| 64 OTP_SEED, | |
| 65 key | |
| 66 ) | |
| 67 luaunit.assert_is(result, false) | |
| 68 end | |
| 69 | |
| 70 | |
| 71 function test_token_expiration() | |
| 72 -- Test that a token expires after (at most) the configured interval plus | |
| 73 -- any amount of deviations. | |
| 74 local key = uuid(); | |
| 75 local token = generate_token('root@localhost', key); | |
| 76 -- Wait two ticks of the interval window and then check that the token is | |
| 77 -- no longer valid. | |
| 78 mock.mock(os); | |
| 79 os.time.replace(function () | |
| 80 return os.time.original() + | |
| 81 (token_utils.OTP_INTERVAL + | |
| 82 (token_utils.OTP_DEVIATION * token_utils.OTP_INTERVAL)); | |
| 83 end) | |
| 84 result = token_utils.verify_token( | |
| 85 'root', | |
| 86 token, | |
| 87 'localhost', | |
| 88 OTP_SEED, | |
| 89 key | |
| 90 ) | |
| 91 mock.unmock(os); | |
| 92 luaunit.assert_is(result, false) | |
| 93 end | |
| 94 | |
| 95 os.exit(luaunit.LuaUnit.run()) |
