Comparison

mod_auth_token/test_token_auth.lua @ 2956:d0ca211e1b0e

New HMAC token authentication module for Prosody.
author JC Brand <jc@opkode.com>
date Tue, 27 Mar 2018 10:48:04 +0200
comparison
equal deleted inserted replaced
2938:f000ba14d531 2956:d0ca211e1b0e
1 local base64 = require "util.encodings".base64;
2 local hmac = require "openssl.hmac";
3 local luatz = require "luatz";
4 local luaunit = require "luaunit";
5 local uuid = require "uuid";
6 local otp = require "otp";
7 local mock = require "mock";
8 local pkey = require "openssl.pkey";
9 local token_utils = dofile("token_auth_utils.lib.lua");
10
11 math.randomseed(os.time())
12
13 local OTP_SEED = 'E3W374VRSFO4NVKE';
14
15
16 function generate_token(jid, key)
17 local nonce = '';
18 for i=1,32 do
19 nonce = nonce..math.random(9);
20 end
21 local utc_time_table = luatz.gmtime(luatz.time());
22 local totp = otp.new_totp_from_key(
23 OTP_SEED,
24 token_utils.OTP_DIGITS,
25 token_utils.OTP_INTERVAL
26 ):generate(0, utc_time_table);
27
28 local hmac_ctx = hmac.new(key, token_utils.DIGEST_TYPE)
29 local signature = hmac_ctx:final(totp..nonce..jid)
30 return totp..nonce..' '..base64.encode(signature)
31 end
32
33
34 function test_token_verification()
35 -- Test verification of a valid token
36 local key = uuid();
37 local result = token_utils.verify_token(
38 'root',
39 generate_token('root@localhost', key),
40 'localhost',
41 OTP_SEED,
42 key
43 )
44 luaunit.assert_is(result, true)
45 end
46
47
48 function test_token_is_valid_only_once()
49 local key = uuid();
50 local token = generate_token('root@localhost', key);
51 local result = token_utils.verify_token(
52 'root',
53 token,
54 'localhost',
55 OTP_SEED,
56 key
57 )
58 luaunit.assert_is(result, true)
59
60 result = token_utils.verify_token(
61 'root',
62 token,
63 'localhost',
64 OTP_SEED,
65 key
66 )
67 luaunit.assert_is(result, false)
68 end
69
70
71 function test_token_expiration()
72 -- Test that a token expires after (at most) the configured interval plus
73 -- any amount of deviations.
74 local key = uuid();
75 local token = generate_token('root@localhost', key);
76 -- Wait two ticks of the interval window and then check that the token is
77 -- no longer valid.
78 mock.mock(os);
79 os.time.replace(function ()
80 return os.time.original() +
81 (token_utils.OTP_INTERVAL +
82 (token_utils.OTP_DEVIATION * token_utils.OTP_INTERVAL));
83 end)
84 result = token_utils.verify_token(
85 'root',
86 token,
87 'localhost',
88 OTP_SEED,
89 key
90 )
91 mock.unmock(os);
92 luaunit.assert_is(result, false)
93 end
94
95 os.exit(luaunit.LuaUnit.run())