prosody-modules
5aee8d86629a
mod_auth_token/test_token_auth.lua

Find changesets by keywords by author, files, the commit message, revision number or hash, or revset expression.

Software / code / prosody-modules

File

mod_auth_token/test_token_auth.lua @ 4738:5aee8d86629a

mod_bookmarks2: Fix handling of nick and password elements This form of child retrieval fails when the stanza elements internally don't have an 'xmlns' attribute, which can happen sometimes for some reason, including when they have been constructed via the stanza builder API. When that is the case then the explicit namespace arguemnt does not match the nil value of the internal attribute. Calling `:get_child()` without the namespace argument does the right thing here, with both nil and the parent namespace as valid values for the internal attribute.
author Kim Alvefur <zash@zash.se>
date Wed, 03 Nov 2021 21:11:55 +0100
parent 2956:d0ca211e1b0e
line wrap: on
line source

local base64 = require "util.encodings".base64;
local hmac = require "openssl.hmac";
local luatz = require "luatz";
local luaunit = require "luaunit";
local uuid = require "uuid";
local otp = require "otp";
local mock = require "mock";
local pkey = require "openssl.pkey";
local token_utils = dofile("token_auth_utils.lib.lua");

math.randomseed(os.time())

local OTP_SEED = 'E3W374VRSFO4NVKE';


function generate_token(jid, key)
	local nonce = '';
	for i=1,32 do
		nonce = nonce..math.random(9);
	end
	local utc_time_table = luatz.gmtime(luatz.time());
	local totp = otp.new_totp_from_key(
		OTP_SEED,
		token_utils.OTP_DIGITS,
		token_utils.OTP_INTERVAL
	):generate(0, utc_time_table);

	local hmac_ctx = hmac.new(key, token_utils.DIGEST_TYPE)
	local signature = hmac_ctx:final(totp..nonce..jid)
	return totp..nonce..' '..base64.encode(signature)
end


function test_token_verification()
	-- Test verification of a valid token
	local key = uuid();
	local result = token_utils.verify_token(
		'root',
		generate_token('root@localhost', key),
		'localhost',
		OTP_SEED,
		key
	)
	luaunit.assert_is(result, true)
end


function test_token_is_valid_only_once()
	local key = uuid();
	local token = generate_token('root@localhost', key);
	local result = token_utils.verify_token(
		'root',
		token,
		'localhost',
		OTP_SEED,
		key
	)
	luaunit.assert_is(result, true)

	result = token_utils.verify_token(
		'root',
		token,
		'localhost',
		OTP_SEED,
		key
	)
	luaunit.assert_is(result, false)
end


function test_token_expiration()
	-- Test that a token expires after (at most) the configured interval plus
	-- any amount of deviations.
	local key = uuid();
	local token = generate_token('root@localhost', key);
	-- Wait two ticks of the interval window and then check that the token is
	-- no longer valid.
	mock.mock(os);
	os.time.replace(function ()
		return os.time.original() +
			(token_utils.OTP_INTERVAL + 
				(token_utils.OTP_DEVIATION * token_utils.OTP_INTERVAL));
	end)
	result = token_utils.verify_token(
		'root',
		token,
		'localhost',
		OTP_SEED,
		key
	)
	mock.unmock(os);
	luaunit.assert_is(result, false)
end

os.exit(luaunit.LuaUnit.run())