internal_spec.rb 3.3 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113
  1. # Copyright (C) 2012-2024 Zammad Foundation, https://zammad-foundation.org/
  2. require 'rails_helper'
  3. require 'lib/auth/backend/backend_examples'
  4. RSpec.describe Auth::Backend::Internal do
  5. let(:user) { create(:user) }
  6. let(:password) { 'secure' }
  7. let(:auth) { Auth.new(user.login, password) }
  8. let(:instance) { described_class.new({ adapter: described_class.name }, auth) }
  9. describe '#valid?' do
  10. it_behaves_like 'Auth backend'
  11. context 'when password is given' do
  12. let(:user) { create(:user, password: password) }
  13. it 'authenticates' do
  14. expect(instance.valid?).to be true
  15. end
  16. end
  17. context 'when very long password is given' do
  18. let(:password) { Faker::Lorem.characters(number: 1_111) }
  19. let(:user) do
  20. # temporary override constant to create a test user with a very long password
  21. initial = PasswordPolicy::MaxLength::MAX_LENGTH
  22. stub_const 'PasswordPolicy::MaxLength::MAX_LENGTH', 99_999
  23. user = create(:user, password: password)
  24. stub_const 'PasswordPolicy::MaxLength::MAX_LENGTH', initial
  25. user
  26. end
  27. it 'does not try to verify it' do
  28. allow(PasswordHash).to receive(:verified?)
  29. instance.valid?
  30. expect(PasswordHash).not_to have_received(:verified?)
  31. end
  32. it 'returns false even though password is matching' do
  33. expect(instance).not_to be_valid
  34. end
  35. end
  36. context 'when given password matches stored hash' do
  37. let(:password) { user.password }
  38. let(:user) { create(:user, password: 'secure') }
  39. it "doesn't authenticate" do
  40. expect(instance.valid?).to be false
  41. end
  42. end
  43. context 'when given password is blank' do
  44. let(:password) { '' }
  45. let(:user) { create(:user, password: 'secure') }
  46. it "doesn't authenticate" do
  47. expect(instance.valid?).to be false
  48. end
  49. end
  50. context 'with legacy SHA2 passwords' do
  51. let(:user) { create(:user, password: PasswordHash.sha2(password)) }
  52. it 'is password hash crypted' do
  53. expect(PasswordHash.crypted?(user.password)).to be true
  54. end
  55. it 'is password hash legacy' do
  56. expect(PasswordHash.legacy?(user.password, password)).to be true
  57. end
  58. it 'valid authentication' do
  59. expect(instance.valid?).to be true
  60. end
  61. it 'is password hash not legacy after validation' do
  62. instance.valid?
  63. expect(PasswordHash.legacy?(user.reload.password, password)).to be false
  64. end
  65. it 'is password hash crypted after validation' do
  66. instance.valid?
  67. expect(PasswordHash.crypted?(user.password)).to be true
  68. end
  69. end
  70. context 'when affecting Auth#increase_login_failed_attempts' do
  71. context 'when authentication fails' do
  72. let(:password) { 'wrong' }
  73. let(:user) { create(:user, password: 'secure') }
  74. it 'sets Auth#increase_login_failed_attempts flag to true' do
  75. expect { instance.valid? }.to change(auth, :increase_login_failed_attempts).from(false).to(true)
  76. end
  77. end
  78. context 'when authentication succeeds' do
  79. let(:user) { create(:user, password: password) }
  80. it "doesn't change Auth#increase_login_failed_attempts flag" do
  81. expect { instance.valid? }.not_to change(auth, :increase_login_failed_attempts)
  82. end
  83. end
  84. end
  85. end
  86. end