Skip to content
GitLab
Projects
Groups
Snippets
Help
Loading...
Help
What's new
10
Help
Support
Community forum
Keyboard shortcuts
?
Submit feedback
Contribute to GitLab
Sign in
Toggle navigation
Open sidebar
LemonLDAP NG
lemonldap-ng
Commits
b7264075
Commit
b7264075
authored
Nov 02, 2017
by
dcoutadeur dcoutadeur
Browse files
Options
Browse Files
Download
Email Patches
Plain Diff
adding tests for salt feature for database backend (
#1245
)
parent
6ee5509f
Changes
2
Hide whitespace changes
Inline
Side-by-side
Showing
2 changed files
with
159 additions
and
1 deletion
+159
-1
lemonldap-ng-portal/t/20-Auth-and-password-DBI-dynamic-hash.t
...nldap-ng-portal/t/20-Auth-and-password-DBI-dynamic-hash.t
+157
-0
lemonldap-ng-portal/t/20-Auth-and-password-DBI.t
lemonldap-ng-portal/t/20-Auth-and-password-DBI.t
+2
-1
No files found.
lemonldap-ng-portal/t/20-Auth-and-password-DBI-dynamic-hash.t
0 → 100644
View file @
b7264075
use
Lemonldap::NG::Portal::Lib::
DBI
;
use
MIME::
Base64
;
{
no
warnings
'
redefine
';
sub
Lemonldap
::NG::Portal::Lib::DBI::hash_password_from_database {
# Remark: database function must get hexadecimal input
# and send back hexadecimal output
my
$self
=
shift
;
my
$dbh
=
shift
;
my
$dbmethod
=
shift
;
my
$dbsalt
=
shift
;
my
$password
=
shift
;
# Create functions
use
Digest::
SHA
;
$dbh
->
sqlite_create_function
(
'
sha256
',
1
,
sub
{
my
$p
=
shift
;
return
unpack
('
H*
',
Digest::
SHA
->
new
(
256
)
->
add
(
pack
('
H*
',
$p
))
->
digest
);
}
);
$dbh
->
sqlite_create_function
(
'
sha512
',
1
,
sub
{
my
$p
=
shift
;
return
unpack
('
H*
',
Digest::
SHA
->
new
(
512
)
->
add
(
pack
('
H*
',
$p
))
->
digest
);
}
);
# convert password to hexa
my
$passwordh
=
unpack
"
H*
",
$password
;
my
@rows
=
();
eval
{
my
$sth
=
$dbh
->
prepare
("
SELECT
$dbmethod
('
$passwordh$dbsalt
')
");
$sth
->
execute
();
@rows
=
$sth
->
fetchrow_array
();
};
if
(
$@
)
{
$self
->
logger
->
error
(
"
DBI error while hashing with '
$dbmethod
' hash function: $@
");
$self
->
userLogger
->
warn
("
Unable to check password
");
return
"";
}
if
(
@rows
==
1
)
{
$self
->
logger
->
debug
(
"
Successfully hashed password with
$dbmethod
hash function in database
"
);
# convert salt to binary
my
$dbsaltb
=
pack
'
H*
',
$dbsalt
;
# convert result to binary
my
$res
=
pack
'
H*
',
$rows
[
0
];
return
encode_base64
(
$res
.
$dbsaltb
,
''
);
}
else
{
$self
->
userLogger
->
warn
("
Unable to check password with '
$dbmethod
'
");
return
"";
}
# Return encode_base64(SQL_METHOD(password + salt) + salt)
}
}
use
Test::
More
;
use
strict
;
use
IO::
String
;
require
'
t/test-lib.pm
';
my
$res
;
my
$mainTests
=
3
;
eval
{
unlink
'
t/userdb.db
'
};
SKIP:
{
eval
{
require
DBI
;
require
DBD::
SQLite
;
use
Digest::
SHA
};
if
(
$@
)
{
skip
'
DBD::SQLite not found
',
$mainTests
;
}
my
$dbh
=
DBI
->
connect
("
dbi:SQLite:dbname=t/userdb.db
");
$dbh
->
do
('
CREATE TABLE users (user text,password text,name text)
');
# password secret1
$dbh
->
do
("
INSERT INTO users VALUES ('dwho','secret1','Doctor who')
");
# password secret2
$dbh
->
do
("
INSERT INTO users VALUES ('rtyler','{sha256}NSJNDTRl106FX41poTbnnHROo1pnXTOTNgoyfL9jWaI=','Rose Tyler')
");
# password secret3
$dbh
->
do
("
INSERT INTO users VALUES ('jsmith','{ssha512}wr0zU/I6f7U4bVoeOlJnNFbhF0a9np59LUeNnhokohVI/wiNzt8Y4JujfOfNQiGuiVgY+xrYggfmgpke6KdjxKS7W0GR1ZCe','John Smith')
");
my
$client
=
LLNG::Manager::
Test
->
new
(
{
ini
=>
{
logLevel
=>
'
error
',
useSafeJail
=>
1
,
authentication
=>
'
DBI
',
userDB
=>
'
Same
',
dbiAuthChain
=>
'
dbi:SQLite:dbname=t/userdb.db
',
dbiAuthUser
=>
'',
dbiAuthPassword
=>
'',
dbiAuthTable
=>
'
users
',
dbiAuthLoginCol
=>
'
user
',
dbiAuthPasswordCol
=>
'
password
',
dbiAuthPasswordHash
=>
'',
dbiDynamicHashEnabled
=>
1
,
dbiDynamicHashValidSchemes
=>
'
sha sha256 sha512
',
dbiDynamicHashValidSaltedSchemes
=>
'
ssha ssha256 ssha512
',
dbiDynamicHashNewPasswordScheme
=>
'
ssha256
',
passwordDB
=>
'
DBI
',
portalRequireOldPassword
=>
1
,
}
}
);
# Try to authenticate against plaintext password
ok
(
$res
=
$client
->
_post
(
'
/
',
IO::
String
->
new
('
user=dwho&password=secret1
'),
length
=>
26
),
'
Authentication against plaintext password
'
);
expectOK
(
$res
);
my
$id
=
expectCookie
(
$res
);
$client
->
logout
(
$id
);
# Try to authenticate against static hashed password
ok
(
$res
=
$client
->
_post
(
'
/
',
IO::
String
->
new
('
user=rtyler&password=secret2
'),
length
=>
28
),
'
Authentication against static SHA-256 hashed password
'
);
expectOK
(
$res
);
my
$id
=
expectCookie
(
$res
);
$client
->
logout
(
$id
);
# Try to authenticate against salted password
ok
(
$res
=
$client
->
_post
(
'
/
',
IO::
String
->
new
('
user=jsmith&password=secret3
'),
length
=>
28
),
'
Authentication against salted SHA-512 password
'
);
expectOK
(
$res
);
my
$id
=
expectCookie
(
$res
);
$client
->
logout
(
$id
);
clean_sessions
();
}
eval
{
unlink
'
t/userdb.db
'
};
count
(
$mainTests
);
done_testing
(
count
()
);
lemonldap-ng-portal/t/20-Auth-and-password-DBI.t
View file @
b7264075
...
...
@@ -31,13 +31,14 @@ SKIP: {
dbiAuthLoginCol
=>
'
user
',
dbiAuthPasswordCol
=>
'
password
',
dbiAuthPasswordHash
=>
'',
dbiDynamicHashEnabled
=>
0
,
passwordDB
=>
'
DBI
',
portalRequireOldPassword
=>
1
,
}
}
);
# Try
y
o authenticate
# Try
t
o authenticate
# -------------------
ok
(
$res
=
$client
->
_post
(
...
...
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
.
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment