Skip to content

Commit

Permalink
[test] Ensure failed login doesn't update hash
Browse files Browse the repository at this point in the history
  • Loading branch information
tobil4sk committed Aug 23, 2022
1 parent 16eed2d commit 203e087
Showing 1 changed file with 25 additions and 0 deletions.
25 changes: 25 additions & 0 deletions test/tests/integration/TestPasswords.hx
Original file line number Diff line number Diff line change
Expand Up @@ -24,6 +24,8 @@ class TestPasswords extends IntegrationTests {

final hash = dbCnx.escape(Hashing.hash(haxe.crypto.Md5.encode(data.pw), saltBytes));

dbCnx.request('USE ${dbConfig.database};');

dbCnx.request(
'INSERT INTO User(name, fullname, email, pass, salt, hashmethod)
VALUES ("$user", "$fullname", "$email", "$hash", 0x$saltHex, "$Md5");'
Expand Down Expand Up @@ -56,4 +58,27 @@ class TestPasswords extends IntegrationTests {
assertEquals(Hashing.hash(bar.pw, result.salt), result.pass);
}

public function testFailedSubmit() {
createOldUserAccount(bar);

// attempting to submit with incorrect password should make no difference
final r = haxelib([
"submit",
Path.join([IntegrationTests.projectRoot, "test/libraries/libBar.zip"]),
],"incorrect password\nincorrect password\nincorrect password\nincorrect password\nincorrect password\n").result();
assertFail(r);
assertEquals("Error: Failed to input correct password", r.err.trim());

// after failed submission, the account should not have changed
final user = dbCnx.escape(bar.user);
final resultSet = dbCnx.request('SELECT pass,salt,hashmethod FROM User WHERE name="$user";');
assertTrue(resultSet.hasNext());
final result = resultSet.next();
assertFalse(resultSet.hasNext());

// hash method and hash should remain the same
assertEquals(Md5, result.hashmethod);
assertEquals(Hashing.hash(haxe.crypto.Md5.encode(bar.pw), result.salt), result.pass);
}

}

0 comments on commit 203e087

Please sign in to comment.