fix: fist integration test #181
This commit was merged in pull request #189.
This commit is contained in:
@@ -68,7 +68,7 @@ func (service ServiceAuthImpl) SignIn(email string, password string) (*User, err
|
||||
}
|
||||
}
|
||||
|
||||
hash := getHashPassword(password, user.Salt)
|
||||
hash := GetHashPassword(password, user.Salt)
|
||||
|
||||
if subtle.ConstantTimeCompare(hash, user.Password) == 0 {
|
||||
return nil, ErrInvaidCredentials
|
||||
@@ -279,7 +279,7 @@ func HandleSignUpComp(db *sql.DB, serverSettings *types.ServerSettings) http.Han
|
||||
return
|
||||
}
|
||||
|
||||
hash := getHashPassword(password, salt)
|
||||
hash := GetHashPassword(password, salt)
|
||||
|
||||
_, err = db.Exec("INSERT INTO user (user_uuid, email, email_verified, is_admin, password, salt, created_at) VALUES (?, ?, FALSE, FALSE, ?, ?, datetime())", userId, email, hash, salt)
|
||||
if err != nil {
|
||||
@@ -366,7 +366,7 @@ func HandleDeleteAccountComp(db *sql.DB, serverSettings *types.ServerSettings) h
|
||||
return
|
||||
}
|
||||
|
||||
currHash := getHashPassword(password, salt)
|
||||
currHash := GetHashPassword(password, salt)
|
||||
if subtle.ConstantTimeCompare(currHash, storedHash) == 0 {
|
||||
utils.TriggerToast(w, r, "error", "Password is not correct")
|
||||
return
|
||||
@@ -455,13 +455,13 @@ func HandleChangePasswordComp(db *sql.DB) http.HandlerFunc {
|
||||
return
|
||||
}
|
||||
|
||||
currHash := getHashPassword(currPass, salt)
|
||||
currHash := GetHashPassword(currPass, salt)
|
||||
if subtle.ConstantTimeCompare(currHash, storedHash) == 0 {
|
||||
utils.TriggerToast(w, r, "error", "Current Password is not correct")
|
||||
return
|
||||
}
|
||||
|
||||
newHash := getHashPassword(newPass, salt)
|
||||
newHash := GetHashPassword(newPass, salt)
|
||||
|
||||
_, err = db.Exec("UPDATE user SET password = ? WHERE user_uuid = ?", newHash, user.Id)
|
||||
if err != nil {
|
||||
@@ -524,7 +524,7 @@ func HandleActualResetPasswordComp(db *sql.DB) http.HandlerFunc {
|
||||
return
|
||||
}
|
||||
|
||||
passHash := getHashPassword(newPass, salt)
|
||||
passHash := GetHashPassword(newPass, salt)
|
||||
|
||||
_, err = db.Exec("UPDATE user SET password = ? WHERE user_uuid = ?", passHash, userId)
|
||||
if err != nil {
|
||||
@@ -653,7 +653,7 @@ func TryCreateSessionAndSetCookie(r *http.Request, w http.ResponseWriter, db *sq
|
||||
return nil
|
||||
}
|
||||
|
||||
func getHashPassword(password string, salt []byte) []byte {
|
||||
func GetHashPassword(password string, salt []byte) []byte {
|
||||
return argon2.IDKey([]byte(password), salt, 1, 64*1024, 1, 16)
|
||||
}
|
||||
|
||||
|
||||
@@ -25,14 +25,15 @@ func TestSignIn(t *testing.T) {
|
||||
t.Run("should return user if password is correct", func(t *testing.T) {
|
||||
t.Parallel()
|
||||
salt := []byte("salt")
|
||||
verifiedAt := time.Date(2020, 1, 2, 0, 0, 0, 0, time.UTC)
|
||||
stub := DbAuthStub{
|
||||
user: db.NewUser(
|
||||
uuid.New(),
|
||||
"test@test.de",
|
||||
true,
|
||||
time.Date(2020, 1, 2, 0, 0, 0, 0, time.UTC),
|
||||
&verifiedAt,
|
||||
false,
|
||||
getHashPassword("password", salt),
|
||||
GetHashPassword("password", salt),
|
||||
salt,
|
||||
time.Date(2020, 1, 1, 0, 0, 0, 0, time.UTC),
|
||||
),
|
||||
@@ -58,14 +59,15 @@ func TestSignIn(t *testing.T) {
|
||||
t.Run("should return ErrInvalidCretentials if password is not correct", func(t *testing.T) {
|
||||
t.Parallel()
|
||||
salt := []byte("salt")
|
||||
verifiedAt := time.Date(2020, 1, 2, 0, 0, 0, 0, time.UTC)
|
||||
stub := DbAuthStub{
|
||||
user: db.NewUser(
|
||||
uuid.New(),
|
||||
"test@test.de",
|
||||
true,
|
||||
time.Date(2020, 1, 2, 0, 0, 0, 0, time.UTC),
|
||||
&verifiedAt,
|
||||
false,
|
||||
getHashPassword("password", salt),
|
||||
GetHashPassword("password", salt),
|
||||
salt,
|
||||
time.Date(2020, 1, 1, 0, 0, 0, 0, time.UTC),
|
||||
),
|
||||
|
||||
Reference in New Issue
Block a user